-
S3/Blob storage folder selection as source
Hi Team, I am a Cribl Certified Engineer and have been working on a use case which is described below, but I haven't achieved the expected output. The use case involves an S3/Blob Storage where we have one bucket containing 2-3 folders. The source should be a specific folder, and from that folder, I need to ingest data to…
-
Search Configuration help - CloudTrail S3 bucket path and search
I'd like to search a CloudTrail S3 bucket. What I want to search is "in all accounts" and only in "US-EAST-2" region for event name:"Assume Role". I'm not sure if I configured the Dataset correctly and/or how to do the search. Regarding the Dataset bucket path. This is the S3 folder layout:…
-
Configuring S3 bucket for Cisco Umbrella
Has anyone been able to configure an S3 collector for Cisco umbrella? I'm certain the fields for Path and S3 bucket are correct but nothing is being pulled and I'm not sure where the issue is. Any guidance or tips are appreciated.
-
Use of Project with nested fields
I have a field that is nested. I can search with the full name without an issue but when I try to use it with project, I do not get any values back. I have tried to wrap the field with single and double quotes. That results in the value for the field to be the name of the field. The goal is to get a list of all the…
-
Data collected using REST Collector getting appended in a single file, how to resolve?
TLDR : JSON Collected from API, parsed through Pipeline, should have three JSON files in S3, but have two where one file have 2 JSON object appended, need help to find out the reason Hi All, At first, I want to say, no this is not an event breaker issue, as much as my understanding. Let me explain. I am trying to get some…
-
Is replay actually a feature in itself or just a technique implemented via a Source with different
Starting in version 4.3, Cribl Stream supports replaying data that has been exported as Parquet, using either the S3 Collector or the Filesystem Collector. Meanwhile, the Azure Blob Storage and Google Cloud Storage Collectors support ingesting data in Parquet format, but do not support replay. I am glad to see that Parquet…
-
Collect and Send S3 logs via Cribl to Splunk
Hello All, I'm new to Cribl and basically a Splunk Admin & developer. Been working on Cribl migration project for a while. My requirement is to collect data from a S3 bucket Via Cribl and apply some cool stuffs than send it to Splunk for indexing.Now, I have established the connection with my S3 bucket from Cribl stream.…
-
would it be possible to use the same encryption key in an Edge fleet and in a Stream worker group ?
Hi there,Question about encryption keys: would it be possible to use the same encryption key in an Edge fleet and in a Stream worker group ?I have a use case where we need to encrypt data at the source (Edge) and send it to a S3 compatible storage. Then I should be able to retrieve data from the S3 bucket using a collector…
-
Is there any info on Search costs when searching AWS S3 buckets?
Is there any info on Search costs when searching AWS S3 buckets? Specifically on how data transfer works. For example, does Search hit S3 from US East and is $.01 per GB against my AWS account? Is Search caching at all? Original post was from
-
Cribl Search to query S3 bucket - "Error initializing task queue"
Hi guys, we are trying to configure Cribl Search to query S3 bucket but have been facing error that says "Error initializing task queue" .... "Access Denied"We are seeing the Cribl Stream worker AssumeRole into our AWS account for the existing S3 Source Collector that we have configured previously but, we’re not seeing any…
