Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and centralize access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
April 24 | 10am PT / 1pm ET
3 ways to fast-track your data lake strategy without being a data expert
REGISTER ›Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›January 18, 2022
Health data is notoriously difficult to collect, route, and transform. I will demonstrate how to leverage the Cribl Stream Observability Pipeline to solve these problems and help users search their Apple Health data.
We live in an amazing time where information is readily available and shareable at a moment’s notice. With that said, it is quite difficult to capture our own health metrics and send them to analytical tools for research and understanding. Typically, we are forced to use platforms built by fitness trackers, smartwatch companies, or other proprietary solutions. This closed ecosystem makes it exceedingly difficult to look at data about you! What if you wanted to see your Heart Rate and Water Consumption over time, year over year? What if you wanted to monitor your Blood Glucose in relation to your activity? Harnessing your health data opens a whole world of possibilities.
Apple has developed a powerful Health Kit, which allows developers and smart device manufacturers to store your health data locally on your iOS device. We can access this data via an iOS app from the App Store to be sent to an analytics tool of our choosing. The problem is, this data isn’t shaped in a format easily usable by analytical tools. With the power of Stream, not only can we work with difficult data sets, but we can send them to our favorite destinations in the proper format.
In this tutorial, you will learn how to configure Stream to receive and send Apple Health data to Splunk. I will provide a PACK to transform the data as well as a dashboard to get you up and searching. By the end of this tutorial, you will be able to search your own health data and create a dashboard of you!
This Tutorial will Cover
Prerequisites
After you sign up for a free instance of LogStram Cloud, click on “Network”, and review your available inbound ports as well as the URL to your Cribl.Cloud instance. Take note of your HTTP url/port as it will be utilized in the following steps. It will likely follow a similar format to https://YOUR-CLOUD-HERE.cribl.cloud:PORT-NUMBER-HERE.
Take note of the HTTP source, we will be leveraging this URL and PORT in our sources.
Connect to your Stream instance and select Sources from the main page. Find HTTP and Raw HTTP sources from this list. We will be modifying the default configurations in the next step.
For this tutorial, we will be leveraging the open port for HTTP in our Raw HTTP configuration. In Cribl.Cloud Free, only select ports are available by default as is notated on the welcome screen (Enterprise Cloud removes this restriction, please contact us for more information). While you are free to use any port in the open range (20000-20010), we will repurpose 10080 for the Raw HTTP source in this tutorial. Click on the HTTP source and disable it from the toggle on the right side of the screen. The toggle should be in the “off” position.
Next, navigate to the Raw HTTP source click on the default item to open the configuration. Fill out the form with the following values.
Next, we will configure the Event Breaker to the “Cribl – Do Not Break Ruleset” via the dropdown. Verify your Event Breaker buffer timeout is set to 100000 milliseconds as shown here.
Optional: At this time, if you’d like to enrich the events received on this port, you may add fields that make sense to you. In this example I added First and Last name fields. Feel free to add as many field value pairs as you’d like. Adding fields at the source configuration is a quick and easy way to identify who this health data belongs to. If you choose to create a Multi User dashboard, you could create a new Raw HTTP source on another port, and configure the Fields with a unique First and Last name, say a family member. Remember, these fields are only assigned to data received on this port, and is done in the Pre processing pipeline. For more information on this topic, please see this page in the Cribl docs.
As part of the prerequisites, you will need a Splunk deployment that can receive data from the Stream Cloud instance. In this tutorial, I am leveraging a single instance of Splunk in AWS with a free developer’s license. Any new install of Splunk will include a free 500gb License which will satisfy the needs of this tutorial. If you are leveraging multiple indexers OR a clustered Splunk deployment, please configure your destination via the Splunk Load Balanced destination in the Cribl UI.
At this point, we can configure Stream to send data to Splunk. Click Destinations In Stream and navigate to Splunk Single Instance. From here we will click on the Add New button.
Enter the details of your Splunk deployment where data can be SENT. Splunk should be configured to receive data via the Address and the Port you configured in Splunk (see the prior step above).
Once configured click on the TEST tab and verify Stream is able to communicate with Splunk. You can verify the event was sent with the Green Success at the bottom of the screen in Stream or by searching index=main in Splunk. If this test fails, review your configurations above and verify you have a valid network path to Splunk.
About Cribl Packs
Cribl Packs are a great way to save and share preconfigured routes and pipelines as well as sample data. With packs, our customers are able to quickly parse and transform difficult data sets. Packs help our customers go to production with common data sources in minutes/hours rather than weeks/months. See our Pack Dispensary here to see packs that are currently available. Check back often as new packs are added frequently. Also, feel free to join our Cribl Slack community to discuss this pack and others in the #packs channel. The cribl-apple-health pack can be found here.
Navigate to Routes and Create a New Route
About the Health Auto Export app
Health Auto Export – JSON+CSV offers a 7 day Free Trial, which provides access to Premium features. We will be using the API Export which is only available in the Premium subscription. If you would like to continue after the 7-day trial, please consider supporting this developer and paying for a subscription.
Please follow the configuration steps below. Use the screenshots above for reference.
Test your Connection to Stream
Using the Test Connection button in the Health Auto Export app, and the Stream Capture function, we will verify your connection is working as expected.
Send your first set of data to from iPhone > Stream > Splunk
This data is your own, so feel free to search it as you wish. To get you started, I’ve included a dashboard you can use in Splunk. While we’ve only ingested 3 health metrics, you can imagine the possibilities open to you as you increase your logging capabilities. Good luck and enjoy the Stream Life!
The fastest way to get started with Cribl Stream is to sign-up at Cribl.Cloud. You can process up to 1 TB of throughput per day at no cost. Sign-up and start using Stream within a few minutes.
Ryan Conway Apr 9, 2024
Perry Correll Apr 4, 2024