OpenObserve¶
Open-source, cloud-native observability platform written in Rust with Apache Parquet columnar storage and S3-native architecture — positioned as a 140x cheaper alternative to Elasticsearch.
Overview¶
OpenObserve (O2) is a high-performance observability platform built in Rust that provides unified logs, metrics, traces, and Real User Monitoring (RUM). Its architecture is built around Apache Parquet columnar storage on object storage (S3/GCS/Azure Blob), eliminating the need for local SSD clusters. It uses the Apache Arrow DataFusion query engine and supports SQL for logs/traces and PromQL for metrics.
Repository & Community¶
| Attribute | Detail |
|---|---|
| Repository | github.com/openobserve/openobserve |
| Stars | ~18.5k ⭐ |
| Latest Version | v0.70.3 stable / v0.80.0-rc3 pre-release (April 2026) |
| Language | Rust |
| License | AGPL-3.0 (copyleft) |
| Company | OpenObserve, Inc. |
| Contributors | ~109 |
Evaluation¶
-
Why it's better: Written in Rust (no GC, no JVM), Parquet columnar storage on S3 delivers 140x lower storage costs vs Elasticsearch, single-binary deployment, SQL as the primary query language (lower learning curve), stateless node architecture for effortless horizontal scaling, and built-in RBAC/SSO for enterprise readiness.
-
When it fits (Applicability):
- Elasticsearch/ELK replacement (logs-heavy workloads)
- Cost-conscious organizations with petabyte-scale log volumes
- Teams wanting SQL-based observability queries
- Cloud-native environments with S3/GCS object storage
-
Organizations needing RBAC/SSO out of the box
-
Pros and Cons:
| Pros | Cons |
|---|---|
| Rust: no GC pauses, excellent performance | AGPL-3.0 license (copyleft restrictions) |
| 140x cheaper storage vs Elasticsearch | Pre-1.0 version, still maturing |
| Single binary deployment | Smaller community than Grafana/SigNoz |
| SQL for logs/traces (low learning curve) | No eBPF auto-instrumentation |
| S3-native (infinite storage) | Less mature trace analysis than Tempo/Jaeger |
| Built-in RBAC and SSO | Limited PromQL (metrics only) |
| Stateless horizontal scaling | Fewer integrations/dashboards than Grafana |
| RUM / Frontend monitoring | DataFusion query engine less battle-tested |
Architecture¶
flowchart TB
subgraph Ingestion["Data Sources"]
OTEL_O["OTel Collector"]
PROM_O["Prometheus"]
FB_O["FluentBit /<br/>Vector"]
SDK_O["RUM SDK"]
end
subgraph O2["OpenObserve Cluster"]
direction TB
Router["Router<br/>(request dispatch)"]
Ingester["Ingester<br/>(→ Parquet)"]
Querier["Querier<br/>(DataFusion)"]
Compactor["Compactor<br/>(file merging)"]
AlertMgr["AlertManager"]
end
subgraph Storage_O["Storage"]
S3["S3 / GCS /<br/>Azure Blob / MinIO"]
Parquet["Apache Parquet<br/>columnar format"]
end
Ingestion --> Router --> Ingester
Ingester --> Parquet --> S3
Querier --> S3
Compactor --> S3
AlertMgr --> Querier
style O2 fill:#e65100,color:#fff
style Storage_O fill:#1565c0,color:#fffKey Components¶
| Component | Role |
|---|---|
| Router | Dispatches incoming requests to appropriate component |
| Ingester | Receives telemetry, converts to Parquet, writes to object storage |
| Querier | Apache Arrow DataFusion engine: SQL/PromQL queries on Parquet |
| Compactor | Merges small Parquet files for query efficiency |
| AlertManager | Manages alert queries, report jobs, notifications |
Key Features¶
| Feature | Detail |
|---|---|
| Unified Logs, Metrics, Traces | All signals in one platform |
| Real User Monitoring (RUM) | Core Web Vitals, page load, client errors |
| SQL Queries | Standard SQL for logs and traces |
| PromQL | Prometheus-compatible metrics queries |
| Dashboards | Drag-and-drop, customizable panels |
| Alerting | Multi-signal alerts, notification pipelines |
| Pipelines | Ingestion-time data transformation |
| RBAC & SSO | Built-in enterprise access controls |
| Compliance | ISO 27001, SOC 2, GDPR ready |
| Single Binary | Trivial deployment for POC/dev |
Pricing¶
| Tier | Cost | Notes |
|---|---|---|
| Self-Hosted (Free) | $0 (AGPL-3.0) | Full features, manage your own infra |
| Cloud - Developer | Free | 200 GB ingestion, 15 day retention |
| Cloud - Pro | Usage-based (~$0.60/GB) | Logs, metrics, traces |
| Enterprise | Custom | Commercial license, SLA, audit logs |
Compatibility¶
| Dimension | Support |
|---|---|
| Ingestion protocols | OTLP (gRPC + HTTP), Prometheus remote_write, ES Bulk API, Kinesis Firehose, GCP Pub/Sub |
| Query languages | SQL (logs/traces), PromQL (metrics) |
| Storage backends | S3, GCS, Azure Blob, MinIO (Parquet format) |
| Deployment | Single binary, Docker, Kubernetes (Helm), OpenObserve Cloud |
| CPU architecture | amd64, arm64 |
| Platforms | Linux, macOS, Windows |