Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Congratulations, you’ve worked hard to get Cribl Stream into your technology stack. Buying a new tool is a non-trivial task, so be sure to pat yourself on the back. Now the work starts: You have to deploy Stream and get full value to justify the cost. It’s critical to get started with the right plan to accelerate delivery and maximize the value of Stream.
I’m going to start by sharing some ideas about how to get started with Cribl Stream in your first hundred days. Future blog posts in this series will help evolve your deployment and take Stream to the next level.
Always remember the immortal words of Warren Buffet:
“Price is what you pay; value is what you get.”
Your job is to extract as much value as possible to justify the tool investment. With some thought and planning, you can extract far more value than the price you paid for the tool. We’re here to help you in any way we can.
Nothing happens until the infrastructure to support Stream has been deployed, but don’t make that hardware request until you know what you want to accomplish with your initial deployment. I highly recommend following the crawl, walk, run pattern so you can build value fast and keep growing your value delivery as your deployment gains momentum.
It’s critical to adopt a narrow scope for your initial deployment to allow a broad scope for your vision. Start with a chunk of data you know that has narrow complexity; this will allow you to get set up quickly, limit your variables, and learn valuable lessons before you move on to other data. Going too big can delay proving value and limit early feedback on any issues with your deployment. Go big on phase 2 after you learn lessons from phase 1.
I recommend getting started with syslog because, while it can be high volume, it’s fairly simple data. Your variables are limited, so you can make progress and show value faster.
Start by determining requirements:
Use the answers to these questions to formulate your deployment strategy. Resilience requirements are critical points to consider because they will drive your hardware requests. You don’t want to underestimate your needs and then lose data when something fails. Everything fails, so plan accordingly.
When you have answers to your questions, you can start requesting hardware. Start with the Cribl Sizing documentation, and don’t forget to request new load balancer pools to ensure you can scale your deployment horizontally and fail over when servers fail. Not if they fail, when they fail. Always plan for failure.
I’ll go into more detail in a future blog post. We’ll beat the subject of syslog to death since it’s something almost everyone has to manage and most struggle with it.
The first step is, everyone goes to training. Thankfully, Cribl University makes this super easy. The user and admin training is also free, which is highly unusual and very welcome when you’re the manager and your team needs training. Have everyone on your team take both courses so you can start to build up a skillset to take full advantage of Stream. Scale your team so everyone can contribute. Most teams have uneven levels of expertise, which can create bottlenecks. For example, a team might have the syslog person or the regex person, or the person who really knows props and transforms.
Use this opportunity to get your team ready so everyone can enable syslog and everyone can build simple pipelines. Your backlog will appreciate this foresight as you get more work done with less effort, without waiting on your experts.
Also, start thinking about how you’ll manage your Stream code. Stream is a development platform, and you want to think carefully about how your team is going to write and manage code. I’ll go into more detail in an upcoming blog post, but below are some principles to consider as you think about bringing development principles into your team.
I highly recommend the following:
I’ll go into more detail in a future blog post.
Bragging on your teams and yourself is a critical part of communicating up in any organization. You have to put a lot of thought into making sure everyone knows how awesome your team is and, by extension, how awesome you are. Your success does not matter if no one knows about it. Self-promotion is probably not your favorite way to spend time, but it’s as critical to being successful as the technology itself.
As a manager, you want to be ready to communicate status and share your vision for your tools on short notice. Build out a place in your wiki to share status and vision with your stakeholders and anyone else who can offer support now or in the future.
Start with a mission statement. Describe in as few words as possible how your work is benefiting the business. For example:
“The enterprise logging and analytics team seeks to unlock the value of all observability and security data for ‘Company X’.”
Focus on benefits to the business. Instead of tools or technology, focus on business value. How does what you’re doing add value, save money, or add new capabilities? Your message style matters because the business leaders may have no idea about the technology you use or even care, but they understand terms around business value. Build a reputation for delivering value, and you will find it easier to get funding for your next project and build your profile as a leader in the business.
Have a slide deck that introduces your team, what it does, and the value it delivers to the business. Also, know your elevator pitch so you can deliver your message on short notice if you need it in a meeting. Be ready for the moment when an executive says they have a challenge that needs a solution.
I’ll go into more detail in a future blog post.
Bookmark this page as we’ll keep the links up to date and provide you with the latest resources to help you on your journey with Cribl Stream. Future blog posts will include but not be limited to:
Deploying a new tool is a very exciting time. You want to take your new toy for a spin, but it’s important to put in the right planning so you’re not wasting engineering time. Thoughtful planning will save you a ton of time in the future. I look forward to sharing new posts in the coming weeks as we take the journey of deploying Cribl Stream together.
I’d love to hear your feedback on getting started with Cribl Stream. Feedback is a gift, and I want to know if something doesn’t make sense or if I’m not covering something. Connect with me on LinkedIn or join our community Slack, and let’s talk about your experience deploying Cribl Stream.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?