Cribl Search helps find and access data regardless of the format it’s in or where it lives. Search provides a federated solution that reaches into existing object stores and explores data without moving it or having to index it first. This same interface can also connect to APIs, databases, or existing tooling, and can even join results from all these disparate datasets and display them in comprehensive dashboards.

Queries can also be scheduled, allowing practitioners to automate data analysis and save valuable time. By scheduling searches you can aggregate data, compare/contrast results, identify anomalies, and even analyze long-term trends. Effectively you can now automatically monitor systems and even be notified based on the results of the search. Notifications can be sent to one individual, a whole team, or multiple teams.

Sounds great, but what does this look like in practice? Instead of manually running a search to gather information about login attempts and failures, you can schedule a search to be executed automatically at midnight on the first day of each month or schedule of your choosing. Or, you can take the “only bug me when I need to be aware of something” approach by sending notifications based on evaluating the search results against a specific condition, like the number of a specific type of event detected. This helps you stay informed about important events with no manual effort.

Cribl is all about optimization, choice, and making administrators’ lives easier. Automated notifications provide the needed alerting capabilities to address operational issues when they occur. In keeping with the choice message, we offer administrators notifications via Amazon SNS, PagerDuty, Slack channels, Webhook, and now email, too – providing the ability to respond to critical events quickly.

Did I say simple? It’s only a 5-step process, ok, maybe 6:

Note: First you must configure the Email Notification Target as an option, basically, you define the SMTP server information, and we’ll shortly be adding an out-of-the-box email cloud server to make it even easier. Feature and security requirements will vary by organization, but you can even use your Gmail account if so desired, full configuration information is available here.

1. Write and then Save Your Query – give it a name and meaningful description.
2. Toggle Schedule On – sets the run frequency (minutes, hours, days… whatever you need)
3. Toggle Notifications On –
   1. Set a trigger condition, a boolean expression (example: results > 7)
   2. Configure notification message payload, where you can define what information/ fields to include in the notification. Up to 1000 characters.
4. Select a Notification target – select Email from choices (SMS, PagerDuty, Slack Webhook)
5. Then Save – that’s all there is to it.

For in-depth guidance, check out our docs.

Conclusion

Email has been a standard in organizations for many years. It’s ubiquitous, and when customers ask, Cribl delivers. Notifications sent via email are the easiest way to reach folks; IT and security teams, executives, and other personnel who may not typically access data management tooling on a daily basis but want to be notified when specific events occur. Now everyone can be informed and take immediate action if needed.

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.