Cribl

You’re seeing a mobile optimized view. To explore a walkthrough demo, please return on a desktop device.

Pipeline-as-Code for Enterprise Data

See how Cribl Packs makes your data operations composable, scalable, and accountable - transforming how enterprises operate.

Pipeline-as-Code for Enterprise Data

Welcome to Cribl Coffee Co.! As we've grown globally, our west coast operations spent 3 months building the perfect SIEM migration and data tiering strategy.

Working in their own workspace, they've optimized every route, tested every configuration, and saved 60% on data costs.

The challenge: Our east coast SecOps team needs this exact same setup. The old way? 6 weeks of manual configuration, hoping nothing breaks.
With Cribl's new Packs framework, those 3 months of expertise deploy as pipeline-as-code in just 30 seconds. Complete data pipelines - sources, routes, destinations, and all configurations - packaged and deployable instantly.

By the end of this demo, you'll see how Cribl Packs makes your data operations composable, scalable, and accountable - transforming how enterprises operate.

Ready to Explore?

New to Cribl? Click the "Tell me more" button below to learn more about the Cribl suite of products and how they work together to form a powerful Data Engine for IT and Security your data.

Not so new? Or just impatient? Click "Start Demo"!

Choose Your Tenant Deployment Target

Cribl Coffee has grown globally, with separate workspaces for each team and region. Our west coast team developed their SIEM migration pack in their own workspace. Now it's time to deploy it to production.
See 'Cribl Coffee Company - East' in the list? That's our east coast SecOps team's production workspace. They're about to receive 3 months of optimization work in just 30 seconds.

Before we deploy, let me show you why this workspace approach changes everything.

From Bottlenecks to Breakthroughs

This is why workspaces matter.

Before: One shared environment where teams blocked each other, changes took weeks, and innovation was risky. Your infrastructure team became the 'Team of No' – not by choice, but by necessity.

  • Single shared environment limits flexibility

  • One team's changes can break another's pipelines

  • IT approval required for all configuration changes

  • 2-4 weeks to provision new resources through IT

  • Innovation blocked by fear of breaking production

After: Each team owns their workspace. Complete isolation means safe experimentation. Self-service access means immediate action. And with Packs? Proven solutions deploy instantly across workspaces.
Let's see this transformation in action. The SecOps workspace is about to receive the west coast team's entire SIEM migration infrastructure in under a minute.

  • Each team owns their dedicated environment

  • Complete isolation prevents cross-team conflicts

  • Self-service access enables immediate action

  • Instant deployment with one-click provisioning

  • Safe innovation space - failures don't impact others

Ready to see it in action? Let's explore the SecOps workspace, in the stream

Months of Work, 1 Powerful Package

Here it is – the Data-Tiering-Pack. This single package contains everything our west coast team built: 12 intelligent routes, 5 pre-configured destinations, 2 optimized sources, and months of testing and refinement.
See the version 0.0.1? This is production-ready infrastructure, versioned and tested. The 'Attached to 0 resources' shows it's not yet deployed. That's about to change.

In traditional environments, recreating this would take 6 weeks minimum. With Packs? Let's measure in seconds, not weeks. 12 routes, 5 destinations, 2 sources - but what's really inside? Let's take a look.

Intelligence Baked Into Data Engines

This is the genius of the pack – intelligent data routing that automatically optimizes costs. Look at these routes: each one represents hours of configuration, now captured as code.

Hot data (security events) streams to NG-SIEM, Sentinel, and XSIAM for immediate analysis.
Warm data goes to Lakehouse for fast queries.
Cold data archives in Lake for compliance. This tiering strategy alone saves $$$ on storage costs.

Intelligent routing configured. Now let's check our configured sources that are ready to accept traffic.

Every Source, Ready to Stream

The Packs framework supports every source you use today – from syslog to HTTP, from Splunk to Prometheus. This isn't a limited template; it's your complete infrastructure.

Notice TCP is showing '1' – that means it's active and ready. Cribl HTTP enables workspace-to-workspace data transfer, perfect for our multi-region architecture.

Scroll through and see the breadth of support. Whatever your data sources, Packs has you covered. And they're all configured exactly as the west coast team optimized them.

Sources ready. TCP showing active. But where's all this data going? Let's look at our destinations configured.

Multi-Tier Data Strategy, Pre-Configured

Here's where the magic happens. Five destinations, each serving a specific purpose in our data tiering strategy. Azure Sentinel and Google Cloud for cloud-native security. CrowdStrike for endpoint protection. And Cribl Lake for cost-optimized storage.

See those green 'Live' indicators? The pack includes all authentication, all routing logic, all optimization settings. What normally takes days per destination is already done.

This Data Tiering approach gives us flexibility and cost control. Hot data goes to expensive, fast SIEMs. Everything else goes to Lake. Intelligent routing, massive savings.

Five destinations, all authenticated, all configured. But does it actually work? Let's see the data flowing.

From Deployment to Data in Under a Minute

The proof is in the data. We've deployed the pack and already VPC flow logs are streaming through our intelligent routing. Look at that – real production data, properly formatted, routing to the correct destinations.

This isn't test data. These are actual VPC REJECT logs that need investigation, automatically identified and routed to our hot tier for immediate analysis. The pack didn't just deploy infrastructure; it deployed intelligence.

In 45 seconds, we've gone from empty workspace to fully operational SIEM migration. The west coast's 3 months of optimization is now the east coast's instant reality.

Real data, real time. VPC logs streaming perfectly. But Packs don't just work with Stream - let's quickly see the cross-product integration in Search.

Unified Search Across All Data

Packs don't just work with Stream – they integrate across the entire Cribl suite. Here in Search, we can see the vpcflowlogs dataset already populated with data from our pack deployment.

This seamless integration means your pack benefits extend everywhere. Routes defined in Stream automatically populate dashboards in Search. Lake Destinations in Stream become searchable datasets. It's a unified platform approach.

Let me show you the marketplace of expertise Cribl Search Dispensary.

A Marketplace of Expertise

he Data-Tiering-Pack is just the beginning. Cribl's Pack Dispensary offers pre-built solutions for common scenarios. SIEM migrations, security baselines, compliance frameworks – each one capturing industry best practices.

See how some are marked 'INSTALLED'? Your organization can build a library of proven solutions. Today we deployed SIEM migration. Tomorrow it might be PCI compliance or cost optimization.

This is how expertise scales. One team's innovation becomes everyone's foundation. Pre-built solutions for every scenario. Speaking of complete solutions, packs can include dashboards too. Let's pop the hood.

Insights Included, No Assembly Required

Packs can include complete dashboards and visualizations. The Syslog dashboard here came with the pack – no need to build visualizations from scratch. Your west coast team's reporting expertise is now available instantly to east coast.

This completeness is what makes Packs transformative. It's not just pipes and routes; it's entire operational solutions. Dashboards, searches, alerts – everything your team needs to be productive from minute one.

Now let's see the real business impact of this 30-second deployment. Not just infrastructure - complete operational tools. Let's see the Syslog dashboard in action.

Operational from Second One

60,158 events processed and analyzed automatically. The pack didn't just set up infrastructure – it delivered immediate operational value. Your SecOps team can start investigating threats right now, not in 6 weeks.
This dashboard shows event trends, top applications, unique hostnames – everything needed for security operations. Built by west coast experts, deployed in seconds, delivering value immediately.

But the real value isn't in the technology – it's in the transformation. Let's look at what this means for your business.

Scale Your Success, Infinitely

This is where Packs become transformative. Multi-region expansion? Deploy the same pack to every office globally in minutes. Acquisition integration? Day-1 readiness instead of 6-month projects. Team empowerment? Every team gets expert-level infrastructure instantly.

'When we acquire the next coffee chain, their data infrastructure comes online immediately with proven, optimized configurations.' This isn't aspiration – it's your new operational reality.

Today we deployed to one workspace in 30 seconds. Tomorrow you could deploy to 50 workspaces in 25 minutes. That's 300 weeks of work eliminated. That's transformation.

Feel free to shedule a demo or try cribl by clicking on either.

Schedule a demoTry Cribl

See

Cribl

See a custom demo tailored to your tools and data challenges, with one of our team.

Schedule a Demo

Try

Cribl

Get hands-on with a Sandbox or guided Cloud Trial.

Try a Sandbox
Start a Cloud Trial

Free

Cribl

Process up to 1TB/day, no license required.

Cribl.Cloud account
Download