x
cribl-homepage_hero.jpg

Announcing Cribl Edge & Cribl Stream

March 22, 2022
Written by
Clint Sharp's Image

As Co-Founder and CEO, Clint leads the Cribl team and oversees product and engineering, s... Read Moreales and marketing, and general and administrative functions. In his role, he has led the team to several straight years of triple digit customer and ARR growth, achieved $100 million in ARR in less than four years–becoming one of the fastest infrastructure companies to reach centaur status–and secured more than $400M in funding from the world’s top investors. Clint brings a passion for bringing innovative products to market that deliver unmatched value to customers, which comes from his two decades leading product management and IT operations at technology and software companies like Splunk and Cricket Communications. His experience as a practitioner means he has deep expertise in network issues, database administration, and security operations, and he personally understands the fundamental challenges that enterprise IT and Security teams face. Read Less

Categories: Announcements

In 2022, administrators are still managing agents which collect data for observability and security the same way they did 15 years ago: typing in configuration files by hand. A lot has changed since 2006 when Amazon announced AWS. Instead of racking and stacking servers in data centers, we’re spinning up compute resources in a variety of forms – at the click of a button, or automatically through APIs. Storage has become ubiquitous and cheap in the form of object storage, and individual machines are nearly all virtual and backed by durable block storage.

Yet agents, the little pieces of software running in the background slurping up telemetry data and forwarding it along, have remained frozen in time. In the last 15 years, nearly all compute and storage have been transformed by management technology, but agent technology looks like compute and storage from way back: configured one instance at a time, by hand. Our customers have told us how time consuming and painful it is to have administrators stabbing around at handwritten configurations, tested on laptops with a hope and prayer that production still looks like the dev environment.

At Cribl, we’ve been asking a number of questions: Why can’t we grab application logs with zero configuration? If we configure by hand, how do we know if the logs on the production systems are even in the same place? How can we navigate remote systems graphically, just like our local systems, to see what’s available to collect? How do we see examples of what we might collect from the edge, and work with them interactively to ensure they’ll arrive at the destination properly? Why do we need to do the processing twice, once with the existing agent and another in the stream?

All these questions led us to realize that there is a huge need to innovate and modernize data collection. Enter Cribl Edge, the first fully manageable, auto-configurable agent designed specifically for collecting telemetry data at scale. Cribl Edge takes the best-in-class management technology built for Cribl LogStream and extends it to manage thousands of endpoints. Cribl Edge solves a huge pain point for administrators: managing data collection at scale.

Additionally, we have one more important announcement: Cribl LogStream is now Cribl Stream. Since our initial release in October of 2018, Cribl LogStream has come an incredibly long way. It’s not just about logs anymore, which is why we’re now dropping the log in recognition of the full capabilities of Cribl Stream. Cribl Stream is a best in class observability pipeline that works equally well on logs, metrics, and traces (oh my).

Cribl Edge scales down Cribl Stream to run on an edge node. That means all the functionality, like integrations to nearly every observability and security tool on the market, is directly available. Our rich, interactive, data-centric experience, with built-in data capture and interactive preview, is now available where the data originates. We’ve added support for collecting log data directly from the edge node, as well as system metrics. With one agent, we can feed a time-series database, SIEM, logging tool, and data lake.

In addition to providing a best-in-class agent, we’ve also looked towards how we can advance the state of the art. It’s difficult to know, as an administrator, all the places developers might be placing log files, and how they might be different from development to production. Cribl Edge automatically discovers log data being written anywhere on the file system, greatly reducing administrative burden on finding data to collect.

Additionally, we allow administrators to “teleport” directly to the edge node, and interactively explore the data present on that node. Edge presents system metrics, running processes, running containers, and open log files – replicating the experience we used to get from an interactive shell, in a controlled troubleshooting environment. We’ll continue to innovate on providing a best-in-class interactive troubleshooting experience.

Lastly, because Cribl Edge is the same technology behind Cribl Stream, all our Packs and configurations can be used with Cribl Edge. Users can start with Stream, and easily expand to Edge. Additionally, users may still wish to forward data through Stream for security or other reasons at no additional cost. Having thousands of edge nodes talking to various cloud services may be a security concern, so Edge can send data through Stream to provide a control point for centralized forwarding.

For people considering Cribl Edge or Cribl Stream, a perfectly reasonable question is: which product is right for me? Without hesitation, I would tell you to start with Cribl Stream. Cribl Stream works with your existing agents, and it can be up and running, and providing value, in minutes. Cribl Edge is a great way to push processing upward from Stream to the endpoint, and to make your environment significantly more efficient. There are workloads that are best suited to each product. Stream is best at centralized collection, reading from event streams, or receiving data from existing agents. Cribl Edge is best at collecting data directly from endpoints, and doing the processing at the edge.

Cribl Edge and Cribl Stream are priced the same, in the cloud, on-prem, or in hybrid configurations. If you are a Cribl Stream customer, you are a Cribl Edge customer. You can get started today. Ultimately, these products articulate the core value of what we provide to our customers: choice. We are here to help, no matter what your requirements are, and the software will bend and flex to meet your needs, no matter where you are.

Cribl Edge is a shining example of Cribl innovation. In a world where vendors are forming consortiums to try to minimize their engineering investments in data collection, we are looking at problems from first principles. We’re going where everyone else is ignoring, and living by our “Customers First, Always” value. Our customers are in pain and their other vendors are ignoring them. Cribl Edge is but one of the exciting new announcements we have in store for you this year. If you’re interested, you can sign up at Cribl.Cloud today, and Cribl Edge is included free up to 1TB of data per day! If you have any feedback, we’d love to hear from you in our community!

Join us tomorrow to learn more about Cribl Edge and Cribl Stream!

.
Blog
Feature Image

One Reason Why Your Nodes’ Memory Usage Is Running High

Read More
.
Blog
Data Chaos

Data Chaos MUST Be Curbed, but How?

Read More
.
Blog
Scaling Window Event Forwarding

Scaling Windows Event Forwarding with a Load Balancer

Read More
pattern

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

box