AdobeStock_129733712

MIAX and Cribl Stream: Enriching Data for Improved Observability and Faster Time to Value

Last edited: March 16, 2023

Using Cribl Stream for observability is a given, but what about using Cribl Stream to get MORE from your data? Observability is all about being able to collect, route, store, and search your data. Implementing enrichment with observability provides more context and elevates your ho-hum data to robust information. This is key to faster, more confident decision-making!

Miami International Securities Exchange (MIAX®), initially leveraged Cribl Stream to dial in its data flow, filter out unnecessary noise, and level up its Application Performance Management (APM) game. The end result was greater reliability, flexibility, and scalability to support their marketplace. With Stream managing the data flow to all MIAX exchanges, the team had more time to explore other ways to give value back to the business. Seeking inspiration from the Cribl community, they were introduced to the power of enrichment.

Stream allowed customer-facing associates to take events that were not so neatly delineated and enrich existing event data in their SIEM. The team became more self-sufficient, eliminating an on-demand workflow, dependent on an SRE, who leveraged scripts to deliver answers. Simply put, rather than associates having to look up market data from external sources, or contact other functional business units–it’s already there for them. The result was a significant increase in the overall speed and efficiency of identifying critical issues.

Although enrichment is often associated with GeoIP and threat feeds, MIAX is using market data for enrichment. We can see with MIAX that enrichments don’t have to be limited to the standard implementations–in fact, nearly anything you’ve got in a Redis store can act as a lookup table for Cribl Stream. Opportunity for enrichment exists when there is value in bringing disparate information together for more context or better decision-making. Consider manual workflows that can be streamlined for greater efficiency: data that needs to be collected during an incident investigation for example–for either security, AIOps, or DevOps. Stream is excellent at ingesting malformed data and re-formatting and normalizing it, making downstream processes reliant on correlation–like alerting and investigations–much more efficient.

The value-add is significant; this is a much more effective way of working,” said Govardhanen “Gov” Gopal, Principal Technologist/SR. “Because we’re able to process all these different log types, the universe of potential alerts has become much larger – and we can better identify the most critical issues.

Read more about the unique MIAX enrichment use case, and get inspired with Enrichment at Scale! Or even try out some enrichment functions like lookup, DNS and GeoIP with classic enrichment use cases in the Cribl Stream sandbox. 

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

More from the blog

get started

Choose how to get started

See

Cribl

See demos by use case, by yourself or with one of our team.

Try

Cribl

Get hands-on with a Sandbox or guided Cloud Trial.

Free

Cribl

Process up to 1TB/day, no license required.