Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Perry Correll, Principal Technical Content Manager at Cribl, is passionate about the powe... Read Morer of observability and how, when done right, it can deliver operational insights into network performance. He has 30+ years of networking experience from early Ethernet to today's observability and held positions from SE to product management with leading organizations. Read Less
Enterprises have enough data, in fact, they are overwhelmed with it, but finding the nuggets of value amongst the data ‘noise’ is not all that simple. It is bucket’d, blob’d, and bestrewn across the enterprise infrastructure in clouds, filesystems, and hosts machines. It’s logs, metrics, traces, config files, and more, but as Jimmy Buffett says, “we’ve all got ’em, we all want ’em, but what do we do with ’em”. Sad, but true, is in many cases, nothing.
The Observability industry and its tooling have evolved to a point where we are now able to collect more data than we can effectively analyze, with some enterprises reporting utilizing less than 2% of collected data. The other 98% typically gets routed directly to storage to review later, but in reality, this data is deteriorating in value as it sits. Its ability to answer critical security, performance, and system state questions quickly fades.
A key reason for this is that today’s IT architectures allow data to live anywhere, and as a result, it’s distributed across platforms and becomes too complex and/or too costly for teams to integrate all the data. And trying to search it all using legacy analysis tools is a struggle, if not impossible due to silos — data in different locations, on different systems, and in different formats. A better solution is needed.
Cribl Search is that solution– it compliments your existing systems with a new “search-in-place” capability, allowing administrators to search data where it sits, with no movement required. The primary use case we see at Cribl is providing visibility into the huge volumes of collected data, typically dumped into Amazon S3 buckets or the like.
It all starts with the data; as mentioned in many cases it is already stored in one or more S3 buckets, this is often the overflow of what didn’t fit within the ingest license. You know there are probably some good nuggets of information in there, you just need a simple, cost-effective way of getting eyes on it. So, let’s start there.
Start by defining a dataset in Cribl Search — this is the data you want to take a look at, first give it a name, maybe something like ‘SIEM data”, then identify the AWS bucket name and finally the authentication information. On that note, we strongly recommend using the AWS Assume Role option, then start the search and you’re off and running.
It is really as easy as that and should take you less than 5 minutes to launch your first Search. I did it in 2, see if you can beat me. Oh, by the way, if you forget a step or two, no worries as we have a built-in wizard to help you along. By default, the search will look for everything so you will need to prune it down a little, and with a few simple filters, you can focus your search. Maybe you’re looking for an IP address, hostname, location, time range, data type, or just a term… starting to get the picture? It gets even better once you have defined your search and validated the results returned. You can then simply append the operator ‘Send’ to your query and send the results anywhere using a regular HTTP Source URL.
Even better, by default the Send operator forwards the results to your Stream Cribl HTTP Source. Now with the data going to Stream you can clean it up, shape it, enrich it, and then forward it onto an existing system of analysis or even back into a new S3 bucket(s). Partitioned out with a structure to handle different types of data, this will greatly simplify managing and retrieval for future use.
The overall approach is to route the output from Cribl Stream back into an S3 or compatible storage location. The output may just be the raw data from one or more sources, being saved just to meet compliance requirements, other data may be processed (filtered) based on any specific requirements. The data is then routed into separate partitions in your bucket(s), as shown in the graphic below, simplifying any future investigations.
Diving a little deeper, we searched our data ‘dumpster’, shaped and segregated the data, and created separate partitions for the following sets of data:
Ok, but what about data not already in an S3 (or compatible bucket)? It’s still reachable, searchable, and actionable. Taking advantage of Cribl’s suite of products, Stream, Edge, and Search, you can reach into any stored data you have access to. In some cases, you can search it directly as referenced above, in other cases, you can leverage our Cribl Stream Observability pipeline to collect, shape, and then route the data to the bucket of your choice. So, no matter the starting or ending locations, Cribl Search has the solution to your data overload problem.
In either case, the result is the ability to create collections of specific datasets from huge volumes of data, then segregate them based on specific organizational, departmental, and security requirements. The segregated data streams are then routed to specific partitions within your object store. Ultimately eliminating the costs of dumping all raw data into multiple systems of analysis.
Data volumes are huge and growing, budgets are not. The result is the percentage of data actually being analyzed will continue to drop due to licensing costs. There are only two options to address this issue: get a bigger budget or be smarter about how data is processed prior to ingesting into a system of analysis:
For more information, visit our Search page.
If you want to keep track of what’s coming next, make sure to follow Cribl on LinkedIn, Twitter, or via our Slack Community.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?