Page 5 of 9
Enrich and route high-volume workloads into Google Security Operations (SecOps) via Chronicle API destination.
Destination
Add precise context at the event level: Use expression-driven values to add event-level labels for SecOps-bound data, enabling faster pivoting, clearer attribution, and deeper analytics without expanding your parser or rule complexity.
Handle mixed data types with confidence: Apply per-event log type overrides using the __logType field, so you can route multiple source types through a single destination while ensuring the right parser is applied every time.
Accelerate throughput at scale: Send larger batches—up to 4 MB per batch—for high-volume data streams to reduce ingestion overhead and speed up processing.
Enhance visibility: Enrich events in-flight before they reach Google SecOps to maintain consistent visibility across mixed data sources without rewriting parsers or restructuring pipelines.
Read the integration blog post: https://cribl.io/blog/context-is-king-how-cribl-stream-supercharges-google-secops-with-faster-and-smarter-ingestion/
This is a built-in integration between Cribl Stream and Google Cloud Security Operations
Configure Stream to send data to Google SecOps via Destinations > Google Cloud Chronicle API
Specify the output ID, select default log type, and add your Google instance information.
Add event-level context with Custom Labels.
Stream will start sending data as it becomes available
Real-time log storage and management service with search, analysis, and alerting
Destination
Google Cloud Logging is an exabyte-scale, fully managed service for real-time log management that helps you to securely store, search, analyze, and alert on all of your log data and events.
This is a built-in integration between Cribl Stream and the Google Cloud Logging Destination.
Configure Stream to send out events via Destinations > Google Cloud > Logging.
Specify the log location type, log name expression, field mappings, backpressure behavior, authentication method and key or secret, and optional parameters.
Stream will start sending data as it becomes available.
Asynchronously integrate streaming data sources and destinations, with low (100-ms) latency
Destination
Google Cloud Pub/Sub is a low-latency, asynchronous communication service for streaming analytics and data integration pipelines. You can use Pub/Sub as messaging-oriented middleware between event producers (publishers) and consumers (subscribers), or as a queue to parallelize tasks.
This is a built-in integration between Cribl Stream and Pub/Sub topics.
Configure a Pub/Sub topic to receive events from LogStream. (Or create a new topic within LogStream’s UI.)
Configure Stream to send out events via Destinations > Google Cloud > Pub/Sub.
Specify (or create) the Pub/Sub Topic ID to send events to.
Specify the delivery order and region, backpressure behavior, authentication method and credentials, optional system fields to add to events, and optional batch, task, and concurrent-request limits.
Stream will start sending data as it becomes available.
Asynchronously integrate streaming data sources and destinations, with low (100-ms) latency
Source
Google Cloud Pub/Sub is a low-latency, asynchronous communication service for streaming analytics and data integration pipelines. You can use Pub/Sub as messaging-oriented middleware between event producers (publishers) and consumers (subscribers), or as a queue to parallelize tasks.
This is a built-in integration between Cribl Stream and Pub/Sub topics.
Configure a Pub/Sub topic to receive events from LogStream. (Or create a new topic within LogStream’s UI.)
Configure Stream to send out events via Destinations > Google Cloud > Pub/Sub.
Specify (or create) the Pub/Sub Topic ID to send events to.
Specify the delivery order and region, backpressure behavior, authentication method and credentials, optional system fields to add to events, and optional batch, task, and concurrent-request limits.
Stream will start sending data as it becomes available.
Worldwide storage and retrieval of object data
Destination
Google Cloud Storage enables worldwide storage and retrieval of any amount of data at any time. Scenarios include serving website content, storing data for archival and disaster recovery, or distributing large data objects to users via direct download. The Object Lifecycle Management configuration option automatically transitions data to lower-cost storage classes based on age, superseded version, or other criteria.
This is a built-in integration through the Cribl Stream Google Cloud Storage Destination.
Configure Stream to send data to Azure Event Hubs via Destinations > Google Cloud Storage.
Specify the bucket name, region, staging location, key prefix, partitioning expression, backpressure behavior, and optional parameters.
Stream will start sending data as it becomes available.
Index, search, and analyze telemetry and security data
Destination
Google Security Operations helps enterprises privately retain, index, search, and analyze security and network telemetry data, to gain context on risky activity.
This is a built-in integration between Cribl Stream and the Google Security Operations API.
Obtain a Google Security Operations Search API key.
Configure Stream to send out events via Destinations > Google Cloud > Google Security Operations.
Specify the log type, log text field, backpressure behavior, authentication method and key or secret, and optional parameters.
Stream will start sending data as it becomes available.
Open-source data analytics, visualization, dashboards, and alerts
Source
Grafana is an open-source data visualization tool widely used in monitoring stacks with time-series databases and SIEMs. Via the Prometheus remote write protocol, Stream can ingest Prometheus metrics and Loki logs from Grafana Agent instances.
This is a built-in integration between Cribl LogStream and Grafana Agent.
Configure your Grafana Agent(s) to start sending messages to Stream.
Configure Stream to ingest Grafana data, via Sources > Grafana.
Specify the host, port, endpoint(s), optional authentication credentials and TLS settings, and other optional parameters.
Stream will start fetching data as it becomes available.
Open-source data analytics, visualization, dashboards, and alerts
Destination
Grafana is an open-source data visualization tool widely used in monitoring stacks with time-series databases and SIEMs. Via the Prometheus remote write protocol, Stream can ingest Prometheus metrics and Loki logs from Grafana Agent instances.
This is a built-in integration between Cribl Stream and Grafana Cloud.
Set up your Grafana Cloud account.
Configure Stream to send out events via Destinations > Grafana Cloud.
Specify the endpoints and authentication mechanisms for Loki logs and/or Prometheus metrics.
Specify the backpressure behavior, optional system fields to add to events, and other optional parameters.
Stream will start sending data as it becomes available.
Collects, store, and graph time-series data in real time
Source
Graphite is a free, open-source, performance monitoring tool that collects, stores, and graphs numeric time-series data in real time. Graphite runs equally well on commodity hardware or cloud infrastructure.
This is an integration facilitated by Stream’s TCP (Raw) Source.
Configure Graphite to send data via TCP.
Configure Stream to read Graphite data via Sources > TCP.
Specify the address, port, Event Breaker settings, and optional authentication header, TLS settings, and other parameters.
Stream will start fetching data as it becomes available.
Scale Hadoop clusters to handle large data sets on commodity hardware
Destination
Apache HDFS (Hadoop Distributed File System) is a distributed file system that handles large data sets running on commodity hardware. HDFS is highly fault-tolerant, and supports high-throughput access to application data. It can be used to scale a single Hadoop cluster up to hundreds or thousands of nodes. HDFS can support Apache HBase, a column-oriented, non-relational database management system that supports real-time data needs with in-memory processing.
This integration is facilitated through the Cribl Stream Filesystem/NFS Destination.
Mount HDFS on the target filesystem via FUSE (Filesystem in Userspace).
Configure Stream to send data to your Hadoop cluster via Sources > Filesystem.
Specify the output and staging locations, partitioning expression, data format, prefix expression, compression behavior, and backpressure behavior, and optional parameters.
Stream will start sending data to Hadoop (via the specified file system) as it becomes available.
Use observability to observe, debug, and improve production systems
Destination
Honeycomb provides an observability service for modern Engineering and DevOps teams to observe, debug, and improve production systems efficiently.
This integration is facilitated through the Cribl Stream Honeycomb Destination
Configure Stream to send to Honeycomb via Destinations > Honeycomb.
Supply your configuration settings and API key.
Stream will start sending data as it becomes available.
Time-series database designed for high write and query loads
Destination
InfluxDB is a time-series database designed to handle high write and query loads. It is optimized for fast, high-availability storage and retrieval of data in applications like operations monitoring, application metrics, real-time analytics, and Internet of Things sensor data.
This is a built-in integration between Cribl Stream and InfluxDB.
Configure Stream to send data to InfluxDB via Destinations > InfluxDB.
Specify the InfluxDB cluster API endpoint, database name, backpressure behavior, and optional parameters (authentication, compression, throttling, and extra HTTP headers).
Stream will start sending data as it becomes available.