ELK and EFK

The ELK stack (and its EFK variant) provides a mature self-hosted solution for log collection, aggregation and inspection. ELK/EFK is a good choice for on-premise systems, but for cloud-hosted systems we usually find that native log aggregation solutions such as AWS CloudWatch Logs or Azure Monitor logs are a better choice. These give adequate functionality for most use cases without the operational overhead of running a self-hosted log aggregation system, and with pricing which is attractive in most cases compared to self-hosted options.

Elastic, who produce all three components of what is widely known as the ELK stack, now prefer the term Elastic Stack, which also includes newer observability tools. This is how they define these terms:

"ELK" is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server-side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch. The Elastic Stack is the next evolution of the ELK Stack.

In recent years, Fluentd has gained popularity as an alternative to Logstash in this stack, giving rise to the EFK stack which we currently see more commonly than ELK itself.