Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Perry Correll, Principal Technical Content Manager at Cribl, is passionate about the powe... Read Morer of observability and how, when done right, it can deliver operational insights into network performance. He has 30+ years of networking experience from early Ethernet to today's observability and held positions from SE to product management with leading organizations. Read Less
Technically speaking, observability offers visibility into the data being generated by your infrastructure devices, systems, and applications — but in reality, it offers the opportunity to see what’s happening, There’s no guarantee that you’ll get what you want; you have to set things up in a way that makes it possible for you to get the insights you need. In part 3 of our blog series on observability (Part 1 and Part 2), we’re going to look at how to get the most from your observability investment.
It’s kind of like going fishing for data — you’ll need the right rod and lures to reel in the kind of fish you want, and you have to be fishing in the right spot. Similarly, you’ll need the right observability infrastructure and tools in place to gather, route, and process the data so that you get the exact information you’re looking for. Not only do you need the right agents and pipelines in place, but you also need the right event buses, logs, shippers, API collectors, and analytics systems. Your strategy is just as important as your tools.
You wouldn’t take your fly fishing gear out into a lake if you were looking to catch a 500-pound tuna, so why choose your observability tooling before deciding on exactly what problems need to be solved and what type of data will solve them? A better approach would be to start from first principles and figure out your call to action. For instance, why do anything at all? What are you not able to accomplish with your data today that you want to be able to accomplish tomorrow?
Before trying to buy or build anything, consider what components of observability you already have – whether it’s a syslog server or a collection of millions of dollars worth of software. You might not have all the features, capacity, licenses, or storage you want, but chances are you already have some of the pieces in place.
Start with your hardware and software systems. Do you have IaaS up in the cloud? Are you using SaaS? Do you already have observability systems? If you have systems on a freemium contract with restricted capabilities, you may want to upgrade licenses. There might be some open source projects that you decided to use to build things on your own, but they’re still sitting on the shelf because you don’t have the staffing or the expertise — or let’s just be honest, the budget. Open source sounds like it’s free, but once you actually have to do something with it, you could run into unexpected costs, which can start to add up.
After you get an understanding of your current capacity and capabilities, you can start to think about what you need to move forward based on what needs are not being met today.
Get in touch with each department that has an interest in observability and figure out exactly what each of them needs. IT ops, AI ops, DevOps, and your SREs should all be able to tell you what they need or which tools they can’t live without. Make sure you don’t accept answers along the lines of, “Oh, I need everything!” mostly because you won’t be able to afford it, but also because that would involve way too much data, capacity, and processing. Chances are you probably can’t even store all of your old stuff, so it’s important to identify exactly which data is necessary.
After you get an idea of what everyone needs, you want to talk about the sources you are currently capturing data from. You probably have a syslog server and a bunch of other agents like REST APIs that are generating data. Log shippers, applications, network devices, and customers’ instrumentation that your software developers may have built will all collect and forward data at some level. Find out exactly what your stakeholders are missing — which events, metrics, or data do they need, and from which devices?
Then there’s the other side of the data pipeline coin: destinations. Where does that data you collect actually go? These are your log servers, systems of analysis, and storage that can be either on-premises or in the cloud, databases, search engines, APM, systems API collector, or any custom systems that were developed. Decide what might be missing here as well, and then figure out if all the data you bring in is being processed correctly. What are you not doing that the stakeholders want you to do? Is anything missing or duplicated? Do you have sufficient licenses and capacities?
Now that you know where data is coming from and how it’s getting to its destination, it’s time to optimize. You may have a simple setup with one set of agents connecting to a single analytics platform, essentially as a point-to-point connection, and that may be all you need. But if you have over 50 different destinations or a handful of agents sending data to 7 or 8 different systems of analysis, you want to stop and ask how it could be optimized. How much of that data is duplicated? And if those agents are doing totally different things, why change?
You might find it helpful to put something in the middle. An event bus, data bus — or pipeline, as we like to refer to it at Cribl — can take data from lots of different agents and sources and shape it while still in motion. That central location can serve as a manifold or distribution hub to send that data to different places, giving you the ability to replicate it identically if you need to. More importantly, you can shape it exactly the way the IT ops, DevOps, AI ops, or SecOps teams need it. If data is coming from the same source and one department wants all the information but another just wants a subset, you shouldn’t have to manage a whole set of agents to do that. With products like Cribl Stream, you can filter data, forward it, or take a full-fidelity copy of an event and send it off to cold, inexpensive storage. That way if someone ever needs it again, which is bound to happen at some point, you can easily go back and retrieve it for additional processing.
Keep in mind that no matter how thought out and tested your observability solution is, it might need to be altered as your requirements change. There are always going to be new types of data and analytics systems, as well as departmental or legal requirements and budget changes to adjust to. Because of this, it’s important to build an open observability solution that you can grow in scope, capacity, and capabilities as your enterprise grows.
Make sure to avoid vendor lock-in and proprietary tools that don’t “play nice” with others. Detach the idea of vendor functionality and storage being tied together. Data wants to be in open formats in vendor-neutral storage. To achieve maximum flexibility, focus on building your solutions with a vendor-neutral observability pipeline.
At Cribl, we believe in using the best tool for the job at hand, and that’s what we aim to help enterprises of all sizes accomplish.
We know there’s a wealth of interest in observability right now — the technology, the vendors, the hype/marketing, and the promises– and it has driven confusion, not clarity, around observability and the benefits it can deliver. Want to learn more? Check out our on-demand webinar: Observability: Everything You’ve Heard is WRONG (Almost).
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?