-
Best Practices for the Splunk Load Balanced Destination
Cribl Stream and Cribl Edge can send data to Splunk in several different ways. This article focuses on the common scenario where you want to connect Cribl Stream’s Splunk Load Balanced Destination to many Splunk indexers at once. We’ll talk about Cribl Stream, but this applies to Cribl Edge, too. We’ll look at changing a…
-
Common AWS S3 Errors (Source and Destination)
Summary When setting up AWS S3 Sources or Destinations, it's common to encounter issues during setup. This article addresses some of the most frequent problems and potential solutions. Users have two main options to authenticate when setting up S3 Sources and Destinations. You can leverage 'Assume Role' (recommended) in…
-
Edge - Windows Event Collection Troubleshooting
This article contains common issues and troubleshooting steps for collecting Windows events using Cribl Edge. Issue: Need to clear Edge state for Windows events Possible Causes: You want to switch from collecting the "Entire Log" to "From last entry" to only collect new events. You have upgraded a Windows Server in place…
-
REST Collector Example - Zoom Users API
This article walks through an example setup of accessing the Zoom API to fetch user data with the Cribl REST Collector. You can use this as a template to help with collecting other Zoom sources as well. Prerequisites Zoom access credentials, including: Account ID Client ID Client Secret Proper permissions / scopes (read…
-
Search Splunk Backups in place with Cribl Search
IT and Security administrators face a challenging balance: they need to store increasing amounts of data for compliance and auditing, yet must also manage their license and storage costs effectively. To navigate this, many Splunk administrators have developed strategies that involve swiftly rolling data from searchable…
-
Syslog Source - Tips and Best Practices
Summary Cribl is able to perform as a syslog receiver, simplifying and streamlining your data collection architecture. Below are some best practices and other tips to help with receiving syslog data. For even more information including a detailed video on architecture, check out the blog. And check out this one for even…
-
Troubleshooting Microsoft Sentinel
Summary This article covers troubleshooting the Microsoft Sentinel Destination. Troubleshooting Issue: Sentinel shows no data in a custom table, but the data collection rule (DCR) metrics show bytes received. Possible Causes: Using the wrong stream name in the URL field for the Destination will cause Sentinel to drop…
-
Tuning Splunk Universal Forwarders to Send to Stream
While tuning isn’t strictly required, users may sometimes have trouble getting data into Stream from Splunk universal forwarders (UF). Usually this presents as a performance issue that results in the forwarders getting blocked by Stream. Why would you need to change anything on the UF when the forwarders can successfully…
-
Using Dynamic Data Types in Sentinel
A More Dynamic Approach Microsoft Sentinel and Log Analytics requires working with tables with predefined column names and data types. This also requires a Data Collection Rule (DCR) and a Data Collection Endpoint (DCE) to allow the Log Ingestion API to successfully write data into the desired table. Imagine a scenario…
-
Video - Configure AWS S3 Destination in Stream
In this video, the following is demonstrated: Preparing the AWS environment Creating the Stream Destination Routing logs and validating data is received Find it here.