Those of you in the know, have already met Darmar, our Security Analyst at the Cribl University campus. (If you aren’t in the know, check out our newly rolled-out CCOE Stream Admin training to meet our beloved – & fictitious – goat). Hang with me, while I recount Darmar’s journey to unlocking the full value of their data. Darmar went from not being able to answer basic questions about their data, because of entrenched silos, wasted, & unsearchable data, to implementing a solution that interrogates data anywhere, for any data type, without having to first collect the data.

“Impossible!” you say? Well, Cribl Search upends current search paradigms by giving Darmar (and you!) the ability to search data in motion or data in place across different data types and tools. But let’s not get ahead of ourselves and start from the jump!

The Challenge: Entrenched Silos, Wasted Data, and Narrowed Data Collection

In the beginning, Darmar was set on a mission to maintain & route all of Cribl University’s data which was distributed across different tools and locations. Being the G.O.A.T that he was, Darmar had already earned their CCOE admin certification, and so off they set to work implementing Cribl Stream to route data from different sources to different destinations. The good work earned them accolades and brought peace to the different teams vying for their own sets of data at the Cribl University realm.

Darmar couldn’t rest on their laurels for too long though, because they started getting pelted with questions about the data from the IT team, their own CISO in the Security team, and even the Auditors who were walking around ominously with their clipboards and pens.

What kind of questions was Darmar getting, you ask? Well, here are a few:

• The IT department is interested in enterprise monitoring to figure out if customer-facing applications are running and how they are performing, but each one is monitored with different tools.
• They also want to query and report on recently generated performance data that was stored in separate object stores around the enterprise.
• The security team is concerned about expanded threat surface risk because vulnerability data is stored in silos around the enterprise.

Trying to collate and make sense of the data, both in motion and at rest, locked into different vendor-specific tools & formats, launched Darmar onto yet another challenging quest.

This challenge was more daunting though, as Darmar tried to come to terms with the truisms that have emerged in the wake of the “big data” era:

• There’s a whole lot of data and it’s growing at an alarming rate. This means it is cost prohibitive to collect, ship, and centrally store all enterprise data for analysis.
• All the vendors for the tools they were using at Cribl University offer excellent search solutions but are limited to only being able to search what they have previously collected and indexed into their own systems.
• The data in those systems can’t be easily exported.
• Uncollected data is not searchable and only data that has previously been identified to be collected can be searched.

Now, if Darmar were anyone else, he would have explained that unless the departments were willing to spend a lot of money to ship all the data to a central location, there’s no real way to answer their questions. The added complexity to the data infrastructure means they would have to settle for narrowing the scope of their collection and leaving out some data entirely.

And no one would blame Darmar, for this is the current reality industry-wide, for all the talk of building data-driven enterprises, the vast majority of data ends up in wastelands, unused.

How Cribl Search Works: Searching Data Anywhere, for Any Data Type

Did I mention that Darmar is a G.O.A.T, already? And always staying two steps ahead of the game, they had signed up as an early access user to help design and test out Cribl’s new Search tool. Well, it turns out Cribl Search holds the key to solving all of Darmar’s new data issues.

What is Cribl Search you ask? With Cribl Search, Darmar can deploy a single, system-agnostic search capability to interrogate data anywhere, for any data type, and hosted in object storage or a system of analysis without having to first collect the data.

Cribl Search had something to offer each of Darmar’s (pesky) stakeholders:

• Bridge the Silos: The IT team and Security team could locate the critical data it needs regardless of where it is stored.
• Query: The superpower to use a vendor-agnostic query language to query data in place or in motion for enterprise monitoring and generate reports across the enterprise.
• Dashboard: For the security and audit teams, Cribl Search offers visualizations to correlate relevant data to reduce the threat surface and lower risk across the board.

The best part about Cribl Search is that it is complementary to their existing search solutions and tools. Darmar does not have to upend their existing data infrastructure or add unnecessary complexity to its current workflows. They don’t have to stop doing anything, Cribl Search offers value on top of their current systems.

Once they implement Cribl Search, Darmar is certain to snag that Lifetime G.O.A.T award at Cribl University and then maybe, just maybe they can kick back and enjoy the lush grounds of the scenic goat farm the campus is located on… until the next challenge knocks on their door!

Goat you curious about Cribl Search? Check out our product page. You can also try Cribl’s free, hosted Stream Sandbox, and join our community slack to tell us about your experience!

The fastest way to get started with Cribl Stream, Edge, and Search is to try the Free Cloud Sandboxes.