Cribl Stream, Edge, Search v4.2.0 and AppScope v1.4.1
We had the first CriblCon on Monday. We have kept the party going with the CooLabs so if in Las Vegas, you can still stop by and get demos, talk to the experts, or just hang out. But we wanted to give you more. Today we are releasing Cribl v4.2.0 and AppScore v1.4.1! Below are some of the features I am personally excited for but make sure to check the release notes to learn more.
In version 4.2.0, we give you more control. Members and Permissions adds finer-grained access control and authorization, allowing you to assign access and capabilities to users independently at the Organization, Product, Group/Fleet, and resource levels.
Stream Projects - We're proud to announce that Stream Projects is officially released! Now out of beta, Projects opens up Streams to new teams, users, and use cases by providing isolated workspaces (Projects) where users can build pipelines safely, securely, and collaboratively.We've added a new Microsoft Azure Sentinel Destination that makes onboarding your security data into Azure Sentinel a one-step process. The new Destination supports all customer tables and four Azure Sentinel native tables.Database Collectors now have rising column support, providing state tracking across collection jobs run against databases. This ensures that database collection resumes at the last column in the database, only collecting new data from the targeted tables between runs.Disabled Sources no longer generate Cribl internal metrics, which reduces clutter on the Monitoring page and improves Leader scalability.
The File Monitor Source now supports monitoring and processing compressed (gzip and zstd), archived, and binary log files based on lines and records extracted from the content. Binary files are broken into base64-encoded chunks and streamed.Using the File Explorer on Cribl Edge, you can now ingest file content and send it to Routes or Pipelines for further processing or downstream destinations. This is a useful option for testing or troubleshooting your configurations.Edge is edgier than ever before thanks to the new Prometheus Edge Scraper. In addition to the functionality already supported in the existing Prometheus Scraper, this Source is designed to work seamlessly in Kubernetes environments; and no longer uses internal jobs framework allowing it to handle large-scale Cribl Edge deployments. This Source now supports disk spooling.
Introducing Dashboards, customizable visual displays of your search data that you can create, manage, and customize with ease. A variety of widget types and visualizations allow you to tailor your dashboards to best fit specific requirements.A new export operator allows you to create or update lookup tables directly from search results, providing seamless enrichment to your data.We've added a Lookaround feature that lets you easily filter search results by adding or subtracting seconds, minutes, hours, or days, enabling quick exploration of surrounding events.
Beginning in version 1.4.1, AppScope applies Rules to new processes in existing containers. That is, within any container that exists when you start scoping by Rule, AppScope will automatically begin monitoring any new process that matches the Rule.
This holds true whether you are using the
scope rules CLI command, or the AppScope Rules settings in the AppScope Source UI in Cribl Edge or Cribl Stream. Related issue: 1523.