The Cribl Packs Dispensary – A Place to Share and Care

Last edited: July 5, 2022

Building Packs is good. Sharing Packs is better! The Cribl Pack Dispensary is the go-to place to find, install and share Cribl Packs. What are Packs? A Cribl Pack is a collection of pre-built routes, pipelines, data samples, and knowledge objects. Packs enable sharing of best-practice configurations that route, shape, reduce and enrich a given log source–Palo Alto Networks logs for example. Packs can be used with Cribl Stream and Cribl Edge.

How do you create a Pack? Good question: Here’s a How-To blog and video on Pack creation.

For this blog, we’ll show you how to navigate the Pack Dispensary and how to add a pack to your Cribl deployment.

Locating the right Pack is key. The Search feature makes this easy. Add “Palo Alto Networks” to the Search field , and you’ll find results for the Palo Alto Networks Pack.

Search for “Microsoft” returns several Packs and highlights a key feature – both Cribl-authored and community-authored Packs are available in the Dispensary.

A teal title banner and Cribl logo designate the Cribl-authored Packs as you see on Microsoft Windows Events Pack above. Packs authored by our illustrious community members sport a gray banner.

The Dispensary was built to support thousands of Packs. Filters are key to narrowing the search. At the top of the left-hand navigation bar, the “Built by Cribl” toggle identifies Cribl-authored Packs. Filters and the search criteria are combined together to further narrow your search.

Packs can include Pipelines that contain Custom Functions. Custom Functions can run JavaScript. The “Exclude custom functions” toggle filters out Packs using Custom Functions.

Some organization security policies require that “custom active code” not be used. This toggle enables organizations to easily identify those Packs they can and cannot deploy.

The Use Case filter highlights Packs excelling in each of these areas. “Enrichment” for example, showcases the CrowdStrike Pack.

This Pack includes an option to use Redis for the aggregation and enrichment of the ComputerName and other asset data via a Lookup. The Pack README provides a great visual.

Adding a Pack from the Dispensary

Adding a Pack is easy. From the Manage Packs page, click on “+ Add New” button. Select “Add from Dispensary” – you will see a familiar UI. Click on the CrowdStrike Pack, then click “+Add Pack” button. Now explore the Pack!

Packs are a great way to get started, use best practice Stream/Edge capabilities, and see the immediate impact they can make on your observability operations.

Start Packing!

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

Previous articleNext article