Do more with less. That’s the mandate we’re all hearing.
AI has fundamentally changed how we work. Modern AI workloads generate 10-100x more queries than humans ever could, pushing legacy architectures past performance limits.
And the audacity of it all? Legacy logging vendors continue to raise costs without delivering meaningful innovation. IT and security teams are still forced to choose between speed and retention. Investigations are still slow. Data onboarding is still painful. Context remains scattered across tools, difficult to piece together. Teams are buried in operational toil just to keep systems running, and there simply aren’t enough specialized analysts to keep up with demand.
Teams have been searching for a better search — one that delivers faster investigations, easier collaboration, and a radically simpler way to get answers from their logs.
Ask your logs anything: An entirely new Search experience
When we first launched Cribl Search, we focused on a simple idea: let teams search data where it lives. While most other systems require you to move, index, or catalog data before you can query it, we took a different approach. Keep your data in existing storage and platforms; you do NOT have to move it into Cribl to start searching it.
Customers quickly saw how revolutionary this federated engine was. They gained easier and more cost-effective access to compliance and historical data, eliminated rehydration delays, and retained greater control over how and when their data was accessed.
That foundation changed what was possible, but it was only the beginning.
We envisioned something bigger. Investigations that don’t depend on a small handful of experts fluent in complex syntax, and where speed, cost, and flexibility are no longer tradeoffs. We set out to create a new search experience to satisfy a world where everyone is expected to do more with less. An approach that empowers IT and security teams to become 10× investigators, able to ask their data anything and get answers at AI speed.
Allow us to reintroduce our Search
Today, we’re excited to announce a faster, more streamlined, more powerful search experience with Cribl Search. We’ve evolved Cribl Search into an AI-powered solution that can ingest data directly, keep it in search-optimized storage, and deliver sub-second searches — all within a single, end-to-end system.
Under the hood, a new lakehouse engine now powers Cribl Search, purpose-built for demanding workloads like incident investigation, root cause analysis, and threat hunting.
As organizations look to do more with less, Cribl Search introduces an AI-powered, question-first interface. Teams can simply ask — “Why are transactions so slow? What happened right before this outage?” — and let agentic search guide the investigation, unlocking a more intuitive search experience that doesn’t require any expertise.
With the new features in Cribl Search, security and IT teams can:
Get fast time to value with low-touch data onboarding and near-instant search readiness
Cut legacy log management costs by shifting workloads away from expensive tools
Run up to 10× faster investigations with AI-guided exploration
Consolidate tools to reduce context switching and simplify workflows
Lower operational overhead with agentic, question-first search anyone can use
Best of all, this doesn’t replace our federated offering; it adds to it. Your rolled-off data, your CloudTrail and NetFlow, your on-the-fly APIs are all still right here in the same search bar.
Unified ingest-to-investigate architecture
The new lakehouse engine puts compute where the data lives. The unified ingest-to-investigate architecture offers an easy, painless way to onboard data directly into Cribl Search. Teams can start searching in minutes without complex pipeline construction or multi-team handoffs. Data is automatically detected, parsed, and structured using AI-powered extraction, making it ready for real-time analysis as soon as it lands. We’re shipping with hundreds of built-in types for auto-detection, and more are on the way.
By bringing collection, normalization, storage, search, dashboards, and alerts into a single workflow, Cribl reduces tool sprawl, eliminates fragile pipelines, and accelerates investigations.
Streamlined workflows for less friction, less toil
Turning raw data into searchable data can require as many as 10–15 steps before analysts can even begin asking questions — collecting, routing, transforming, schematizing, indexing, and validating along the way. Cribl collapses that complexity into a low-friction, zero-handoff path from ingest to storage to search. There’s no rigid schematizing required to land and use data, and bottomless, fully-managed storage is optimized for sub-second searches from the moment data lands.
Automatic parsing and AI-assisted guidance make datasets investigation-ready in minutes, not days. Analysts can instantly explore data, understand its structure, and begin building context — without waiting on pipeline experts or relying on query specialists. Imagine being able to search in natural language instead of remembering dataset and field names… today it’s a reality.
“The growth of telemetry data has outpaced company resources, and legacy SIEMs have utterly failed to keep up with AI because the cost of normalizing data ahead of time is simply ruinous,” said Francis Odum, cybersecurity researcher at Software Analyst Cyber Research. “Cribl, however, is answering a fundamental architectural problem, proving that AI-powered, on-the-fly context and access to always-live, federated data allows flat IT budgets to transform data systems. Cribl is the essential gateway to the entire data ecosystem.”
Agentic AI increases speed, democratizes access
Modern investigations aren’t just about running searches — they’re about connecting context to get the full story. Cribl Search brings that together with agentic AI that surfaces operational insights, taps into enterprise knowledge, and actively guides analysts toward likely root causes. Instead of manually stitching together clues across disconnected systems, teams get clear direction on what to explore next, who to loop in, and where to focus their attention.
Combined with Cribl Copilot and Notebooks, investigators can simply ask natural-language questions and let AI assist with exploration, collaboration, and analysis. The result is dramatically faster response times and a more intuitive path from question to answer.
By lowering the barrier to entry, agentic AI democratizes advanced investigation workflows. More team members can interrogate telemetry, collaborate in context, and move from raw data to actionable insights — again, without solely relying on highly specialized experts.
All your data. One interface. One query experience. Answers everywhere.
Cribl Search offers two modes of operation — the federated engine and the new lakehouse engines — for ultimate choice, control, and flexibility. This dual-engine approach gives teams more flexibility in how they search and investigate their data. Search data in place when it makes sense, or ingest data for immediate high-speed analysis when performance and simplicity matter most.
Ultimately, Cribl Search delivers a unified, high-performance search experience across all your data — hot or cold, in-place or ingested — so you can investigate faster while reducing cost, complexity, and vendor lock-in.
Already using Search? Enjoy even greater speeds
If you’re already using Cribl Search, nothing changes for your existing workloads. All current searches will continue to work, and existing pricing and billing structures remain the same.
With this latest release, you can add a lakehouse engine to ingest data directly for high-speed investigation workloads. We've also added compute on Azure for improved performance with blob stores. Federated searches will now run 3–8× faster, helping accelerate compliance, audit, and historical analysis use cases.
You’ll also be able to take advantage of new AI-powered search and investigation features to guide exploration and reduce manual query work. Self-service deployment options are also new, so you can get more predictable pricing and scaling without having to talk to a Cribl rep.
Legacy pricing is the real incident
Good news. This is one incident you can resolve immediately.
Cribl Search pricing is built around three components:
Lakehouse Engine
Lakehouse Storage
Federated Engine
All are priced using Cribl’s Cloud Credit model and are included in the Enterprise Cloud Bundle.
The Lakehouse Engine is a tiered, bundled configuration that combines ingest, storage, and high-speed search into one unit. Each tier provides a fixed allocation of compute and storage, with sizing recommendations based on daily ingest volume and expected search workload. Storage is billed at standard Cribl Lake rates (0.05 credits per GB per month), allowing you to scale retention based on your needs.
Federated search capabilities allow you to query external data sources such as Cribl Lake, Amazon S3, Azure Blob Storage, and other supported environments. The federated engine is also tiered but can be resized at any time for greater flexibility and spend control.
Always refer to cribl.io/pricing for the latest and greatest pricing details.
Try the new Cribl Search today!
Try the new lakehouse engine in your Cribl Search environment in Cribl.Cloud and see how fast and simple investigations can be. Watch it in action with a custom demo, or connect with our team contact@cribl.io to learn how it can work for your organization. You can also join the conversation in our Slack community to share ideas, ask questions, and learn from other users exploring the future of telemetry investigation.
