The 12 Days of Cribl

On the first day of Cribl… I’m going to stop myself right there.  That song is repetitive, and though ‘tis the season and all, I won’t subject you to a parody song in this post.  Instead, I’ll show you 12 gifts that Cribl LogStream provides anyone trying to make sense of large, complex data sets.

Day 1 – Route to multiple destinations

The most popular use case for Cribl LogStream is also the first gift LogStream gives to you. Route your data to multiple tools and destinations. You can put data where it has the most value. Route data to the best tool for the job – or all the tools for the job.  Collect from any source and route it to any tool.

Day 2 – Reduce data volume

The next gift of LogStream is the power to reduce data with little analytical value, to control costs. An observability pipeline can help you reduce less-valuable data before you pay to analyze or store it. Eliminate null fields, remove duplicate data, and drop fields you will never analyze. This means you keep all the data you need, and only pay to analyze and store what is important to you now. Sometimes the best gift is taking away what you don’t need.

Day 3 – Reuse your existing agents

By Day 3, you may already be solving many of your problems working with large sets of observability data, but LogStream keeps on giving. Take the data you have and format it for any destination, without having to add new agents. You increase flexibility without incurring the cost and effort of recollecting and storing the same data multiple times in different formats.

Day 4 – Retain more data cost-effectively

What else can you get with Cribl LogStream? How about the ability to retain more data for longer periods of time by routing a copy of your data to cost-effective storage? You never know when you might need a piece of data for later investigation. By sending a copy of your data to cheap object storage like data lakes, file systems, or infrequent-access cloud storage, you will always have what you need, without paying to keep it in your system of analysis.

Day 5 – Replay data from object storage

FIVE GOLDEN RINGS – sorry, I know I said I wasn’t going to do that song here, but this one is a big deal. LogStream Replay lets you collect your data, or a subset of it, from low-cost object storage and re-shape it for any destination on-demand and “replay” it to an analytics tool later as needed, even if it’s a different tool. This increases flexibility and gives you a more complete picture of your data, while minimizing the costs.

Day 6 – Enrich data for deeper context

As you go deeper, LogStream enables you to perform many time-saving functions on your data.  By enriching data with third party sources like GeoIP and Known Threats databases,  you get the gift of much deeper context. This allows for more comprehensive analysis of your observability and security data. Sometimes adding a small amount of data can unlock answers to critical questions. Enrich your current data streams with key pieces of information to build a more comprehensive view.

Day 7 – Encrypt sensitive data

The gift of redaction and masking keeps sensitive data private. Mask sensitive data to protect your customers, and to limit liability. LogStream makes it easy to configure data streams for maximum protection.

Day 8 – Role-based access control

RBAC is the next gift of Cribl. Manage who sees what with Role-Based Access Control. Use RBAC to manage individual users’ and teams’ access to data, so they can only see what they need to do their job. Configure access profiles by role, and assign users to roles. LogStream makes sure people have what they need, while limiting access to other data sets and functionality, 

Day 9 – Batch collection from REST APIs

By day 9, you might want to explore on-demand batch data collection from REST APIs for more comprehensive analysis. Getting a full view of your environment often means analyzing data that comes from sources other than traditional event streams.  LogStream can help you easily collect data from REST APIs and other sources in real time, or for on-demand, batch analysis – formatting this data for use by any analytics tool.

Day 10 – Cloud and container-based deployments

On day 10, we give the gift of cloud and container-based deployment.  We’ve recently released Kubernetes deployment options, and LogStream has been available as a container since our 1.2 release.  We can also help you use alternative deployment options, like AWS Fargate. LogStream can work with industry-standard auto scaling capabilities (like AWS Auto Scaling and Kubernetes Pod Autoscaling).

Day 11 – Shape data into multiple formats

Anyone who has wrapped a gift knows how hard some shapes are to neatly conceal in festive paper.  Log data can be a lot like this.  Data comes in a variety of formats – few of which are interchangeable between different analytics tools. LogStream lets you take data as it comes and shape it into what you need.

Day 12 – Enterprise-ready pipeline management

Our last day of Cribl brings the gift of better management. LogStream helps you better understand your data with a robust and intuitive management interface. Monitor your data stream, get a live capture of data, and manage your data pipeline through multiple worker nodes. Take control of your data with LogStream.

We could probably keep going but then it wouldn’t be the 12 Days of Cribl. The top gift we offer is a free download of LogStream – you can process up to 5 TB of data a day with our free licence.  If you want to see more of the gifts that LogStream brings you, try any of our Sandbox courses and tutorials.  These interactive, guided courses let you use LogStream in a lab environment and highlight some of the most valuable use cases. You can also give yourself the gift of community – join the Cribl Community Slack to share how you are using LogStream, and learn from other experienced users. Wishing you a restful, safe holiday, and looking forward to more gifts of Cribl in 2021.