I'm currently migrating from Elasticsearch to Loki, and it's much simpler to run and still meet our requirements.
I think Elasticsearch had its day when it's used to derive metrics from logs and performing aggregate searches. But now as logging is often paired with metrics from Prometheus or similar tdb, we don't run such complex log queries anymore, and so we find ourselves questioning whether it's worth running such a intensive and complex Elasticsearch installation.
We migrated away from an Elastic stack to a Loki stack, and were able to store order of magnitude more data for less money. Maybe we did Elastic wrong, but we tried various managed solutions and always ran into limits. The new Loki stack has always given quicker answers too.
There are many ways to get Elastic wrong, index templates and field types, shard sizes, number of primary and replica shards, node heap size, and those are only a fraction. It's very easy to get Loki right in comparison.
Elasticsearch being strongly typed I think creates a lot of overhead since you need to manage the schema for all your logs. Loki only expects certain (indexes) fields which are key, value pairs so you can throw all kinds of data into it and only mess with schema when you're querying
I think Elasticsearch had its day when it's used to derive metrics from logs and performing aggregate searches. But now as logging is often paired with metrics from Prometheus or similar tdb, we don't run such complex log queries anymore, and so we find ourselves questioning whether it's worth running such a intensive and complex Elasticsearch installation.