Deploy OpenObserve on Ubuntu for a lightweight, all-in-one observability platform that ingests logs, metrics, and traces with far less resource overhead than the ELK stack.
Grab the automated bash script from GitHub to follow along with the video.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/monitoring/openobserve/openobserve-ubuntu.sh
chmod +x openobserve-ubuntu.sh
sudo bash openobserve-ubuntu.shwget https://raw.githubusercontent.com/mhmdali94/Docker/main/monitoring/openobserve/openobserve-ubuntu.shchmod +x openobserve-ubuntu.shThe script installs Docker if needed, then deploys OpenObserve — a single container handling logs, metrics, and traces.
sudo bash openobserve-ubuntu.shOpen your browser and navigate to:
http://<your-server-ip>:5080Send logs via the built-in HTTP API, or configure Fluent Bit or Vector as a log forwarder pointing to OpenObserve.
| Port | Purpose |
|---|---|
| 5080 | OpenObserve Web UI & Ingestion API |
OpenObserve is a cloud-native observability platform that handles logs, metrics, and distributed traces in a single deployable binary. Written in Rust, it achieves 140× lower storage costs than Elasticsearch by using columnar compression, making it practical to store months of telemetry data without expensive hardware. It's the most resource-efficient self-hosted alternative to the ELK stack.
OpenObserve solves the core problem with the ELK stack: it's too heavy for most self-hosted deployments. OpenObserve gives you the same unified search across logs and metrics with a fraction of the RAM and disk requirements. One process, one Docker container, petabyte-scale storage efficiency.
OpenObserve listens on port 5080 for both the web UI and the HTTP ingest API. Open this port to your local network for the UI. Restrict API-level ingest access to trusted forwarder IPs only, or use Nginx auth middleware if exposing externally.
Graylog (full-text search, older ecosystem), Loki + Grafana (label-based, extremely lightweight), Elasticsearch + Kibana (richest query language, highest cost), SigNoz (APM-focused with ClickHouse). OpenObserve wins on storage efficiency and simplicity.
If you need APM-grade distributed tracing with service maps and flame graphs, SigNoz is more purpose-built. If your team already uses Grafana deeply and only needs log aggregation, Loki integrates more natively. OpenObserve shines when storage cost and simplicity are the priority.
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
OpenObserve stores data in columnar Parquet files with Zstd compression instead of Elasticsearch's inverted index shards. Columnar formats compress repetitive log fields (timestamps, hostnames, log levels) extremely efficiently. This is the same technique used by ClickHouse, BigQuery, and other analytical databases.
Yes. OpenObserve provides an official Grafana data source plugin that lets you query logs, metrics, and traces from Grafana dashboards. This makes it a drop-in replacement for Loki or Elasticsearch as a Grafana backend.
Yes, both work out of the box. Point Fluent Bit's HTTP output or Vector's http sink to your OpenObserve ingest endpoint with basic auth. OpenObserve also accepts OTLP (OpenTelemetry), Elasticsearch bulk API, and Kinesis Firehose format.
Yes, it is actively used in production by companies. The HA (high-availability) mode with S3 backend is available for enterprise deployments. For smaller self-hosted setups, the single-node mode with local disk is stable and well-maintained.
For most use cases: yes. Log search, dashboards, alerting, and basic metrics are all covered. For very complex Elasticsearch queries (geo-search, percolation, complex aggregations), ELK still has an edge. For 90% of self-hosted logging needs, OpenObserve is a better choice.
Deploy Fluent Bit as a DaemonSet in your cluster and configure its HTTP output to point to your OpenObserve endpoint. The OpenObserve docs provide a ready-made Fluent Bit Helm chart configuration for this exact use case.
OpenObserve uses SQL for log queries — standard SQL with full-text search extensions. This is more familiar to most engineers than Kibana's KQL or Loki's LogQL, and allows complex JOINs and aggregations across streams.
Run `docker compose pull && docker compose up -d`. OpenObserve's data is stored in a persistent volume separate from the container image, so updates don't affect your indexed data.