Cribl.Cloud Suite

Entire logs from my organization go through Cribl  and get routed to Splunk and various other destinations. I use it on a large scale in my organization. Cribl  Stream  is one of my favorite parts. I use Cribl to route the logs to various destinations. It helped us to completely remove the monopoly on Splunk. Not only firewall logs, but also cloud trail logs and many other logs were processed through Cribl.

It helped us to completely remove the monopoly on Splunk, as we previously couldn't have any control over logs and how to optimize them. When we had Cribl in place, it provided a vision and a platform for us to control what we send and how we send it in terms of data passing, data enrichment, and many more things, with massaging the data. It also helped us to open up to many tools where we could send the data to various destinations, as it is vendor-agnostic.

Cribl Stream  is good, but I feel they could develop more products apart from Cribl Stream for my use case. I know Search is coming and Data Lake is there, but there can be more innovations in Cribl. They had one good product, which is Cribl Stream, which appears to be the primary revenue source for the company, but there may be many other use cases. They could explore OTel and how to connect with DynaTrace. They are looking specifically for logging, but expanding into metrics and APM  would also help.

I have been using Cribl for the past three to four years.

On-premises deployment is something which customers take care of themselves. Earlier versions had quite a few issues, but there are more stable versions now, so it is a good time to start using Cribl.

They are very scalable and good.

They are very good in terms of solving issues. Regarding availability over other time zones, since it is mostly focused on Europe and US, they are starting to build up in New Zealand and other places.

I tried a few other alternatives as POCs, but none of them worked out as effectively as Cribl.

We worked on it for six months. Our infrastructure is complex, so it took almost six months, a couple of quarters.

If you have a good architect and a couple of Cribl staff members to assist, three persons can handle the implementation.

It is feasible and doable. Compared to Splunk, Cribl is cheaper.

Pricing is feasible and doable. Compared to Splunk, Cribl is cheaper.

I tried a few other alternatives as POCs, but none of them worked out as effectively as Cribl.

It has been able to perform to the best of its capabilities. They are able to handle everything with their non-shared architecture. On a scale of 1-10, I would rate Cribl a solid nine.

I am using Cribl  to have everything centralized in one tool in terms of data collection. We were working with different Splunk customers, and Cribl  helps collect data and then send it to an S3  bucket or Amazon Web Services  (AWS ) response plan.

Cribl allows us to enforce security for some customers. For instance, if they want to add fields, values, or need to change formats to comply with different security standards, Cribl makes it possible.

My favorite option in Cribl is the Stream  product. It is the best use case for us and our customers. Additionally, the community on Slack  is excellent for solving questions and getting ideas.

At the moment, I don't have specific feedback on what can be improved as I do not work with Cribl daily. Perhaps more flexibility in terms of metrics would be helpful.

I have been using Cribl for about two years, more or less.

From my experience, I did not face issues with Cribl's stability. However, I heard others have faced issues.

In my experience, Cribl has been perfect in terms of scalability. I did not have any issues.

I haven't contacted them in terms of paid support. That said, the community, including the engineering and sales teams, is available on Slack  and is very supportive.

Positive

The initial setup is really straightforward, and the documentation is very good.

I am not aware of the pricing details, however, I know they use a credit format for billing.

Utilize the documentation to ensure Cribl fits your use case, and join the Cribl community for any questions or recommendations.

I'd rate the solution ten out of ten.

We use Cribl for data normalization, which involves standardizing data from various sources before sending it to a SIEM. This helps reduce costs associated with SIEM ingestion. Additionally, we use Cribl to sanitize data by removing or masking sensitive information from certain fields.

Cribl filters out unnecessary events and data, and we reduced the costs associated with SIEM ingestion.

You can use Cribl to route the same data to different destinations. For instance, if a company uses multiple SIEMs and needs data in each, Cribl makes it easy to direct that data to various destinations. Setting up API connections to get data into the platform is easy. Cribl offers a cloud version, allowing different workspaces to segregate various functions within a company or organization.

The documentation part could be better. Their documentation could be updated, as new features often outdated existing information. Additionally, there are inconsistencies between the documentation for Cribl Cloud and Cribl on-premises. This can be confusing, as features may differ, leading to potential misunderstandings if you use documentation intended for one version while working with another. Consolidating and improving the clarity of the Cribl Cloud documentation would be very helpful.

I have been using Cribl for a year and a half.

It is highly scalable. If you need more cloud worker groups, you're just a click or two away from doing that at extra cost.

Depending on the license, we usually provide a Customer Success Manager to assist with any questions or issues when onboarding Cribl. They are very responsive, and their support is quite helpful.

Neutral

We employed a hybrid strategy, setting up Cribl Cloud as the head node in their environment. For data processing, we used worker nodes within the client’s environment, which are closer to the data sources. This setup allowed us to process data locally before sending it to our destination. For cloud assets, such as SaaS applications like Salesforce, we used the cloud-hosted Cribl instance to handle that information. Meanwhile, the on-premises data was processed by the hybrid worker nodes.

We encountered delays due to third-party issues, extending the timeline to six to seven months. Without these issues, it likely would have taken around three months, depending on the speed of obtaining API keys, authorizations from networking teams, and other factors. Under ideal circumstances, a three-month timeframe would be more accurate.

You need to maintain the pipeline, which includes data processing, before it reaches its destination. When onboarding new data, managing and rotating API keys as needed is important. Maintaining these aspects ensures faster and more efficient deployments.

If you want to reduce log ingestion or route data to multiple destinations, consider using an on-premises or cloud solution. Your choice will depend on your organization’s network constraints. For example, if critical assets on your network need to connect to the internet, your network team might have restrictions. Weigh the benefits of cloud versus on-premises options to determine what best fits your needs.

With less data coming into our system, we can now run queries faster since we're not processing as much data as before. The reduction has made our queries more efficient because we're working with more streamlined data.

The quick connects are great for testing and allow you to rapidly set up a proof of concept, which is very beneficial. They can also be useful in production environments. Another significant feature is the recent Sentinel integration. The provided pack simplifies the setup process, making it much easier than the previous method, where you had to manually handle tasks like finding API keys. This integration makes the setup much more efficient.

Overall, I rate the solution a seven out of ten.

In this particular situation, we use Cribl to deploy data to various destinations. My role is to create and analyze data and deploy it to the appropriate location required by the organization. I also monitor data to manipulate or adjust it as needed. Additionally, we use it to amend or remove some lookup in the data or to add some phrases, ensuring it meets the organization's requirements. Overall, we use it for daily data management activities.

Cribl makes the work easier by providing a straightforward way to deploy data from the source to the destination without much coding. It is valuable for resizing data, increasing process complexity, and enhancing deployment availability. It simplifies the process of sending data to various destinations while providing options to block certain destinations, which is more efficient compared to other applications that require deploying data one at a time.

Features such as Cribl Stream, Cribl LogStream, and Cribl Edge have been the most beneficial. The Cribl LogStream, in particular, is valuable for routing data, creating firewalls on pipelines, and putting security measures in place to ensure data reaches its destination without issues.

Cribl should consider adding more features that are applicable to smaller firms, allowing broader access to their data migration through Cribl. Additionally, there's room for more enhancement concerning the desktop server so tasks can be processed more directly.

I worked with Cribl for about eight months, and I stopped working on a specific project with it five months ago.

Cribl has been stable. Even when issues arise, having a KPI knowledge allows us to address challenges without significant difficulties.

Cribl is very scalable, and I'm looking forward to continuing to work with it for a long time due to its ability to upgrade and improve continuously.

I would rate Cribl's customer service and technical support as nine and a half out of ten. We have worked with various teams to address some issues, and the support has been exceptional.

Positive

Previously, I worked with Azure Active Directory and other applications to handle tasks such as Azure DBN, data deployment, and subscription management

The initial setup of Cribl was straightforward, often taking as little as thirty minutes for deployment. Cribl has QuickConnect features that simplify the process significantly. However, we preferred using routing and pipelines for more control and security measures.

Working with the relevant implementation teams, including the network and SOC teams, ensured that deployment and maintenance processes were completed smoothly.

For now, I haven't seen a return on investment with Cribl, particularly in terms of processing time and cost-saving.

Cribl offers a reduction in pricing, up to thirty percent, which is beneficial. Although I'm not involved in licensing, I know that the price reduction is accurate and well-received.

There are other solutions like Azure and Splunk, and each has its strengths. Cribl stands out due to its streaming data model and integration for security use.

I would recommend Cribl to organizations facing data challenges due to its perfect security measures and ease of use. It offers a simple, fast, and efficient solution.

I use Cribl to ingest logs from different platforms. These logs could come from sources like Mimecast, Windows, or CrowdStrike logs. It acts as a pipeline to send data to our destinations and also helps in reducing the amount of logs sent by applying different functions on them.

Cribl has helped to save thousands of dollars for our clients. It provides cost-effective solutions, particularly when you know how to use it effectively. It does require some learning to cover all aspects of it because it's not entirely intuitive. However, once you overcome the learning curve and get hands-on with the platform, it significantly contributes to cost savings.

The capability to reduce logs in a user-friendly manner is a standout feature. Cribl allows us to view logs live as they are being processed, giving us quick feedback on the changes made.

Additionally, the data routing feature is beneficial because it gives us the option to send logs through data routes or QuickConnect, facilitating quick configurations of different sources and managing them more effectively. These functionalities offer logical and useful capabilities such as deciding where logs should be sent and specifying which fields should be included within the logs.

There is room for improvement in the documentation and knowledge base, particularly regarding configurations like sources where logs are being ingested. It would be helpful to have specific guidance on configuring different data sources, such as AWS S3 buckets. Additionally, the ability to understand what type of output a function will produce is missing in Cribl, which could be improved by indicating the output type.

I have been using Cribl for more than one and a half years.

Cribl's stability has been well documented online, and we have not encountered any significant stability issues.

We have tested Cribl and found it to be sufficiently scalable for our needs.

At the time I was trying to do the course back then, I did escalate questions to tech support, but I haven't raised any recent issues.

Neutral

I have experience with Splunk and CrowdStrike. I am quite familiar with Splunk.

Cribl is indeed a cost-effective solution, saving thousands of dollars for our clients. It provides value through cost savings and time efficiency once users know how to effectively use the platform.

It's important to know what source you will be using to ingest data into Cribl. Understanding how to configure the data source is key before using the platform. Once you have that figured out, Cribl becomes a powerful solution that can ingest almost anything with its Edge capability. However, having a clear understanding of the pathways you can take to ingest data is crucial before diving into it.