With the release of LogStream 2.2, while so much of our excitement is focused on the data collection feature, we’ve also rolled out a number of improvements for distributed management, as well as in the observability of the product itself. In this post, I’m going to share some of the improvements that I’m most excited about.

Everything Old Is New Again

I can’t help it, I grew up in front of a UNIX terminal window, and Command-Line Interfaces (CLIs) make me happy. In 2.2, we rolled out a new CLI for many functions. As the maintainer of our demo environments, I was thrilled to have the ability to commit and deploy worker group configs without having to go into the UI, but there’s a lot more to the CLI than that. You can manage boot-start, worker groups, encryption keys, and global variables. You can even pipe a file directly into a LogStream pipeline, or execute a JavaScript file in the LogStream context. For all of the things you can do with the CLI, take a look at our CLI documentation.

Git ’er Done

While LogStream has managed its distributed configuration via git since 2.0, reverting to an old configuration version was a bit complicated: you had to go to the git command line and revert by hand. Well, that’s no longer necessary. In the master UI, you can now see, and choose from, the available versions of global configuration:







But since we keep separate versions for worker group configurations, you can also revert a worker group directly. From the worker group configuration pages, the version options are in the top right of the page:

In either case, you can select the version you want to revert to, see the changes in that version, and revert to that version, all within the LogStream UI:

Is This Thing On?

Configuring Sources and Destinations in LogStream has always been easy, but jumping between logs, capturing, and monitoring to troubleshoot a problem has required a whole lot of clicks. LogStream 2.2 introduces a new “Live” button for Sources, Destinations, and Data Collection Job configuration items, available both on their configuration pages and their monitoring pages. Clicking on this button brings up a new pane that gives you an at-a-glance interface into that configuration item, which really helps when you’re debugging a source, destination, or data collector. The context-sensitive live panel contains the following:

Logs! Logs! Logs! Yeah!

While LogStream has its own logs that help you troubleshoot issues within the system, they have not really been a first-class citizen of the product. That changes in 2.2 – logs have moved from the System Settings page to a tab on the Monitoring page. More importantly, LogStream logs are now searchable directly from that new tab, and you can use JavaScript expressions in your search. In distributed environments, this feature also allows you to search worker logs centrally from the master, instead of having to go to each worker for its logs.

These latest features make it much easier to troubleshoot problems. LogStream also now allows you to decide the logging level for each component, and to customize redaction of sensitive fields, via the System Settings page’s Logging section. For more information, see the Monitoring documentation

But that’s not all! If you’re running into a problem – and status, logs, and live capture just can’t get you past it – we’ve made it much easier to interact with our support team. First, open a ticket with our support team, and then you can use the diag bundle generator to directly send a diagnostics bundle to support. 

Go to System Settings, then click on Diagnostics, and then Create Diagnostic Bundle. When the Create & Export Diag Bundle dialog comes up, enable Send to Cribl Support, enter your case number, and click Export. The diag bundle will automatically be uploaded and tagged to your support ticket, allowing our support engineers to quickly engage on the problem. 

Come Take it For a Spin

LogStream 2.2 is packed with great new features and improvements to existing features. We’ve got our first 2.2-focused interactive sandbox, the Data Collection and Replay Sandbox, available for you to master ??. This gives you access to a full, standalone instance of LogStream for the course content, but you can also use it to explore the whole product. If you’re not quite ready for hands-on and want to learn more about the LogStream 2.2 release, check out our on-demand 2.2 webcast, presented by our CEO, Clint Sharp.