Page 4 of 9
Aggregate multiple observability events and metrics, per host
Source
Collect events and metrics from hosts running the Datadog Agent, and transform them before forwarding them to downstream monitoring/dashboard services or storage.
This is a built-in integration between Datadog Agent and Cribl Stream/Edge.
Configure Cribl Stream/Edge to read Datadog data via Sources>Datadog Agent.
Specify the agent’s address and port, optional TLS and throttling parameters, and optional parameters to add headers and split metrics.
Stream will start fetching data as it becomes available.
Take a security-first perspective to data analytics
Destination
DataSet is a cloud-native flexible enterprise data platform built for all types of data – live or historical, at petabyte scale. By eliminating data schema requirements from the ingestion process and index limitations from querying, Dataset can process massive amounts of data live in real time, delivering log management, data analytics, and alerting with unparalleled speed, performance, and efficiency – built on a security and privacy-first foundation.
How to get data flowing
This integration is facilitated through the Cribl Stream DataSet Destination.
Configure Stream to Output to DataSet via Destinations > DataSet.
Send batches of events, as JSON, to the DataSet API’s addEvent method.
Utilize the DataSet tile via QuickConnect.
Supply your configuration settings and keys.
Stream will start sending data as it becomes available.
Cloud-based logging and analytics for security and devops
Destination
Devo is a cloud-native, multi-tenant logging and analytics solution that provides real-time visibility for security and operations teams.
This integration is facilitated through the Cribl Stream Webhook Destination.
Create a token in Devo.
Configure Stream to send data to Devo via Destinations > Webhook.
Build the URL with your Devo endpoint, mode, domain, token, and tag.
Set the method to POST.
Stream will start sending data to the Devo endpoint as it becomes available.
Address your search, observability, and security challenges in your favorite public cloud
Destination
Elastic Cloud is a family of Elasticsearch SaaS offerings — including hosted Elasticsearch, hosted app search, and hosted site search — that make it easy to deploy, operate, and scale Elastic products and solutions in the cloud.
This is a built-in integration between Cribl Stream or Edge and the Elastic Cloud.
Cribl Stream or Edge as source and Elastic Cloud as Destination
Configure Stream to send data to Elastic Cloud via Destinations > Elastic Cloud.
Specify the Elastic Cloud ID and optional Elastic ingest pipeline.
Cribl Stream will start sending data as it becomes available.
Search, analyze, and visualize structured and unstructured data
Destination
Elasticsearch is a distributed, RESTful search and analytics engine for all types of structured or unstructured data, built on Apache Lucene. Elasticsearch indexed searching is the central component of the Elastic Stack, which includes Logstash data processing, Kibana visualizations, and Beats shipping agents).
Note: Logstash, Kibana, and Beats, as well as Grafana (which is not part of the Elastic Stack), are all supported via the same LogStream’s Elasticsearch Destination. Logstash, Filebeat, Winlogbeat, Fluentd, and Fluent Bit are all supported via LogStream’s Elasticsearch API Source.
This is a built-in integration between Cribl Stream and the Elasticsearch Bulk API.
Stream as source and Elasticsearch as Destination
Configure Stream to send data to Elasticsearch via Destinations > Elasticsearch.
Specify the Elastic cluster Bulk API endpoint, index, document type, backpressure behavior, and optional authentication and throttling parameters.
Stream will start sending data as it becomes available.
Search, analyze, and visualize structured and unstructured data
Source
Elasticsearch is a distributed, RESTful search and analytics engine for all types of structured or unstructured data, built on Apache Lucene. Elasticsearch indexed searching is the central component of the Elastic Stack, which includes Logstash data processing, Kibana visualizations, and Beats shipping agents).
Note: Logstash, Kibana, and Beats, as well as Grafana (which is not part of the Elastic Stack), are all supported via the same LogStream’s Elasticsearch Destination. Logstash, Filebeat, Winlogbeat, Fluentd, and Fluent Bit are all supported via LogStream’s Elasticsearch API Source.
This is a built-in integration between Cribl Stream and the Elasticsearch Bulk API.
Elasticsearch as Source and Stream as Destination
Configure Stream to read data from your Elasticsearch cluster via Sources > Elasticsearch API.
Specify the IP address, port, Elasticsearch API endpoint, and optional authentication and TLS parameters.
Stream will start fetching data as it becomes available.
Send data to the Exabeam security operations platform (SIEM)
Destination
The Exabeam Security Operations Platform provides cloud-native product offerings for threat detection, investigation, and response (TDIR), including security log management and behavioral analytics. Exabeam’s investigation experience automates manual routines and simplifies complex work.
This integration is facilitated through Cribl Stream’s built-in Destination tile.
Send data from a Cribl Exabeam Destination to the Exabeam Security Operations Platform.
Cribl’s Exabeam-specific Packs ensure that events from common data sources arrive at Exabeam in precisely the expected form, automatically dropping irrelevant events.
Falcon LogScale (formerly Humio) is purpose-built to help any organization achieve the benefits of large-scale logging and analysis
Destination
This integration is facilitated through the Cribl Stream Humio HEC Destination.
Configure Stream to send to Humio HEC via Destinations > Humio HEC
Send events in either JSON or Raw format
Use the Authentication method to select a HEC Auth token
Stream will start sending data as it becomes available
Troubleshoot and secure your applications by logging requests and responses
Source
Fastly is a content delivery network (CDN) company that helps users view digital content more quickly. The company also provides security, video delivery, and so-called edge computing services. Fastly logs include HTTP requests and service responses which are helpful for troubleshooting and identifying suspicious activity with your applications.
This integration is facilitated through the Cribl Stream S3 Source.
Stream Fastly logs to an AWS S3 bucket.
Configure Stream to read data from S3 via Sources > Amazon S3.
Supply your SQS queue. IAM roles or manual keys are both supported.
Stream will start fetching data as SQS messages become available.
Store full-fidelity data to local or network file systems
Destination
Stream can output files to a local file system, or to a network-attached file system (NFS). These options enable low-cost storage of full-fidelity data, with the option to later replay that data through Stream Collectors.
This is a built-in integration through the Cribl Stream Filesystem/NFS Destination.
Configure Stream to send data to file-system outputs via Destinations > Filesystem.
Specify the output and staging locations, partitioning expression, data format, prefix expression, compression behavior, and backpressure behavior, and optional parameters.
Stream will start sending data to the specified output location as it becomes available.
Open-source, multi-platform log processor
Source
Fluent Bit is an open-source log processor and forwarder that allows you to collect any data (like metrics and logs) from different sources, enrich them with filters, and send them to multiple destinations. Based on Fluentd, Fluent Bit is designed to run in distributed environments where resources are constrained (such as Kubernetes, other Cloud instances, or containers)
Fluent Bit has multiple output plugins that can be used to send to Stream. This integration is facilitated through Cribl Stream’s TCP JSON Source or Splunk HEC Source.
Fluent Bit to Stream via TCP JSON
Configure Fluent Bit to forward data to Stream over TCP, by adding this to your Fluent Bit .conf file
Configure Stream to read the incoming data via Sources > TCP JSON.
Enable and configure TLS on the TCP JSON Source.
Stream will receive data as it becomes available.
Fluent Bit to Stream via Splunk HEC
Configure Fluent Bit to forward data to LogStream via Splunk HTTP, by adding this to your Fluent Bit .conf file
Configure Stream to read the incoming data via Sources > Splunk HEC.
Stream will receive data as it becomes available.
Supercharge tools with visibility into 7500+ application metadata attributes
Source
Gigamon offers a deep observability pipeline that efficiently delivers network-derived intelligence to your cloud, security, and observability tools. This eliminates security blind spots and reduces tool costs, enabling you to better secure and manage your hybrid cloud infrastructure.
Deep Packet Inspection (DPI) is undeniably critical in the context of modern networking. Its capabilities, ranging from enhancing security to optimizing performance, underscore its value. For those eager to delve deeper into the nuances of DPI, Gigamon provides a rich repository of knowledge and insights.
This is an integration facilitated by Stream’s Raw HTTP Source.
Configure Gigamon Application Metadata Exporter to stream logs via HTTP.
Configure Stream to receive data via Sources > Raw HTTP.
Specify the address to bind on, port, and optional parameters.
Stream will start fetching data as it becomes available.