v.4.4 Release

November 8, 2023 · 2 min read
David Duke
Senior Technical Writer

Cribl Search Release Notes

2023-11-08 – Cribl Search 4.4 | GA Release

New Features

Query Language

The join operator merges events from two different data scopes. You can merge data coming from different dataset providers, and then process the output for further analysis, gaining insights that would be difficult to obtain otherwise.

The ip-lookup operator retrieves geolocation data of IP addresses using MaxMind’s GeoIP2 and GeoLite2 databases to enrich events with details such as city, continent, country, latitude, longitude, postal code, region, and time zone based on the provided IP address field.

The top-hitters operator counts distinct value combinations and returns the most frequent combinations in descending order. It provides valuable insights into the most popular and impactful data combinations within your input dataset.

The distinct operator identifies unique values within each of the specified fields. distinct finds unique values within each provided field separately, helping you to analyze and explore data uniqueness within individual fields.

The let statement allows you to give names to values and expressions, and refer to them in the scope of the same search.

The match_regex function searches a text string for a specific pattern defined by a regular expression. It returns a Boolean value indicating whether the pattern was found in the text.

Results from the .show objects command are now filtered by the time range.

Visualizations

We’ve added a new Map chart type that displays data points or categories associated with specific locations as geographic maps.

You can now create interactions that allow dashboard viewers to drill down into specific chart values within a panel, offering a new dimension of data exploration within your dashboards.

You can now apply a color threshold to Single value and Gauge charts.

Dashboards can now be grouped into custom collections and shared with other users.

Search limits

You can now assign users to Usage Groups that control limits for each search query. Available limits include, among others, the number of searches a user can run concurrently, maximum time range, and a restriction on result numbers.