Logs themselves often do not contain the necessary information in themselves to point an investigator in the right direction. Let's say I'm troubleshooting a performance issue with my application. I may want to dig through all kinds of data sources, like proxy logs, web access logs or custom instrumentation. But, in these data sources, proxy … Continue reading Context is King: Turning Ugly Logs into Rich Structured Events →

Part of what makes Cribl unique is our focus on the particulars of working with gritty old logs. Logs present challenges not addressed by most data processing systems: working easily with overly verbose data and formats which can be weirdly structured, nested, and hard to parse. Not only are logs noisy by throwing lots of … Continue reading Cribl LogStream 1.4: Like a Log Shaver →

In a previous post we showed how to use detect data exfiltration with Cribl in real-time. The analysis focused on checking DNS labels from DNS logs for presence of base64 encoded data. In this post we will look at several other techniques that can help security engineers add dimensions to the data to help improve the fidelity and accuracy … Continue reading Using Cribl to Analyze DNS Logs in Real-Time – PART 2 →

If your machine data does not contain sensitive information, you don't really need to read this - you got it all figured out. Just stop here and go back to surfing the interwebs or...maybe you want to check again?! 🙂 If you're still reading, you know that while your machine data is vital for your operations/security analytics, … Continue reading Encrypting sensitive information in real-time with Cribl →

If you've ever worked with a log analysis system before, data on-boarding is one of the most painful parts. Every system expects the data to look a little different, and getting that right generally involves a ton of trial and error. Make a configuration change, restart the cluster, try again. Send the data to a … Continue reading Announcing Cribl LogStream 1.3: Tap Those Pipes →

One of the more surprising realizations as we've started Cribl and started working with customers across all kinds of industry verticals is that nearly 100% of our customers and prospects are using multiple tools to solve their log analysis needs. Security alone can have 3 or more consumers of their log data. However, every log … Continue reading Connecting Different Pipes: Ingesting ElasticSearch Data in Splunk →

Pleased to introduce our v1.2 release focused on expanding ingestion and delivery capabilities. It continues our promise to deliver added intelligence and control over your data in real-time by adding support for new sources and destinations, Windows deployments, new functions including machine learning powered timestamp recognition, and faster lookups. New Sources Apache Kafka This version adds support for picking up data … Continue reading Introducing Cribl LogStream v1.2 →