It’s been about 8 months since we first launched Cribl Search. For our early adopters, it’s been a game changer, and with each monthly release, we continue to innovate — expanding access to new datasets and adding new functionalities.
If Crib Search is new to you, here is a quick recap. Cribl Search flips the observability data search paradigm on its head. You no longer have to collect, ingest, and index your data before you can search it. Cribl delivers Search-in-Place, where administrators just point Cribl Search at the data using a single, simple query and search engines are dispatched to all the data stores, to find data-at-rest.
Our Summer ‘23 release continues this path of innovation, we’ve increased the number of searchable datasets by over 500%, supplemented the UI with user-defined dashboards, and rolled out authentication and automation services providing not only more control but simplification of the overall search process. Essentially, we’re resetting expectations for what future search tools should deliver.
The Observability landscape, like the universe, is constantly expanding and your ability to search this data needs to keep up. A few short months back we were limited to only a few searchable datasets; this has grown by more than 500% in the intervening months.
Cribl’s goal is to enable administrators to ‘search everything’ in order to unlock the value of all observability data and this summer release is a big step in that direction. Now, in addition to the ability to search Amazon S3 and Cribl Edge target, we have added default dataset providers of Amazon Security Lake, Azure Blob Storage, and Google Cloud Storage (and even simplified interactions between Cribl Search and Cribl Stream). Additionally, administrators now have the ability to Search API endpoints, with default configurations for Okta, Zoom, Google Workspace, Microsoft Graph, Amazon API Gateway, and Google Cloud. To round it out, Search can now auto-detect a bunch more datatypes, 10+ more! Just point Cribl Search to a set of data and automagically discover the types of data, apply parsing, and obfuscation, and even generate new fields on the fly as required.
The standard Search UI is a user-friendly interface providing a high level of functionality, however sometimes additional flexibility is required, that’s the purpose of the Dashboard feature
Dashboards are designed to provide a comprehensive and customizable experience for Cribl Search users, allowing them to create, manage and customize user-defined dashboards with ease. A variety of widget types and visualizations are available so you can tailor your dashboards to best fit specific requirements. Cribl always stresses the ability to choose what works best for you, not settling for ‘one size fits all’. So while one user might prefer to create their dashboard to monitor server performance using time series and event timeline widgets, another user may prefer to view/analyze another set of results with pie charts and top 10 lists. Dashboards are driven by Saved Searches – and you have the option for those Searches to be Scheduled (see below), which will automatically update dashboards as each Search re-executes on its own schedule. So the Dashboard can be left unattended (as on a NOC/SOC wall) and it will always be up-to-date.
While user-interactive searching (ad-hoc) is the most intuitive way of using Search, the lion’s share of the workload is actually via automated searches. Scheduled searches not only are a time saver, but more importantly, they can power dashboards, notifications, and data summarization to drive analytics and can even send data to Stream and other destinations on a scheduled basis. Cribl Search now offers both options, scheduled and ad-hoc as each has unique purposes and capabilities.
Additionally, we’ve added the ability to create external Notifications that can be triggered as the result of a Scheduled Search meeting a user-configurable condition. Administrators can set any Search to execute on a scheduled basis, and now automatically generate a notification if a defined condition is met. Currently, Search supports the same Notification Targets as provided by Cribl Stream: PagerDuty® notifications and customizable webhooks for integration into any arbitrary notification or automation product. (Additional Notification Targets will be forthcoming in future releases.)
If you’re an administrator, you’re responsible for the data gathered and need the ability to control who has access to that data. Cribl’s new authorization support gives you two levels of control:
Future Search releases will allow more fine-grained access control over Search objects and events within Datasets.
Stream administrators commonly use the lookup function to enrich events with external information, now they want this same capability in Search. Look(up) no further!. Now, Search users can use lookups to enrich their data results, providing additional value to query results. Lookups are provided by either uploading CSV files or by creating them via Search results using the new export Operator. Once lookups are created, they may be used in any Search by specifying a lookup field in the Search to match a column in the CSV. When that field matches, the Search results for that event are enriched with the other fields in the CSV file for that particular row.
As discussed above, Cribl Search allows administrators to query datasets based on API endpoints, but the advantage of APIs is not a one-way street. Most administrators just want more data, not another system for their teams to have to learn and manage. With inbound API access, Search services are now available via API, allowing administrators to integrate Search directly into their applications and services to automate search operations within existing workflows and applications.
Cribl Search is revolutionizing data analysis by enabling insights without the need for data transport or ingestion. As a newly developed product, there are many exciting directions we plan to explore. Innovation is an iterative process, and we will continually seek input and feedback from our customers and the market to quickly iterate our solution and stay focused on delivering value to customers. More capabilities are already scheduled for later this year, and if you are wondering what comes next, just check out our Cribl Community.
And remember, all of our products are complementary to customers’ existing tools and investments. We don’t seek to rip and replace. Rather, we seek to provide value to our customers, no matter what tools and solutions they have in place today.
The latest release of Search launched on July 17th, becoming instantly available to anyone with a Cribl.Cloud account, both licensed and free tier users! For more information about Cribl Search and all the other new features from Cribl, check out our Search product page.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a generous free usage plan across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started. We also offer a hands-on Sandbox for those interested in how companies globally leverage our products for their data challenges.