Cribl Search^™

Discover, Refine, Display, Export.

In a nutshell

Search data in place. Find what matters, when it's needed.

Cribl Search gives you the power to quickly search your data where it is—no need to centralize before you analyze.

With its search-in-place technology, users are empowered to explore and analyze telemetry data that was previously unreachable - directly at its source, across any cloud, even flowing from API endpoints. The power of Cribl Search lies in its strategic approach: locate and then only forward actionable data to your systems of analysis.

Solution brief

Benefits

Provide real-time visibility into all your data stores

Discover, query, retrieve, route, and analyze all your data, logs, metrics, traces, configs, and more that's been buried, ignored, or just forgotten across your enterprise.

Investigate data where it lives

Data isn’t just in your SIEM—it lives in data lakes, object stores, API endpoints, host systems, and more. Search finds that data anywhere. Use AI to run faster, more collaborative investigations with Notebooks.

Search any and all telemetry easily

Any data type, storage type, application, even vendor’s system.

Rethink your archiving strategy

Leverage low cost storage, without giving up visibility and instant retrieval, no waiting for data to ‘thaw’.

Route results to any destination

Search data where it is, retrieve only what you need, store data where you want, and never again have to compromise between cost and time to access.

Reduce storage costs

Leave data in low-cost objects, query and retrieve only when needed, with no rehydration delays. Forward results to the data lake or system of analysis of choice.

Ultra-fast access to Cribl Lake data

Effortlessly store and search massive volumes of ever-changing telemetry data in Cribl Lakehouse. Lakehouse enables real-time, high-performant searching and analytics dashboard generation.

Features

Why Cribl Search?

Easily find the data you need

Search data in place without first having to move it to specialized storage. Search supports the following types of data resources:

Data Lakes - including Amazon Security Lake, Amazon S3, and S3 compatible stores.
Object Stores – including Azure Blob Storage and Google Cloud Storage.
Analytics Services and platforms, like Azure Data Explorer, Elasticsearch, Opensearch, Prometheus, Snowflake, Clickhouse, and more.
API Endpoints – including Azure, AWS, Google Workspace, Okta, Zoom, even a Generic HTTP API allowing you to query any HTTP API.
Cribl Stream, Edge, and Lake are fully integrated.

Try Cribl Search — for free!

Capabilities

Feature highlights

Investigate

Forensics beyond the SIEM

Streamline investigative workflows with Cribl Search:

Run queries without having to move or collect data first
Reach data in any object store, and in any format
Iterate, enrich, collaborate, and share investigative path with Notebooks

Enrich

Easily bring the outside in

Quickly and easily integrate external data to enhance your analysis and gain more insights. Streamline your analysis process by eliminating manual searching for additional data sources to enrich your events.

Use Lookups to enrich your events
Use Joins to merge data coming from different dataset providers

Discover

Look before you leap

Datasets are addressable sets of data you define for querying. This could include a cloud provider like AWS, Azure, or Google, an API endpoint like Okta, Zoom, or Google Workspace, or even Cribl Edge and Lake data you can target for a query. Cribl makes it easy to get started:

Click on any dataset and instantly start a search
Target your specific data with our wizard; create new dataset in minutes
History and save options retain previous and common searches

Visualize

Visualize & shape your data

Filter, summarize, and manipulate how your results are plotted and displayed
Multiple settings to display results by fields, tables, charts, and colorization
Shape results without having to re-execute the search
Export and share data or dashboards

Route

Send your query results to data store or analysis system of choice

One-step forwarding, no complex configuration
Shape or process results to any format
Route results to any destination

Automate

Scheduled searches collect and analyze your data - automatically

Optimize monitoring and workflows
Send notifications based on the evaluation of search results
Aggregate data over time to compare results and identify anomalies

Differentiators

Key differentiators of Cribl Search

Open

Query data where it lives
Free your data! No forced indexing or centralization. Maintain control over where data resides and how it’s managed.

Focused

Built for IT and security
Always-accessible data helps teams troubleshoot and investigate faster—without wading through unnecessary data movement or overhead.

Performant

Engineered for speed
Low-latency, high-performance query execution means you get answers in seconds. Run fast, efficient searches at scale even with massive datasets.

Versatile

Adapts to your data strategy
Extract insights from data stored anywhere—hot, warm, or cold. Query across multiple sources in one place for a unified search experience.

FAQ

Frequently Asked Questions

Integrations

Streamline workflows

Data Lake

Too much junk in your trunk?

Cribl Search provides default access to Cribl Lake and can easily query data already collected in Amazon S3 (or S3 compatible), Amazon Security Lake, Azure Blob, Google Cloud Storage, and more.

Spend time at the lake