-
Cribl Release 4.9 is Here!
This update brings exciting new features and usability improvements across the Cribl suite and Cribl.Cloud! Here are some hi-lights: Cribl Stream • Persistent Queue: New options—Always On and Backpressure—for reliable data flow. REST Collector: Now supports paginated results in Discover. • Global Navigation: Experience an…
-
How does "teleporting" work in Cribl Stream and Edge?
How does the 'teleporting' function work on a technical level? Based on the documentation on ports (https://docs.cribl.io/stream/ports/), it seems no inbound ports need to be opened on worker or edge nodes for the feature to work. The leader node handles teleport functionality via port 4200. When teleporting to a node,…
-
How to Protect Syslog data !!!!
Hi I'm in the process of setting up Cribl to send data from a syslog source ( AWS hosted Cisco FTDs) to Amazon S3 . Although the firewall rules are locked down to source and destination , I'm concerned about transmitting unprotected data over the Internet . Can you please advise on the best way to protect the traffic ?…
-
Data to TCP JSON source it not captured
I am trying to send data to Cribl stream→ TCP Json source using curl command, and i can see the data is coming to Cribl worker node on the given port ( verified with tcpdump) but the same data is not being captured in the TCP JSON source. Any settings i am missing here?
-
we are removing some fields using Eval function but the bytes_in and bytes_out are still the same.
we are removing some fields using Eval function but the bytes_in and bytes_out are still the same. But, in the pipeline statistics we can see the bytes_out is reduced but it is not reflecting in the Monitoring → Flows.
-
log and sourcetype reporting in splunk
I want to report on logs ingested with Cribl in the Splunk environment. The logs will remain stored on the Cribl side, but the reporting will be done in Splunk. How can I achieve this? The logs are NOT forwarded to Splunk. thank you in advance for your answers
-
Different between Azure log analytics workspace and Cribl
What is the difference between cribl and Azure log analytics workspace... What is the benefit when I use instead of Azure LAW
-
Connection error: Client network socket disconnected before secure TLS connection was established
Has anyone used a Transparent proxy when using Hybrid workers with CRIBL.Cloud ? We are having a weird issue where the workers work and communicate to CRIBL.Cloud Leader as expected but when the CRIBL.Cloud leader gets rebooted after an upgrade all the worker nodes get this error when trying to talk to the CRIBL.Cloud…
-
My journey into sourcePQ and delays in events getting indexed in Splunk for low volume data sources
I am a long time Cribl & Splunk user, I have been on this platform for almost 5+ years now, and I have made my share of stupid stupid mistakes but learnt a lot about both Cribl & Splunk. In my journey to build a more resilient Cribl + Splunk environment with the constraints I do have($$ + time), I am constantly trying to…
-
Is there a cli or file based way to accept the agreement in a new cribl instance?
I wanted to ansiblize creating new cribl instances and have them fully up and functional/ready to login however this is my first barrier to entry. I want to untar cribl to /opt/cribl, run my playbook and then when I login it goes straight to the normal logged in page as I already accepted the agreement. Similar to Splunk's…
-
Issue with Obtaining JSON Access Token Using API Key in Cribl
Hi, I'm working on code that uses an API key to access my data in Cribl. I started by creating API credentials (client_id and client_secret) and built a simple script to obtain an access token, which I plan to use for querying logs. Here’s the code I wrote: import requests client_id = 'XXX' client_secret = 'XXX' auth_url =…
