Amazon Athena is an interactive query service that facilitates analyzing large-scale datasets in Amazon S3, using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

Read our Solution Brief

How to get data flowing

This integration is facilitated through Cribl Stream’s S3 Destination.

• Configure Stream to send data to S3 via Destinations > Amazon S3.
• Configure bucket name, AWS Region, staging location, data format, key and file name prefixes, optional partitioning expression, and other details.
• Authenticate via keys or IAM role.
• Stream will start sending data to S3 as it becomes available.
• In Athena, define the schema and start querying using standard SQL.

Amazon Cloudfront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs worldwide with low latency, high transfer speeds, and a developer-friendly environment.

Read our Solution Brief

How to get data flowing

This integration is facilitated through Cribl Stream’s S3 Source and/or Kinesis Source.

Standard logs (access logs)

• Enable access logging in Cloudfront.
• Specify an Amazon S3 bucket for log storage, granting appropriate permissions to write to the bucket.
• Configure Stream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Real-time logs

• Enable real-time logs in Cloudfront.
• Configure the desired sampling rate, fields, and path patterns.
• Specify a Kinesis data stream, by its Amazon Resource Name (ARN).
• Specify the Kinesis stream’s number of shards and IAM role.
• Configure Stream to read data from Kinesis via Sources > Amazon Kinesis.
• Specify the stream name, AWS Region, record data format, authentication details, and optional parameters.
• Stream will receive data as it becomes available.

The Amazon CloudWatch Logs service offers centralized, highly scalable monitoring and storage of log files from Amazon EC2 instances, AWS CloudTrail, Amazon Route 53, and other sources.

Read our Solution Brief

How to get data flowing

Data ingestion from Amazon CloudWatch Logs is facilitated through Cribl Stream’s S3, Kinesis, and/or Kinesis Firehose Sources. For data export to CloudWatch Logs, there is a built-in integration between Cribl Stream and CloudWatch Logs.

CloudWatch Logs as Destination and Stream as a source 

• Configure Stream to send data to CloudWatch Logs via Destinations > Amazon CloudWatch Logs.
• Specify the log group, log stream, AWS Region, and optional parameters.
  Authenticate via keys or IAM role.
• Stream will start sending data as it becomes available.

The Amazon CloudWatch Logs service offers centralized, highly scalable monitoring and storage of log files from Amazon EC2 instances, AWS CloudTrail, Amazon Route 53, and other sources.

Read our Solution Brief

How to get data flowing

Data ingestion from Amazon CloudWatch Logs is facilitated through Cribl Stream’S S3, Kinesis, and/or Kinesis Firehose Sources. For data export to CloudWatch Logs, there is a built-in integration between Cribl Stream and CloudWatch Logs.

CloudWatch Logs as source and Stream as a destination

• Configure CloudWatch Logs to export log events to AWS S3 buckets.
• Specify an Amazon S3 bucket for log storage, granting appropriate permissions to write to the bucket.
• Configure Stream to read data from S3 via Sources > Amazon S3.
  Supply your SQS queue.
• IAM roles or manual keys are both supported.
• LogStream will start fetching data as SQS messages become available.

CloudWatch Logs as Destination and Stream as a source

• Configure Stream to send data to CloudWatch Logs via Destinations > Amazon CloudWatch Logs.
• Specify the log group, log stream, AWS Region, and optional parameters.
  Authenticate via keys or IAM role.
• Stream will start sending data as it becomes available.

Amazon’s Elastic Load Balancing services manage traffic and capacity for deployments on AWS. These services automatically distribute incoming application traffic, scaling resources to handle traffic demands. Application Load Balancers (ALB) route HTTP/HTTPS traffic. Network Load Balancers (NLB) and Classic Load Balancers (CLB) route TCP traffic.

Read our Solution Brief

How to get data flowing

These integrations are facilitated through Cribl Stream’s S3 Source.

• Enable access logging for your load balancer.
• Specify an Amazon S3 bucket for log storage, and (as needed) grant Elastic Load Balancing permission to write to the bucket.
• Configure Stream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Amazon Kinesis Data Firehose is a fully managed service for delivering real-time streaming data to data lakes, data stores, and analytics services.

Read our Solution Brief

How to get data flowing

This is a built-in integration between Cribl Stream and Amazon Firehose.

• Configure LogStream to read data from Firehose via Sources > Amazon Firehose.
• Specify the IP address, port, authorization tokens, and any TLS credentials to use when connecting to Amazon Firehose.
• Stream will start fetching data as the Firehose stream becomes available.

Amazon Kinesis Data Streams (KDS) is a scalable, durable, real-time data streaming service.

Read our Solution Brief

How to get data flowing

This is a built-in integration between Cribl Stream and Amazon Kinesis Data Streams.

Amazon KDS as Source and Stream as a destination

• Create a Kinesis data stream using the AWS Management Console, CLI. or KDS API
• Configure Stream to read data from Amazon KDS via Sources > Amazon Kinesis.
• Specify the stream name, region, and optional shard segmentation details. IAM roles or manual keys are both supported.
• Stream will start fetching data as KDS streams become available.

Amazon KDS as Destination and Stream as a source

• Configure Stream to send data to Amazon KDS via Destinations > Amazon Kinesis.
• Specify the stream name, region, and optional details.
• Authenticate via IAM role or keys.
• Stream will start sending data as it becomes available.

Amazon Kinesis Data Streams (KDS) is a scalable, durable, real-time data streaming service.

Read our Solution Brief

How to get data flowing

This is a built-in integration between Cribl Stream and Amazon Kinesis Data Streams.

Amazon KDS as Source and Stream as a destination

• Create a Kinesis data stream using the AWS Management Console, CLI. or KDS API
• Configure Stream to read data from Amazon KDS via Sources > Amazon Kinesis.
• Specify the stream name, region, and optional shard segmentation details. IAM roles or manual keys are both supported.
• Stream will start fetching data as KDS streams become available.

Amazon KDS as Destination and Stream as a source

• Configure Stream to send data to Amazon KDS via Destinations > Amazon Kinesis.
• Specify the stream name, region, and optional details.
• Authenticate via IAM role or keys.
• Stream will start sending data as it becomes available.

Amazon Route 53 is a highly available, scalable, IPv6-compliant Domain Name System (DNS) web service. It provides reliable routing to Internet applications and infrastructure running in or outside AWS.

Read our Solution Brief

How to get data flowing

This integration is facilitated through Cribl Stream’s S3 Source.

• In Route 53, configure query logging to send logs to CloudWatch Logs.
• Configure CloudWatch to export Route 53 logs to AWS S3 buckets.
• Configure Stream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Amazon Simple Storage Service (S3) offers storage of any amount of data, at any time, from anywhere on the web. S3 is accessible via a web services interface, a management console, SDKs for several languages and frameworks, and several APIs.

Read our Solution Brief

How to get data flowing

This is a built-in integration between Cribl Stream and the Amazon S3 APIs. Stream pulls data from S3 buckets using event notifications through Amazon SQS. Stream’s S3 Destination can be adapted to send data to services for which Stream currently has no preconfigured Destination.

S3 as Source and Stream as a destination

• Configure your systems to store outbound log data in AWS S3 buckets.
• Configure LogStream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

S3 as Destination and Stream as a source

• Configure Stream to send data to S3 via Destinations > Amazon S3.
• Configure bucket name, AWS Region, staging location, data format, key and file name prefixes, optional partitioning expression, and other details.
• Authenticate via keys or IAM role.
• Stream will start sending data as it becomes available.

Amazon Simple Notification Service (SNS) is a fully managed messaging service for application-to-application (A2A) and application-to-person (A2P) communication.

How to get data flowing

• This integration is facilitated through the Cribl Stream SQS Source.
• Configure SNS to publish messages to an Amazon SQS queue.
• Configure Stream to read data from SQS via Sources > Amazon SQS.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Fully managed message queuing service for distributed systems and microservices

How to get data flowing

This is a built-in integration between Cribl Stream and Amazon SQS.

Amazon SQS as Destination and Stream as a source

• Configure Stream to send data to Amazon KDS via Destinations > Amazon Kinesis.
• Specify the stream name, region, and optional details.
• Authenticate via IAM role or keys.
• Stream will start sending data as it becomes available.

Fully managed message queuing service for distributed systems and microservices

How to get data flowing

This is a built-in integration between Cribl LogStream and Amazon SQS.

Amazon SQS as Source and Stream as a destination

• Create a Kinesis data stream using AWS’ Management Console, CLI, or KDS API.
• Configure Stream to read data from Amazon KDS via Sources > Amazon Kinesis.
• Specify the stream name, region, and optional shard segmentation details.
• IAM roles or manual keys are both supported for authentication.
• Stream will start fetching data as KDS streams become available.

Apache Flume is a distributed, reliable, and available system for efficiently collecting, aggregating, and moving large amounts of log data from many different sources to a centralized data store.

How to get the data flowing

This is an integration facilitated through Cribl Stream’s HTTP/S Source.

• Configure a Flume HTTP Sink for Cribl.
• Configure Stream to ingest Flume data via Sources > HTTP.
• Specify the address, port, optional authentication and TLS settings, and optional throttling and other parameters.
• Stream will start receiving data as it becomes available.

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.

How to get data flowing

This integration is facilitated through the Cribl Stream’s S3 Source.

• On AWS side, configure CloudTrail to deliver events to your S3 bucket, Configure your S3 bucket to send event notifications to a SQS queue
• Find the integration in Stream through Sources > Amazon S3
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.

Read our Solution Brief

How to get data flowing

This integration is facilitated through Cribl Stream’s Filesystem Destination.

• Configure Stream to send data to AWS EFS via Destinations > Filesystem.
• Specify the output and staging locations, partitioning expression, compression and backpressure behavior, and optional parameters.
• Stream will start sending data as it becomes available.

AWS Lambda’s serverless compute service enables running code without provisioning or managing servers or runtimes. Upload code as a ZIP file or container image, and Lambda automatically allocates execution power based on incoming requests, events, and traffic. You pay only for the computing time you consume.

How to get data flowing

This integration is facilitated through Cribl Stream’s S3 Source and/or Kinesis Source. (Both paths rely on Lambda’s default logging to Amazon CloudWatch Logs.)

Lambda to Stream via S3

• Configure CloudWatch Logs to export incoming log events from Lambda to AWS S3 buckets.
• Specify an Amazon S3 bucket for log storage, granting appropriate permissions to write to the bucket.
• Configure Stream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Lambda to Stream via Kinesis

• Create, and apply, appropriate IAM roles and permissions policies in both Cloudwatch Logs and Amazon Kinesis Data Firehose.
• Create a destination Kinesis Firehose delivery stream, configured with the appropriate role and bucket ARNs.
• Create a CloudWatch Logs subscription filter to send incoming log events to your Amazon
• Kinesis Data Firehose delivery stream.
• Configure Stream to read data from Kinesis via Sources > Amazon Kinesis.
• Specify the stream name, AWS Region, record data format, authentication details, and optional parameters.
• Stream will receive data as it becomes available.

The AWS Web Application Firewall helps protect web applications and APIs against common web exploits by monitoring the HTTP and HTTPS requests forwarded to other Amazon services. You can use predefined Managed Rules (which are regularly updated to block new threats) and/or write your own security rules. Pricing is based on how many rules you deploy, and on your volume of incoming web requests.

How to get data flowing

This integration is facilitated through Cribl Stream’s Amazon Kinesis Firehose Source.

• Configure AWS WAF to send logs from your web ACL (access control list) to an Amazon Kinesis Data Firehose.
• Configure Stream to read data from Firehose via Sources > Amazon Firehose.
• Specify the IP address, port, authorization tokens, and any TLS credentials to use when connecting to Amazon Firehose.
• Stream will start fetching data as the Firehose stream becomes available.

Azure Blob Storage is Microsoft’s cloud-oriented object storage solution, optimized for storing massive amounts of unstructured data (text, binaries, etc.). Features include cost-optimized tiered storage, and integration with Microsoft’s Azure Data Lake Storage Gen2.

How to get data flowing

This is a built-in integration through the Cribl Stream Azure Blob Storage Source and Destination.

Azure Blob Storage as Source and Stream as a destination 

• Configure Azure Event Grid to send queue notifications when new blobs are added to a storage account.
• Configure Stream to listen for Blob Storage data via Sources > Azure Blob Storage.
• Specify the queue, connection string, Event Breaker settings, and optional parameters.
• Stream will start fetching data as it becomes available.

Azure Blob Storage as Destination and LogStream as a source

• Configure LogStream to send data to Azure Event Hubs via Destinations > Azure Blob Storage.
• Specify the Azure container name, blob prefix, staging location, partitioning expression, backpressure behavior, and optional parameters.
• LogStream will start sending data as it becomes available.

Azure Event Hubs offer big data streaming, along with a fully managed data ingestion service that’s simple, trusted, and scalable. Event Hubs can receive and process millions of events per second, and can supply data to any real-time analytics provider or batching/storage adapter. Other features include simple construction of dynamic data pipelines; geo-replication and disaster recovery; integration with Apache Kafka clients and applications; and usage-based pricing.

How to get data flowing

This is a built-in integration through the Cribl Stream Azure Event Hubs Source and/or Destination.

Azure Event Hubs as Destination and Stream as a source

• Configure Stream to send data to Azure Event Hubs via Destinations > Azure Event Hubs.
• Specify the Event Hubs brokers, hub name, and other parameters.
• Stream will start sending data as it becomes available.

Azure Event Hubs offer big data streaming, along with a fully managed data ingestion service that’s simple, trusted, and scalable. Event Hubs can receive and process millions of events per second, and can supply data to any real-time analytics provider or batching/storage adapter. Other features include simple construction of dynamic data pipelines; geo-replication and disaster recovery; integration with Apache Kafka clients and applications; and usage-based pricing.

How to get data flowing

This is a built-in integration through the Cribl Stream Azure Event Hubs Source and/or Destination.

Azure Event Hubs as Source and Stream as a destination 

• Configure Stream to listen for Event Hubs data via Sources > Azure Event Hubs.
• Specify the Event Hubs brokers, hub name, and optional SASL authentication parameters.
• Stream will start fetching data as it becomes available.

Azure Monitor Logs collect and organize log and performance data from monitored resources, such as platform logs from Azure services, log and performance data from virtual machines’ agents, and usage and performance data from applications.

How Does It Work

This is a built-in integration through the Cribl Stream Azure Monitor Logs Destination.

• Configure Stream to send data to Azure Event Hubs via Destinations > Azure Monitor Logs.
• Specify the Azure Log Analytics Workspace ID, Workspace Key, Log Type, backpressure behavior, and optional parameters.
• Stream will start sending data as it becomes available.

Microsoft Azure Sentinel is a scalable, cloud-native, SIEM (security information event management) and SOAR (security orchestration automated response) platform. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

How to get data flowing

This integration is facilitated through the Cribl Stream Azure Monitor Logs Destination.

• Enable Azure Sentinel’s integration with Azure Monitor Logs, ensuring appropriate permissions on the subscription that owns the Azure Sentinel workspace.
• Configure Stream to send data to Azure Event Hubs via Destinations > Azure Monitor Logs.
• Specify the Azure Log Analytics Workspace ID, Workspace Key, Log Type, backpressure behavior, and optional parameters.
• Stream will start sending data as it becomes available.

Cisco Umbrella is a cloud-delivered network security layer that provides enterprise users with a first line of defense against cybersecurity threats.

How to get data flowing

• This integration is facilitated through the Cribl Stream S3 Source.
• Send Cisco Umbrella logs to an AWS S3 bucket.
• Configure Stream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Cloudflare is one of the world’s largest networks providing businesses, non-profits, bloggers, and anyone with an Internet presence faster, more secure websites and apps. Cloudflare logs include firewall events, HTTP requests and Cloudflare Spectrum events. These logs are helpful for troubleshooting and securing your applications.

How to get data flowing

This integration is facilitated through the Cribl Stream S3 Source.

• Push Cloudflare logs to an AWS S3 bucket.
• Configure Stream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Confluent is a fully managed Kafka service and enterprise stream processing platform. It offers real-time data streaming via AWS, Google Cloud, Azure, or serverless infrastructure.

How to get data flowing

Kafka as Destination and Stream as a source

• Configure Stream to send data to Kafka via Destinations > Kafka.
• Specify the Kafka brokers and topic to write to, along with other settings (record data format, compression, and backpressure behavior, and optional TLS and SASL authentication parameters).
• Enable the Confluent Schema Registry, and specify its URL and optional schema ID, and TLS parameters.
• Stream will start sending data as it becomes available.

Confluent is a fully managed Kafka service and enterprise stream processing platform. It offers real-time data streaming via AWS, Google Cloud, Azure, or serverless infrastructure.

How to get data flowing

This integration is facilitated through Cribl Stream’s Kafka Source and Destination.

Kafka as Source and Stream as a destination

• Configure Kafka brokers and topics via Confluent Platform or Confluent Cloud.
• Configure Stream to read data from Kafka via Sources > Kafka.
• Specify the Kafka brokers, topics, and optional settings (TLS and SASL authentication parameters).
• Enable the Confluent Schema Registry, and specify its URL and optional TLS parameters.
• Stream will start fetching data as KDS streams become available.

Kafka as Destination and Stream as a source

• Configure Stream to send data to Kafka via Destinations > Kafka.
• Specify the Kafka brokers and topic to write to, along with other settings (record data format, compression and backpressure behavior, and optional TLS and SASL authentication parameters).
• Enable the Confluent Schema Registry, and specify its URL and optional schema ID and TLS parameters.
• Stream will start sending data as it becomes available.

Confluent Cloud is a scalable, streaming data service based on Apache Kafka, delivered as a fully managed service You can create and manage Kafka topics, cluster resources, settings, and billing.

How to get the data flowing:

This is a built-in integration between Cribl Stream and Confluent Cloud senders and receivers.

Confluent Cloud as Source and Stream as a destination

• Configure Stream to ingest Kafka topics via Sources > Confluent Cloud.
• Specify the brokers, topics, optional authentication, and TLS settings, and optional parameters.
• Stream will start fetching data as it becomes available.

Confluent Cloud is a scalable, streaming data service based on Apache Kafka, delivered as a fully managed service You can create and manage Kafka topics, cluster resources, settings, and billing.

How to get the data flowing:

This is a built-in integration between Cribl Stream and Confluent Cloud senders and receivers.

Confluent Cloud as Destination and Stream as a source

• Configure Stream to send data to your Kafka topics via Destinations > Confluent Cloud.
• Specify the brokers, topic, backpressure behavior, optional TLS and authentication settings, and optional parameters.
• Stream will start sending data to the OTel targets as it becomes available.

CrowdStrike’s Falcon platform provides endpoint and workload protection, threat intelligence, and cyberattack response services. Assemble your choice of modules, each implemented via one endpoint agent and a cloud-based management console.

How to get data flowing

This is a built-in integration between Cribl Stream and Crowdstrike Falcon.

• Configure Crowdstrike Falcon to queue notifications to Stream.
• Configure Stream to ingest notifications via Sources > Crowdstrike.
• Specify the queue, region, filter expression, authentication and ARN credentials, Event Breakers, and optional parameters
• Stream will fetch data as it becomes available.

Databricks provides a unified data analytics platform for data engineering and collaborative data science.

How to get data flowing

This integration is facilitated through the Cribl Stream S3 or Azure Blob Storage Destination.

Sending to S3

• Configure Stream to send data to S3 via Destinations > Amazon S3.
• Supply your configuration settings. IAM roles and keys are both supported.
• Stream will start sending data to S3 for Databricks to read.

Sending to Azure Blob Storage

• Configure Stream via Destinations > Azure Blob Storage.
• Supply your configuration settings.
• Stream will start sending data to Blob Storage for Databricks to read.

Databricks provides a unified data analytics platform for data engineering and collaborative data science.

How to get data flowing

This integration is facilitated through the Cribl Stream S3 or Azure Blob Storage Destination.

Sending to S3

• Configure Stream to send data to S3 via Destinations > Amazon S3.
• Supply your configuration settings. IAM roles and keys are both supported.
• Stream will start sending data to S3 for Databricks to read.

Sending to Azure Blob Storage

• Configure Stream via Destinations > Azure Blob Storage.
• Supply your configuration settings.
• Stream will start sending data to Blob Storage for Databricks to read.

Datadog is a monitoring service for cloud-based applications, servers, databases, tools, and services, through a SaaS-based data analytics platform.

How to get data flowing

This integration is facilitated through the Cribl Stream Datadog Destination.

• Configure Stream to send to Datadog via Destinations > Datadog.
• Sending of both logs and metrics is supported.
• Supply your configuration settings and keys.
• Stream will start sending data as it becomes available.

DataSet is a cloud-native flexible enterprise data platform built for all types of data – live or historical, at petabyte scale. By eliminating data schema requirements from the ingestion process and index limitations from querying, Dataset can process massive amounts of data live in real time, delivering log management, data analytics, and alerting with unparalleled speed, performance, and efficiency – built on a security and privacy-first foundation.

Read our Solution Brief

How to get data flowing
This integration is facilitated through the Cribl Stream DataSet Destination.

• Configure Stream to Output to DataSet via Destinations > DataSet.
• Send batches of events, as JSON, to the DataSet API’s addEvent method.
• Utilize the DataSet tile via QuickConnect.
• Supply your configuration settings and keys.
• Stream will start sending data as it becomes available.

Devo is a cloud-native, multi-tenant logging and analytics solution that provides real-time visibility for security and operations teams.

How to get the data flowing:

This integration is facilitated through the Cribl Stream Webhook Destination.

• Create a token in Devo.
• Configure Stream to send data to Devo via Destinations > Webhook.
• Build the URL with your Devo endpoint, mode, domain, token, and tag.
• Set the method to POST.
• Stream will start sending data to the Devo endpoint as it becomes available.

Elasticsearch is a distributed, RESTful search and analytics engine for all types of structured or unstructured data, built on Apache Lucene. Elasticsearch indexed searching is the central component of the Elastic Stack, which includes Logstash data processing, Kibana visualizations, and Beats shipping agents).

Note: Logstash, Kibana, and Beats, as well as Grafana (which is not part of the Elastic Stack), are all supported via the same LogStream’s Elasticsearch Destination. Logstash, Filebeat, Winlogbeat, Fluentd, and Fluent Bit are all supported via LogStream’s Elasticsearch API Source.

How to get data flowing

This is a built-in integration between Cribl Stream and the Elasticsearch Bulk API.

Elasticsearch as Source and Stream as Destination

• Configure Stream to read data from your Elasticsearch cluster via Sources > Elasticsearch API.
• Specify the IP address, port, Elasticsearch API endpoint, and optional authentication and TLS parameters.
• Stream will start fetching data as it becomes available.

Elasticsearch is a distributed, RESTful search and analytics engine for all types of structured or unstructured data, built on Apache Lucene. Elasticsearch indexed searching is the central component of the Elastic Stack, which includes Logstash data processing, Kibana visualizations, and Beats shipping agents).

Note: Logstash, Kibana, and Beats, as well as Grafana (which is not part of the Elastic Stack), are all supported via the same LogStream’s Elasticsearch Destination. Logstash, Filebeat, Winlogbeat, Fluentd, and Fluent Bit are all supported via LogStream’s Elasticsearch API Source.

How to get data flowing

This is a built-in integration between Cribl Stream and the Elasticsearch Bulk API.

Stream as source and Elasticsearch as Destination

• Configure Stream to send data to Elasticsearch via Destinations > Elasticsearch.
• Specify the Elastic cluster Bulk API endpoint, index, document type, backpressure behavior, and optional authentication and throttling parameters.
• Stream will start sending data as it becomes available.

This integration is facilitated through the Cribl Stream Humio HEC Destination.

• Configure Stream to send to Humio HEC via Destinations > Humio HEC
• Send events in either JSON or Raw format
• Use the Authentication method to select a HEC Auth token
• Stream will start sending data as it becomes available

Fastly is a content delivery network (CDN) company that helps users view digital content more quickly. The company also provides security, video delivery, and so-called edge computing services. Fastly logs include HTTP requests and service responses which are helpful for troubleshooting and identifying suspicious activity with your applications.

How to get data flowing

This integration is facilitated through the Cribl Stream S3 Source.

• Stream Fastly logs to an AWS S3 bucket.
• Configure Stream to read data from S3 via Sources > Amazon S3.
• Supply your SQS queue. IAM roles or manual keys are both supported.
• Stream will start fetching data as SQS messages become available.

Stream can output files to a local file system, or to a network-attached file system (NFS). These options enable low-cost storage of full-fidelity data, with the option to later replay that data through Stream Collectors.

How to get data flowing

This is a built-in integration through the Cribl Stream Filesystem/NFS Destination.

• Configure Stream to send data to file-system outputs via Destinations > Filesystem.
• Specify the output and staging locations, partitioning expression, data format, prefix expression, compression behavior, and backpressure behavior, and optional parameters.
• Stream will start sending data to the specified output location as it becomes available.

Fluent Bit is an open-source log processor and forwarder that allows you to collect any data (like metrics and logs) from different sources, enrich them with filters, and send them to multiple destinations. Based on Fluentd, Fluent Bit is designed to run in distributed environments where resources are constrained (such as Kubernetes, other Cloud instances, or containers)

How to get data flowing

Fluent Bit has multiple output plugins that can be used to send to Stream. This integration is facilitated through Cribl Stream’s TCP JSON Source or Splunk HEC Source.

Fluent Bit to Stream via TCP JSON

• Configure Fluent Bit to forward data to Stream over TCP, by adding this to your Fluent Bit .conf file
• Configure Stream to read the incoming data via Sources > TCP JSON.
• Enable and configure TLS on the TCP JSON Source.
• Stream will receive data as it becomes available.

Fluent Bit to Stream via Splunk HEC

• Configure Fluent Bit to forward data to LogStream via Splunk HTTP, by adding this to your Fluent Bit .conf file
• Configure Stream to read the incoming data via Sources > Splunk HEC.
• Stream will receive data as it becomes available.

Google Chronicle helps enterprises privately retain, index, search, and analyze security and network telemetry data, to gain context on risky activity.

Reed our Solution Brief

How to get data flowing

This is a built-in integration between Cribl Stream and the Google Chronicle API.

• Obtain a Chronicle Search API key.
• Configure Stream to send out events via Destinations > Google Cloud > Chronicle.
• Specify the log type, log text field, backpressure behavior, authentication method and key or secret, and optional parameters.
• Stream will start sending data as it becomes available.

Google Cloud Pub/Sub is a low-latency, asynchronous communication service for streaming analytics and data integration pipelines. You can use Pub/Sub as messaging-oriented middleware between event producers (publishers) and consumers (subscribers), or as a queue to parallelize tasks.

How to get data flowing

This is a built-in integration between Cribl Stream and Pub/Sub topics.

• Configure a Pub/Sub topic to receive events from LogStream. (Or create a new topic within LogStream’s UI.)
• Configure Stream to send out events via Destinations > Google Cloud > Pub/Sub.
• Specify (or create) the Pub/Sub Topic ID to send events to.
• Specify the delivery order and region, backpressure behavior, authentication method and credentials, optional system fields to add to events, and optional batch, task, and concurrent-request limits.
• Stream will start sending data as it becomes available.

Google Cloud Pub/Sub is a low-latency, asynchronous communication service for streaming analytics and data integration pipelines. You can use Pub/Sub as messaging-oriented middleware between event producers (publishers) and consumers (subscribers), or as a queue to parallelize tasks.

How to get data flowing

This is a built-in integration between Cribl Stream and Pub/Sub topics.

• Configure a Pub/Sub topic to receive events from LogStream. (Or create a new topic within LogStream’s UI.)
• Configure Stream to send out events via Destinations > Google Cloud > Pub/Sub.
• Specify (or create) the Pub/Sub Topic ID to send events to.
• Specify the delivery order and region, backpressure behavior, authentication method and credentials, optional system fields to add to events, and optional batch, task, and concurrent-request limits.
• Stream will start sending data as it becomes available.

Google Cloud Storage enables worldwide storage and retrieval of any amount of data at any time. Scenarios include serving website content, storing data for archival and disaster recovery, or distributing large data objects to users via direct download. The Object Lifecycle Management configuration option automatically transitions data to lower-cost storage classes based on age, superseded version, or other criteria.

How to get data flowing

This is a built-in integration through the Cribl Stream Google Cloud Storage Destination.

• Configure Stream to send data to Azure Event Hubs via Destinations > Google Cloud Storage.
• Specify the bucket name, region, staging location, key prefix, partitioning expression, backpressure behavior, and optional parameters.
• Stream will start sending data as it becomes available.

Grafana is an open-source data visualization tool widely used in monitoring stacks with time-series databases and SIEMs. Via the Prometheus remote write protocol, Stream can ingest Prometheus metrics and Loki logs from Grafana Agent instances.

Read our Solution Brief

How to get data flowing

This is a built-in integration between Cribl LogStream and Grafana Agent.

• Configure your Grafana Agent(s) to start sending messages to Stream.
• Configure Stream to ingest Grafana data, via Sources > Grafana.
• Specify the host, port, endpoint(s), optional authentication credentials and TLS settings, and other optional parameters.
• Stream will start fetching data as it becomes available.

Grafana is an open-source data visualization tool widely used in monitoring stacks with time-series databases and SIEMs. Via the Prometheus remote write protocol, Stream can ingest Prometheus metrics and Loki logs from Grafana Agent instances.

Read our Solution Brief

How to get data flowing

This is a built-in integration between Cribl Stream and Grafana Cloud.

• Set up your Grafana Cloud account.
• Configure Stream to send out events via Destinations > Grafana Cloud.
• Specify the endpoints and authentication mechanisms for Loki logs and/or Prometheus metrics.
• Specify the backpressure behavior, optional system fields to add to events, and other optional parameters.
• Stream will start sending data as it becomes available.

Graphite is a free, open-source, performance monitoring tool that collects, stores, and graphs numeric time-series data in real time. Graphite runs equally well on commodity hardware or cloud infrastructure.

How to get data flowing

This is an integration facilitated by Stream’s TCP (Raw) Source.

• Configure Graphite to send data via TCP.
• Configure Stream to read Graphite data via Sources > TCP.
• Specify the address, port, Event Breaker settings, and optional authentication header, TLS settings, and other parameters.
• Stream will start fetching data as it becomes available.

Apache HDFS (Hadoop Distributed File System) is a distributed file system that handles large data sets running on commodity hardware. HDFS is highly fault-tolerant, and supports high-throughput access to application data. It can be used to scale a single Hadoop cluster up to hundreds or thousands of nodes. HDFS can support Apache HBase, a column-oriented, non-relational database management system that supports real-time data needs with in-memory processing.

How to get data flowing

This integration is facilitated through the Cribl Stream Filesystem/NFS Destination.

• Mount HDFS on the target filesystem via FUSE (Filesystem in Userspace).
• Configure Stream to send data to your Hadoop cluster via Sources > Filesystem.
• Specify the output and staging locations, partitioning expression, data format, prefix expression, compression behavior, and backpressure behavior, and optional parameters.
• Stream will start sending data to Hadoop (via the specified file system) as it becomes available.

Honeycomb provides an observability service for modern Engineering and DevOps teams to observe, debug, and improve production systems efficiently.

How to get data flowing

This integration is facilitated through the Cribl Stream Honeycomb Destination

• Configure Stream to send to Honeycomb via Destinations > Honeycomb.
• Supply your configuration settings and API key.
• Stream will start sending data as it becomes available.

InfluxDB is a time-series database designed to handle high write and query loads. It is optimized for fast, high-availability storage and retrieval of data in applications like operations monitoring, application metrics, real-time analytics, and Internet of Things sensor data.

How to get data flowing

This is a built-in integration between Cribl Stream and InfluxDB.

• Configure Stream to send data to InfluxDB via Destinations > InfluxDB.
• Specify the InfluxDB cluster API endpoint, database name, backpressure behavior, and optional parameters (authentication, compression, throttling, and extra HTTP headers).
• Stream will start sending data as it becomes available.

Juniper Networks develops and markets networking products, including routers, switches, network management software, network security products, and software-defined networking technology.

How to get data flowing

This is an integration facilitated by Stream’s Syslog Source.

• Configure your Juniper Networks devices and/or services to emit relevant logs via syslog.
• Configure Stream to read syslog data via Sources > Syslog.
• Specify the address to bind on, UDP or TCP port, and optional parameters.
• Stream will start fetching data as it becomes available.

Apache Kafka is an open-source, distributed event streaming platform widely used for high-performance data pipelines, streaming analytics, metrics collection and monitoring, log aggregation, data integration, and mission-critical applications. As a durable message broker, Kafka enables applications to process, persist, and reprocess streamed data.

How to get data flowing

This is a built-in integration between Cribl Stream and Kafka.

Kafka as Source and Stream as a destination

• Create a Kafka topic, write to it, and export to LogStream via Kafka Connect.
• Configure Stream to read data from Kafka via Sources > Kafka.
• Specify the Kafka brokers, topics, and optional settings (Confluent Schema Registry, TLS certificate, and SASL authentication parameters).
• Stream will start fetching data as KDS streams become available.

Kafka as Destination and LogStream as a source

• Configure LogStream to send data to Kafka via Destinations > Kafka.
• Specify the Kafka brokers and topic to write to, along with other settings (record data format, compression and backpressure behavior, and optional Confluent Schema Registry, TLS certificate, and SASL authentication parameters).
• LogStream will start sending data as it becomes available.

Apache Kafka is an open-source, distributed event streaming platform widely used for high-performance data pipelines, streaming analytics, metrics collection and monitoring, log aggregation, data integration, and mission-critical applications. As a durable message broker, Kafka enables applications to process, persist, and reprocess streamed data.

How to get data flowing

This is a built-in integration between Cribl Stream and Kafka.

Kafka as Destination and LogStream as a source

• Configure Stream to send data to Kafka via Destinations > Kafka.
• Specify the Kafka brokers and topic to write to, along with other settings (record data format, compression and backpressure behavior, and optional Confluent Schema Registry, TLS certificate, and SASL authentication parameters).
• Stream will start sending data as it becomes available.

Kubernetes (or K8s) is an open-source standard for automating deployment, scaling, and managing containerized applications.

How to get data flowing

This is an integration facilitated by Stream’s Elasticsearch API Source. Fluentd, Fluent Bit, or Filebeat be interposed between Kubernetes and Elasticsearch clusters.

• Configure a Kubernetes agent or sidecar to output data to Fluentd, Fluent Bit, or another log collector for Elasticsearch.
• Configure Stream to read data from your Elasticsearch cluster via Sources > Elasticsearch API.
• Specify the IP address, port, Elasticsearch API endpoint, and optional authentication and TLS parameters.
• Stream will start fetching data as it becomes available.

Grafana Loki is a log aggregation system designed for cost-effectiveness. Loki indexes only logs’ metadata (labels) while compressing the full-fidelity log data in chunks for storage in low-cost object stores.

How to get data flowing

This is a built-in integration between Cribl Stream and Loki.

1. Install, configure, and launch Loki and Promtail.
2. Configure Stream to send out events via Destinations > Loki.
3. Specify the Loki endpoint, backpressure behavior, optional authentication mechanism and credentials, and other optional parameters.
4. Stream will start sending data as it becomes available.

Grafana Loki is a log aggregation system designed for cost-effectiveness. Loki indexes only logs’ metadata (labels) while compressing the full-fidelity log data in chunks for storage in low-cost object stores.

How to get data flowing

This is a built-in integration between Cribl Stream and Loki.

1. Configure Loki to start sending messages to LogStream.
2. Configure Stream to ingest Loki data, via Sources > Loki.
3. Specify the address, port, API endpoint, optional authentication credentials and TLS settings, and other optional parameters.
4. Stream will start fetching data as it becomes available.

Microsoft’s MessageTrace REST endpoint provides summary information about the processing of email messages through your organization’s Office 365 system in the last 30 days. You can use this metadata to detect and report on malicious activity including bulk emails, spoofed-domain emails, and data exfiltration.

How Does It Work

This is a built-in integration through the Cribl Stream’s Office 365 Message Trace Source.

• Configure Stream to receive data from the Office 365 Management Activity API via Sources > Office 365 Message Trace.
• Specify the poll interval, your Office 365 credentials, and optional parameters like the date range, log level, and timeout to use.
• Stream will start receiving Office 365 Message Trace data as it becomes available.

New Relic is an observability platform built to help engineers create more perfect software. From monoliths to serverless, you can instrument everything, then analyze, troubleshoot, and optimize your entire software stack. All from one place.

How to get data flowing

This integration is facilitated through the Cribl Stream New Relic Destination.

• Configure Stream to send to New Relic via Destinations > New Relic.
• Sending of both logs and metrics is supported.
• Supply your configuration settings and keys.
• Stream will start sending data as it becomes available.

The Office 365 Management Activity API is used to retrieve information about user, admin, system, and policy actions and events from Office 365 and Azure AD activity logs. You can use the actions and events from the Office 365 and Microsoft Azure Active Directory audit and activity logs to create solutions that provide monitoring, analysis, and data visualization. These solutions give organizations greater visibility into actions taken on their content. These actions and events are also available in the Office 365 Activity Reports.

How to get data flowing

This is a built-in integration between Cribl Stream and the Office 365 Management Activity API.

• Find the integration in LogStream through Sources > Office 365 Activity.
• Supply your Tenant ID, App ID and Client Secret.
• Stream will fetch data on the scheduled interval you’ve configured

You can use the Microsoft Office 365 Management Activity API to retrieve information about user, admin, system, and policy actions and events from Office 365 and Azure Active Directory audit and activity logs. This information can be fed to monitoring, analysis, and data visualization solutions that offer organizations greater visibility into actions taken on their content.

How to get data flowing

This is a built-in integration through the Cribl Stream’sOffice 365 Activity Source.

• Configure Stream to receive data from the Office 365 Management Activity API via Sources > Office 365 Activity.
• Specify the Office 365 Azure Tenant ID, App ID, Client Secret, subscription plan, and content types and poll intervals, along with optional parameters.
• Stream will start receiving Office 365 data as it becomes available.

The OpenTelemetry Protocol (OTLP) supports instrumenting, generating, and processing telemetry data (metrics and traces) to analyze software’s performance and behavior. The protocol is open-source and vendor-neutral.

How to get the data flowing:

Otel as Destination and Stream as a source

• Configure Stream to send data to your OTel targets via Destinations > OpenTelemetry.
• Specify the endpoint, backpressure behavior, optional TLS and authentication settings, and optional throttling parameters.
• Stream will start sending data to the OTel targets as it becomes available.

The OpenTelemetry Protocol (OTLP) supports instrumenting, generating, and processing telemetry data (metrics and traces) to analyze software’s performance and behavior. The protocol is open-source and vendor-neutral.

How to get the data flowing:

This is a built-in integration between Cribl Stream and OTLP-compliant senders and targets.

OTel as Source and LogStream as a destination

• Configure Stream to listen for OTel data via Sources > OpenTelemetry.
• Specify the address, port, optional authentication and TLS settings, and optional throttling and extraction parameters.
• Stream will start fetching data as it becomes available.

Prometheus is an open-source systems monitoring and alerting toolkit, widely used to collect time-series metrics.

How to get data flowing

This is a built-in integration between Cribl Stream and Prometheus. Stream’s Prometheus Destination can send metric events to targets and third-party platforms that support Prometheus’ remote_write spec.

Stream as Source and Prometheus targets as destinations

• Configure Stream to send data to Prometheus targets via Destinations > Prometheus.
• Specify the Remote Write URL, backpressure behavior, authentication type and credentials, and optional parameters.
• Stream will start sending out data to the Prometheus targets as it becomes available.

Prometheus is an open-source system monitoring and alerting toolkit. Cribl Stream can ingest streaming time-series metrics from Prometheus instances via the Prometheus remote write protocol.

How to get the data flowing

This is a built-in integration between Cribl Stream and Prometheus.

1. Configure Stream to read data from Prometheus via Sources > Prometheus > Remote Write.
2. Specify the address, port, remote write endpoint, authentication mechanism and credentials, optional TLS settings, and other optional parameters.
3. Poll interval, log level, extra dimensions to include in events, discovery type, and corresponding discovery parameters (including Prometheus targets, for static discovery).
4. Stream will start fetching Prometheus data as it becomes available.

Prometheus is an open-source systems monitoring and alerting toolkit, widely used to collect time-series metrics.

How to get data flowing

This is a built-in integration between Cribl Stream and Prometheus. Stream’s Prometheus Destination can send metric events to targets and third-party platforms that support Prometheus’ remote_write spec.

Prometheus as Source and Stream as a destination

• Configure Stream to read data from Prometheus via Sources > Prometheus.
• Specify the poll interval, log level, extra dimensions to include in events, discovery type, and corresponding discovery parameters (including Prometheus targets, for static discovery).
• Stream will start fetching Prometheus data as it becomes available.

Stream as Source and Prometheus targets as destinations

• Configure Stream to send data to Prometheus targets via Destinations > Prometheus.
• Specify the Remote Write URL, backpressure behavior, authentication type and credentials, and optional parameters.
• Stream will start sending out data to the Prometheus targets as it becomes available.

SignalFx/Splunk Infrastructure Monitoring is a real-time monitoring and metrics service for cloud infrastructure, microservices, and applications.

Read the Solution Brief

How to get data flowing

• This integration is facilitated through the Cribl Stream SignalFx Destination.
• Configure Stream to send to SignalFx via Destinations > SignalFx.
• Supply your configuration settings and Auth token.

Simple Network Management Protocol (SNMP) traps are asynchronous alert messages sent from a remote SNMP-enabled device to a central manager.

How to get data flowing

This is a built-in integration through the Cribl Stream SNMP Trap Source and/or Destination.

SNMP Trap as Source and Stream as a destination

• Configure Stream to listen for SNMP trap data via Sources > SNMP Trap.
• Specify the address to bind on, the UDP port to listen on, and optional parameters.
• Stream will start fetching data as it becomes available.

Simple Network Management Protocol (SNMP) traps are asynchronous alert messages sent from a remote SNMP-enabled device to a central manager.

How Does It Work

This is a built-in integration through the Cribl Stream SNMP Trap Source and/or Destination.

SNMP Trap as Destination and Stream as a source

• Configure Stream to send data to SNMP outputs via Destinations > SNMP Trap.
• Specify the address and port for each SNMP output that should receive traps, along with optional parameters.
• Stream will start sending data as it becomes available.

Snowflake is a cloud-based, fully-managed platform that enables data storage and analytic solutions for data warehousing, data lakes, data engineering, data science, data application development, and for securely sharing and consuming shared data.

Read out Solution Brief

How to get data flowing

This integration is facilitated through the Cribl Stream S3 Destination.

• Configure Stream to send data to S3 via Destinations > Amazon S3.
• Supply your configuration settings. IAM roles and keys are both supported.
• Stream will start sending data to S3 for Snowflake to read.

Splunk Enterprise/Cloud is a data platform for investigating, monitoring, analyzing and acting on operational and security data.

Read the Solution Brief

How to get data flowing

This integration is facilitated through the Cribl Stream Splunk Source and/or Destination. Both Splunk TCP and HEC are supported.

Splunk as Source and Stream as a destination

• Configure Stream to listen for Splunk data via Sources > Splunk TCP/HEC.
• On the Splunk side, configure the system (UF/HF) to send to LogStream.

Splunk as Destination and Stream as a source

• On the Splunk side, configure the system to receive data over Splunk TCP/HEC.
• Configure Stream to send data to Splunk via Destinations > Splunk Load Balanced.

Splunk Enterprise/Cloud is a data platform for investigating, monitoring, analyzing and acting on operational and security data.

Read the Solution Brief

How to get data flowing

This integration is facilitated through the Cribl Stream Splunk Source and/or Destination. Both Splunk TCP and HEC are supported.

Splunk as Source and Stream as a destination

• Configure Stream to listen for Splunk data via Sources > Splunk TCP/HEC.
• On the Splunk side, configure the system (UF/HF) to send to LogStream.

Splunk as Destination and Stream as a source

• On the Splunk side, configure the system to receive data over Splunk TCP/HEC.
• Configure Stream to send data to Splunk via Destinations > Splunk Load Balanced.

StatsD Extended is an expanded StatsD metric protocol, which supports dimensions and a sample rate for counter metrics. As with StatsD, downstream components listen for application metrics over UDP or TCP, can aggregate and summarize those metrics, and can relay them to virtually any graphing or monitoring backend.

How to get data flowing

This is a built-in integration through the Cribl Stream StatsD Extended Destination.

• Configure Stream to send data via Destinations > StatsD Extended.
• Specify the destination protocol, host, port, backpressure behavior (for TCP), and optional parameters.
• Stream will start sending data as it becomes available.

StatsD Extended is an expanded StatsD metric protocol, which supports dimensions and a sample rate for counter metrics. As with StatsD, downstream components listen for application metrics over UDP or TCP, can aggregate and summarize those metrics, and can relay them to virtually any graphing or monitoring backend.

How to get data flowing

This is a built-in integration through the Cribl Stream StatsD Extended Destination.

• Configure Stream to send data via Destinations > StatsD Extended.
• Specify the destination protocol, host, port, backpressure behavior (for TCP), and optional parameters.
• Stream will start sending data as it becomes available.

Sumo Logic is a cloud-based machine data analytics company focusing on security, operations and Business Intelligence use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights.

How to get data flowing

• This integration is facilitated through the Cribl Stream Sumo Logic Destination.
• Configure Stream to send to Sumo Logic via Destinations > Sumo Logic.
• Supply your configuration settings and API URL.

Telegraf is an open-source, plugin-driven, server agent for collecting and sending metrics and events from databases, systems, and IoT sensors. Written in Go, Telegraf compiles into a single binary with no external dependencies, requiring a minimal memory footprint. Telegraf has well-defined integrations with InfluxDB for storage, Chronograf for visualizations, and Kapacitor for alerting.

How to get data flowing

This is an integration facilitated through Cribl Stream’s Metrics, HTTP/S, StatsD, or TCP JSON Source.
Configure Telegraf to output data via TCP, UDP, StatsD, HTTP or JSON. (Some of these options require a Telegraf plugin.)

• Configure Stream to ingest Telegraf data via Sources > Metrics (for TCP, UDP, or StatsD), or via a different Source corresponding to your Telegraf output format.
• Specify the address to bind on, port to listen on, and optional parameters.
• Stream will start receiving Telegraf data as it becomes available.

Wavefront is a high-performance streaming analytics platform that supports observability via metrics, histograms, and traces/spans. Wavefront can scale to very high data ingestion rates and query loads.

How to get data flowing

This is a built-in integration between Cribl Stream and Wavefront.

• Configure Stream to send data to Wavefront via Destinations > Wavefront.
• Specify the WaveFront API authentication token, WaveFront domain name, backpressure behavior, and optional parameters.
• Stream will start sending data as it becomes available.

Zeek (formerly Bro) is an open-source network security monitoring tool. Zeek creates compact, high-fidelity transaction logs, file content, and output suitable for security and information event management (SIEM) systems.

How to get data flowing

This integration is facilitated through the Cribl Stream Splunk TCP or HEC Source.

• Configure Zeek to send logs to Splunk.(You can use the Splunk Add-on for Zeek aka Bro.)
• Configure Stream to listen for Splunk data via Sources > Splunk TCP/HEC.
• On the Splunk side, configure the system (UF/HF) to send to LogStream.
• On the Stream side, specify the binding address, listening port, HEC endpoint, event breakers, and optional parameters.
• Stream will start fetching data as it becomes available.

Zoom can be configured to send account activity logs via webhooks. On the LogStream side, we can receive those calls via our native HTTPS source. As with any other critical technology, especially when interconnecting infrastructure, it’s important that administrators get real-time visibility and insights into how Zoom is being used. By bringing in your Zoom activity data and usage statistics, you can get a lot of insight into user behavior, and leverage this insight to increase efficiency in many technical and business processes.

How to get data flowing

This integration is facilitated through the Cribl Stream HTTP/S Source.

• Find the HTTPS integration in Stream through Data > Sources and select HTTPS. Assign this Source a name and provide a port number, (e.g., 7003.) Make sure that this port is reachable externally, or at a minimum, from Zoom’s IP addresses.
• Next, enable TLS, and provide your key and certs as necessary. If you don’t have a cert/key, then you can create and use a self-signed one.
• Set up Zoom to send data to Stream by creating an App on marketplace.zoom.us.
• Stream will receive data via the native HTTPS source.