Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›A little while later, Acme’s security team decided that they needed a SIEM and a log management solution, and decided that Splunk was a better fit for them, so they bought it, stood it up, and had the infrastructure team start sending logs from firewalls, switches, and routers to it. Effectively, the two teams have now created two data silos, but as long as they don’t have to intermingle, it doesn’t cause any problems…
At some point, the security team realizes that they’re missing system data and want a subset of the data that’s in Elasticsearch. Around the same time, the ops team realizes that they need some of the switching data in that’s in Splunk. So each team starts providing data via some copy mechanism to the other.
Eventually, management decides that they want to use InfluxData as their metrics platform, but the operations team is swamped, so someone decides to feed Influx the data that’s native to Splunk as well as the data that’s been copied over from Elasticsearch, making the environment look something like this:
We’re starting to see the makings of a Rube Goldberg machine here, with some significant unintended consequences:
However, introducing an observability pipeline into the stream of data, before delivering the stream to any of the systems, provides incredible flexibility, and removes overhead from your analytics systems. Additionally, if that pipeline is optimized for working with log and metric data in a streaming model, it can do it all faster and with less overhead.
Each end system has different requirements for the data that passes through it – Splunk expects a _raw
field, Elastic expects a message field, etc. Data from logs is unstructured and lacks context.
Some log analytics tools give you tools to deal with data structure, mostly in the form of clear text search and field extraction, but those tools vary widely. Adding context to data varies widely – some, like Splunk, can enrich data at search time; while others, like Elasticsearch, need the enrichment done at ingestion. It’s incredibly easy to get into a situation where the same data sets in two different systems don’t match each other.
Enriching data before it ends up in any end system ensures that you only have to do the work once, and can reap the benefits in all of the systems. Cleansing data “in the stream” provides a mechanism to gain consistency across the different systems. Being able to cleanse data before ingestion into the end systems helps you ensure data quality across systems, as well as minimize the amount of data you ingest into the systems (which can directly impact your system costs).
Though all of the concepts discussed in this article can be implemented with open source software and plenty of your time, we recommend our product, Cribl LogStream. LogStream provides a unified observability pipeline for all of your log and metric data. A single control plane allows you to manage data quality and context enrichment, ensuring consistency across the end systems. You can send data to ElasticSearch, Splunk, and InfluxDB (as well as many other destinations) that is specifically optimized for each of those platforms. Using our Acme example as a model:
LogStream can parse each event coming in from any of the source systems we support, and send it off to an archival store, like AWS S3. At the same time, it might strip security or PII data from the data forwarded to Elasticsearch, and send only security-related events to Splunk. Simultaneously, LogStream can extract metrics data from the event, and feed that directly to Influxdata. All of Logstream’s configuration is done in its UI and versioned using Git, which makes it easy to track changes.
The march to data chaos is real. Most companies I’ve talked to have some variety of this problem, causing various levels of pain. If you find yourself in this situation, I suggest you take a look at the Cribl LogStream product. The best way to do this is to take an hour or two and run through the Logstream Fundamentals course on our interactive sandbox environment.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?