ClickHouse and Elasticsearch both handle log analytics and observability data, but with different architectural approaches. Elasticsearch excels at full-text search and unstructured data, while ClickHouse delivers superior performance for structured analytical queries. As log volumes grow and costs become critical, understanding these trade-offs helps you choose the right platform.
Platform Overview
ClickHouse
ClickHouse is a columnar analytical database optimised for fast aggregations and analytical queries on structured data.
Strengths for log analytics:
- Exceptional query performance on large datasets
- Superior compression (10-20x)
- Cost-effective storage
- Real-time ingestion
- SQL query language
Elasticsearch
Elasticsearch is a distributed search and analytics engine built on Apache Lucene, optimised for full-text search and unstructured data.
Strengths for log analytics:
- Powerful full-text search
- Flexible schema (schema-on-read)
- Rich ecosystem (ELK stack)
- Kibana visualisation
- Mature APM integration
Architecture Comparison
ClickHouse Log Architecture
┌─────────────────────────────────────────┐
│ Log Pipeline │
│ ┌─────────┐ ┌─────────────────────┐ │
│ │ Vector │───▶│ ClickHouse │ │
│ │ Fluent │ │ ┌───────────────┐ │ │
│ │ Bit │ │ │ MergeTree │ │ │
│ └─────────┘ │ │ (Columnar) │ │ │
│ │ └───────────────┘ │ │
│ └─────────────────────┘ │
└─────────────────────────────────────────┘
│
▼
Grafana / Custom DashboardsElasticsearch Log Architecture
┌─────────────────────────────────────────┐
│ ELK Stack │
│ ┌─────────┐ ┌─────────────────────┐ │
│ │Logstash │───▶│ Elasticsearch │ │
│ │ Beats │ │ ┌───────────────┐ │ │
│ │ │ │ │ Inverted │ │ │
│ └─────────┘ │ │ Index │ │ │
│ │ └───────────────┘ │ │
│ └──────────┬──────────┘ │
│ │ │
│ ┌──────────▼──────────┐ │
│ │ Kibana │ │
│ └─────────────────────┘ │
└─────────────────────────────────────────┘Performance Comparison
Query Performance
| Query Type | ClickHouse | Elasticsearch |
|---|---|---|
| Count logs (1B rows) | 0.5s | 3-5s |
| Aggregation by field | 0.8s | 5-10s |
| Time-series grouping | 0.3s | 2-4s |
| Full-text search | 2-5s | 0.5-1s |
| Regex search | 1-3s | 3-8s |
| Complex aggregations | 1-2s | 10-30s |
ClickHouse advantages:
- 5-10x faster for aggregations
- Better performance on structured queries
- Efficient time-series operations
- Lower resource consumption
Elasticsearch advantages:
- Superior full-text search
- Better fuzzy matching
- Relevance scoring
- More flexible text analysis
Ingestion Performance
| Metric | ClickHouse | Elasticsearch |
|---|---|---|
| Ingestion rate | 1M+ events/sec | 100K-500K events/sec |
| Indexing overhead | Minimal | Significant |
| Write latency | <100ms | 1-5 seconds (refresh) |
| Resource efficiency | High | Moderate |
Storage and Compression
Storage Comparison
| Data Volume | ClickHouse | Elasticsearch |
|---|---|---|
| Raw logs: 1TB | 50-100GB | 300-500GB |
| 30-day retention | ~3TB stored | ~15TB stored |
| Compression ratio | 10-20x | 2-3x |
ClickHouse’s columnar storage and compression algorithms achieve significantly better storage efficiency:
-- ClickHouse: Check compression ratio
SELECT
table,
formatReadableSize(sum(bytes_on_disk)) AS compressed,
formatReadableSize(sum(data_uncompressed_bytes)) AS uncompressed,
round(sum(data_uncompressed_bytes) / sum(bytes_on_disk), 2) AS ratio
FROM system.parts
WHERE active
GROUP BY tableCost Comparison
Storage Costs (100TB raw logs/month)
| Component | ClickHouse | Elasticsearch |
|---|---|---|
| Stored volume | ~8TB | ~40TB |
| Storage cost | ~$200/month | ~$1,000/month |
| Compute (equivalent) | $2,000/month | $5,000/month |
| Total estimate | ~$2,500/month | ~$8,000/month |
ClickHouse typically costs 60-70% less than Elasticsearch for log analytics workloads. For cost optimisation strategies, see our cloud cost management guide.
Feature Comparison
| Feature | ClickHouse | Elasticsearch |
|---|---|---|
| Full-text search | Basic | Excellent |
| Structured queries | Excellent | Good |
| Aggregations | Excellent | Good |
| Compression | 10-20x | 2-3x |
| Schema | Required | Flexible |
| Query language | SQL | Query DSL / SQL |
| Visualisation | Grafana | Kibana |
| APM integration | Via OTEL | Native |
| Alerting | External | Built-in |
| Machine learning | Limited | X-Pack ML |
Use Case Recommendations
Choose ClickHouse When:
High-volume log analytics
-- Fast aggregations on billions of logs
SELECT
toStartOfHour(timestamp) AS hour,
level,
service,
count() AS log_count,
countIf(level = 'ERROR') AS errors
FROM logs
WHERE timestamp >= now() - INTERVAL 24 HOUR
GROUP BY hour, level, service
ORDER BY hour DESC, errors DESCCost-sensitive observability
- High log volumes where storage costs matter
- Long retention requirements
- Metrics and structured event data
Real-time dashboards
- Sub-second query requirements
- High-concurrency dashboard serving
- Time-series visualisation with Grafana
Choose Elasticsearch When:
Full-text log search
{
"query": {
"bool": {
"must": [
{ "match": { "message": "connection timeout" } },
{ "range": { "@timestamp": { "gte": "now-1h" } } }
],
"filter": [
{ "term": { "service": "api-gateway" } }
]
}
}
}APM and distributed tracing
- Elastic APM integration
- Full ELK stack benefits
- Kibana dashboards and alerting
Unstructured data exploration
- Unknown log formats
- Text-heavy analysis
- Fuzzy and proximity searches
Migration Strategies
Elasticsearch to ClickHouse
Many organisations migrate to ClickHouse for cost savings:
Step 1: Schema design
CREATE TABLE logs (
timestamp DateTime64(3),
level LowCardinality(String),
service LowCardinality(String),
host LowCardinality(String),
message String,
trace_id String,
span_id String,
attributes Map(String, String)
) ENGINE = MergeTree()
PARTITION BY toYYYYMM(timestamp)
ORDER BY (service, timestamp)
TTL timestamp + INTERVAL 30 DAYStep 2: Ingestion pipeline
- Use Vector, Fluent Bit, or Logstash
- Configure output to ClickHouse
- Maintain parallel ingestion during migration
Step 3: Query migration
-- Elasticsearch Query DSL equivalent in ClickHouse SQL
SELECT *
FROM logs
WHERE message ILIKE '%connection timeout%'
AND timestamp >= now() - INTERVAL 1 HOUR
AND service = 'api-gateway'
ORDER BY timestamp DESC
LIMIT 100Hybrid Architecture
Run both for different use cases:
┌─────────────┐
│ Logs │
└──────┬──────┘
│
▼
┌──────────────┐
│ Vector/ │
│ Kafka │
└──────┬───────┘
│
┌───┴───┐
▼ ▼
┌──────┐ ┌──────────────┐
│Click │ │Elasticsearch │
│House │ │ │
└──┬───┘ └──────┬───────┘
│ │
▼ ▼
Grafana Kibana
(Analytics) (Search)Observability Stack Integration
ClickHouse in Observability
ClickHouse integrates with modern observability stacks:
- Metrics: Prometheus remote write, VictoriaMetrics
- Logs: Vector, Fluent Bit, Logstash
- Traces: Jaeger with ClickHouse backend
- Visualisation: Grafana with native plugin
For comprehensive observability guidance, see our observability platforms comparison.
Elasticsearch in Observability
Elasticsearch powers the Elastic Observability suite:
- Elastic APM: Full application performance monitoring
- Filebeat/Metricbeat: Log and metric collection
- Kibana: Unified visualisation and alerting
- Machine learning: Anomaly detection
Operational Considerations
ClickHouse Operations
Advantages:
- Simpler cluster management
- Lower resource requirements
- Predictable performance
- Easy horizontal scaling
Challenges:
- Schema management required
- Less mature ecosystem
- Fewer managed options
Elasticsearch Operations
Advantages:
- Mature operational tooling
- Many managed service options
- Rich ecosystem
- Built-in monitoring
Challenges:
- JVM tuning complexity
- Higher resource requirements
- Shard management overhead
- Index lifecycle management
Conclusion
ClickHouse and Elasticsearch serve different primary purposes in log analytics:
Choose ClickHouse for high-volume structured log analytics where query performance and cost efficiency are priorities. It excels at aggregations, time-series analysis, and scenarios where SQL queries on structured data dominate.
Choose Elasticsearch when full-text search capabilities are essential, you need the complete ELK ecosystem, or APM integration with Elastic Observability is required.
Consider both in a hybrid architecture where ClickHouse handles structured analytics and Elasticsearch provides full-text search capabilities.
For help building your observability infrastructure, contact our team to discuss your log analytics requirements.
Related Resources
- How Tasrie IT Services Uses ClickHouse
- Top 10 Observability Platforms
- ClickHouse vs TimescaleDB 2026
- Cloud Native Database Guide 2026
External Resources: