packs.OG.1920×1080.01

No More Kidding Around: Add an Existing Cribl Pack to Git

Last edited: March 25, 2025

This blog post provides a step-by-step guide to managing Cribl Packs using Git and unlocking the benefits of a traditional development lifecycle for Cribl configurations. It demonstrates how to version control a Cribl Pack, create and manage development branches for modifications, and ultimately deploy updates to a production environment. This post is a deep dive into what deploying Packs with git can look like while the, “Git your packs into Cribl” post reviews the overall framework at a less granular level.

So, if you’re ready to dive into the details, let's go!

Tutorial Steps:

  1. Export a Pack from Cribl

  2. Create a git repository and dev branch

  3. Import the dev branch into a Worker Group

  4. Update your dev branch Pack in Cribl

  5. Export updated dev branch from Cribl and commit to Git

  6. Merge dev updates into main

  7. Pull main Pack updates into another Workspace

Export a Pack From Cribl

Select a Worker Group > click Processing > click Packs

unnamed.png

Choose a Pack from the list (in this example, I will be using HelloPacks!)

Under the Actions column, click Export

unnamed.png

Select Merge > click Export

unnamed.png

Create a Git Repository and Dev Branch

Now that your Pack is exported to the Downloads directory, let's create our HelloPacks Git repository.

For this tutorial, I will be using GitHub, but feel free to use any Git-based tool. In Github, select the Repositories tab and click the New button

  1. Name your repository HelloPacks for this example

  2. Choose public or private - for this example, we are selecting private

  3. Leave the rest of the options unchecked and click Create repository

unnamed.png

Now you should see the following screen indicating that your repository was created successfully.

unnamed.png

Return to your server or CLI and create a new directory (my directory is called HelloPacks)

mkdir HelloPacks

Copy the .crbl file into the new HelloPacks directory

cp /home/Downloads/HelloPacks.crbl /home/HelloPacks/

cd into that directory

cd HelloPacks

uncompress the crbl file

tar xvf HelloPacks.crbl

Now we can use the commands from the “create a new repo” section to get our Pack content into the new HelloPacks repo.

git init
git add .
git commit -m "first commit"
git remote add origin git@github.com:gcribl/HelloPacks.git
git push -u origin main

Returning to my Github repository, I can now see all of my Pack content and you have successfully uploaded your Pack to Git!

unnamed.png

Now, let's create a dev branch for the repository. In the Code tab, I can click New branch and enter the branch name as dev, as seen in the screenshots below.

Alternatively, if I wanted to do this with the command line, I could use the command

git checkout -b dev

unnamed.png

Import the Dev Branch Into a Worker Group

Now that you have your dev branch created, let's import it back into Cribl Stream. If you are using a private repository, make sure you create a personal access token first, and refer to this link to install a pack from git URLs.

If your repository is not private you can use the https link provided from the repository’s clone url.

In this example, I am importing from a private repository, so the URL is formatted with the access token as seen below:

https://gcribl:<access_token>@github.com/gcribl/HelloPacks.git

I’m also referencing the dev branch so I can modify this branch’s code before promoting it to main or prod.

Git image

Update Your Dev Branch Pack in Cribl

Now that my import was successful, I will jump into my pack and make an update on the pipeline.

unnamed.png

Here, I am adding two eval functions that will capture the duration of time it takes for each event to process. I am only adding one field called duration to each of my events.

I can see from my OUT window I successfully calculated the duration in milliseconds.

I’m also going to modify the version of my Pack to 1.0.1 by going to Pack Settings>Pack Info > Changing the Version field to 1.0.1

unnamed.png

Commit and deploy to my Worker Group.

unnamed.png

Export Updated Dev Branch From Cribl and Commit to Git

To commit these changes back to my dev branch in Git, I need to export my Pack again.

Return to the Pack lister page, click Export from the actions column > select Merge > click Export, and install the Pack to your computer.

unnamed.png

On the CLI of your terminal, cd back to the HelloPack repository directory

cd /home/HelloPacks/

unnamed.png

Ensure you are on the dev branch

git branch -a

unnamed.png

Copy the new 1.0.1.crbl file into the HelloPacks directory

cp HelloPacks_1.0.1.crbl /home/HelloPacks/

unnamed.png

Unpack the .crbl file

tar xvf HelloPacks_1.0.1.crbl

unnamed.png

Git Add and Commit

git add.

git commit -m "version update plus evals for duration"

unnamed.png

Push the update to your dev repository

git push origin dev

unnamed.png

Merge Dev Updates Into Main

Return to your git repository and observe the updates to the dev branch.

unnamed.png

Click the Compare & Pull Request button to view changes between the dev and main branches of my Pack.

This workflow unlocks all of the powerful capabilities of change management for Cribl Packs, like adding Reviewers and Assignees, and advanced workflow options like automatically deploying to Cribl Worker Groups, Workspaces, or instances.

unnamed.png
unnamed.png

After reviewing the changes between dev and main, it's time to click the Merge pull request button.

unnamed.png

Now click Confirm merge.

Ensure Create a merge commit is selected.

unnamed.png

And voila, my branch was merged into main : )

unnamed.png

Pull Main Pack Updates Into Another Workspace

Returning to the Cribl Stream console, I will go to my Main Workspace in Cribl (for other folks on-premises, this could be the equivalent of your test/production Cribl instance).

On the Pack lister page, HelloPacks is displayed, and the spec is set to the main branch of the git repository. I can see this version of my Pack references v1.0.0, but there is an update available that I would like to pull into my Main Workspace.

unnamed.png

Click the Actions kebab on the right side of the screen > then click the upgrade button.

unnamed.png

I will keep the same branch as main since this is my production Workspace and I only want to pull tested Packs into prod, which is represented by the main branch. Click upgrade.

unnamed.png

Now I can see the Pack version number upgraded successfully and I have the latest Pack on my prod environment. The same process can be applied to both Worker Groups, instances, and Workspaces when it comes to how you might move a git-based Pack around your Cribl deployment.

unnamed.png

You successfully branched and tested changes in a Pack before deploying those updates into your production Cribl Workspace. Using the import from git feature for Packs gives you complete control and flexibility in the change management lifecycle for Cribl configuration updates.

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

get started

Choose how to get started

See

Cribl

See demos by use case, by yourself or with one of our team.

Try

Cribl

Get hands-on with a Sandbox or guided Cloud Trial.

Free

Cribl

Process up to 1TB/day, no license required.