-
Cribl Release 4.9 is Here!
This update brings exciting new features and usability improvements across the Cribl suite and Cribl.Cloud! Here are some hi-lights: Cribl Stream • Persistent Queue: New options—Always On and Backpressure—for reliable data flow. REST Collector: Now supports paginated results in Discover. • Global Navigation: Experience an…
-
Having difficulty translating API header to Cribl
Hello, I'm new to Cribl stream and am having difficulty translating the API spec from the documentation. I can get all the curls working fine, but I don't know how they translate to cribl. For example, if I'm trying to use cribl for this type of curl: curl --location --request GET…
-
Creating New Fields from _raw
I want to create new fields from values in _raw. See below. I want to create a series of folders based off the year, month, date and hour. 2025 (parent folder) - 01(subfolder) - 12(sub under 01) - 23(subfolder under 12). _raw:"2025-01-12 23:59:56","Another Value","Dummy Data","","Something Really Cool" I'm using Regex…
-
Find which worker node processed an event
Hi, Is there a way to find out which worker node processed an event, does it inject a field or can we configure it? Reason is we have some issues and this could narrow it down to a particular worker node. Cheers, Jay
-
Secure Communication between CriblCloud Leader node and Hybrid Worker/ Edge nodes !!!
Hi, I would like to secure the communication between the Cribl managed Leader node and the Hybrid Workers and edge nodes currently located on Prem . I understand that the communication between the Leader node and Hybrid Workers / Edge nodes is already encrypted ( port 443 ) . How are those entities being currently…
-
what's an alternate input plugin for logs received from beats
-
Can't bootstrap Edge node from Leader
Hi , I have been trying to add an edge node into my default fleet but being denied because of permission error . I have run the script provided by the leader into an Ubuntu EC2 instance with a user with privileged access but still failing ( see Screenshot ) . Can anyone assist please ? Thanks in advance
-
Can ' t set up AWS S3 destination in Cribl using Hybrid Workers
Hi , I ' m looking to add AWS S3 as a destination in Cribl while using a set of Hybrid Workers. I have followed the below instructions but yet failing to successfully test the connection . https://cribl.io/blog/securely-connecting-aws-s3-destination-to-cribl-cloud-and-hybrid-workers/ The logs are showing the following…
-
Syslog parsing
Hi I am having some problem to get the host name out of some sample log files, the format is RCF 3164. And thru the documentation it says Cribl will try to parse that itself, do I need to decelerate that it syslog as a source?
-
Can 't add Hybrid workers to Cribl Cloud
I 'm trying to add AWS hosted Hybrid workers into our instance of Cribl cloud ( Leader ) . The Workers VMs have been built using the CriblPrivateBuild from Amazon Marketplace . All the firewall policies are in place already . As per the instruction , I invoked the script from the leader and pasted it into our Hybrid Worker…
-
host in hec events
L.s., Maybe easy answer for all of you . We have got an HEC input and when i capture the live data i see as host the Cribl worker which is recieving the data. Why is that host filled? In the message itself there is also a host, but the right one. So i send the message in _raw to Splunk and delete the rest (also the wrong…
