Fundamentals of Searching Observability Data: Understanding the Search Process Can Save Time, Complexity, and Money!

June 15, 2023
Written by
Perry Correll's Image

Perry Correll, Principal Technical Content Manager at Cribl, is passionate about the powe... Read Morer of observability and how, when done right, it can deliver operational insights into network performance. He has 30+ years of networking experience from early Ethernet to today's observability and held positions from SE to product management with leading organizations. Read Less

Categories: Events

On June 28th I will be hosting a webinar, ‘The Fundamentals of Searching Observability Data’. So why should you attend? Because things have, and will continue to change in the way we manage the IT data collected across the enterprise.

A recent study shows that enterprises create over 64 zettabytes (ZB) of data, and that number is growing at a 27 percent compound annual growth rate (CAGR). The scary part? The volume of data is expected to reach around 175 ZB by 2026– that’s almost 3x the amount of data generated in just 3 years!

If this wasn’t challenging enough, typically enterprises utilize less than 2% of data. The vast majority goes unseen and unused directly into a data store because it’s too expensive and impractical to search.

Think about it: You’ve got to collect data, pay to move and store it somewhere, and then query it — all while hoping you find the needle in the haystack.

Get Your Free Copy of Searching Observability Data for Dummies Just for Attending!

Cribl Search for Dummies

On top of all that, tools today struggle with performing universal queries. Our ability to generate data has outstripped our ability to collect, search, and analyze it. Today, you’re limited to collecting only what you can afford to ingest, as set by licensing limits. You need an alternative to existing search tooling. The answer is to leverage capabilities that internet search engines have been using for decades.

All search tools, from Grep to Google are designed to help you find something, providing different levels of query service. Some tools are simple, specific, and free while other tools provide greater levels of service but cost a pretty penny. Each has its use cases, but what if you could combine the power of both to optimize searching your observability data and save some serious money at the same time? When searching observability data it is critical to get the right answers (and as soon as possible).

There are many search tools available and none are perfect; all have advantages and disadvantages. The key is understanding the processes involved and then selecting the right solution(s) for your specific needs. You need to understand what you are looking for, the data, and where it comes from. Then determine who needs to see what. Different teams have varied requirements and multiple analysis tools, so getting the right data, to the rights systems, at the right time is critical to getting the right answers

Then what about search best practices? Is there only one way to search or might it vary by use case? Ok, spoiler alert – the answer is, it depends. But no worries, in this session, we go back to the basics of search engines, starting with the data and then progressing to the options you have in collecting and analyzing it. This includes the data generators, the different types of data generated, the teams who consume this data, and some of the systems of analysis that analyze the data. We’ll then dive into the capabilities of Cribl to search and process generated data. Keep in mind that one perfect solution doesn’t exist — your specific needs and tools vary based on your individual use cases.

Choices almost always present trade-offs. More data ingested means more money spent on licensing. Less ingested data may mean missing critical data. Standardizing on a single-search approach limits flexibility, and dropping data may limit what you can learn from your environment. So while there is no single answer, there are best practices and that is the purpose of this session, so register now!

And if you think covering all the components of collecting, shaping, and searching observability is too much for a single session, you’re right. This webinar will be the launching point for Cribl’s Summer Observability Series, where every couple of weeks we offer an on-demand webinar where we dive a little deeper into a specific topic, like SIEM systems or Agents or even Observability Pipelines. I’ll try to keep it mostly vendor-neutral, but you may catch me including some Cribl flavoring along the way. So click on that link above and join me for Summer School!

If you want to make sure you are always in the loop on all things observability data, visit our Cribl Search page and follow Cribl on LinkedIn, Twitter, or via our Slack Community.



Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a generous free usage plan across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started. We also offer a hands-on Sandbox for those interested in how companies globally leverage our products for their data challenges.

Feature Image

Cribl’s Blueprint for Secure Software Development

Read More
Feature Image

Calling All MSSP’s and MDR’s! Cribl.Cloud is Here for You!

Read More
Feature Image

Optimizing Data Access: Best Practices for Partitioning in Cribl

Read More

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.


So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?