Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›“Half the time the toilet’s out of reach – the other half it’s out of order”.
–Arthur C. Clarke, Report on Planet Three and Other Speculations
Sounds familiar, doesn’t it? Arthur C. Clarke humorously hits the nail on the head about life’s balancing acts. The balance between user freedom and resource utilization is key. In the world of data management, we often face a similar conundrum: making sure resources are available and in good working order when we need them the most. This is where Cribl Search steps in with its neat new feature, Usage Groups. It’s like having a smart thermostat for your data management system – it ensures you’re using your resources effectively without burning through your Cloud credits. Let’s dive in and see how Usage Groups can make your life easier and your data management smarter.
Usage Groups in Cribl Search allow administrators to set specific limits on search usage for different users or usage groups. This functionality is crucial for managing resource consumption and ensuring users don’t exhaust the allocated credits, thus maintaining optimal system performance. With Usage Groups, admins can ensure that each user operates within a specified resource boundary, fostering a more balanced and efficient use of the Cribl Search credits.
Out of the box, Cribl Search offers two primary groups:
System: This group sets system-level limits applicable to all searches.
Default: This is for all ad hoc searches not covered by other groups.
In addition to that, let’s see how we can create custom usage groups to serve our unique requirements better.
Creating a new Usage Group is straightforward. Navigate to Settings > Search Settings > Usage Groups and click Add Usage Group. Here, you can name your group, define its limits, and enable it. Assigning users to these groups is just as easy, ensuring everyone has the right level of access and resource allocation.
Let’s say you have different teams within your organization, each with unique search requirements. You aim to ensure efficient use of Cribl Search without compromising the team’s ability to extract valuable insights. We can create different usage groups for different teams, but before we do that, let’s see what settings are available for us and what they do:
What It Does: Sets how far back in time a user can search. For example, settings like 30d or 1y allow searches up to 30 days or one year back, respectively. You can also specify time in seconds by entering a numeric value without a time unit.
What It Does: Determines the maximum number of ad hoc searches a single user can perform simultaneously. This helps manage the system load, by preventing an individual user from running too many simultaneous searches.
What It Does: Caps the total number of concurrent searches that can be conducted across the entire organization. This is crucial for ensuring that the system remains stable and responsive by avoiding an overload of simultaneous search queries.
What It Does: Specifies the maximum number of executors that can be dispatched for a single search. This limit is important for controlling the computational resources allocated to each search, ensuring efficient use of system resources.
What It Does: Sets the maximum duration, in seconds, that a search is allowed to run. This limit prevents searches from running indefinitely, which can tie up resources and affect system performance.
What It Does: Defines the maximum time range for a search query. For instance, a limit of 3 days (3d) means a search can’t span more than a 3-day period. This helps in focusing the searches and managing the amount of data being processed.
What It Does: Determines the maximum number of scheduled searches a user can have running at the same time. This is vital for balancing the system’s load, especially for searches set to run automatically at specific times.
What It Does: Controls the maximum number of events (data points) that can be returned in a search result. This is important for ensuring that search results are manageable and pertinent.
What It Does: Puts a cap on the maximum number of bytes that can be read in a single search. This limit is important for managing data throughput and maintaining efficient use of storage and network resources.
Now that we’re familiar with the available settings in Cribl Search’s Usage Groups, let’s visualize how these settings can be applied to distinct personas or teams:
Challenge: Incident Response Teams often operate in a tiered structure. The lower-tier team members (the Initial Responders) handle initial assessments, while higher-tier members (Hunters) engage in deep and comprehensive investigations.
Challenge: Responsible for maintaining various analytics tools, the Sys Admin requires a broad but controlled access to data, focusing more on system health and less on specific data queries.
In essence, Cribl Search’s Usage Groups feature empowers teams with needed tools while maintaining efficient resource management. It ensures that each team has the search capabilities they need to succeed, all under a well-managed, resource-conscious framework.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?