Enriching Data in Motion with Ingest-Time Lookups

Adding context with lookups is an awesome way to enrich your operational data. Whether you're running simple searches or reporting on your events the more information they carry, the greater their utility. For example, if proxy or firewall logs indicate that an internal host is communicating with an external address that is known to be compromised, … Continue reading Enriching Data in Motion with Ingest-Time Lookups

Anonymizing Data with Cribl

One of the key problems with creating a centralized repository of logs is it also creates a single place where attackers can get to sensitive information. Whether that's implementation details like network traffic or sensitive information like usernames, API keys or social security numbers. A common requirement, especially in the context of regulations like GDPR, is to minimize … Continue reading Anonymizing Data with Cribl

Sampling for Added Visibility and Efficiency

The need for operational & performance visibility grows at least linearly with your infrastucutre sprawl; The more data your VMs, containers, APIs, apps, services, users, etc. emit, the greater the impact on the performance and the user experience of the analysis system. In theory this problem is easy to solve; simply scale the analysis system … Continue reading Sampling for Added Visibility and Efficiency

Announcing Cribl, the Log Preprocessor

Today we're pleased to announce Cribl, the Log Preprocessor. Cribl is derived from the world cribble, which is a sieve or strainer. We chose the word cribble because getting value from log data is often a matter of sifting valuable log entries from a stream of significantly less valuable data. For the first time, Cribl … Continue reading Announcing Cribl, the Log Preprocessor

Cribl Beta Release

We're extremely excited to announce the availability of Cribl Beta! As mentioned in the other post, Cribl gives full access to the data in motion to lookup, enrich, redact, encrypt, transform, or sample data before indexing. This Beta release is focused on a tight integration with Splunk. It allows for net new, and previously prohibitive use cases; … Continue reading Cribl Beta Release

Analyzing AWS Fargate

AWS Fargate is an interesting service in that it allows you to run containers without having to think (much) about cluster management, task scheduling, instance provisioning etc. It transforms the application deployment process into one where the application is packaged into a container and resources (CPU, RAM, Networking, access policies etc) are defined as part … Continue reading Analyzing AWS Fargate