The Cribl family offers three products:

Cribl Stream

Cribl Stream helps you process machine data – logs, measurement data, application data, metrics, etc. – in real time and forward it to the analysis platform of your choice. It allows you to:

• Add context to your data by enriching it with information from external data sources,
• Protect your data by redacting, masking, or encrypting sensitive fields
• Optimize your data according to your performance and budget needs

Cribl Stream is delivered as a single, standalone package. It provides an innovative interface for editing and transforming your data. It scales seamlessly with existing infrastructures and is fully transparent to applications.

Cribl Edge

Cribl Edge helps you collect and process observability data. You can send logs, metrics, application data, etc. in real time from your Linux and Windows computers, apps, microservices, etc. to Cribl Stream or any supported destination.

Cribl Search

With Cribl Search, you can search, analyze, and examine machine data – such as logs, telemetry and application data, metrics, or traces – directly where it is stored. The data does not first have to be moved to a central analysis or SIEM system.

Cribl Search enables search-in-place analysis and accesses data in various sources, such as object stores and data lakes like Amazon S3, Azure Blob Storage, or Google Cloud Storage, as well as APIs, analytics platforms, or data from Cribl Edge, Stream, and Lake.

The solution can be used via Cribl.Cloud or in a self-operated environment. The data can be located in the public or private cloud, on-premises, or in hybrid architectures.

Cribl Search is aimed at IT operations, SRE, DevOps, and security teams who want to quickly examine telemetry data and forward only the data that is actually relevant to analysis or security systems.

Cribl Stream acts as a universal receiver and collector of log and metric data. With Stream, you can ingest, transform, analyze, and correlate data from any source and send it to any destination or even multiple destinations without requiring additional tools.

Stream can receive push data from sources such as Splunk, HTTP, Elastic Beats, Kinesis, Kafka, TCP JSON and pull data from Kafka, Kinesis Streams, Azure Event Hubs, SQS, S3, Microsoft Office 365 or even external inputs such as weather data, air quality and anything else your organization needs to make better decisions.

Send data to Splunk, AWS Kinesis Streams, SQS and CloudWatch Logs, Elasticsearch, Honeycomb, TCP JSON, Syslog, Kafka Azure Event Hubs and Monitor Logs, StatsD and StatsD Extended, Graphite, InfluxDB, Wavefront, SignalFx and more. You can also deliver data to destinations that support batch or non-streaming outputs, such as S3-compatible storage, file system/NFS, MinIO, Google Cloud Storage, and Azure Blob Storage.

Cribl Stream maximizes the value of your observability data by transforming and contextualizing data from other sources in real time— enhancing the performance and insights of your analytics tools.

Collect – Send data from anywhere to anywhere
Stream is the most efficient way to bring diverse data formats into your analysis tools. Use Cribl Stream as a universal receiver to collect data from any observable data source. Receive data from all your agents and push-based sources, schedule batch collections across multiple endpoints and APIs, and pull data from cost-effective storage locations.

Reduce – Eliminate useless data to control costs
Reduce log volume to control costs and improve system performance. Effortlessly remove duplicate fields, null values, and low-value elements. Filter and review events with dynamic sampling or aggregate log data into metrics to further reduce volume. Reduce confidently: you can retain a complete, faithful copy at a cost-effective destination and replay it whenever needed.

Shape – Gain meaningful insights from your data
Create the data you need to make informed operational decisions. Translate and transform data from all your sources into the tools of your choice. Get a complete picture of your data by enriching logs with third-party data. Stream collects data from all your sources and prepares it into actionable logs and metrics for analysis. Shape your data so it can be fully utilized across all observability and security tools.

Route – Use your data where it has the greatest value
Send the right data to the right destinations such as Splunk, Elastic, New Relic, DataDog or store it cost-effectively in long-term storage like AWS S3 for long-term storage. Route data to the best tool, or to multiple tools, by translating and formatting it into any required schema.  Let different departments choose their preferred analysis environments without deploying additional agents or forwarders.

Replay – Keep your data ready for the day you need it
Unsure if you’ll need certain information again? Storing everything in expensive analytics tools? Not certain every event needs to be indexed and always available? Send your data to affordable storage and retrieve it on demand to enhance security and avoid operational disruptions or downtime.
With Cribl Stream, it is finally possible to send exactly the data that your company needs in the right format to the optimal location in order to use it effectively!

With Cribl, you gain full control over all your observability data and unmatched flexibility in using any tools without deploying new agents.

No agent overload → No need to install additional agents
No data overload → Easily handle large data volumes
No bandwidth restrictions → Lower your transmission costs
Long-term retention → Define data retention according to your needs
Onboarding of unknown datasets→ Quickly onboard new data sources using visual tools

What this means for you:

• Vendor-neutral observability pipeline
• Control over data volumes and licensing costs
• Real-time telemetry processing
• Flexible integration with SIEM and monitoring tools
• Data analysis directly in the data lake
• Scalable platform for SecOps, ITOps, and DevOps

Our UseCases are only available in German. If you are interested in further information, we are happy to assist you personally. Please do not hesitate to contact us directly.

SIEM Migration | Efficient Event Pipelining when moving to the cloud

Many companies struggle to analyze growing volumes of data without having to build new infrastructure. The complexity of existing tools and vendor lock-in make it difficult to send data to third-party analytics platforms. Security teams are flooded with data from multiple sources and formats, making it hard to correlate events and identify or respond to security gaps.
On top of that, organizations must comply with strict data protection and compliance requirements. As a result, companies face rising resource consumption, increasing demands on data management and analysis, and significant financial overhead.

Our client faced exactly these challenges. Read more in our UseCase SIEM Migration | Efficient Event Pipelining When Moving to the Cloud