Cribl LogStream 1.6: Logs to Metrics (Prometheus, Statsd, Graphite, Splunk Metrics)

Very early on in my career, I worked for AT&T Wireless, before it became Cingular and then AT&T Wireless again. As a young engineer, I remember running across various technical situations I couldn't explain. Why can't we connect this network to that one if there is a legitimate business need? Why must we always allocate … Continue reading Cribl LogStream 1.6: Logs to Metrics (Prometheus, Statsd, Graphite, Splunk Metrics)

Cribl LogStream 1.5: Now Supporting Splunk Universal Forwarder and Syslog

Normally I prefer to write a wittier headline for a release announcement, especially for a release this important. Three things are holding me back, however: a) I really want you to know we support the Universal Forwarder and Syslog, b) length of headline, c) it's April Fucking 1st, and it's possible this is so cool … Continue reading Cribl LogStream 1.5: Now Supporting Splunk Universal Forwarder and Syslog

Context is King: Turning Ugly Logs into Rich Structured Events

Logs themselves often do not contain the necessary information in themselves to point an investigator in the right direction. Let's say I'm troubleshooting a performance issue with my application. I may want to dig through all kinds of data sources, like proxy logs, web access logs or custom instrumentation. But, in these data sources, proxy … Continue reading Context is King: Turning Ugly Logs into Rich Structured Events

Cribl LogStream 1.4: Like a Log Shaver

Part of what makes Cribl unique is our focus on the particulars of working with gritty old logs. Logs present challenges not addressed by most data processing systems: working easily with overly verbose data and formats which can be weirdly structured, nested, and hard to parse. Not only are logs noisy by throwing lots of … Continue reading Cribl LogStream 1.4: Like a Log Shaver

Connecting Different Pipes: Ingesting ElasticSearch Data in Splunk

One of the more surprising realizations as we've started Cribl and started working with customers across all kinds of industry verticals is that nearly 100% of our customers and prospects are using multiple tools to solve their log analysis needs. Security alone can have 3 or more consumers of their log data. However, every log … Continue reading Connecting Different Pipes: Ingesting ElasticSearch Data in Splunk

Extending Cribl: Building Custom Functions

One constant in log use cases is that you can't plan for what you're going to find at customers. Whether it's multiple levels of encapsulation, like JSON-in-XML-in-Pipe-Separated (yes we've seen this), a need to radically transform the structure of events in a way we haven't seen, or a need to reach out to an external … Continue reading Extending Cribl: Building Custom Functions