MIAX and Cribl Stream: Enriching Data for Improved Observability and Faster Time to Value

Using Cribl Stream for observability is a given, but what about using Cribl Stream to get MORE from your data? Observability is all about being able to collect, route, store, and search your data. Implementing enrichment with observability provides more context and elevates your ho-hum data to robust information. This is key to faster, more confident decision-making!

Miami International Securities Exchange (MIAX®), initially leveraged Cribl Stream to dial in its data flow, filter out unnecessary noise, and level up its Application Performance Management (APM) game. The end result was greater reliability, flexibility, and scalability to support their marketplace. With Stream managing the data flow to all MIAX exchanges, the team had more time to explore other ways to give value back to the business. Seeking inspiration from the Cribl community, they were introduced to the power of enrichment.

Stream allowed customer-facing associates to take events that were not so neatly delineated and enrich existing event data in their SIEM. The team became more self-sufficient, eliminating an on-demand workflow, dependent on an SRE, who leveraged scripts to deliver answers. Simply put, rather than associates having to look up market data from external sources, or contact other functional business units–it’s already there for them. The result was a significant increase in the overall speed and efficiency of identifying critical issues.

Although enrichment is often associated with GeoIP and threat feeds, MIAX is using market data for enrichment. We can see with MIAX that enrichments don’t have to be limited to the standard implementations–in fact, nearly anything you’ve got in a Redis store can act as a lookup table for Cribl Stream. Opportunity for enrichment exists when there is value in bringing disparate information together for more context or better decision-making. Consider manual workflows that can be streamlined for greater efficiency: data that needs to be collected during an incident investigation for example–for either security, AIOps, or DevOps. Stream is excellent at ingesting malformed data and re-formatting and normalizing it, making downstream processes reliant on correlation–like alerting and investigations–much more efficient.

The value-add is significant; this is a much more effective way of working,” said Govardhanen “Gov” Gopal, Principal Technologist/SR. “Because we’re able to process all these different log types, the universe of potential alerts has become much larger – and we can better identify the most critical issues.

Read more about the unique MIAX enrichment use case, and get inspired with Enrichment at Scale! Or even try out some enrichment functions like lookup, DNS and GeoIP with classic enrichment use cases in the Cribl Stream sandbox.