The Cribl family offers three products:

Cribl Stream

Cribl Stream helps you process machine data – logs, measurement data, application data, metrics, etc. – in real time and forward it to the analysis platform of your choice. It allows you to:

• Add context to your data by enriching it with information from external data sources,
• Protect your data by redacting, masking, or encrypting sensitive fields
• Optimize your data according to your performance and budget needs

Cribl Stream is delivered as a single, standalone package. It provides an innovative interface for editing and transforming your data. It scales seamlessly with existing infrastructures and is fully transparent to applications.

Cribl Edge

Cribl Edge helps you collect and process observability data. You can send logs, metrics, application data, etc. in real time from your Linux and Windows computers, apps, microservices, etc. to Cribl Stream or any supported destination.

Cribl Search

With Cribl Search, you can search, explore, and analyze machine data – logs, instrumentation data, application data, metrics, etc. – without first moving it into dedicated storage location. This can be done with data located on Cribl Edge or in a data lake such as Amazon S3.

Cribl Search is offered as a service via Cribl.Cloud. Your data can be located anywhere – in the public or private cloud, on-premise, etc.

Cribl Search was developed for administrators, managers, and users of Operational/DevOps and Security Intelligence products and services.

Cribl Stream acts as a universal receiver and collector of log and metric data. With Stream, you can ingest, transform, analyze, and correlate data from any source and send it to any destination or even multiple destinations without requiring additional tools.

Stream can receive push data from sources such as Splunk, HTTP, Elastic Beats, Kinesis, Kafka, TCP JSON and pull data from Kafka, Kinesis Streams, Azure Event Hubs, SQS, S3, Microsoft Office 365 or even external inputs such as weather data, air quality and anything else your organization needs to make better decisions.

Send data to Splunk, AWS Kinesis Streams, SQS and CloudWatch Logs, Elasticsearch, Honeycomb, TCP JSON, Syslog, Kafka Azure Event Hubs and Monitor Logs, StatsD and StatsD Extended, Graphite, InfluxDB, Wavefront, SignalFx and more. You can also deliver data to destinations that support batch or non-streaming outputs, such as S3-compatible storage, file system/NFS, MinIO, Google Cloud Storage, and Azure Blob Storage.

Cribl Stream maximizes the value of your observability data by transforming and contextualizing data from other sources in real time— enhancing the performance and insights of your analytics tools.

Collect – Send data from anywhere to anywhere
Stream is the most efficient way to bring diverse data formats into your analysis tools. Use Cribl Stream as a universal receiver to collect data from any observable data source. Receive data from all your agents and push-based sources, schedule batch collections across multiple endpoints and APIs, and pull data from cost-effective storage locations.

Reduce – Eliminate useless data to control costs
Reduce log volume to control costs and improve system performance. Effortlessly remove duplicate fields, null values, and low-value elements. Filter and review events with dynamic sampling or aggregate log data into metrics to further reduce volume. Reduce confidently: you can retain a complete, faithful copy at a cost-effective destination and replay it whenever needed.

Shape – Gain meaningful insights from your data
Create the data you need to make informed operational decisions. Translate and transform data from all your sources into the tools of your choice. Get a complete picture of your data by enriching logs with third-party data. Stream collects data from all your sources and prepares it into actionable logs and metrics for analysis. Shape your data so it can be fully utilized across all observability and security tools.

Route – Use your data where it has the greatest value
Send the right data to the right destinations such as Splunk, Elastic, New Relic, DataDog or store it cost-effectively in long-term storage like AWS S3 for long-term storage. Route data to the best tool, or to multiple tools, by translating and formatting it into any required schema.  Let different departments choose their preferred analysis environments without deploying additional agents or forwarders.

Replay – Keep your data ready for the day you need it
Unsure if you’ll need certain information again? Storing everything in expensive analytics tools? Not certain every event needs to be indexed and always available? Send your data to affordable storage and retrieve it on demand to enhance security and avoid operational disruptions or downtime.
With Cribl Stream, it is finally possible to send exactly the data that your company needs in the right format to the optimal location in order to use it effectively!

With Cribl, you gain full control over all your observability data and unmatched flexibility in using any tools without deploying new agents.

No agent overload → No need to install additional agents
No data overload → Easily handle large data volumes
No bandwidth restrictions → Lower your transmission costs
Long-term retention → Define data retention according to your needs
Onboarding of unknown datasets→ Quickly onboard new data sources using visual tools

Our UseCases are only available in German. If you are interested in further information, we are happy to assist you personally. Please do not hesitate to contact us directly.

SIEM Migration | Efficient Event Pipelining when moving to the cloud

Many companies struggle to analyze growing volumes of data without having to build new infrastructure. The complexity of existing tools and vendor lock-in make it difficult to send data to third-party analytics platforms. Security teams are flooded with data from multiple sources and formats, making it hard to correlate events and identify or respond to security gaps.
On top of that, organizations must comply with strict data protection and compliance requirements. As a result, companies face rising resource consumption, increasing demands on data management and analysis, and significant financial overhead.

Our client faced exactly these challenges. Read more in our UseCase SIEM Migration | Efficient Event Pipelining When Moving to the Cloud