Investigations move fast. Data is messy. And today’s analysts are expected to connect the dots across massive datasets and various tools—while documenting every step and sharing results with stakeholders.
What does that look like? A security investigation may involve 10 or more queries—each one filtering, transforming, and analyzing data from a different angle—duplicated across multiple browser tabs so nothing gets lost. With screenshots and notes in Google Docs, and updates shared piecemeal over Slack or Confluence. It’s fragmented, frustrating, and slows teams down when speed matters most.
And once a key finding is reached, analysts still have to stitch together all those artifacts into a report, documenting each step and sharing it with others. That’s why we built Cribl Notebooks—a single workspace to run every part of an investigation directly inside Cribl Search. Notebooks combine queries, visualizations, annotations, and collaboration in one place. With built-in AI, you can generate a clear, step-by-step summary of your investigation with a single click—turning complex workflows into narratives anyone can follow.
The best part? You can finally stop the context switching and close all those extra browser tabs. Run your entire investigation, end to end, from just one tab — Cribl.
Why It’s So Hard Getting Answers From Your Data
Getting to the root cause—or even answering “why” or “what”—from complex data isn’t a straight path. It takes building a narrative, which creates challenges that make analysts’ jobs harder:
Context gets lost. Running queries in Search, pasting screenshots into docs, and explaining findings later creates gaps.
Investigations drag on. Analysts repeat searches, wait for approvals, and manually re-run queries.
Sharing is messy. Stakeholders see partial results without the context of “how we got here.”
Collaboration is clunky. Co-authoring requires external tools, slowing down investigations that demand real-time collaboration.
With Cribl Notebooks, you eliminate these challenges by turning investigations into a single, end-to-end story.
How Cribl Notebooks Works
Start with Search – Run your query and pull results into a Notebook.
Iterate and Enrich – Refine queries, build multi-stage searches, add transformations or enrichment—all without leaving the workspace.
Annotate Your Work – Document your thought process with text, markdown, and visualizations, keeping context attached to results.
Analyze Data – Uncover trends and detect patterns. Identify what happened and come to a conclusion.
Collaborate and Share – Co-author analysis, edit queries together, and share links with teammates for immediate visibility.
Summarize with AI – Generate a bulleted summary of queries, results, and annotations—perfect for quick updates or reports.
Tell the Complete Story – From raw data to final findings, Notebooks gives you a clear, auditable trail for every investigation.
Real-world Use Cases
Cribl Notebooks isn’t just for investigations. It’s a flexible space you can use for all kinds of day-to-day work—digging into data questions, documenting processes, telling the story behind your analysis, or even pulling together post-mortem reports. Here are a few ways teams can use Notebooks:
Incident Investigations - When an incident occurs, analysts must quickly answer “what happened?” They query multiple data sources, drill into logs and correlated events, analyze results, and document each step. Notebooks allow teams to capture the full investigation workflow, share findings with key stakeholders, and streamline collaboration for faster resolution.
Data Questions & Explorations - Analysts can deeply explore datasets from multiple angles without leaving the workspace. They can run iterative queries to refine and narrow results, slice and dice data for summarization, uncover patterns and discover actionable insights.
How-to Guides - Teams can document data sources, query instructions, and onboarding materials directly within Cribl Notebooks. Unlike external tools such as wikis or Google Docs, Notebooks lets users interact with live data, edit queries in real time, and provide context-rich guidance creating an in-product, hands-on learning experience.
Data Storytelling - Dashboards are great for dense, high-level insights, but investigations require context, narrative, and step-by-step explanation, Cribl Notebooks lets analysts tell the full story — combining queries, visualizations, annotations, and results into a single workspace to provide clarity and context behind each insight.
Post-mortem reports - Cribl Notebooks enables teams to document and analyze incidents after the fact. Analysts can consolidate raw data, queries, visualizations, and annotations in a single workspace to show what happened, why, and how it was resolved. Shared notebooks provide a clear, collaborative record for stakeholders, supporting lessons learned, accountability, and faster response to similar future incidents.
The Power of Running An Entire Investigation In Just One Tab
Cribl Notebooks gives you a faster, smarter way to investigate and share insights. Instead of losing hours chasing down answers across multiple tools, you can streamline the entire workflow—iterating on queries in one place, cutting hours of effort into minutes, and only paying once for a long query before running lightning-fast follow-ups (coming soon!). The result: higher productivity, lower costs, and less time wasted waiting for results.
But the benefits go beyond speed and savings. Notebooks are built for collaboration and storytelling, letting teams co-edit, annotate, and document investigations in real time while capturing the full journey—not just the final answer. Sharing is just as easy: send a Notebook link and let stakeholders explore the investigation themselves, no extra hand-holding required. With Cribl Notebooks, you’re not just solving today’s problem faster—you’re building clarity and context to prevent the next one.
Try Cribl Notebooks Today
Cribl Notebooks is now available in Public Preview and free to all Cribl Search users. The only cost is for the searches you run inside them.
Try it today and see how it can transform the way you investigate, collaborate, and communicate. With Cribl Notebooks, your team isn’t just faster—it’s smarter, clearer, and more connected.
