We are currently in PoC. We cannot configure RBAC on a single instance. I need this to work; reading in Cribl documents, RBAC is allowed only in a distributed environment; this is not feasible. How do you go around this restriction?
Hi @cmianza, you are correct that RBAC only works with an Enterprise license in Distributed mode. See more on the Docs regarding Roles: Roles | Cribl Docs
I understand a single instance deployment is simple and easy to configure, but there are some major advantages to starting in a distributed fashion. First, any restart to the single instance will stop your data flow. In distributed mode, there is no interruption to your data as processing happens on a separate instance. Second, the flexibility to scale out your data processing capabilities by adding a load balancer for high availability and increased throughput. Third, converting from a single instance to a distributed deployment isnt straight-forward today. Were working to make this a better experience, but heres a thread on what has to happen to complete the migration: Migrate from Cribl Standalone to Cribl Distributed(+ Edge)
If youre not engaged with a Cribl Sales team member regarding your POC, would you please DM me your contact info so I can get them in touch with you to get an Enterprise trial license sent your way?
I hope you can help, and do you know where to find the Splunk app described in the blogs? It is a 2018 blog, 02:16 minutes in. https://cribl.io/blog/introducing-cribl-logstream/, where can I find the app, and where have you moved the use cases functionality showing how to implement them?
Hi @cmianza, the Splunk app is available here: https://github.com/criblio/cribl-demo/tree/master/splunk/cribldemo