We’re exploring replacing an Elastic Stack cluster with Loki. Are there any references around something like “I want to use Loki for information security related logs [among others]”, covering stuff like:
How do we avoid untenable situations like observability/debug-y logs triggering limits like
max_global_streams_per_user=5000, resulting in logs that should never be dropped… being dropped? QoS of some type? Or do data sources or some other scope each get their own max_global_streams_per_user so we could spread things out that way?
And so forth. Basically, I don’t know what I don’t know, and want to make sure we don’t rush into using Loki for something it was not intended or designed for, and I assume there may be other gotcha’s we’re not considering, the limit example I gave was just the first issue that came up during our POC. Ignoring promtail not sufficiently parsing windows events, as we can work around that.