September 12th, 2023 Meeting Recap
The Global User Group meeting was held on September 12th, 2023 at 10am US/Pacific. @mahlerrd and Colette Mahlerwein welcomed everyone to this months meeting.
We kicked off the main part of our meeting hearing from @Johan Woger. Johan walked us through the use cases of using CriblVision. This Splunk app was designed as a troubleshooting tool and monitoring aid for Cribl administrators. It was created by Cribl support engineers
to help customers troubleshoot their own cribl deployments. There are several troubleshooting dashboards tailored to certain product areas in which support has seen the highest number of recurring issues. And while our intent is to help you troubleshoot your own cribl deployment, this app will always be a continuous ”work in progress” and should always be used in conjunction with the cribl monitoring console and associated views. Some of the dashboards he went through are the Health Check, Cribl Stream Sizing Calculator, and Cribl Thruput Introspection. Download the app at:
We moved then to @Saurabh Gupta. Saurabh just completed a SIEM migration using Cribl. He moved from a legacy SIEM to Splunk. During the process, they needed to ensure that the data going in to the legacy SIEM was the same going in to the new SIEM. Using the Cribl datagen, they were able use captured sample data to make sure that the new SIEM was ready to accept the new data. Saurabh was able to use the Regex Extract, Mask, Code, Eval, Numerify, and Serialize functions to have the data in the format they wanted before it went in to the new system without the data they didn't need.
I, @Tony Reinke - Cribl, talked about the redemption store which should launch soon. As you level up in ranks in the Curious platform, you will get redemption codes to get Cribl Community Swag. How to do level up? The easiest is to ask and answer questions on Curious, the site you are currently on. He is also working on a taking the questions and answers from Slack in to Curious. To make sure you get the points you should have being a member of the Cribl Community on Slack, make sure to sign up or sign in to your Cribl Curious account.
Presentation Slides:
Meeting Recording: