Route data to multiple destinations
Enrich data events with business or service context
Search and analyze data directly at its source, an S3 bucket, or Cribl Lake
Reduce the size of data
Shape data to optimize its value
Store data in S3 buckets or Cribl Lake
Replay data from low-cost storage
Collect logs and metrics from host devices
Centrally receive and route telemetry to all your tools
Redact or mask sensitive data
Optimize data for better threat detection and response
Streamline infrastructure to reduce complexity and cost
Simplify Kubernetes data collection
Optimize logs for value
Control how telemetry is stored
Easily handle new cloud telemetry
Ensure freedom in your tech stack
Accelerate the value of AIOps
Effortlessly search, collect, process, route and store telemetry from every corner of your infrastructure—in the cloud, on-premises, or both—with Cribl. Try the Cribl Suite of products today.
Learn moreGet telemetry data from anywhere to anywhere
Get started quickly without managing infrastructure
Streamline collection with a scalable, vendor-neutral agent
AI-powered tools designed to maximize productivity
Easily access and explore telemetry from anywhere, anytime
Instrument, collect, observe
Store, access, and replay telemetry
Get hands-on support from Cribl experts to quickly deploy and optimize Cribl solutions for your unique data environment.
Work with certified partners to get up and running fast. Access expert-level support and get guidance on your data strategy.
Get inspired by how our customers are innovating IT, security, and observability. They inspire us daily!
Read customer storiesFREE training and certs for data pros
Log in or sign up to start learning
Step-by-step guidance and best practices
Tutorials for Sandboxes & Cribl.Cloud
Ask questions and share user experiences
Troubleshooting tips, and Q&A archive
The latest software features and updates
Get older versions of Cribl software
For registered licensed customers
Advice throughout your Cribl journey
Connect with Cribl partners to transform your data and drive real results.
Join the Cribl Partner Program for resources to boost success.
Log in to the Cribl Partner Portal for the latest resources, tools, and updates.
Case Study
“CRIBL SEARCH TO US IS ABOUT HAVING ACCESS TO ALL OF OUR DATA AT THE READY — NO MATTER WHERE IT LIVES, IT BECOMES ACCESSIBLE.”
CLOUD SOLUTIONS SENIOR ENGINEER
“CRIBL SEARCH BRINGS LIGHT TO THE DARK CORNERS OF OUR DATA AND ALLOWS US TO ACCESS DATA WE PREVIOUSLY DIDN'T KNOW WAS VALUABLE OR WOULD EVEN NEED TO BE SEARCHED.”
CLOUD SOLUTIONS SENIOR ENGINEER
“WE’RE A SAAS-FIRST COMPANY, SO USING CRIBL’S PRODUCTS DOESN’T FEEL NEW OR FOREIGN. IT’S EASY TO SEE HOW THE PERMISSIONS BOUNDARIES WORK, SO IT'S PRETTY MUCH UNDERSTOOD THAT WE CAN TRUST IN THE SECURITY OF THE PLATFORM.”
CLOUD SOLUTIONS SENIOR ENGINEER
Share:
This IT Services Organization originally brought Cribl Stream into their company to help them with their data onboarding process. Stream simplified the consolidation of syslog-ng, some custom scripts, and other tools to make getting their data from source to destination easier.
“We refer to Cribl Stream as the conduit for our data — its pipelines keep everything flowing in the right direction.”
Cloud Solutions Senior Engineer
“The use of Cribl Stream was an integral part of these accomplishments. It allowed us to collect and filter data from multiple sources, then route the results to each agency's secure destination in their preferred format and schema.”
Cloud Solutions Senior Engineer
In his efforts to bring maximum value to his organization, the cloud solutions engineer has given some well-received demos over the years to his management team, mostly around technical use cases for Cribl. He’s had a lot of success so far, but he’s even more excited for his next demo that’s centered around cost savings.
He’s tested out the case for using Stream to filter the data sent to their Virtual Security Operations Center (VSOC). He’s sending what he calls “decision ready data” meaning they are only sending events that their security product is tuned to look to populate correlations and identify anomalies. In the past, the team has had to send the full logs, which causes the price per gigabyte costs to add up extremely quickly.
“By using Stream to filter the data that goes to our VSOC, we’ll end up with a 99.99% reduction in the amount of traffic we have to send. The cost savings are massive.”
Cloud Solutions Senior Engineer
Shortly after taking advantage of Cribl Stream, the cloud solutions engineer was notified of an organizational shift that would move their VPC flow logs from Cloudwatch into S3, where they would become unsearchable.
VPC flow logs are significant for operational troubleshooting and trend analysis — they can point to fundamental network issues and be used for trend analysis to spot potential issues, so having continued access to query them is important.
But from a cost perspective, sending them to Splunk didn’t make sense, so the team decided to bring on Cribl Search. They were able to take advantage of the cost savings and keep the ability to search their VPC flow logs in their new location.
The transition was pretty smooth:
“We set up the POV for Cribl Search before the cutover to S3. Everything worked out perfectly timing-wise — we had the implementation done on day one of the cutover and never lost the ability to search our data.”
Cloud Solutions Senior Engineer
The cloud engineer has also had some personal wins since bringing Cribl Search into the fold. As an admin of multiple tools, it has helped him troubleshoot some longstanding issues, including a potential problem with a load balancer that needed a deep dive.
He knew that the company’s ELB logs were somewhere in S3, but they weren’t onboarded into Splunk, and he had no way to query them — until he remembered that he had Cribl Search in his toolkit. He pointed it to that S3 bucket and easily added a data source to be searched.
This is just one of many occasions where Cribl Search came in handy.
“There have been incidents where searching data was needed as soon as possible, but we weren’t always in a position to grab data and replay it without creating custom scripts or using up dev time. With Cribl Search, we now have immediate access to that data.”
Cloud Solutions Senior Engineer
“Previously, the only option was to dump data into some long-term storage just to have it, knowing we’d never realistically ever search it. Cribl Search changes the game — now we can be confident in our ability to access any data when we need it.”
Cloud Solutions Senior Engineer
“The flexibility with Cribl.Cloud’s consumption-based licensing is great, as opposed to feeling like you could be throwing away money if you don't use your exact daily license somehow. It was an easy transition for us, and we’re very happy with how it worked out.”
Cloud Solutions Senior Engineer
There’s no one-size-fits-all approach, but the best way to migrate to Cribl.Cloud in most cases would be to get all your ducks in a row and then just do a cutover. The cloud engineer did things a little differently in that he started moving individual data sources over one at a time — but he wanted to be sure everything worked as he cut over each piece of their architecture.
The cloud solutions engineer also tore down and rebuilt worker nodes instead of cloning the existing ones to help flesh out their process, which showed him how easy it was to deploy new ones.
“You don't really have to put too much thought into creating new worker nodes in Cribl Stream. You just deploy a server, run the script and it's done.”
Cloud Solutions Senior Engineer
Having Cribl Stream and Cribl Search has helped the company define its multi-tier data architecture. Useful data goes through Stream, and cold data is left in place while still being able to query it. Getting data out of Search and back through Stream is simple. Their scheduled searches aggregate large datasets and then export a summary result through Stream back to Splunk.
If they were trying to crunch the data in Splunk, they’d have to run long, exhaustive searches there, summarize the data, and then display it on a dashboard. Instead, they can just look at the data as they get it out of Cribl Search.
“It goes back to the cost of having all that data in Splunk — not just the ingest, but the disk space as well. The cost of ingesting the results from Cribl Search into Splunk is practically nothing. You could analyze a terabyte worth of data and then summarize it into a couple of kilobytes.”
Cloud Solutions Senior Engineer
The cloud solutions engineer has even more plans for Cribl in the future. Moving their firewall logs would be a net positive for the organization which would incur some additional costs up front. But he’s confident management will understand the value, especially since they originally brought in Stream solely for source-to-destination routing and have gotten so much more out of it since.
When they first brought in Stream, they weren’t doing any reduction or transformation, but now they’re using Cribl functions to make data that was previously just being pushed straight through more usable and relevant.
He’s also trying to frame up using Cribl Stream to get metrics out of all of the company’s AWS accounts at scale. He has a vision for configuring organization-wide metric streams, where all their AWS accounts are consolidated, and all their metrics are in one location. All that data will be pushed through Stream, converted from JSON metrics into a Splunk metrics format, and then sent into Splunk to create dashboards. They’ll also do additional analysis on that data, looking for anomalous trend changes and other IoCs.
And while he is currently only using Cribl Search and Stream to discover, route and analyze data hosted in Amazon cloud storage, searching data hosted in Azure and Google clouds are on the horizon.
Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s vendor-agnostic solutions to analyze, collect, process, and route all IT and security data from any source or in any destination, delivering the choice, control, and flexibility required to adapt to their ever-changing needs. Cribl’s product suite, which is used by Fortune 1000 companies globally, is purpose-built for IT and Security, including Cribl Stream, the industry’s leading observability pipeline, Cribl Edge, an intelligent vendor-neutral agent, and Cribl Search, the industry’s first search-in-place solution. Founded in 2018, Cribl is a remote-first workforce with an office in San Francisco, CA.
Learn more: cribl.io
Try now: Cribl Sandboxes
Join us: Slack community
Follow us: LinkedIn and Twitter
Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari
Got one of those handy?