October 1, 2018
We’re delighted to officially announce today the general availability of Cribl LogStream!
Cribl LogStream delivers unique intelligence, control and compliance over your logs and metrics data in real-time. It puts the admins in control and gives users the right data, with the right context, delivered to the right systems to enable operations, security and analytics without pushing every requirement back to developers, vendors or source systems. Cribl LogStream is purpose-built for real-time and enables enterprises to collect 100% of data that might be interesting and determine at ingestion time what is valuable. Users can now secure, enrich, and route operational data in real-time to maximize the value and meet the needs of their business. Various sources and destinations are supported but as the market leader, Splunk was selected as the first system optimized by Cribl.
We couldn’t be more thrilled at the amount of participation we received in our beta program. We worked with dozens of customers and partners in the Splunk ecosystem. We uncovered exciting new use cases, like using sentiment analysis to discover real time security threats to the mundane of simply helping people easily shuffle off some traffic to a test environment. From one of our users:
“Overall I couldn’t have been more impressed with your product – it really is the perfect companion tool to managing the data that comes into Splunk. It singlehandedly addressed a dozen or more items on our wish list of things that you want Splunk to do to make life easier. “
Our GA release simply would not be possible without the amazing feedback we received from our beta participants. We developed a number of new capabilities out of use cases and requirements we received from our participants, and as always, thanks for the bug reports!
Cribl has a number of great use cases, many of which we discovered through our beta program.
Cribl is priced by daily ingestion volume, similar to Splunk, and we offer tiered pricing and discounting based on volume tiers. Cribl is free below 100GB day, so anyone looking to get started should be able to build out a few use cases before ever needing to talk to us. All pricing is currently preliminary as we feel out the market and get an understanding for the value we’re delivering to our customers. We encourage you to grab Cribl, get some value, and then we’ll figure out together what that’s worth to your business.
Cribl is software that deploys on your enterprise infrastructure, either on-prem or on Cloud. If you’re deploying it in a Splunk environment, there are two options; Cribl can be deployed on heavy forwarders or on indexers. The recommended choice will depend on your exact requirements and architecture, but for small environments, simply install and configure it on an indexer.
Cribl’s event processing model is very straightforward: As events come in, routes apply filter expressions and send matching results to the appropriate processing pipeline. Pipelines, are an ordered list of functions that work on the data serially. A function is code that executes on an event and it encapsulates the smallest amount of processing that can happen to that event. After events are processed, they exit the pipeline and get delivered to one of the supported destinations.
Eval, Sampling, Lookup, Mask, Drop, Regex Extract, Regex Filter, JSON Unroll, Clone, Tee…and more coming
Splunk, Filesystem/NFS, S3 (or S3-compatible) …more coming.
If you are interested in Cribl, please head to cribl.io and download your copy to get started. If you’d like more details on installation or configuration, check out our documentation. If you need assistance, please join us in Slack #cribl, tweet at us @cribl_io, or contact us via firstname.lastname@example.org. We’d love to help or hear your feedback!
Enjoy it! — The Cribl Team