Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Perry Correll, Principal Technical Content Manager at Cribl, is passionate about the powe... Read Morer of observability and how, when done right, it can deliver operational insights into network performance. He has 30+ years of networking experience from early Ethernet to today's observability and held positions from SE to product management with leading organizations. Read Less
Frozen Is Only Good for Margaritas and Elsa, Not Your Critical Data!
It’s not new news that organizations are producing more data than ever. But, in order to take advantage of this data, it needs to be collected, stored, retained, and then, at some point, analyzed. Most analysis tools also act as the retention point for this data. While this may (at first) appear to be the best option for performance, it quickly creates significant problems. First, those systems were never designed for the scale of today’s growing volume of data, currently at a 28% CAGR. Second, analysis systems pricing is based on the volume of ingested data – just what is sitting there, even if it is not providing value. Finally, those license costs aren’t cheap (and can be prohibitive) and will just continue to climb, exceeding any budget.
Organizations started using the “frozen bucket” method as the data volumes grew and aged out. This allowed them to archive data from their analysis environment, helping to improve performance on live data, but only solved half the retention problem. It saved some space and money. But, pulling that ‘frozen data’ from the archives required a “thaw” process of entire files to make them available to the analysis system. While this wasn’t technically difficult, it was time-consuming, often involving long SLAs and additional ingestion costs. Additionally, many systems didn’t provide the capability to limit the data you were extracting selectively – it was everything in the “frozen” file or nothing.
Let me give you a real-life example we experienced. As Joe Friday said, “The names were changed to protect the innocent.” Actually, it’s to protect the guilty and keep our legal team off my back.
A large customer of ours had an IOC (an indicator of compromise) and needed to retrieve archived data to backtrace the event as part of their investigation. With their existing system, they would need to retrieve two weeks of data, approx. 26 TB. Their vendor told them it would take 24 hours (note: that was a part of the original SLA agreed to). The customer didn’t want to wait that long to address the issue, so they contacted our Product Team. It went something like this: “… you guys keep making all these promises about the capabilities of Search, now show me what you can do for real. Kind of a put up or shut up moment.” Oh, did I mention this was on a Friday night? No, really, it was.
So, the team started digging through the data. First, they realized the data they needed to examine was distributed across multiple regions – no problem! Cribl Search supports Federated search capabilities and can simultaneously query multiple data stores. Then, through some trial and error, they were able to locate the specific datasets in question. It was only a subset of the original dates, three days vs two weeks.
All of the above took about 1 hour between Cribl and the user. At this point, it was a simple matter of targeting the specific data, searching the data where it was, and then only retrieving the data of interest. It was only about 1.2 million events, not the original 26 TB. This data was then retrieved, had a little shaping, and was sent into the existing system of analysis for additional analysis – a total time of 1.5 hours. As you can expect, the customer was very happy with Cribl.
The bottom line is that with Amazon S3 and other similar cloud object storage offering pricing of pennies/GB per month, storing data in these systems and with restrictions on how it is archived and retrieved no longer makes sense. The best practice is to have the ability to separate your system of retention from your system of analysis. Basically, put your data wherever you want in a separate, cost-effective repository (like Amazon S3). Then, optimize the transfer of only specific datasets from storage into your analysis system instead of retrieving (umping) everything back into your analysis system. THAT is where Cribl Search shines.
Cribl Search is an innovative new approach to finding and accessing data regardless of where it is landed and in any format. As users embrace tiered data strategies and the reality of multiple analytics and security tools, Search provides a federated solution built to separate the query engine from a storage medium. This delivers a unified query interface in a familiar and ergonomic pipe-delimited language that reaches into existing object stores filled with messy, unstructured, or structured datasets. It retrieves data without moving it or having to index it first. In addition, the same interface can also connect to APIs, databases, or existing tooling and join together results from all these disparate datasets in comprehensive dashboards, scheduled searches, and alerts.
The power of Cribl Search lies not only in what datasets it can reach but also in its ability to discover and forward critical data to your systems of analysis with surgical precision. Targeting specific datasets helps avoid the cost of expensive storage inside a system of analysis. Thus increasing users’ scope of analysis without needing to ship, ingest, and store the data first. Plus, providing relevant, valuable data that are only routed for further analysis if necessary.
Suppose you always had a full-fidelity copy of your logs, metrics, and traces in Amazon S3. Ask yourself this: Would you still bring every event into your analytics systems? Would you truly need to keep terabytes of noisy, verbose, hard-to-search logs in your expensive analysis tools daily?
Data volumes are enormous and growing, but budgets are not. The percentage of data being analyzed will continue to drop due to licensing costs, giving organizations only two options to address this: get a bigger budget or be more intentional about how data is processed before ingesting into the analysis system. Cribl Search is a true game changer. You can now effortlessly identify and then collect specific datasets and forward them to different systems for advanced analysis, audit, and compliance. It is a tremendous value for anyone managing digital exhaust data at scale. By separating your system of retention from systems of analysis, you can optimize your budget in ways not previously possible. And, since the data is archived in the format of your choice, you’re free to use it however you’d like.
Key Cribl Benefits of Cribl’s Solutions:
Ready to learn more about Cribl Search?
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?