-
Cribl Release 4.9 is Here!
This update brings exciting new features and usability improvements across the Cribl suite and Cribl.Cloud! Here are some hi-lights: Cribl Stream • Persistent Queue: New options—Always On and Backpressure—for reliable data flow. REST Collector: Now supports paginated results in Discover. • Global Navigation: Experience an…
-
Can ' t set up AWS S3 destination in Cribl using Hybrid Workers
Hi , I ' m looking to add AWS S3 as a destination in Cribl while using a set of Hybrid Workers. I have followed the below instructions but yet failing to successfully test the connection . https://cribl.io/blog/securely-connecting-aws-s3-destination-to-cribl-cloud-and-hybrid-workers/ The logs are showing the following…
-
Syslog parsing
Hi I am having some problem to get the host name out of some sample log files, the format is RCF 3164. And thru the documentation it says Cribl will try to parse that itself, do I need to decelerate that it syslog as a source?
-
Can 't add Hybrid workers to Cribl Cloud
I 'm trying to add AWS hosted Hybrid workers into our instance of Cribl cloud ( Leader ) . The Workers VMs have been built using the CriblPrivateBuild from Amazon Marketplace . All the firewall policies are in place already . As per the instruction , I invoked the script from the leader and pasted it into our Hybrid Worker…
-
host in hec events
L.s., Maybe easy answer for all of you . We have got an HEC input and when i capture the live data i see as host the Cribl worker which is recieving the data. Why is that host filled? In the message itself there is also a host, but the right one. So i send the message in _raw to Splunk and delete the rest (also the wrong…
-
Best way to repopulate S3 data into Splunk?
We are wanting to use Cribl to repopulate cloud trail logs from S3 into Splunk on-demand for review/audit/analysis purposes. Ideally, we would be able to request from within Splunk, but we could also query within Cribl to pull the data if necessary. Are there any best practices or use-cases that you can provide?
-
Forcing a password change in Cribl Cloud
Is there a way to implement a password change on a Cribl Cloud local account WITHOUT using the "forgot password" link on the login page? Our access management process needs to have something like an API call or a simple password reset page available in order to implement our password management process.
-
Verify connection to Destination host
Hi, I' m working on a solution that consist of Cribl sending logs to an Onprem syslog server . Is there a way to confirm whether Cribl has established communication with the destination endpoint ( like a ping feature) . The monitoring section in Cribl is showing data is flowing but we can't find anything on the syslog…
-
Statistic data from Zabbix event streaming to mysql reporting server
Hi, i'd like know what is recommended method to save Zabbix event data (source) to mysql (destination). I understand that mysql is not typical and preffered destination but thats my use case. Thank you
-
Getting an error message:Validation error (WrongType@[events])
I am getting the following error in stream from REST Collection. message:Validation error (WrongType@[events]) : argument 'between.startTime' with value 'StringValue{value='`${C.Time.strftime(new Date((earliest * 1000.toISOString()}`'}' is not a valid 'DateTime' Here is the schema for GraphSQL and Collect POST body i am…
-
filter expresion in route with wildcard
Hi, Maybe a simple answer (i hope). For a route we want to filer the host.name, but there are a lot of host in the list so a wildcard is the best way to filter. So doing like 'drnms10*.dmz.somewhere.nl' in the filter for the servers matching with this wildcard. But with a filter 'host == 'drnms10*.dmz.somewhere.nl'' wil…
