Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Since we introduced AppScope in 2021, we’ve been relentlessly working towards the production-ready milestone. Last week we released AppScope 1.0. It’s been a long haul getting to this point. Not really sure if it took this long because we solved difficult problems, or if we’re just that slow. Someone told me that what we are doing would go a lot faster if we use a modern high-level language. Maybe … Can you imagine doing this in TypeScript? Yeah, me either.
This milestone had me musing on why we did this at all. Why did we start this? The simple answer is, to answer the fundamental question: What does that thing – that application – actually do?
My engagement with that question began in 2019 with a call I received from Clint Sharp (Cribl founder and CEO), whom I knew from my time as CTO at a previous company. Clint asked if I would be interested in creating a new, ubiquitous mechanism of getting application data. Ledion Bitincka (another Cribl founder) had created a prototype using an approach similar to work of mine that Clint remembered.
I was super excited to join, and to bring in my good friend John Chelikowsky, who had spent years building medical instruments. The kind that get implanted inside people. You don’t want to get that wrong, and you need to know what is actually happening. This experience made John a logical person to enlist in grappling with the question, What does that thing actually do?
I, too, had been doing a whole lot of embedded stuff. The kind of thing where a federal agency crawls through your code and checks every branch; where if you get it wrong people could be in danger. Stuff like spending 8+ hours meeting with people describing a network issue that prevented them from shutting off gamma rays as part of cancer treatment. We finally figured out what was happening. At the end of the day, they invited me to tour their lab. Do you mean the one where you are testing gamma ray emissions and can’t turn it off effectively? Thanks, but it’s getting late and I need to catch my train seemed like the only sane response.
It’s expected that people involved in certain embedded projects understand the details. The nature of many such projects requires that all dependencies and all behavior is known and measurable. And this is possible because these projects are highly constrained.
Later, interacting with people building and supporting many hundreds of enterprise applications was an eye opener. I began to realize that there are services deployed where few, if any, people know what the thing actually does. An architecture might be described. An overall operation might be communicated. Beyond that, there is not a lot of detail to be had.
Out of pure naivety I’d ask about dependencies, what files are accessed, what is modified, what connections are made, traffic, exfiltration, responses. I was told that there were too many apps and too much detail for anyone to really know any of this. Which of course made sense.
But then there were those meetings where people wanted, and appeared to need, that kind of detail. What does a suite of apps need to ensure that it could be failed over? What files get accessed? What connections are made? And someone had to go dig it all up as best they could.
There were regulators who insisted on knowing what was performed during a given maintenance window.
Then, the lawyers:
What’s being sent out over external connections? We need to approve this.
And we thought:
It’s all encrypted. What are we supposed to tell you?
The lawyers are the ones that signed off on the license for the vendor in question. Now they need to know what’s in all those payloads? Best not go further on this front.
We needed to be able to observe application behavior at a level of detail that was not readily available, for example:
Why in the world would anyone ever need all this? In practice there are numerous cases where the detail, and more importantly, the ability to ask and readily answer questions about an app, is critical.
We could go on like this for a long time. But, let’s not.
If you’ve been there you get that this detail is difficult and time-consuming to gather for any given app, let alone for lots of apps. Practical experience says that not a lot of people know how to obtain the necessary detail.
And the detail is only valuable if it’s easy to obtain, right? But for a lot of these questions, if you had to manually get the needed detail in order to answer them, you wouldn’t do it. It’s just not worth it. So, we proceed without knowing, without answering the questions. Questions become moot because we can’t obtain viable answers. In many cases, we don’t think about what questions we really need to ask because we know there are no good answers.
Of course some questions must get answered in some form for security reasons. But it’s not easy; it slows things down, and causes people to be exasperated with the investigators.
Overall, many of us find ourselves in a situation where we are required to make progress without knowing, in any detail, what is happening and what should be happening with an app.
That’s pretty much why we did this AppScope thing and why it’s open source. We needed to be able to ask difficult questions and readily get accurate answers. To accomplish that with minimal effort. To democratize the ability to ask and answer questions about any given application.
Persisting in our naivety, we said to each other, there must be a way to get all this detail. I wonder if we just… So, we tried a number of things that don’t work, a few things that aren’t very practical and a few things that seem to work quite well.
Have we done anything at all? Can we answer the question, What does that thing actually do? Have we created a way to break the cycle of not thinking about what questions we really need to ask because we know there are no good answers? You be the judge.
Give it a whirl:
scope run -- <that_app>
We hope you’ll find that, with AppScope, you can finally answer the question, What does that thing actually do?
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?