Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
September 25 | 10am PT / 1pm ET
Hold my beer: lessons from one team’s data pipeline journey
Register ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›Case Study
“CRIBL SEARCH TO US IS ABOUT HAVING ACCESS TO ALL OF OUR DATA AT THE READY — NO MATTER WHERE IT LIVES, IT BECOMES ACCESSIBLE.”
CLOUD SOLUTIONS SENIOR ENGINEER
“CRIBL SEARCH BRINGS LIGHT TO THE DARK CORNERS OF OUR DATA AND ALLOWS US TO ACCESS DATA WE PREVIOUSLY DIDN'T KNOW WAS VALUABLE OR WOULD EVEN NEED TO BE SEARCHED.”
CLOUD SOLUTIONS SENIOR ENGINEER
“WE’RE A SAAS-FIRST COMPANY, SO USING CRIBL’S PRODUCTS DOESN’T FEEL NEW OR FOREIGN. IT’S EASY TO SEE HOW THE PERMISSIONS BOUNDARIES WORK, SO IT'S PRETTY MUCH UNDERSTOOD THAT WE CAN TRUST IN THE SECURITY OF THE PLATFORM.”
CLOUD SOLUTIONS SENIOR ENGINEER
Share:
This IT Services Organization originally brought Cribl Stream into their company to help them with their data onboarding process. Stream simplified the consolidation of syslog-ng, some custom scripts, and other tools to make getting their data from source to destination easier.
“We refer to Cribl Stream as the conduit for our data — its pipelines keep everything flowing in the right direction.”
Cloud Solutions Senior Engineer
“The use of Cribl Stream was an integral part of these accomplishments. It allowed us to collect and filter data from multiple sources, then route the results to each agency's secure destination in their preferred format and schema.”
Cloud Solutions Senior Engineer
In his efforts to bring maximum value to his organization, the cloud solutions engineer has given some well-received demos over the years to his management team, mostly around technical use cases for Cribl. He’s had a lot of success so far, but he’s even more excited for his next demo that’s centered around cost savings.
He’s tested out the case for using Stream to filter the data sent to their Virtual Security Operations Center (VSOC). He’s sending what he calls “decision ready data” meaning they are only sending events that their security product is tuned to look to populate correlations and identify anomalies. In the past, the team has had to send the full logs, which causes the price per gigabyte costs to add up extremely quickly.
“By using Stream to filter the data that goes to our VSOC, we’ll end up with a 99.99% reduction in the amount of traffic we have to send. The cost savings are massive.”
Cloud Solutions Senior Engineer
Shortly after taking advantage of Cribl Stream, the cloud solutions engineer was notified of an organizational shift that would move their VPC flow logs from Cloudwatch into S3, where they would become unsearchable.
VPC flow logs are significant for operational troubleshooting and trend analysis — they can point to fundamental network issues and be used for trend analysis to spot potential issues, so having continued access to query them is important.
But from a cost perspective, sending them to Splunk didn’t make sense, so the team decided to bring on Cribl Search. They were able to take advantage of the cost savings and keep the ability to search their VPC flow logs in their new location.
The transition was pretty smooth:
“We set up the POV for Cribl Search before the cutover to S3. Everything worked out perfectly timing-wise — we had the implementation done on day one of the cutover and never lost the ability to search our data.”
Cloud Solutions Senior Engineer
The cloud engineer has also had some personal wins since bringing Cribl Search into the fold. As an admin of multiple tools, it has helped him troubleshoot some longstanding issues, including a potential problem with a load balancer that needed a deep dive.
He knew that the company’s ELB logs were somewhere in S3, but they weren’t onboarded into Splunk, and he had no way to query them — until he remembered that he had Cribl Search in his toolkit. He pointed it to that S3 bucket and easily added a data source to be searched.
This is just one of many occasions where Cribl Search came in handy.
“There have been incidents where searching data was needed as soon as possible, but we weren’t always in a position to grab data and replay it without creating custom scripts or using up dev time. With Cribl Search, we now have immediate access to that data.”
Cloud Solutions Senior Engineer
“Previously, the only option was to dump data into some long-term storage just to have it, knowing we’d never realistically ever search it. Cribl Search changes the game — now we can be confident in our ability to access any data when we need it.”
Cloud Solutions Senior Engineer
“The flexibility with Cribl.Cloud’s consumption-based licensing is great, as opposed to feeling like you could be throwing away money if you don't use your exact daily license somehow. It was an easy transition for us, and we’re very happy with how it worked out.”
Cloud Solutions Senior Engineer
There’s no one-size-fits-all approach, but the best way to migrate to Cribl.Cloud in most cases would be to get all your ducks in a row and then just do a cutover. The cloud engineer did things a little differently in that he started moving individual data sources over one at a time — but he wanted to be sure everything worked as he cut over each piece of their architecture.
The cloud solutions engineer also tore down and rebuilt worker nodes instead of cloning the existing ones to help flesh out their process, which showed him how easy it was to deploy new ones.
“You don't really have to put too much thought into creating new worker nodes in Cribl Stream. You just deploy a server, run the script and it's done.”
Cloud Solutions Senior Engineer
Having Cribl Stream and Cribl Search has helped the company define its multi-tier data architecture. Useful data goes through Stream, and cold data is left in place while still being able to query it. Getting data out of Search and back through Stream is simple. Their scheduled searches aggregate large datasets and then export a summary result through Stream back to Splunk.
If they were trying to crunch the data in Splunk, they’d have to run long, exhaustive searches there, summarize the data, and then display it on a dashboard. Instead, they can just look at the data as they get it out of Cribl Search.
“It goes back to the cost of having all that data in Splunk — not just the ingest, but the disk space as well. The cost of ingesting the results from Cribl Search into Splunk is practically nothing. You could analyze a terabyte worth of data and then summarize it into a couple of kilobytes.”
Cloud Solutions Senior Engineer
The cloud solutions engineer has even more plans for Cribl in the future. Moving their firewall logs would be a net positive for the organization which would incur some additional costs up front. But he’s confident management will understand the value, especially since they originally brought in Stream solely for source-to-destination routing and have gotten so much more out of it since.
When they first brought in Stream, they weren’t doing any reduction or transformation, but now they’re using Cribl functions to make data that was previously just being pushed straight through more usable and relevant.
He’s also trying to frame up using Cribl Stream to get metrics out of all of the company’s AWS accounts at scale. He has a vision for configuring organization-wide metric streams, where all their AWS accounts are consolidated, and all their metrics are in one location. All that data will be pushed through Stream, converted from JSON metrics into a Splunk metrics format, and then sent into Splunk to create dashboards. They’ll also do additional analysis on that data, looking for anomalous trend changes and other IoCs.
And while he is currently only using Cribl Search and Stream to discover, route and analyze data hosted in Amazon cloud storage, searching data hosted in Azure and Google clouds are on the horizon.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s vendor-agnostic solutions to analyze, collect, process, and route all IT and security data from any source or in any destination, delivering the choice, control, and flexibility required to adapt to their ever-changing needs. Cribl’s product suite, which is used by Fortune 1000 companies globally, is purpose-built for IT and Security, including Cribl Stream, the industry’s leading observability pipeline, Cribl Edge, an intelligent vendor-neutral agent, and Cribl Search, the industry’s first search-in-place solution. Founded in 2018, Cribl is a remote-first workforce with an office in San Francisco, CA.
Learn more: cribl.io
Try now: Cribl Sandboxes
Join us: Slack community
Follow us: LinkedIn and Twitter
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?