Cribl puts your IT and Security data at the center of your data management strategy and provides a one-stop shop for analyzing, collecting, processing, and routing it all at any scale. Try the Cribl suite of products and start building your data engine today!
Learn more ›Evolving demands placed on IT and Security teams are driving a new architecture for how observability data is captured, curated, and queried. This new architecture provides flexibility and control while managing the costs of increasing data volumes.
Read white paper ›Cribl Stream is a vendor-agnostic observability pipeline that gives you the flexibility to collect, reduce, enrich, normalize, and route data from any source to any destination within your existing data infrastructure.
Learn more ›Cribl Edge provides an intelligent, highly scalable edge-based data collection system for logs, metrics, and application data.
Learn more ›Cribl Search turns the traditional search process on its head, allowing users to search data in place without having to collect/store first.
Learn more ›Cribl Lake is a turnkey data lake solution that takes just minutes to get up and running — no data expertise needed. Leverage open formats, unified security with rich access controls, and central access to all IT and security data.
Learn more ›The Cribl.Cloud platform gets you up and running fast without the hassle of running infrastructure.
Learn more ›Cribl.Cloud Solution Brief
The fastest and easiest way to realize the value of an observability ecosystem.
Read Solution Brief ›Cribl Copilot gets your deployments up and running in minutes, not weeks or months.
Learn more ›AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Learn more ›Explore Cribl’s Solutions by Use Cases:
Explore Cribl’s Solutions by Integrations:
Explore Cribl’s Solutions by Industry:
Try Your Own Cribl Sandbox
Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Get inspired by how our customers are innovating IT, security and observability. They inspire us daily!
Read Customer Stories ›Sally Beauty Holdings
Sally Beauty Swaps LogStash and Syslog-ng with Cribl.Cloud for a Resilient Security and Observability Pipeline
Read Case Study ›Experience a full version of Cribl Stream and Cribl Edge in the cloud.
Launch Now ›Transform data management with Cribl, the Data Engine for IT and Security
Learn More ›Cribl Corporate Overview
Cribl makes open observability a reality, giving you the freedom and flexibility to make choices instead of compromises.
Get the Guide ›Stay up to date on all things Cribl and observability.
Visit the Newsroom ›Cribl’s leadership team has built and launched category-defining products for some of the most innovative companies in the technology sector, and is supported by the world’s most elite investors.
Meet our Leaders ›Join the Cribl herd! The smartest, funniest, most passionate goats you’ll ever meet.
Learn More ›Whether you’re just getting started or scaling up, the Cribl for Startups program gives you the tools and resources your company needs to be successful at every stage.
Learn More ›Want to learn more about Cribl from our sales experts? Send us your contact information and we’ll be in touch.
Talk to an Expert ›We hosted a webinar a few weeks back on using Cribl Stream to make your security operations more scalable, efficient, and cost-effective. The turnout was fantastic and, while we answered most of the audience’s questions live, we couldn’t get to all of them. So I’ll go through the questions we couldn’t get to and offer some answers. Along the way, I’ll also share the results of two polling questions we asked during the webinar.
Is the recording available?
Yes! You can find it here.
Can Cribl Stream route data to Microsoft Sentinel?
Yes, you can cribl your data into Microsoft Sentinel. Once you have Sentinel enabled in your Azure environment, you can use Cribl’s Azure Monitor Logs Destination. Here’s a link to another blog post describing the rest of the integration.
Stream does point-in-time enrichment, but what about after an indicator of compromise (IoC) becomes live after the enrichment?
If an IoC goes live after the data has passed through Stream, you can update your database and replay the data back through Stream to get the latest IoCs into your data.
How are logs packaged when you forward them to S3 for replay?
Our Replay feature is best in class. As far as data formats, we package data in open formats: either JSON or raw. JSON-formatted data represents all of the modifications made and metadata added before your data goes to its destinations. Raw data is just that – the unparsed data from the _raw field. Each event is one line.
You have several options when it comes to the file size, how long to write data, the number of open files, encryption, and so on. Unfortunately, there are far too many to list here, but our docs are fantastic.
Can I safely say you can replace our Kafka and Logstash clusters?
TLDR – Yes, Stream can replace all of your Kafka Streams and Logstash clusters.
I’ll start by answering the Kafka part of the question. As a message broker, Kafka is simply another source and destination for Stream. Stream can read from it, manipulate data, and either put the data back into another Kafka topic or deliver data to some destination, like Splunk or Elastic. Things get much more interesting if we’re talking about Kafka Streams.
Many of our customers have replaced Kafka Streams implementations with Cribl Stream, mostly due to complexity and performance challenges at the scale our users need.
Another issue is hardware. Stream’s shared-nothing architecture requires a quarter of the hardware of Kafka. This is a huge advantage and helps keep costs down.
Simplicity is another factor. Kafka Streams solutions require weeks of work by an expert, and that’s per data type. Stream is frequently set up and configured in days without professional services and is far easier to use. Check out the sandbox to see for yourself.
Now, on to Logstash. We’ve seen multiple instances of companies replacing Logstash with Stream for all of the reasons cited above.
We like to do polls during webinars to ask our attendees some questions. The first question was “What is your biggest security data challenge?”
We offered four options:
My guess was the infrastructure budget option would win. Sadly, I was wrong on this one.
Figure 1: What is your biggest security data challenge?
When I talked about how surprised I was by the result, somebody in the chat stated, “Nerds don’t care about budgets.” I guess that settles it.
The second question was about observability lakes. We’re seeing more of our customers build out dedicated exploration environments on top of low-cost object storage. These aren’t the general purpose “build it, and they’ll come” data lakes for data scientists and business intelligence analysts. Instead, o11y lakes target ITOps, SecOps, and SRE roles and are vital in driving the discovery aspect of observability. We asked where the audience was in building their o11y lakes, and the results were in line with what we expected.
Figure 2: Where are you in building your o11y lake?
Only 13% of attendees already have a lake, but 19% are building one this year, and another 28% have it as a roadmap for next year. So I think we’ll see much more adoption for this concept than these numbers illustrate.
If you’re interested in checking out Cribl Stream, you can learn more by exploring our sandboxes, checking out Stream Cloud, or joining the community. We have over three thousand community members that can help answer questions and get you started.
The fastest way to get started with Cribl Stream is to sign-up at Cribl.Cloud. You can process up to 1 TB of throughput per day at no cost. Sign-up and start using Stream within a few minutes.
Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?