The Cribl blog covers Observability, Big Data Analytics, Data Streams Processing... and anything else we feel like writing about!
When I worked as an information security practitioner, I spent most of my time responding to and investigating alerts. These alerts were from various tools such as next-generation malware detection and prevention systems, web proxies, firewalls, and email filtering appliances. Occasionally, as part of triage, I’d need additional context surrounding the users’ or machines’ activity […]
Global Keyword Search (aka CLUI) was introduced in LogStream 2.4.0. This feature enables the user to press Ctrl+K (all platforms) or Cmd+K (MacOS) and search across LogStream objects by keyword. This article describes how we built it and the engineering choices we made.
Key Management System (KMS) support was added in LogStream 3.0. In this version, integration with HashiCorp Vault was added, along with the default local filesystem KMS option. This integration allows customers to offload management of secrets used by Cribl LogStream to an external KMS provider The KMS feature can be used to improve the security posture of your LogStream deployment.
On distributed LogStream deployments that can span hundreds of nodes, it becomes a critical feature to be able to upgrade all the nodes to the latest version in an automated fashion – without having to upgrade each node one by one, or leverage bash scripts to automate the upgrades. Here, we discuss how we leveraged our internal jobs framework to automate worker node upgrades.
In this post, we’ll compare the performance-price ratio of compute-optimized AWS instances built on: Intel, AMD, and Graviton2 (ARM64). Let’s start with the results.
This is a short blog post about how we used AppScope to identify and resolve a DNS-related problem reported by one of our customers … and it is a fact that it’s always a DNS problem, except when it isn’t :).
Previous experience with Protobuf was just painful, to be honest. How complicated is this? Worth doing? All of which caused me to think about how to analyze gRPC. Since AppScope extracts payloads from network activity, could we see gRPC and Protobuf details?
This article is an overview of interposition mechanisms used to build AppScope - it will be of particular interest to developers who love to maximize their apps' performance.
AppScope is an application-centric instrumentation and data collection mechanism. With one instrumentation approach for all runtimes, AppScope offers ubiquitous, unified instrumentation of any unmodified Linux executable. It's equally useful for single-user troubleshooting or monitoring distributed deployments. So how does it work?
As 2020 comes to a close, I have spent some time reflecting on some of our engineering achievements and, more importantly, lessons of the past few years. I am documenting them openly as much for our current Criblanians but also for those who are considering joining us.