Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›First, when I mention Loki, I’m not talking about one of my favorite TV shows to binge-watch or the lead character played by Tom Hiddleston, who has arguably become one of my favorite characters in the Marvel universe. I’m talking about the Loki, which is a highly available, cost-effective log aggregation system that was inspired by Prometheus. While Prometheus is focused on metrics, Loki is focused on collection of logs. Its ability to efficiently collect, store, and query logs makes it an asset for DevOps teams. I guess that makes it a favorite character in the Grafana universe.
A key aspect of Loki’s functionality is its use of labels, which are metadata tags associated with log entries. These labels provide additional context and structure to log data, enabling users to filter, search, and analyze logs based on specific criteria. Labels can be attached to log entries based on attributes such as application name, environment, deployment version, etc.
By utilizing labels effectively in Loki, users can gain deeper insights into their application’s behavior and quickly identify issues. Labels can help users correlate logs from different sources, or they can also help correlate logs to metrics and traces.
Sounds powerful to me. Maybe labels can’t help you jump to different timelines (spoiler alert), but they CAN help you jump from logs to time series data in Prometheus. That was a bit of a reach, but you get the point.
That said, manually attaching labels to log entries is tedious and time-consuming. This is where Cribl Stream comes into the picture. Cribl Stream can extract fields from various sources, such as application logs, metrics, and events, and dynamically apply relevant labels to log entries. This can save time and effort and ensure that the labels are consistent and accurate.
Labels tend to be bad if we are talking about people, but when we are talking about labeling data to provide context to your logs in Loki, it’s a good thing! You will want to be mindful of creating too many labels or using labels with many unique values. This can cause cardinality issues for Loki. High cardinality can be costly and slow in Loki, so put some thought into your labels. Static labels like host or application can be suitable, but dynamic labels should be considered more.
Let’s apply labels to your logs in Cribl Stream. In many situations, there is more than one way to accomplish things with Stream. For this example, we are using the following data and several fields that we are parsing out. We will utilize a few of these fields for setting our labels.
One way to add labels to your logs is in the pipeline, as your data travels through Cribl Stream. We accomplish this using an Eval function. Add an array called __labels
in the Evaluate Fields section and set your labels appropriately.
Fields that begin with an __ in Cribl Stream are typically internal fields that aren’t sent to a destination; however, in this case, Loki will process this array and turn the fields into labels.
The other way to add labels in Loki via Cribl Stream is at the Destination. In the Post Processing section of the Loki Destination configuration, you will notice a System fields
field. You can add fields to this list that you want to be converted to labels on the Loki side.
Which method you choose to add labels to your logs depends on what makes sense. Labels that show consistently throughout the data could be set in the Loki Destination. But it could also make sense to do them in the pipeline instead. If you have a situation where the data may vary, and different events might have different labels associated with them, you will want to do that in the pipeline. The good news is you have some choice and control.
Pretty straightforward, isn’t it? Once you have your data routed through your pipeline and off to the Loki destination, you can use Loki to search your data and view those labels using the Label Browser.
Now that you know how Cribl Stream can help, you can start unlocking deeper insights and efficient analysis in Loki. For more information on labels and Loki, Grafana has several blogs and resources on the topic. Be sure to check those out.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a generous free usage plan across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started. We also offer a hands-on Sandbox for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?