🔍 Setup OpenObserve — Unified Logs, Metrics & Traces
Deploy OpenObserve on Ubuntu for a lightweight, all-in-one observability platform that ingests logs, metrics, and traces with far less resource overhead than the ELK stack.
📦 Resources & Setup Scripts
Grab the automated bash script from GitHub to follow along with the video.
Quick Install:
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/monitoring/openobserve/openobserve-ubuntu.sh
chmod +x openobserve-ubuntu.sh
sudo bash openobserve-ubuntu.sh
Tutorial Steps
1 Download the Script
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/monitoring/openobserve/openobserve-ubuntu.sh
2 Make it Executable
chmod +x openobserve-ubuntu.sh
3 Run the Installer
The script installs Docker if needed, then deploys OpenObserve — a single container handling logs, metrics, and traces.
sudo bash openobserve-ubuntu.sh
4 Access the Web UI
Open your browser and navigate to:
http://<your-server-ip>:5080
5 Ingest Your First Logs
Send logs via the built-in HTTP API, or configure Fluent Bit or Vector as a log forwarder pointing to OpenObserve.
Ports Used
| Port | Purpose |
|---|---|
| 5080 | OpenObserve Web UI & Ingestion API |
Overview
OpenObserve is a cloud-native observability platform that handles logs, metrics, and distributed traces in a single deployable binary. Written in Rust, it achieves 140× lower storage costs than Elasticsearch by using columnar compression, making it practical to store months of telemetry data without expensive hardware. It's the most resource-efficient self-hosted alternative to the ELK stack.
Why Use It
OpenObserve solves the core problem with the ELK stack: it's too heavy for most self-hosted deployments. OpenObserve gives you the same unified search across logs and metrics with a fraction of the RAM and disk requirements. One process, one Docker container, petabyte-scale storage efficiency.
When You Need It
Who Should Use It
Real Use Cases
Main Features
How to Use After Installation
Security Best Practices
Ports and Firewall Notes
OpenObserve listens on port 5080 for both the web UI and the HTTP ingest API. Open this port to your local network for the UI. Restrict API-level ingest access to trusted forwarder IPs only, or use Nginx auth middleware if exposing externally.
Backup and Maintenance
Common Mistakes
Troubleshooting
Alternatives
Graylog (full-text search, older ecosystem), Loki + Grafana (label-based, extremely lightweight), Elasticsearch + Kibana (richest query language, highest cost), SigNoz (APM-focused with ClickHouse). OpenObserve wins on storage efficiency and simplicity.
When Not to Use It
If you need APM-grade distributed tracing with service maps and flame graphs, SigNoz is more purpose-built. If your team already uses Grafana deeply and only needs log aggregation, Loki integrates more natively. OpenObserve shines when storage cost and simplicity are the priority.
PrismaTechWork Professional Help
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
Frequently Asked Questions
How does OpenObserve achieve 140× cheaper storage than Elasticsearch?
OpenObserve stores data in columnar Parquet files with Zstd compression instead of Elasticsearch's inverted index shards. Columnar formats compress repetitive log fields (timestamps, hostnames, log levels) extremely efficiently. This is the same technique used by ClickHouse, BigQuery, and other analytical databases.
Can I use Grafana with OpenObserve?
Yes. OpenObserve provides an official Grafana data source plugin that lets you query logs, metrics, and traces from Grafana dashboards. This makes it a drop-in replacement for Loki or Elasticsearch as a Grafana backend.
Does OpenObserve support Fluent Bit and Vector?
Yes, both work out of the box. Point Fluent Bit's HTTP output or Vector's http sink to your OpenObserve ingest endpoint with basic auth. OpenObserve also accepts OTLP (OpenTelemetry), Elasticsearch bulk API, and Kinesis Firehose format.
Is OpenObserve production-ready?
Yes, it is actively used in production by companies. The HA (high-availability) mode with S3 backend is available for enterprise deployments. For smaller self-hosted setups, the single-node mode with local disk is stable and well-maintained.
Can OpenObserve replace the ELK stack entirely?
For most use cases: yes. Log search, dashboards, alerting, and basic metrics are all covered. For very complex Elasticsearch queries (geo-search, percolation, complex aggregations), ELK still has an edge. For 90% of self-hosted logging needs, OpenObserve is a better choice.
How do I ship Kubernetes pod logs to OpenObserve?
Deploy Fluent Bit as a DaemonSet in your cluster and configure its HTTP output to point to your OpenObserve endpoint. The OpenObserve docs provide a ready-made Fluent Bit Helm chart configuration for this exact use case.
What query language does OpenObserve use?
OpenObserve uses SQL for log queries — standard SQL with full-text search extensions. This is more familiar to most engineers than Kibana's KQL or Loki's LogQL, and allows complex JOINs and aggregations across streams.
How do I update OpenObserve?
Run `docker compose pull && docker compose up -d`. OpenObserve's data is stored in a persistent volume separate from the container image, so updates don't affect your indexed data.
