-
Has anyone had experience integrating Proofpoint logs into Cribl Stream? If so, could you share any
I been trying to find some formal documentation on bringing Proofpoint logs into Cribl steam and wonder if anyone had some experience or documentation they could share. At the time of this writing, there's not a cribl available for proofpoint logging.
-
Database as data source for lookup
Hello, I would like to ask one thing: is it possible to use some database (SQL etc.) as a data source for lookup? One of our customers has a database that contains data that he would like to use to enrich events processed on Cribl Stream. The idea is that he would read the data from the database into Cribl Stream using a…
-
A working example of a script in Stream - Help me keep track of my goats
I am attempting to record which server logs are being collected, e.g. last seen, and I haven't found that capability yet. I am thinking I need something custom, maybe write to a file or a lookup. The cribl documentation doesn't provide much in the way of specifics when it comes to implementing scripts, except an ominous…
-
Where is the equivalent setting to Splunk's Source type > Select Source Type > Structured > _json
Hi, I'm trying to setup a Splunk HEC within Cribl Stream, and I'm encountering the error "malformed HEC event." I've encountered that error when setting up HECs in Splunk, and to correct the problem I have to go to Source type > Select Source Type > Structured > _json when editing the HEC's settings. I've been looking and…
-
Migrate from Cribl Stream to Worker Node and put Leader in the Cloud
I'm new to Cribl, so at this point we have single-instance Cribl Stream installed on premise. We just got a new SE, and he stated I need to move the Leader Node to the cloud as it's easier for him to troubleshoot. I have a cloud account created. I presume this is the distributed deployment, but the menus described in the…
-
S3/Blob storage folder selection as source
Hi Team, I am a Cribl Certified Engineer and have been working on a use case which is described below, but I haven't achieved the expected output. The use case involves an S3/Blob Storage where we have one bucket containing 2-3 folders. The source should be a specific folder, and from that folder, I need to ingest data to…
-
Cribl Stream - Collect journalctl events with a Splunk UF to Cribl Stream in individual events
Hello, Here I have a small picture of how the environment is structured: Red arrow -> Source Splunk TCP (Cribl Stream) I'm trying to forward the journald data from the Splunk Universal Forwarder to the Cribl Worker (Black to blue box). I have configured the forwarding of the journald data using the instructions from…
-
Syslog unable to connect to Cribl
i am using Syslog-ng to send logs to Cribl (distributed deployment ). In this setup, A cribl leader and one single worker is configured. in the syslog-ng , i configured it to send to Cribl leader IP using port 5514. but i got an error that syslog connection failed: but when i set the Cribl worker as destination in…
-
Job progress stuck after few mins,
Hi All, i am facing an issue in Cribl data script, Actually the job is completed based on the logs, but it stuck saying 2 tasks inflight, We are using script option to pull the data, We have handled all the scenarios to prevent the issues, but after sometime, the job is getting stuck, As we can see in the above screenshot,…
-
Cribl distributed upgrade from 3.0.4 to 4.5 question
hi, I will be upgrading Cribl distributed upgrade from 3.0.4 to 4.5 and Just wanted to ask if we need to upgrade worker nodes in the default worker group if we don’t use them and will be decommissioned after the upgrade? thanks