As our customers share their frustrations with the volume and growth of their observability data, we’ve got our eyes set on making it easier to manage. Our Spring 4.1 Launch involved enhancements to the Cribl suite of products — Cribl Stream, Cribl Edge, and Cribl Search — that give users more choice and control over their end-to-end observability architecture.
This release in particular was laser-focused on tailoring value for our customers, incorporating a host of new features that provide data and insights on-demand. Simplifying our products and enhancing the user experience was also top of mind, so we’ve built in greater flexibility to interoperate with existing tools and vendors, and assign owner privileges to users for granularity, security, and data isolation.
Updates to Cribl Stream were aimed at helping users accurately collect increasing amounts of data, gain insights from it, only store what’s necessary, and then distribute it within the organization based on needs.
When you log into Cribl Stream, you’ll see a new category under destinations for a data lake. The first entry is Amazon S3, which makes sending your data from Stream to your own data lake easy. You can shape or partition that data in anyway you want, designate a portion of your own s3 bucket for searching, and then use Cribl Search to explore your data on a deeper level.
Since users typically already use their preferred IDP, we’ve added SAML 2.0 functionality to Cribl Stream — this way you can continue using your preferred method to access systems. We’ve also expanded support for Open Telemetry beyond GRPC to include HTTP, making it possible to distribute information to S3, Honeycomb, Splunk, SumoLogic, or any other vendors that support HTTP. We now support Kerberos authentication with our WEF Collector as well.
Cribl Edge has supported container functionality for some time now, but we’ve added some additional capabilities — including addressing the handful of gaps between containerd and Docker so that you can use Kubernetes in any container runtime.
We’ve also moved to a single installer option for adding Cribl Edge to your Windows environment, added the ability to collect and analyze logs from a wide range of modern Linux machines with a new native source for journal files. Also, lets customers explore systemd log files on any host directly via Edge through Cribl Search. We also enhanced visibility and monitoring capabilities so that you can see what’s going on throughout in your Edge environment.
Not only did we make it easier to get data from Cribl Stream into Cribl Search, but we’ve also done the same for getting data from Search back into Stream. With Cribl Search, you can query data stored across all of your destinations and forward the results of that search into Cribl Stream.
It also allows you to locate diverse data wherever it happens to be. If you’re trying to find an IP address to look into a security issue, you can easily search edge clients, AWS buckets, and other locations simultaneously to find out where that IP address has shown up over the last 60, 90, or 120 days. Then you can use Stream’s tremendous routing capability to take the results and send them to a different S3 bucket, system of analysis, Splunk system, or any other tool.
Cribl Search enhancements also include the ability to use non-text-based data like Parquet, journald, and Splunk raw data. Additionally, we’ve added a top operator, count operator, an operator preview that allows you to see IN and OUT captured data in different displays before spending resources to initiate a query, and data typing capabilities that automatically parse out data formats.
This release is all about more choice, control, and simplicity. It’s also a way for us to get out of your way — you’ll see a lot of new features that give you the ability to do things on your own, instead of having to come to us. Previously complex operations are simpler — there’s more automation, better performance, and a bunch of enhancements for the user experience,