-
Cribl announces their strategic partnership with Elastic
In an era where industry standards are as dynamic as the data they govern, Cribl’s core value of putting ‘Customers First, Always’ drives us to stay ahead of the curve. It’s with immense pride and excitement that we announce our strategic partnership with Elastic. This alliance isn’t just a meeting of minds; it’s a bold…
-
Cribl S3 Collector collect All the log files from S3 bucket everytime instead only new ones
Hi Mates, I'm using cribl S3 collector to collect the logs from AWS S3 bucket. S3 bucket contains logs of Akamai datastream which has the log format as below. eg: s3://BUCKETNAME/APPNAME/ENV/ak-913478-1701139960-008071-ds.gz ak- akamai file prefix 913478 - random string 170xxxxxxxx - EPOCH timestamp 008071 - random string…
-
What value would Stream provide to someone who has logstash for routing/transforming?
So, this question has been bothering me for quite some time now. While I am a big fan of Cribl and I really enjoy working with their products and showing/explaining them to others I still wonder every now and then what value Stream would provide to a customer, who already has a well-maintained and functioning logstash for…
-
How to skip the default parsing of JSON input to the HTTP(S) Cribl source in Streams?
Dear all, Coming up with yet another question as I couldn't find similar from the history of available requests. I have created the HTTP RAW Source and able to push the data and process it in the pipeline. However, I have observed that when I POST the valid JSON format(all the attributes with double quotes), Cribl http…
-
How to access the Regexes saved in the Knowledge?
Hello all, I have recently started working with Cribl and my question may seem to be easier one, however, I couldn’t find an option to do this in right way and hence reaching out for help. In one of my use case I am getting a json from source and my requirement is to check whether the attributes in the object are matching…
-
Palo Alto pack host headers
I'm quite new to Cribl, so please forgive me if I've got some easy and/or dumb questions! The first thing the Palo Alto Pack pipelines all do is extract the host from an RFC3164 formatted syslog message with a BSD time format. Eval: host = _raw.match(/[A-Z][a-z]{2}\s{1,2}\d{1,2}\s\d{2}:\d{2}:\d{2}\s([^\s]+)\s/)[1] || host…
-
Using JSON Paths
I'm attempting to extract values from a JSON string field. However, it seems, that none of the below methods are working for referencing or obtaining the value using a JSON path or dot notation type of approach. I've even tried the "extract_json" function, but to no avail. KQL in Azure has the bag_unpack function, but I…
-
Data cloned on F5 and sent to Cribl workers
Posting this to get community feedback and track our progress in case anyone encounters this issue in the future. We are attempting to use the data cloning functionality on our F5 load balancer to duplicate data to our Cribl workers. We want to do this so that we can route, filter, and reduce production data in Cribl…
-
Has anyone tried to onboard OneDrive Logs?
We are following this document, We have tested bringing in Azure User and Device data in the past with no issue. We are having a problem figuring out the best Collect URL to use. We've tried many different ones. We've tested our URLs to Microsoft's Graph Explorer and we are not receiving the expected output in Cribl. We…
-
Replication functionality of AD Group filtering of subscriptions
What is the recommended method of restricting groupings of clients/servers to accessing event collector subscriptions, absent support for computer group control that WEC has? I thought about creating additional listeners and via GPO pointing particular groupings of clients at particular listeners. Is there a better…
-
SNMPv3. Problem with decryption traps. Enable a debug mode
Hi, I've configured SNMP source to accept SNMPv3 traps. Traps can not be decrypted and would like get why. I enabled debug mode in Worker Settings for authentication, input snmp, etc. But nothing appear in Logs tab when chosing an All Logs option.
