In a nutshell
Cribl Search gives you the power to quickly search your data where it is—no need to centralize before you analyze.
With its search-in-place technology, users are empowered to explore and analyze telemetry data that was previously unreachable - directly at its source, across any cloud, even flowing from API endpoints. The power of Cribl Search lies in its strategic approach: locate and then only forward actionable data to your systems of analysis.
Benefits
Discover, query, retrieve, route, and analyze all the data, logs, metrics, traces, configs, and more that's been buried, ignored, or just forgotten across your enterprise
Features
Search data in place without first having to move it to specialized storage. Search supports the following types of data resources:
Data Lakes – including Amazon Security Lake, Amazon S3, and compatible.
Object Stores – including Azure Blob Storage and Google Cloud Storage.
Analytics Services and platforms, like Azure Data Explorer, Elasticsearch, Opensearch, Prometheus, Snowflake, Clickhouse, and more.
API Endpoints – including Azure, AWS, Google Workspace, Okta, Zoom, even a Generic HTTP API allowing you to query any HTTP API.
Cribl Stream, Edge, and Lake are fully integrated.
Capabilities
Quickly and easily integrate external data to enhance your analysis and gain more insights. Streamline your analysis process by eliminating manual searching for additional data sources to enrich your events.
Use Lookups to enrich your events
Use Joins to merge data coming from different dataset providers
Datasets are addressable sets of data you define for querying. This could include a cloud provider like AWS, Azure, or Google, an API endpoint like Okta, Zoom, or Google Workspace, or even Edge node data you can target for a query. Cribl makes it easy to get started:
Click on any dataset and instantly start a search
Target your specific data with our wizard; create new dataset in minutes
History and save options retain previous and common searches
Cribl Search enables administrators with a single search tool to query all their IT and security data, without having to first collect it:
Search for any term, pattern or value/pairs
Search for any data type
Search anywhere you can reach
Filter, summarize, and manipulate how your results are plotted and displayed
Multiple settings to display results by fields, tables, charts, and colorization
Shape results without having to re-execute the search
Export and share data or dashboards
One step forwarding, no complex configuration
Shape or process results to any format
Route results to any destination
Optimize monitoring and workflows
Send notifications based on the evaluation of search results
Aggregate data over time to compare results and identify anomalies
FAQ
Cribl Search helps you search, explore, and analyze telemetry data – logs, instrumentation data, application data, metrics, etc. – in place without first moving it to specialized storage. Search continues to expand accessible resources, currently supporting the following types of data storage providers:
Data Lakes – including Amazon Security Lake, Amazon S3 and compatible.
Object Stores – including the likes of Amazon S3, Azure Blob Storage, Google Cloud Storage and more.
Analytics Services and platforms, like Azure Data Explorer, Elasticsearch, Opensearch, Prometheus and more.
API Endpoints – including Azure, AWS, Google Workspace, Okta, Zoom, and even a Generic HTTP API option allowing you to query any HTTP API.
Cribl Search is based on Kusto Query Language (KQL), which lets you delve into your data to discover patterns, identify anomalies and outliers, and create statistical models.
Yes, there is no requirement to use any other Cribl products. However, Cribl Search helps you search, explore, and analyze telemetry data – logs, instrumentation data, application data, metrics, etc. – in place without first moving it to specialized storage, this capability is further enhanced via Cribl Stream or Lake. By sending Search results to Cribl Streams robust processing engine it can then route, reduce, reformat, enrich, or otherwise structure data intended for any destination. While Cribl Lake automates and optimizes data storage, Search can provide an interface to get to it if needed.
No, Cribl Search is designed to work in parallel with a customer's existing tools. Cribl Search works collaboratively with other vendors' products, allowing the discovery of data via Search and routing results to 3rd party tools for any additional processing required.
Cribl Search follows Cribl’s consumption pricing so you only pay for what you use, or another way only when you search. You start by purchasing a pool of credits, list price of Cribl.Cloud credits are $1 USD per credit and these credits can be used for any Cribl.Cloud product. Cribl Search is priced based on CPU-Hours, when you execute a search CPU resources (executors) are spun up to perform the search and the sum of the total number of CPUs is what you are billed on. Search will draw down on the customer’s pool of Credits at a fixed rate of 1 Credit per CPU-Hour (3600 seconds) of executor time.
For more information on Cribl Lake pricing, visit www.cribl.io/pricing.
Integrations
Cribl Search provides default access to Cribl Lake and can easily query data already collected in Amazon S3 (or S3 compatible), Amazon Security Lake, Azure Blob, Google Cloud Storage, and more.
Already using Cribl Stream? Send your Search results for additional processing with a single command
Native Search/Stream Integration right out of the box
Forward Search results to Stream and route to any Destination
Forward Stream pipeline data to Data Lake to be Searched
Already deployed Cribl Edge? Take Cribl Search for a spin.
Native Search support of Edge nodes
Insights with zero data movement
Resources
get started
Wondering where to go next, Search can guide you.
Head for a sandbox to get your feet wet or jump right in and open your own Cribl.Cloud account, it's FREE and you will be searching in no time.
