March 22, 2022
We’ve come a long way in a short time and that is thanks to you, our customers. Cribl set out to listen to our customers and use that to guide us forward. Today we’re announcing Cribl Edge, a next generation agent designed to to scale your most precious commodity; you. We’re also announcing a name change to the product formally known as LogStream. Now, as with all our releases, it doesn’t stop there. We have some upgrades that all go towards allowing you to scale. But first….
Cribl’s flagship product has always been all about data reduction. In this release, we’ve redacted an impressive 33% of characters from the name of the former LogStream – behold Cribl Stream! The name change reflects our maturation beyond processing logs, to also handle metrics and traces. No promises, but we might ultimately end up with something closer to this:
Cribl Stream 3.4.0 builds on our commitment to providing the fastest time-to-value for building and deploying production-ready Observability Pipelines known as Cribl Packs. With this release, we are excited to announce the official Cribl Packs Dispensary. This is a single location for browsing and installing Cribl Packs that include all the elements necessary for solving some of the biggest data problems in IT and security.
The Packs Dispensary is a public repository of all Cribl-built and community-contributed packs. Packs contain valuable Routes, Pipelines, and Knowledge about specific data sources and formats. They enable you to instantly restructure complex windows XML logs, reduce the noise in syslog, or optimize Cisco ASA logs – all in minutes, without having to author your own Pipelines, craft any regexes, or build a single lookup.
Pack publication is open to anyone who wants to contribute to this growing community. Find new packs, or become a pack publisher, at http://packs.cribl.io.
Data reliability is essential in the world of observability – losing data is not an option. After all, if you lose the data, you don’t get to choose what happens to it. In order to provide a more reliable and resilient Observability Pipeline, Cribl Stream 3.4.0 now supports persistent queuing on data sources.
Source side queuing creates a buffer based on the incoming data instead of being beholden to the slowest receiver of the data. This is the most efficient way to ensure that all data collected is persisted and processed. This new feature builds on our existing Destination-side persistent queueing, offering improved data resiliency from sender to receiver.
We’ve received numerous requests over the years, but maybe the most common ask is to provide support for Windows Event Forwarding. Cribl Stream 3.4.0 has added a new, native Windows Event Forwarder (WEF) Source.
WEF provides Windows admins with a safe and reliable way to collect, process, and route Windows logs without extra servers or agents. The WEF Source for Cribl Stream and Edge supports TLS authentication, and enables you to add custom WEF subscriptions directly through its UI.
In addition to the Windows Event Forwarder, Stream now ships with a dedicated Datadog source for collecting metrics and logs from the Datadog Agent. We’ve seen incredible growth in customers using Stream as the Observability Pipeline for collecting and routing data to Datadog and this new source makes it even easier to integrate the DataDog agent into your full Observability story.
Stream 3.4 also ships with an updated Elasticsearch API Source and Destination, which now supports Elastic Endgame agents and Elastic agents managed by Elastic Cloud. The Elasticsearch Destination now supports sending to Elasticsearch data streams, making Cribl Stream a plug-and-play part of the Elastic data ecosystem.
The new Stream Value Dashboards uplevel Stream’s Monitoring views to provide more data about your data.
Value Dashboards show overall daily license usage, overlaid on trendlines that show average usage going back 30 days to one year. These new usage dashboards include markers to indicate version and/or config changes, helping you see how they affect data flow.
Stream Value Dashboards also provide details about top Sources, Destinations, Pipelines, Routes, and Packs. In all, you’ll get a better understanding of how Stream is being used in your environment.
We’re excited to get these upgrades and enhancements into customers’ hands. If you’re new to Cribl Stream, and to the concept of an Observability Pipeline, we encourage you to try our free Sandboxes. Each includes a full version of Stream in the cloud, with preconfigured data to help you try out specific features. You can see how easy it is to take control of your logging infrastructure to improve system performance, slash costs, and route observability data into the destinations that matter most.