Loki is a horizontally scalable, highly available log aggregation engine designed to store and query massive volumes of unstructured log data. It functions as a distributed observability platform that correlates logs, metrics, and traces to provide comprehensive visibility into the health and performance of complex infrastructure.
The system distinguishes itself through a distributed query execution model that processes large datasets in parallel across cluster nodes. It utilizes label-based stream indexing and a distributed index to map log data to specific chunks, enabling rapid retrieval without scanning entire datasets. Data is compressed into immutable chunks and stored in object storage, while a gossip-based protocol manages cluster membership to ensure high availability. The platform also supports multi-tenancy, allowing for isolated data storage across different teams or services.
Beyond core log management, the platform provides a query-driven processor that uses a functional language to transform raw system events into structured insights. It integrates with the broader observability ecosystem to support incident response workflows, allowing users to search and visualize telemetry data to identify and resolve technical issues.
