EFK stack¶
The EFK stack is a centralized logging solution commonly used to aggregate and analyze log data, particularly within Kubernetes environments^[400-devops__07-Monitoring-and-Observability__Fluent-Bit.md]. The acronym represents the integration of three core open-source technologies^[400-devops__07-Monitoring-and-Observability__Fluent-Bit.md]:
- Elasticsearch: A search and analytics engine used for storing and indexing the logs.
- Fluent Bit (or Fluentd): A log collector and forwarder responsible for gathering logs from various sources.
- Kibana: A visualization layer used to dashboard and explore the data stored in Elasticsearch.
Components¶
The stack functions by using Fluent Bit to collect and parse logs before forwarding them to Elasticsearch for storage^[400-devops__07-Monitoring-and-Observability__Fluent-Bit.md]. Users can then interact with the data through Kibana, which queries the Elasticsearch indices to provide searchable insights and visualizations^[400-devops__07-Monitoring-and-Observability__Fluent-Bit.md].
While "EFK" traditionally stands for Elasticsearch, Fluentd, and Kibana, the stack frequently employs Fluent Bit as the log collector due to its lightweight design and performance^[400-devops__07-Monitoring-and-Observability__Fluent-Bit.md].
Sources¶
^[400-devops__07-Monitoring-and-Observability__Fluent-Bit.md]
Related Concepts¶
- Fluent-Bit
- Kubernetes
- [[Observability]]