v.4.3.1 Release

Cribl Search Release Notes

2023-10-11 – Cribl Search 4.3.1 | Maintenance Release

New Features​

Query Language​

The new eventstats operator allows you to enrich events with aggregated data.

The new dedup operator lets you efficiently remove duplicate events.

Commands allow you to manage searches and view dataset objects by running a search, these include:

• .show queries to display queued or running searches.
• .cancel queries to stop queued or running searches.
• .show objects to list objects included in a dataset.

The export operator now supports appending data to lookup files, in addition to the existing create and overwrite options.

Certain member permissions now restrict access to the export and send operators, as well as the newly introduced commands: .show and .cancel for search management.

Notifications​

Scheduled searches now support sending notifications to Amazon Simple Notification Service (SNS) topics and Slack.

Data​

Virtual Tables enhance system observability by providing access to system definitions and properties through search queries. Unlike datasets, these tables are dynamically generated by Cribl Search.

Visualizations​

Results tables have a new column formatting option to define the Format as a Number, Percentage, or Currency.