Cribl User Group Recap: New Integrations, Cribl Edge, and More

The Cribl Global User Group recently hosted Nick Tankersley, Ryan Conway, and Clint Sharp to share their knowledge with us for the meeting that took place on August 9th, 2022. Nick, Cribl Head of Product Management, showed the group Cribl Leader HA Architecture and talked about Edge on Windows. Ryan, Cribl Product Manager for Integrations, shared Cribl Integrations including, but not limited to, Parquet, additional Syslog formats, and Edge to Cloud integrations. Cribl CEO Clint Sharp gave the community an update on Cribl’s product growth and future vision. You can find additional details below as well as watch the video.

The next Global Cribl User Group is today (9/13) at 1 PM US/Pacific | 8 PM UTC. The topic for this month’s meeting is “Open Source Threat Intel with Cribl.” Check out the Cribl Community Calendar to stay up to date on all the events in the Cribl Community.

Nick Tankersley – Cribl Leader HA Architecture and Edge on Windows

Leader high availability provides a fault-tolerant architecture where leader failures lead to seamless failover to a standby leader. If the primary does go down, a standby will become the leader after 3 checks (30 seconds). A load balancer is needed and will need to be able to do health checks. In a primary and secondary design, when the primary goes down, the secondary will pick up the primary role. The load balancer will notice that the original primary is now unhealthy and the secondary is now the healthy server and switches over and sends the traffic to the new primary.

More Information can be found in the Cribl Docs.

In version 3.5, we launched Cribl Edge for Windows. Edge can be run on Windows Server 2016, 2019, and 2022. It is currently able to collect events from the Windows Events API as well as logs that are written to the file system. The focus is currently on the server-based OS with the roadmap of also being able to work on the workstations (Windows 10 and above).

More Information can be found in the Cribl Docs.

Ryan Conway – Cribl Integrations, Parquet Integrations, additional Syslog formats, and Edge to Cloud integrations

We currently have 90 integrations and the list keeps growing. We don’t just want to have the most integrations, but we want to monitor the integration to deepen your experience. Cribl integrations are for sources, collectors, and destinations.

Parquet format is used for big data storage benefits. Parquet reduces storage costs due to a smaller footprint. It is often used in Cloud-based S3 Object Stores. Parquet is a schema-based format. We introduced a Humio destination in 3.5.1. In 3.5.2, we introduced the SentinelOne DataSet Destination. Both are available with QuickConnect and Data – Destinations. We unveiled Stream Edge data into Cribl.Cloud in 3.5.0. This allows all Edge nodes to send data to Cribl.Cloud via TCP and HTTP. Also in 3.5.0, we supported non-transparent framing and octet-counting Syslog data (RFC 6587).

See our full list of integrations for Cribl

Updates from Clint Sharp about Cribl

Cribl Stream was designed to fill a hole in the industry by allowing you to route and transform data while controlling costs. With data scattered everywhere, Cribl Edge helps you search the data at the edge as well as ship the data to your destinations. This also allows you full fidelity application data available at the edge paired with Search. We knew we wanted to be a multiple-product company. Stream and Edge are part of the broader suite of products that incorporates Cribl Search. Search is unique in that it decouples data storage from data query and allows for federated search-in-place across your data regardless of where it resides. Cribl now has over 400 employees and the company and we continue to hire across all teams in order to better serve our customers.

The fastest way to get started with Cribl Stream and Cribl Edge is to try the Free Cloud Sandboxes.