x

Announcing the Winners of the Cribl Packs Contest

August 10, 2022

It’s time for the Black Hat conference in the United States, so we’re onsite meeting with customers and prospects looking to untangle their data from the grip of vendors holding their data hostage. We aim to start a rebellion against this lock-in and encourage customers to focus on radical choice and control with their observability data. Pushing back against “The Empire” is challenging, but you can achieve it with Cribl Stream and Edge. Cribl Packs are another way we enable customers to quickly achieve results and see a fast ROI on their investment.

Back in April, we launched the first Cribl Packs Contest! Cribl Packs enable easy sharing of complex Cribl Stream and Edge configurations (i.e, Routes, Pipelines, Sample Data, and Knowledge Objects) across multiple Worker Groups, Fleets, and organizations. It is as easy as adding a specific Pack to your Stream and/or Edge deployment. Packs are a great way to share expertise and lighten the administrative load for working with Cribl products.

Submissions had to fit within one of the following categories:

  • Best Technical
  • Most Popular
  • Highest Impact

After looking at the submitted packs to ensure they met all qualifications, we asked our panel of judges to score the apps based on a set rubric outlined at the launch of our contest. We’re excited to announce the winners of the voting!

  • Best Technical: cc-synology-events (Pavel Lineitsev)

The Cribl Pack for Synology NAS processes events with the following goals in mind:

  • Events are received via syslog directly from Synology NAS
  • The pack is designed to send logs to the Splunk destination, so it embeds some additional information in the events:
    • Splunk metadata (index, sourcetype, host)
    • Fields are named according to the Splunk Common Information Model (CIM), so it will work with Splunk Enterprise Security out of the box
  • Reduction of events by trimming the Syslog header, removing unnecessary fields, and dropping logs about suppression.

You should expect a 10-30% reduction in your Synology NAS log data size.

  • Highest Impact: cc-tanium (James Curtis)

This pack is targeted for the Collection and Processing of Tanium Events. Use this to help pack to help normalize Tanium Connect Data, and reduce Tanium All Asset Reports by approximately 20%. Every time we solve interesting use cases, we intend to add them to this knowledge pack.

But we didn’t stop there. We wanted to make sure that our community got involved, so on June 18th, we opened the voting for the most popular category up to the Cribl Community. Drumroll… And the winner is:

  • Most Popular: Microsoft DNS Flat File Debug Logging (Clay Curtis)

This pack parses flat file debug message logs from Microsoft DNS Server.

Congratulations to our winners!

But wait, there’s more. We’d also like to call out special mentions to friends of Cribl, JP Bourget and Joe Moore for their Checkpoint and Templates packs. They are not yet on the Cribl Dispensary, but we expect them to show up soon, and you’ll want to check them out! Both are officially considered Honorable Mentions for the contest. We’d also like to say a GOAT-tastic thanks to James Curtis for submitting four packs to the Dispensary thus far!

Packs were added to Cribl Stream in version 3.1, and we launched the Cribl Packs Dispensary last August. Since then, we’ve been blown away by some of the unique ways Packs are used. If you aren’t yet using Packs, now is a great time to start! Packs reduce the overhead of building and sharing Cribl Stream and Edge configurations while reducing cost, complexity, and time to manage observability pipelines. The great Yoda once said: Difficult to see; always in motion is the future. Thankfully, with Cribl by your side, your data in motion is easy to see, re-route, replay, and reformat. Congratulations to all those who submitted Packs! Be sure to join the #Packs channel in the Cribl Community, and make plans to join our Cribl Office Hours on 9/7 if you want to learn more about these packs.

Launch the Cribl Packs Dispensary

.
Blog
Feature Image

Mastering Tail Sampling for OpenTelemetry: Cost-Effective Strategies with Cribl

Read More
.
Blog
Feature Image

The Stream Life Podcast 110: Microsoft Azure + Cribl – Better together

Read More
.
Blog
Feature Image

Rethinking Security: Why Organizations are Flocking to Microsoft Sentinel

Read More
pattern

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

box

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?