We have updated our Terms of Service, Code of Conduct, and Addendum.

What value would Stream provide to someone who has logstash for routing/transforming?

Christian Schmidt
Christian Schmidt Posts: 1
in Stream

So, this question has been bothering me for quite some time now. While I am a big fan of Cribl and I really enjoy working with their products and showing/explaining them to others I still wonder every now and then what value Stream would provide to a customer, who already has a well-maintained and functioning logstash for routing/transforming data.

If I think about it the following points come to my mind, but if someone here has more/different reasons I would be glad to hear them!

  • Stream's replay function
  • Scalability
    • Logstash works as a single instance, Cribl can be clustered to infinity
  • Stream is easier to maintain
    • No grepping around in config files for that one transformation command you need to change
    • Pipelines are easier to understand/maintain than logstash files
    • Less complex to get started with for new users/admins
  • Visualization of data flows
  • "Debuggability"
    • Being able to look into arriving/leaving data from within the tool without having to restart anything or using tcpdump is incredibly helpful
  • (My favourite point) Speed of Development
    • Capturing real log data and storing it for future use to replay over and over again to improve a pipeline was such a game changer to me.
    • Being able to see the changes you make to data through pipelines in real-time, without having to restart agents

Tagged:

Best Answer

  • Raanan Dagan
    Raanan Dagan Posts: 101 mod
    Answer ✓

    Overall, I would go after these use cases:
    Build configurations manually (logstash) vs out of the box solution (Cribl)
    Reduction use cases (Suppress, Sample, Drop, log to metrics)
    Replay historical data
    Enrich with Lookup
    Reshape for Elastic SIEM

    https://www.elastic.co/blog/elastic-cribl-migrate-siem
    https://cribl.io/customers/sally-beauty/
    https://cribl.io/blog/cribl-logstream-7x-more-efficient-than-logstash-and-fluentd/

Answers

  • Raanan Dagan
    Raanan Dagan Posts: 101 mod
    Answer ✓

    Overall, I would go after these use cases:
    Build configurations manually (logstash) vs out of the box solution (Cribl)
    Reduction use cases (Suppress, Sample, Drop, log to metrics)
    Replay historical data
    Enrich with Lookup
    Reshape for Elastic SIEM

    https://www.elastic.co/blog/elastic-cribl-migrate-siem
    https://cribl.io/customers/sally-beauty/
    https://cribl.io/blog/cribl-logstream-7x-more-efficient-than-logstash-and-fluentd/

Categories