x
HEADER.A_1350x300

Accelerate Visibility and Analysis With New Cribl Search Packs

October 21, 2024
Written by
Perry Correll's Image

Perry Correll, Principal Technical Content Manager at Cribl, is passionate about the powe... Read Morer of observability and how, when done right, it can deliver operational insights into network performance. He has 30+ years of networking experience from early Ethernet to today's observability and held positions from SE to product management with leading organizations. Read Less

Categories: Cribl Search

Our new Cribl Search Packs give you a framework for packaging, sharing, and installing config bundles that align with a given data source or use case. Similar in concept to our original Cribl Stream Packs framework, Cribl Search Packs help users find value in their datasets more quickly across common use cases.

In fact, Stream Pack users were a powerful driver in the development of Search Packs. Many of our internal and external users requested similar capabilities for Search, given their familiarity and experience with the value of the original Stream Packs. That’s all we needed to hear, and we got to work!

The Stream Packs were a way for Cribl Stream customers to build and share configuration models – including pipelines, lookups, data samples, and knowledge objects – across distributed Cribl Stream deployments. They reduce the overhead of building and sharing Stream content while reducing cost, complexity, and time to manage observability pipelines. (If you’d like, check out our original Cribl Packs concept video.)

As with the Stream Packs, Search Packs can be distributed via the Cribl Dispensary, manually shared between users, or accessed from some shared repo (for example, GitHub).

The primary goals of Cribl Search Packs:

  • Accelerate data visualization and time-to-value with pre-built content that covers common use cases. Going from zero to one is often the largest hurdle for new users to get started with new datasets (from parsing the data, to searching, to building dashboards). With Packs, you get pre-made content, allowing you to quickly implement solutions and see results faster. Downloading Search Packs takes only seconds.
  • Educate on what’s possible with Search. Search Packs offer a series of dashboards that demonstrate multiple use cases, like analyzing network traffic, scanning system logs, detecting threats, monitoring user activity, and more. They show how you can apply Search in real-world scenarios quickly, especially those that align directly with your data and use cases.
  • Provide reference examples that you can use on day one. Users are encouraged to install Search Packs to gain experience and then “reverse-engineer” it to present their specific organizational requirements and accelerate their knowledge of Cribl Search capabilities.

Search Packs mean more users can take advantage of Search, without the learning curve or having to become a Cribl Search expert. They reduce cost, complexity, and ramp-up time and shorten the time to value in managing their Cribl environments.

Packs Available Now: What can they do for you out of the box?

At launch, Search Packs include one or more predefined dashboards and/or panels providing visibility and monitoring of your Cribl environment (and not just Search-related activity). We are launching a series of Search Packs with multiple dashboards providing content designed to demonstrate their capability, functionality, and value. This is just the start as we will continue to develop and post new Packs in the coming months. Check out the series:

Cribl Search Activity

  • The Cribl Search Activity Pack gives you visibility and analysis of the search activity and credit usage within your Search instance. This includes key insights into the types of searches, the users executing these searches, and the credit consumption across each. Use this information to understand usage profiles, identify misconfigurations, and project annual credit consumption. The dashboards search the internal Cribl_logs for your Cribl instance and include a user Search activity dashboard and a credit usage dashboard. This information shows you what is running from a search perspective.

Cribl Sample Data Pack

  • This Pack showcases the value of different Search Packs by searching the built-in Cribl Search Sample datasets. It includes 3 dashboards that map to data contained in the cribl_search_sample dataset.These pre-built dashboards provide immediate insight into different datasets, including:
    • Sample Data Access Combined: Shows who is doing what, providing visibility into users and their activity – including total users, unique users, event counts, status codes, and more.
    • Sample data syslog: Shows example syslog statistics, including events, applications, hosts, trends, and patterns.
    • VPC Flow Logs: This tool enables you to capture and view the IP traffic going to and from your VPC’s network interfaces. The dashboard includes information on total traffic and actions (accept/reject), top sources/destinations, trends, and more.

CriblVision for Stream

  • This Pack helps you monitor and troubleshoot your hybrid Cribl Stream deployments. It is a collection of dashboards and configurations that transform how you monitor and troubleshoot your Cribl.Cloud deployments. Imagine having a troubleshooting buddy who understands the nuances of Cribl deployments like a pro. That’s precisely what CriblVision is all about. CriblVision includes targeted troubleshooting dashboards crafted with care to address the precise product areas that have posed recurring issues. These dashboards are the fruits of countless hours spent by our engineers to make troubleshooting your deployment as easy as possible. CriblVision serves up visualizations and insights to monitor and troubleshoot your deployment.

Dashboards Provided in This Pack Include:

  • HealthCheck: This gives you a high-level overview of your deployments’ health. It checks for common issues you should be aware of in your Stream environment. This includes visibility into CPU, memory, input/output, and destination status, as well as worker process actions.

  • Log Statistics: Quickly surfaces log-level trends and helps you troubleshoot issues with your worker nodes. This includes seeing warnings, errors, and overall information across all channels.
  • Volume Metrics: Provides a breakdown of dataflows in your Stream environment and with detailed analysis per route. Easily see route metrics on input, outputs, and % reductions per worker group.

  • Data Reduction Value: This report compares data ingress versus egress values. It provides an input box where you can specify the dollar amount for each GB of data and clearly shows your ingest savings for your downstream analysis tool.

Cribl Copilot

Since we’re on the topic of dashboards, let’s mention that Cribl’s recently introduced Cribl Copilot – an AI-augmented productivity enhancement to the Cribl portfolio that speeds time to value and accelerates your team’s efficiency – now supports building dashboards. Select the “Add Dashboard” tab, and Copilot will assist you in creating a dashboard from scratch or edit an existing one. It can provide options and even recommend new dashboard panels. Give it a try today!

Now It’s up to All of Us

Seasoned tech professionals focus on results, not necessarily the process, so anything that gets to the results faster is always a win. Cribl launched Packs years ago, offering a framework that simplifies how Stream customers could build, reuse, and share configuration modules – including pipelines, lookups, data samples, and knowledge objects. Now, we have added Cribl Search dashboards to that lineup. Cribl Search Packs aren’t just a tool – it’s a shift in the way data can be consumed and empowers you to take the reins of troubleshooting and monitoring with Cribl supporting you in the background.

In a nutshell, Packs are a collective endeavor among our engineers, users, and broader community. Together, we’re transforming the way you troubleshoot and monitor Cribl deployments. Your unique perspectives and contributions will drive this evolution forward. So, let’s embark on this community-driven journey where innovation knows no bounds.

Want to know more about Cribl Search?

Check out the Search Sandbox

Search Packs documentation

Create your own Cribl.Cloud account – it takes 2 minutes, and it’s FREE!

Check out Cribl University, where training is always free


 

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

.
Blog
Feature Image

Cribl and CrowdStrike Partner to Transform Data Management for SIEM Solutions

Read More
.
Blog
Feature Image

Mastering Tail Sampling for OpenTelemetry: Cost-Effective Strategies with Cribl

Read More
.
Blog
Feature Image

The Stream Life Podcast 110: Microsoft Azure + Cribl – Better together

Read More
pattern

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

box

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?