This isn't a fully realized assertion, but a series of thoughts on two different things, one of which may be a 'log', another may be an 'event', would love some contributions:
An event is globally significant, a log is locally significant. Like stack trace vs distributed trace. Logs are probably only important the for about a week. Events are searched, logs are tailed.
Loki manages logs, elasticsearch manages events(or logs and events)
Logs are node level, events are system level. Events are a higher abstraction. Events may be made up of multiple log messages. A node can exclusively generate its own logs, but may not be able to always generate its own events. Logs are often looked at in isolation, Events are often looked at in context
-
Alerts are subsets of events, not logs.
- Later thought -> This is wrong. An alert is a state machine that is in the wrong state. An event may indicate a change in state.
Metrics, logs, traces, events, alerts (MEALT!)
Single local debug level Loki/Prometheus server
What would be the implications of separating out logs from events?
- Alerts and events would handled by different systems, with different features.
Top comments (0)