June 15, 2021
Greetings! I am thrilled to join Cribl as a Senior Developer Evangelist. I am excited to help users explore the power of Cribl LogStream and AppScope to empower engineers to solve hard problems fast.
My role is to hear your concerns and make sure they are represented in Cribl products. One of my goals is to ensure your voice as the customer is heard so that new features further the mission to solve hard problems quickly and not to just add features no one really needs. Cribl has powerful tools to make your working lives easier and save your organization significant money and I am proud to advocate for it.
The day-to-day work for operations and security monitoring engineers is challenging and nonstop. You are asked to:
I have lived this life for over 20 years so I know the struggle is real. LogStream can minimize the toil of working around bad data and complex tools. We are here to empower engineers instead of weighing them down with more work.
My path to developer advocacy has been winding and non-traditional. I started out getting a degree in political science, going to law school and then taking a low level job at a small software company because my chosen career path was not working. I was always interested in technology, so with no formal technology training I changed careers and worked my way from small startups, to university IT, and then on to complex enterprise IT.
I have always been the admin, the person who fixed stuff and found fulfillment in helping people solve their problems. With an expertise in monitoring, I have instrumented OpenVMS and AWS and everything in between. I have a deep interest in data and how to use that data to identify and solve problems. Good data is truly a foundational concept. You need it to do business.
I will never forget the first time I saw an SGI Origin 3000 cluster at a major university in 2000. I was actively working with Linux, but had never touched a Unix system. I did not see the OpenVMS and DEC Alpha servers behind it. I was a stranger in a strange land, so I buckled down to learn how to pull data out of these wondrous machines. Even more wondrous when I found out how much these systems cost! Scripts calling logger and used cron for scheduling and then syslog forwarding to a syslog server. Then Perl scripts processing data to a web server so I could keep track of the Who, What, When and Where. Clunky, but it worked well enough.
Then in 2007, I will never forget the sense of amazement from downloading Splunk and being able to run a keyword search from one UI across all of my servers. Considering today’s stats, it seems hilarious that I was pushing the envelope when we consumed about 900MB an hour into a single indexer. Over the next 12 years, we deployed Splunk to every user and server in the company across 5 continents and pulled massive amounts of data together for operations and security monitoring. No more custom scripts, cron jobs, and eyeball correlation across ugly graphs!
Finally, I noticed something called LogStream in 2018. The product literature said it would reduce my Splunk costs and make everything about logging easier. As a Splunk platform owner, I was approached by vendors every week with the pitch, “Buy my product and we will cut your Splunk costs!” I once had a storage vendor tell me they could materially reduce my Splunk costs if we spent a million dollars on their storage. I had heard the pitch before, but other parts of the product looked really interesting so I downloaded LogStream to give it a try. I liked the UI. I loved being able to do a live capture and see my data at each stage of the pipeline. I could save the capture and then develop routes and pipelines against the data and only deploy the new code once I knew for fact it was going to work. LogStream made everything so easy, and better yet – getting started was free.
Anyone who has worked with the filter/transformation options from major log vendors knows the options are limited, hard to use and hard to test. You have to eyeball the regex and hope it works. Your options for transformation are limited, and even more limited if you want to push a subset to another logging platform. I still have nightmares from integrating SecureWorks. For me, easy was good. My team was incredibly busy and anything that would reduce time to solution was welcome. I needed to see what else Cribl could do for us in order to get it funded.
Next, we did a Zoom call with Cribl and within 30 mins we built routes and pipelines that would recover about $500K of Splunk license. I saw LogStream had the ability to use a surgical filter (close to a Splunk query) and that we could apply a number of functions to the data. No more insane regex and overbroad filters that risked dropping data we needed. No more needing a restart to apply a change. So much of the friction of log management was gone! We could scale the team, remove barriers to solving problems, and we could use LogStream to reduce material logging costs. Over the next two years we rolled out LogStream everywhere and used it to integrate tools like Exabeam with the existing log flow. We could be efficient and solve everyday problems with Cribl LogStream. It was a fundamental change to how the team did business. It was the power to solve hard problems fast, to say yes to project requests, and get more done while working less.
I was hooked and I liked Cribl LogStream so much I joined the team.
Cribl LogStream represents a fundamental change in how engineers can instrument data sources, manage, and route data into any analytics platform of choice. LogStream makes it significantly easier to consume almost any data format and source and then make choices about where the data should land and its format. LogStream is vendor and data format agnostic. It gives the engineer the power to make the right choice for their organization instead of what the vendor wants. LogStream returns control to the engineers.
I am excited to help engineers use Cribl tools to build a foundation of data to solve hard problems fast. Want to reach me? Find me either in the Cribl Community Slack or get in touch directly at email@example.com.