Observability

5 open source tools compared. Sorted by stars — scroll down for our analysis.

Tool	Stars	Velocity	Language	License	Score
Loki Horizontally-scalable, multi-tenant log aggregation	27.9k	+21/wk	Go	GNU Affero General Public License v3.0	71
Vector High-performance observability data pipeline	21.6k	+35/wk	Rust	Mozilla Public License 2.0	76
Fluentd Unified logging layer	13.5k	+1/wk	Ruby	Apache License 2.0	79
opentelemetry-ebpf-profiler The production-scale datacenter profiler (C/C++, Go, Rust, Python, Java, NodeJS, .NET, PHP, Ruby, Perl, ...)	3.1k	—	Go	Apache License 2.0	71
opentelemetry-java-instrumentation OpenTelemetry auto-instrumentation and instrumentation libraries for Java	2.5k	—	Java	Apache License 2.0	77

Our Analysis

Loki27.9k★

Loki collects logs from your infrastructure without indexing the content, which makes it dramatically cheaper than Elasticsearch-based logging. It's like Elasticsearch for logs, except it doesn't index the full text of every log line. Instead, it indexes only metadata labels (like service name, environment, pod), which makes it dramatically cheaper to run and simpler to operate. Self-hosting is free under AGPL-3.0. You get the full log aggregation engine, LogQL query language, alerting integration with Grafana, and multi-tenant support. It's designed to run alongside Prometheus (metrics) and Tempo (traces) for the full Grafana observability stack. Grafana Cloud offers a free tier with 50GB of logs per month, which is generous for small projects. Paid cloud starts at usage-based pricing. The catch: because Loki doesn't full-text index, searching for a specific string across millions of logs is slower than Elasticsearch. You need to know which labels to filter by first. If your debugging workflow is 'grep for this error message across everything,' Loki will frustrate you. Also, the AGPL license means if you modify Loki and offer it as a service, you must open-source your changes.

Vector21.6k★

Vector is a high-performance pipeline that collects, transforms, and routes logs, metrics, and traces across your infrastructure. It's the plumbing between your applications and your observability stack (Elasticsearch, Datadog, Grafana, whatever you use). Rust-based, MPL 2.0 license. Built by the team behind Timber (now part of Datadog). Single binary, ~10MB, handles millions of events per second on modest hardware. Supports 100+ sources and sinks: pull from syslog, Kafka, files, Kubernetes; push to S3, ClickHouse, Loki, Splunk. The transform layer lets you filter, parse, enrich, and route data using a built-in language called VRL. Fully free. No paid tier, no hosted version. Datadog acquired Timber but kept Vector open source. MPL 2.0 means you can use it commercially. You just can't fork the modified source and close it. Solo through enterprise: free at every scale. The Rust performance means you rarely need to think about Vector's resource usage. One instance handles what would take a cluster of Logstash nodes. The catch: VRL (Vector Remap Language) is powerful but it's a custom DSL you have to learn. If your team already knows Logstash configs or Fluentd plugins, there's a migration cost. And while Datadog keeping it open source is great, the deepest integration is naturally with Datadog's platform.

Fluentd13.5k★

It takes logs in from applications, servers, containers, and cloud services, transforms them if needed, and routes them to whatever storage or analysis tool you use. Fully free under Apache 2.0. CNCF graduated project. 700+ community plugins cover every source and destination you can think of. The architecture is simple: input plugins (where logs come from), filter plugins (transform/parse), output plugins (where logs go). Treasure Data (the company behind Fluentd) offers enterprise support and their own managed log analytics platform, but Fluentd itself is completely free. The catch: Fluentd is written in Ruby, and for high-throughput scenarios, it can be resource-heavy. That's why Fluent Bit exists, a lightweight, C-based alternative from the same project. For Kubernetes, most people run Fluent Bit as a DaemonSet (one per node) that forwards to a central Fluentd instance. The plugin ecosystem is powerful but plugin quality varies; some community plugins are abandoned. And debugging Fluentd configuration issues when logs aren't flowing is tedious.

opentelemetry-ebpf-profiler3.1k★

This profiler attaches to your Linux system via eBPF and captures stack traces across every running process without touching your application code. No agents to install, no libraries to load, no recompilation. It supports C/C++, Go, Rust, Python, Java, Node.js, PHP, Ruby, Perl, and the dotnet runtime. All of it runs at roughly 1% CPU overhead. The "no instrumentation" part is what matters. Traditional profilers (pprof, py-spy, async-profiler) require you to pick a language and instrument that specific runtime. This profiler sees everything: kernel space, system libraries, and application code in one unified stack trace. For debugging performance issues that cross language boundaries or involve system calls, nothing else gives you this view. You need Linux kernel 5.4 or newer (4.19 with a specific patch), and it runs on amd64 and arm64. It feeds into the OpenTelemetry ecosystem, so your profiling data lands in whatever backend you already use for traces and metrics (Grafana, Jaeger, and the like). Solo developers probably do not need continuous profiling. Teams running multi-service production systems will find this indispensable. The catch: Linux only. No macOS, no Windows. And eBPF profiling requires elevated permissions, which means your security team will have opinions about deploying it in production.

opentelemetry-java-instrumentation2.5k★

This is how you get it. One JAR file, one JVM flag, and it auto-instruments your Spring Boot, Kafka, gRPC, JDBC, and dozens of other libraries. Zero code changes. CNCF project, Apache 2.0, completely free. The agent itself is trivial to deploy. Add it to your JVM startup, point it at an OTLP endpoint, done. The real ops burden is the backend: you need somewhere to send the data. OpenTelemetry Collector plus Jaeger or Grafana Tempo is the common self-hosted stack. That's a meaningful setup, but it's a one-time cost shared across all your services. Solo devs and small teams can point it at a managed backend (Grafana Cloud free tier, Honeycomb, Datadog) and skip the infrastructure entirely. Larger teams running their own Grafana/Tempo stack get full control and zero per-host licensing. The agent is vendor-neutral by design, so you're never locked to one backend. The catch: it's Java-only. If you're running a polyglot stack, you need separate OpenTelemetry agents for Python, Node, Go, etc. And "zero code changes" means "zero code changes until you need custom spans," at which point you're adding SDK calls anyway.