v.4.5 Release
Cribl Search Release Notes
2024-02-14 – Cribl Search 4.5 | GA Release
Starting with Cribl Search 4.5, you can explore data from a variety of new sources, send email notifications, create more powerful visualizations, and more.
Generic HTTP API Dataset Provider
You can now quickly configure Cribl Search to explore data coming from any HTTP API, by setting up generic HTTP API data providers and datasets.
Explore Azure Data Explorer Logs
You can now search Azure Data Explorer logs, by setting up Azure Data Explorer data providers and datasets.
Explore Cribl Edge Disk Spool Data
You can now search data that has been spooled with Cribl Edge’s
Disk Spool Destination. For this, use the new built-in
cribl_edge_spool dataset.
Send Email Notifications
You can now send email notifications, by creating an email notification target and configuring notifications for a scheduled search.
Generate Metadata
Although you can point Cribl Search at any source and start searching immediately, now you
can also choose to improve search performance by analyzing selected portions of your data
beforehand. For this, use the new .generate metadata command, along
with the two new virtual tables: $vt_object_list and
$vt_object_list_summary.
Automatically Reuse Previous Search Results
When writing a query, you can now use a new optional set statement:
allow_previous_results. This allows Cribl Search to
automatically reuse the results of analogous searches run
recently in your organization, which may reduce costs and improve performance.
Visualize Results in a Trellis Chart
The Area, Bar, and Line charts now support the Trellis view, which enables you to divide the chart into subsets of data based on fields in your search.
Rotate Data, Using the New pivot Operator
You can now turn field values into field names, using the new pivot
operator.
Force a Query to Render Its Results as Events
You can now force your search to render its results as a
list of events rather than a chart.
For that, add | render event at the end of your query.