Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and centralize access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Watch On-Demand
3 ways to fast-track your data lake strategy without being a data expert
Watch On-Demand ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›The newly released Cribl Search 4.2 brings enhancements that ease data management in today’s complex, cloud-centric environments. This update provides comprehensive compatibility with all major cloud providers – Amazon S3, Google Cloud Storage, and Azure Blob Storage. It also ushers in native support for Amazon Security Lake.
In this blog post, we’ll examine how new dataset providers enhance the value that Cribl Search delivers, out of the box. We’ll also walk you through our user-friendly, step-by-step guide to building and executing queries. Let’s begin!
The flexibility and scalability offered by cloud-based services are an absolute game-changer, making them an integral part of any data handling system. With Cribl Search 4.2, you can effortlessly navigate through your flow logs across all your cloud platforms, with queries as simple as:
dataset="aws_s3_flowlogs" earliest=-1h | limit 1000
This query selects from your AWS S3 flow logs dataset, limiting the search to the most recent hour, and to a maximum of 1,000 records.
Substitute “aws_s3_flowlogs
” with “azure_blob_flowlogs
” or “google_gcs_flowlogs
” to fetch data from your Azure Blob Storage or Google Cloud Storage account, respectively. Let’s try each of these:
dataset="azure_blob_flowlogs" earliest=-1h | limit 1000
Or:
dataset="google_gcs_flowlogs" earliest=-1h | limit 1000
This is great, but what if you want to search across all these datasets at once? Cribl Search takes federated search to a new level, allowing more efficient cross-dataset search and analysis.
By appending “_flowlogs
” to the end of each dataset name, you can use a wildcard to search across them all simultaneously:
dataset="*_flowlogs" earliest=-1h | limit 1000
Now, let’s take a real-world scenario. For instance, consider a situation where a network administrator wants to identify traffic patterns across different ports and datasets within the last hour. The following query provides a solution:
dataset="*_flowlogs" | limit 1000 | summarize flowcount=count() by dstport, dataset | extend port_and_source=dstport + ":" + dataset | project port_and_source, flowcount
This query operates in the following steps:
dataset="*_flowlogs
” – It starts by selecting all datasets ending with “_flowlogs”, allowing the network administrator to analyze traffic across all relevant datasets simultaneously.| limit 1000
– The limit operation restricts the data pulled to the most recent 1000 records. It ensures that the system only processes a subset of the data while we are building out the query.| summarize flowcount=count() by dstport, dataset
– The traffic across each port (dstport
) and dataset
is then counted, providing a clear view of the traffic volume that each port and dataset has been handling.| extend port_and_source=dstport + ":" + dataset
– To simplify the analysis, the query then generates a new column – port_and_source
– that combines the port and dataset into one easy-to-read string.| project port_and_source, flowcount
– Finally, it displays the newly created port_and_source
and flowcount
columns, giving the network administrator a clean, straightforward view of the traffic patterns.This is just one example of the countless applications of Cribl Search 4.2’s federated search capability, which makes data analysis easier and more efficient.
We’re particularly excited about Cribl Search 4.2’s native support for Amazon’s Security Lake. This powerful integration takes advantage of the open-source Cloud Security Framework (OCSF) and the efficient Parquet data format.
With this functionality, Cribl enables efficient querying, allowing you to filter and manipulate datasets at the source.
The query below accesses the Amazon Security Lake stage, limiting the search to the 100 most recent records:
dataset="amazon_security_lake_stage" | limit 100
And for an added layer of depth, use Projection & Predicate Pushdown to categorize and summarize data by disposition:
dataset="amazon_security_lake_stage" category_name="Network Activity" | summarize count() by disposition
To sum up: With Cribl Search 4.2, extracting meaningful insights from vast data lakes has never been easier. This latest release underscores our commitment to creating a flexible, user-friendly data exploration environment – irrespective of your chosen cloud platform or security solution. We can’t wait to see how you leverage these powerful tools to unlock new insights from your data.
Happy searching!
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.
We offer free training, certifications, and a generous free usage plan across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started. We also offer a hands-on Sandbox for those interested in how companies globally leverage our products for their data challenges.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?