The Observability Pipeline
We’ve tried several terms over the last year to describe our place in the market: log pre-processor, log processing engine, real time...
How to run your own Cribl Proof of Concepts
Tl;Dr – in v1.7 we introduced two very significant improvements that help you as a customer prove Cribl capabilities fast and efficiently....
Understanding Splunk’s New License Model: It’s Not the Pricing Model, It’s the Price Tag that Matters
I’m a product person. There are many, many key decisions in the life of a product that make it what it is,...
Estimating Capacity using LogStream
One frequent concern we hear is capacity anxiety: will this new source blow up my system? No matter the use case: IT,...
Practical Logs to Metrics Conversion With Cribl LogStream
When monitoring your infrastructure, applications, users, devices, sensors etc. you’re likely to be using a variety of data sources and a number...
Getting Smart and Practical With Dynamic Sampling
In the past we’ve written multiple posts about how Cribl helps you maintain visibility in high-volume/low-value scenarios without having to egregiously scale your...
Streaming Data Deduplication with Cribl
The Problem It’s not uncommon for machine data systems to send and receive duplicate or repeated events. This could be due to a variety of...
Trimming Unnecessary Fields from Logs
The author of a log has very different motivations from the consumer of that same log. For the author, they must conceive...
Helping Threat Hunters While Staying Compliant: Categorizing and Scoring AWS CloudTrail Events in Real-Time
AWS CloudTrail is a service that “enables governance, compliance, operational auditing, and risk auditing of your AWS account.” It continuously monitors accounts...
Context is King: Turning Ugly Logs into Rich Structured Events
Logs themselves often do not contain the necessary information in themselves to point an investigator in the right direction. Let’s say I’m...
Using Cribl to Analyze DNS Logs in Real-Time – PART 2
In a previous post we showed how to use detect data exfiltration with Cribl in real-time. The analysis focused on checking DNS labels from DNS logs...
Encrypting sensitive information in real-time with Cribl
If your machine data does not contain sensitive information, you don’t really need to read this – you got it all figured out. Just...
One of the more surprising realizations as we’ve started Cribl and started working with customers across all kinds of industry verticals is...
Update: Part 2 is now here The recent massive data breach at Marriot’s newly minted SPG (Simply Phucked Guests) program got me thinking...
Organizations with AWS footprint have many options to get data in to their log and event management platforms. So did we. Up...
A very popular use-cases for Cribl is routing of data to the best possible store. Given the types, costs and complexity of managing data...
Adding context with lookups is an awesome way to enrich your operational data. Whether you’re running simple searches or reporting on your...
One of the key problems with creating a centralized repository of logs is it also creates a single place where attackers can...
The need for operational & performance visibility grows at least linearly with your infrastucutre sprawl; The more data your VMs, containers, APIs,...