Curious + Community

Get data and data pipelines flowing – from any source to any destination. We’ll show you how, your peers will tell you how, and together we’ll build a better data experience for you and your organization.

Topic Categories

Announcements
The place to get the latest news on Cribl products and community.
AppScope
AppScope gives operators the visibility they need into application behavior, metrics and events with no configuration and no agent required.
Cloud
Get up and running fast on the Cribl.Cloud platform, without the hassle of running infrastructure.
Edge
Collect, process, and deliver near-real-time observability data from edge and endpoint sources.
Search
Search your data in place, at the source or in the data lake.
Stream
Route and transform logs and metrics, on your own infrastructure or Cribl.Cloud.
Packs
Pack up and share complex configurations and workflows across multiple groups or organizations.
University
Access free Cribl training, any time and at your own pace.
General Discussions
Discuss general Cribl topics with your peers.
Job Board
Do you have an open position at your company? Here is your place to do it. Once you post, we will review it and if we find that it meets the community standards, we will approve it.

Recent Discussions

Where is the equivalent setting to Splunk's Source type > Select Source Type > Structured > _json
Hi, I'm trying to setup a Splunk HEC within Cribl Stream, and I'm encountering the error "malformed HEC event." I've encountered that error when setting up HECs in Splunk, and to correct the problem I have to go to Source type > Select Source Type > Structured > _json when editing the HEC's settings. I've been looking and…
How to access the Regexes saved in the Knowledge?
Hello all, I have recently started working with Cribl and my question may seem to be easier one, however, I couldn’t find an option to do this in right way and hence reaching out for help. In one of my use case I am getting a json from source and my requirement is to check whether the attributes in the object are matching…
Using JSON Paths
I'm attempting to extract values from a JSON string field. However, it seems, that none of the below methods are working for referencing or obtaining the value using a JSON path or dot notation type of approach. I've even tried the "extract_json" function, but to no avail. KQL in Azure has the bag_unpack function, but I…
Why is my parsed data different from my original _raw data?
When I use a parser function to parse my json _raw field, I see that my original data changes and it breaks my dashboards: Why does it change?
Data collected using REST Collector getting appended in a single file, how to resolve?
TLDR : JSON Collected from API, parsed through Pipeline, should have three JSON files in S3, but have two where one file have 2 JSON object appended, need help to find out the reason Hi All, At first, I want to say, no this is not an event breaker issue, as much as my understanding. Let me explain. I am trying to get some…
Are there default limits for JSON processing and are they tunable?
I have a TCP JSON stream with massively long lines… i suspect Cribl is truncating them. Are there default limits for JSON processing? and are they tunable?
Can I create a lookup file from data I receive from a collector?
Can I create a lookup file from data I receive from a collector? I have two fields in a JSON array that I want to use to create/update a lookup file every time the collector is run.
What is the name of the object containing _raw?
For a JSON log using the default Cribl JSON event breaker, do you know what the name is of the top most object? For instance, _raw is an object, but what is the name of the object containing _raw?

Quick Links

Monthly Leaderboard