Release of Cribl v4.4
Get ready to feast your eyes on our latest release! v4.4 brings several new capabilities and usability improvements to your Cribl deployment. Here are some of the features I am excited for. Make sure to check out the release notes for all the new features and corrections.
- New Azure Data Explorer (ADX) native Destination enables sending security and observability data directly to ADX. This integration enables sending data to Azure Data Explorer customer tables as well as Cribl's supported native tables.
- System Metrics Source now supports configuring Process Metrics reports, filtered by one or more running processes.
- Elasticsearch Destination now supports updating datasets via the
indexWrite action. This enables replacing events in legacy indexes, which do not support Elastic DataStreams'
- You can now collect process-specific information in the System and Windows Metrics Sources. To configure which processes you want to collect metrics from, use the new Process Metrics, available both in Stream and Edge.
- You can now spool logs and metadata in the Kubernetes Logs Source. Search users can access these logs and their metadata in order to find data that resides in the spool (without having to forward certain logs to a Destination for storage).
- The Windows Event Logs Source can now collect events from the Forwarded Events log, when the Event format setting is XML.
- You can now assign users to Usage Groups that control limits for each search query. Available limits include, among others, the number of searches a user can run concurrently, maximum time range, and a restriction on result numbers.
- There are 7 new query language features such as join operator, ip-lookup operator, and match_regex function.
- There are also 4 visualizations updates such as map chart type, applying color thresholds to single value and gauge charts, and dashboards can be grouped in to custom collections.