Cribl LogStream 1.5: Now Supporting Splunk Universal Forwarder and Syslog

Normally I prefer to write a wittier headline for a release announcement, especially for a release this important. Three things are holding me back, however: a) I really want you to know we support the Universal Forwarder and Syslog, b) length of headline, c) it's April Fucking 1st, and it's possible this is so cool … Continue reading Cribl LogStream 1.5: Now Supporting Splunk Universal Forwarder and Syslog

Context is King: Turning Ugly Logs into Rich Structured Events

Logs themselves often do not contain the necessary information in themselves to point an investigator in the right direction. Let's say I'm troubleshooting a performance issue with my application. I may want to dig through all kinds of data sources, like proxy logs, web access logs or custom instrumentation. But, in these data sources, proxy … Continue reading Context is King: Turning Ugly Logs into Rich Structured Events

Cribl LogStream 1.4: Like a Log Shaver

Part of what makes Cribl unique is our focus on the particulars of working with gritty old logs. Logs present challenges not addressed by most data processing systems: working easily with overly verbose data and formats which can be weirdly structured, nested, and hard to parse. Not only are logs noisy by throwing lots of … Continue reading Cribl LogStream 1.4: Like a Log Shaver

Connecting Different Pipes: Ingesting ElasticSearch Data in Splunk

One of the more surprising realizations as we've started Cribl and started working with customers across all kinds of industry verticals is that nearly 100% of our customers and prospects are using multiple tools to solve their log analysis needs. Security alone can have 3 or more consumers of their log data. However, every log … Continue reading Connecting Different Pipes: Ingesting ElasticSearch Data in Splunk

Extending Cribl: Building Custom Functions

One constant in log use cases is that you can't plan for what you're going to find at customers. Whether it's multiple levels of encapsulation, like JSON-in-XML-in-Pipe-Separated (yes we've seen this), a need to radically transform the structure of events in a way we haven't seen, or a need to reach out to an external … Continue reading Extending Cribl: Building Custom Functions

Announcing Cribl, the Log Preprocessor

Today we're pleased to announce Cribl, the Log Preprocessor. Cribl is derived from the world cribble, which is a sieve or strainer. We chose the word cribble because getting value from log data is often a matter of sifting valuable log entries from a stream of significantly less valuable data. For the first time, Cribl … Continue reading Announcing Cribl, the Log Preprocessor