-
Cribl Release 4.9 is Here!
This update brings exciting new features and usability improvements across the Cribl suite and Cribl.Cloud! Here are some hi-lights: Cribl Stream • Persistent Queue: New options—Always On and Backpressure—for reliable data flow. REST Collector: Now supports paginated results in Discover. • Global Navigation: Experience an…
-
Using VSCode + nodejs to write/debug your code function
TL;DR Use VSCode to test out javascript "code" function locally before attempting it in Cribl Stream/Edge. I wanted to first give a shout out to @Jon Rust for pointing me in this direction. Paying it forward to other Cribl users who would like to give the code function a shot. I am using the example from the following page…
-
Using cribl TCP source can we whitelist IP addresses
Hey All, Trying to setup TCP source to onboard our vendor saas logs in to our onprem splunk. With Cribl can we do IP whitelisting for the TCP source and allow only certain IPs instead of opening it up to public. My setup is onprem so want to see if there are possibilities available in the cribl side.
-
New User: Beats output question
I have a need to send json formatted data to a beats (lumberjack) input. I am new to cribl and wondered if there was a pre-configured output that could be used to send lumberjack protocol based json to a receiver? My current SIEM solution has a json parser, but is using a Beats receiver as the only way to receive it.…
-
Database as data source for lookup
Hello, I would like to ask one thing: is it possible to use some database (SQL etc.) as a data source for lookup? One of our customers has a database that contains data that he would like to use to enrich events processed on Cribl Stream. The idea is that he would read the data from the database into Cribl Stream using a…
-
GitHub RestAPI with Pagination
Hi, I've been struggling with getting pagination to work correctly using the RestAPI Collector as a source. I'm trying to programmatically have Cribl grab software vulnerabilities that are identified in GitHub CodeQL using this API call: https://api.github.com/repos/myorg/myrepo/code-scanning/alerts…
-
A working example of a script in Stream - Help me keep track of my goats
I am attempting to record which server logs are being collected, e.g. last seen, and I haven't found that capability yet. I am thinking I need something custom, maybe write to a file or a lookup. The cribl documentation doesn't provide much in the way of specifics when it comes to implementing scripts, except an ominous…
-
Where is the equivalent setting to Splunk's Source type > Select Source Type > Structured > _json
Hi, I'm trying to setup a Splunk HEC within Cribl Stream, and I'm encountering the error "malformed HEC event." I've encountered that error when setting up HECs in Splunk, and to correct the problem I have to go to Source type > Select Source Type > Structured > _json when editing the HEC's settings. I've been looking and…
-
Version 4.8.2 Maintenance Release
Some hi-lights: Search/Edge v9 protocol support for the NetFlow Source. New NetFlow Destination can transparently forward unmodified NetFlow v5 and v9 records to a downstream NetFlow collector. New dedicated Destination for CrowdStrike Falcon Next-Gen SIEM. Search Notifications sent to Amazon SNS can now include up to 100…
-
Migrate from Cribl Stream to Worker Node and put Leader in the Cloud
I'm new to Cribl, so at this point we have single-instance Cribl Stream installed on premise. We just got a new SE, and he stated I need to move the Leader Node to the cloud as it's easier for him to troubleshoot. I have a cloud account created. I presume this is the distributed deployment, but the menus described in the…
-
Can i read azure event hub tags in cribl during the preprocess pipeline