v.4.6 Release

Cribl Search Release Notes

2024-04-17 – Cribl Search 4.6 | GA Release

Starting with Cribl Search 4.6, you can export search results to Cribl Lake, save fragments of your queries as macros, include search results in your email notifications, and more.

Export to Cribl Lake​

You can now use the export operator to send Cribl Search results to a Cribl Lake dataset.

Macros​

You can now create macros, to quickly reuse query text across different searches.

Macros can be shared with other members of your organization, to build a library of useful functions and transformations.

New Multistage Search Features​

let statements got more powerful. Now, you can:

• Write let statements that reference one another.
• Append the results of a let statement to your main results, by using the new union operator.
• Use the results of a let statement when filtering your main results with the in/!in/in~/!in~ operators.
• Use the results of a let statement when filtering your main results as a discrete value (for example, where fieldName > let_search_value).

Window Functions​

Cribl Search 4.6 introduces window functions, enabling powerful data analysis within your queries. You can use the following functions:

• prev and next to access previous and subsequent rows.
• row_number, row_rank_dense, and row_rank_min, for row ranking and numbering.
• row_cumsum for aggregations like running totals.
• row_window_session for session analysis.

Search Results in Email Notifications​

Email notifications can now include HTML tables with a sample of the search results.

Scopes of set Statements​

Options configured by set statements can now persist across multiple searches. This means you can configure options for different scopes, applying them either to the current search only, or to all of your searches (user: scope), or to all users in the usage group (global: scope, available to Admin Search Members).

You can also manage set-statement options by using the two new commands:

• .show options, to see which options are currently set.
• .clear options, to disable options.

Updated Sample Searches​

All Sample Searches now reference the cribl_search_sample dataset, rather than the cribl_internal_logs dataset. Moving forward, most users won’t have access to the cribl_internal_logs dataset by administrator policy. The cribl_search_sample dataset should always be available to all users, so these new sample searches should always work for everyone.

Cribl Copilot​

This release introduces Cribl Copilot, Cribl’s new AI assistant for Cribl.Cloud! Cribl Copilot helps you maximize efficiency without leaving Stream, Edge, Search, or Lake. To access Cribl Copilot, click the teal AI icon at the bottom right of any page.

Note that the initial version of Cribl Copilot has the following limitations:

• To enable Cribl Copilot, a Cribl.Cloud organization owner or administrator must provide consent. This enables the assistant for all users in their organization. Standard users can only access the assistant once their organization owner or admin enables the feature.
• Organization owners and admins cannot withdraw consent from within the product. To disable Cribl Copilot, please contact Support.
• Cribl Copilot leverages only two pieces of data when generating an answer: the documentation available on docs.cribl.io, and whatever you type into the question box.