Published in


Top Kubernetes log monitoring tools


Kubernetes dominate the container orchestration market, driving the evolution of enterprises to microservices. Each instance of a microservice generates numerous log events, which quickly become difficult to manage. But compounding this is the fact that when problems occur, the complex interactions between services and the failure modes make it difficult to find the root cause. The potential problems make Kubernetes log management tools very important.

Businesses are always trying to find the right tools to meet their needs and make monitoring, logging, and fault analysis efficient and fast.


You might give priority to Prometheus or ELK, but Zebrium can also be a priority.

This new startup was named in Gartner’s “25 Enterprise Software Startups to Watch in 2020”.

Speaking of best practice, Zebrium has also recently helped Sweetwater to reduce incident tracking time from 3 hours to just a few minutes. Zebrium can even spot hidden issues that were previously undetected. This is a brilliant feature, as it can help identify issues before they affect customers.

So what makes Zebrium stand out from the competition? Zebrium uses artificial intelligence to find problems as well as automating the discovery of root causes, whereas all other tools rely on users manually adding rules. Zebrium can also be used as a stand-alone log management platform or integrated with ELK Stack or other log managers.

Source: Zebrium

Pros: Easy to start; just copy/paste custom HELM or kubectl commands; automatically detects problems and root causes without manual rules; can be used as a standalone log management tool or as a machine learning add-on to existing log management tools (e.g. ELK Stack).

Cons: Free plan limited to 500 MB per day with 3-day retention; supports Kubernetes, Docker, and most common platforms, but not Windows.


Solution for log management and application performance monitoring. Sematex provides full-stack visibility of the system state.

Sematext is not limited to Kubernetes logs, but can also monitor and Kubernetes (based on metrics and logs). The collected logs are automatically parsed/structured against several known log formats, and users can also provide custom logging schemas. It also exposes the Elasticsearch API, so any tool used with Elasticsearch, such as Filebeat and Logstash with Sematex, can be used as a variant of ELK or with the native Sematext ecosystem. This tool helps to create specific rules to monitor specific situations and catch exceptions. With Sematex’s comprehensive real-time dashboard, customers can control and monitor all services.

Source: Sematext

Pros: Integration with other Sematext cloud tools; configurable overrides to prevent logs from being accepted and thus control costs; ELK flexibility.

Cons: Sematext widgets and Kibana cannot be mixed on a dashboard; custom parsing needs to be done on the log conveyor, Sematext only parses Syslog and JSON on the server-side; tracking is weak, but improvements are planned.


Loki is a multi-tenant and highly available log aggregation tool inspired by Prometheus. This tool helps to collect logs, but users will need to create manual rules for it. Loki works with Grafana, Prometheus, and Kubernetes. Loki can make internal processes more efficient. For example, it saves Paytm Insider 75% of the cost of logging and monitoring. Loki does not index the content of your logs, but only a set of tags for each event stream, so it is very efficient.

Pros: Large ecosystem; rich visualization; improved efficiency because of unindexed log content.

Cons: Not optimized for Kubernetes log management; lots of manual work with architecture rules; lack of content indexing may limit search performance.

ELK Stack

ELK is the best-known open-source tool for log management and is an acronym for Elasticsearch, Logstash, and Kibana. Each component handles a unique part of the logging process; Elasticsearch is a powerful and scalable search system, Logstash aggregates and processes logs, and Kibana provides an analysis and visualization interface that helps users make sense of the data. Together, they provide a comprehensive logging solution for Kubernetes. However, there are many other variants of the ELK Stack, such as the EFK Stack, which is composed of Elasticsearch, Fluentd, and Kibana.

ELK is used by many large companies, such as Adobe, T-Mobile, and Walmart, and can therefore prove its producibility. So ELK is a reliable and proven tool. But he brings complexity and a lot of resources needed for the job.

Pros: ELK is well known and has a large community; very broad platform support; rich analysis and visualization capabilities in Kibana; requires sophisticated analysis of logs and manually defined alert rules.

Cons: Difficult to maintain scale; requires a lot of tuning, especially for large environments; large resource requirements; some features require paid licenses.


Fluentd is a cross-platform open-source data collector that provides a unified logging layer, but it is not a standalone log manager. As quite a popular tool, it has over 5000 customers, such as Atlassian, Microsoft, and Amazon. Seeing these large customers provides a testament to its reliability and performance. In addition, Fluentd has created a unified logging layer that can help use data more efficiently and iterate over it quickly in software. It can help you process 120,000 records per second.

Pros: large community and plugin ecosystem; unified logging layer; proven reliability and performance. Can be installed in less than 10 minutes.

Cons: Difficult to configure; limited support for transformed data; not a complete logging solution.


You may ask why Prometheus is not included in the list, as this article focuses on log monitoring tools and Prometheus processing metrics do not support logging.

So, if you are not good at manually searching logs, or are not willing to build and manage alert rules, try using Zebrium, which is based on machine learning algorithms. This may save a lot of time and get rid of the tedious task of creating lots of rules.

If you are looking for something more mainstream and know which rules to create, try using Loki or Sematext, which would be perfect for efficient tools.

Alternatively, if you wish to use log monitoring in the public cloud, you may wish to use a service provided by your cloud provider, such as AWS’ CloudWatch, and they only provide support for businesses in their own cloud.

If you have multiple or specific sources for your logs, try using Fluentd and its unified logging layer, but you will still need a logging tool.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store