I use Cribl with all of my customers that I manage services for. It's how I get their third-party log sources into Microsoft Sentinel.

Cribl.Cloud Suite
CriblExternal reviews
External reviews are not included in the AWS star rating for the product.
Facilitates seamless log integration and reduces data costs with efficient compression
What is our primary use case?
How has it helped my organization?
We save about 75% percent of our costs by processing network and firewall logs through Cribl. This is largely due to the compression and duplication that exists within those logs. They tend to be very noisy, and most of the information isn’t useful from a security standpoint. While some of the data might be valuable to other departments, we don’t need to store all that extra information. By removing these unnecessary details, we quickly reduce our data retention costs by 75%.
Cribl makes it very easy to contain data cost and complexity. As far as complexity is concerned, there might be manual ways to do it in other products, but not with the ease and durability. It remains the same, whereas you might try to put a patchwork of other things together to get the same result. In terms of controlling costs, we achieve about 75% savings on data storage, which is fantastic. However, it’s worth noting that Cribl is not free, so we do pay for it to realize these savings. As long as Cribl doesn’t increase their prices too steeply or too quickly, we should be fine in terms of managing our costs.
Cribl definitely handles high volumes of diverse data types. Anything from firewall logs, endpoint security logs, to Windows event logs can become very noisy, especially in large environments. I've not had an issue with Cribl dropping logs. Occasionally there could be a short-term outage, but that's definitely very rare.
What is most valuable?
My favorite feature is Cribl Stream. That's probably the only Cribl product I have a lot of experience with, and Cribl Stream makes it very easy to identify where all the customer's log sources are and to quickly connect them to a destination source such as Microsoft Sentinel and Microsoft Azure Data Storage.
Cribl Stream does two things: not only does it make it easy to connect one log source or one dataset to multiple storage locations, but it also has compression features, which greatly reduce the storage cost for that data. It strips out and compresses data so that only the absolute information remains and not any duplicates. Dual destination and compression are the two top features.
What needs improvement?
I would Cribl to become more Microsoft-focused. A lot of my work is in the Microsoft environment. Cribl supports all of these other platforms out there, and they seem to be developing a lot for CrowdStrike. I'd prefer to see some Microsoft-specific connectors built inside of Cribl.
For how long have I used the solution?
I have been using Cribl for about two years now. They've only been around for about four years, so I've been using them for half of their existence.
What do I think about the stability of the solution?
The performance and stability of Cribl are fantastic. The uptime is 99.9%. We are realizing all of the cost savings promised, and there are no failures.
What do I think about the scalability of the solution?
Scalability is easy because we can just go into the portal and add a new log source. If we onboard a new firewall or something we want to collect logs on, we can quickly implement that. I don't need to talk to a Cribl engineer to connect a new log source. The only requirement might be purchasing more Cribl credits if I'm running low because I'm asking it to do more than originally specified.
How are customer service and support?
We've engaged their customer service and support, and anytime there's an outage, they've been very receptive. They've quickly escalated our tickets and helped us get resolution. We've never felt we were waiting for a response or that they didn't know what was going on. I think it's maybe because we were an early customer. I would assume it's the same for all customers, but we've gotten great treatment.
I would give them a 10 out of 10 for support. They are very responsive. We deal with a lot of other cloud solution providers who have tried to save money on support. It could be that because Cribl is new and they really want to make sure all new customers are being successful, but we really hope this continues. We don't feel we're alone.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
The only alternative I can compare Cribl to would be Azure Data Transformation, Azure Data Time configuration rules and policies, basically making the storage source sort the data, and that is very painful. I don't see any next-best options when it comes to Cribl. They seem to be a leader and standing alone in their service offering, specific to Cribl Stream. For other products such as Cribl Lake, there's now Microsoft Sentinel Lake, which is a competitor, and I haven't really analyzed the pricing to see how competitive that is. But regarding Cribl Stream, there's no close competitor. The closest is extremely painful, requiring about 20 pages of configuration to even get close.
How was the initial setup?
It's straightforward. They have a really nice user interface, and their service engineers will guide you through the initial setup. Since they are compensated based on product usage, they ensure that we are properly onboarded and that our experience is as successful as possible.
To deploy Cribl probably took an hour. Identifying all the different log sources that we wanted to bring in took about another eight hours of human work as it was a data exercise of determining which log sources are important to us, and where we can get the best compression or data size reduction. You can connect to them all automatically, but you want to have the thought process of which ones matter and what actual data you need.
It does not require any maintenance on my end. The big thing is just checking connector health to make sure everything is running and that logs aren't dropping and that there haven't been any changes. In case there's any outage, putting in a ticket for any outage issues is very minimal. It's set it and forget it, and then just monitor to make sure nothing's bad or nothing has gone wrong.
What about the implementation team?
We're a large organization, so we have a team of about five people who worked on the deployment of Cribl. I'm sure smaller organizations could use a lot less. We probably could have gotten away with two or three people. Not to say one person couldn't do it, but it's always good to have another person putting eyes on the process just so that we don't have a single point of failure.
What's my experience with pricing, setup cost, and licensing?
The pricing has been increasing year-over-year, and I understand that the cost of business continues to grow. The cost of log retention and all the aspects they're fighting against, they are also a victim of. It is a concern that I'm watching as they raise prices about 10% year-over-year. I am still observing significant cost savings, although the amount of savings is gradually decreasing. Additionally, they are currently the sole provider of this type of solution, which means they face no competitive threats.
What other advice do I have?
I would rate Cribl a ten out of ten. I truly appreciate them as partners. They genuinely feel like they're with us on this journey to manage the increasing volume of data. It's been exciting to watch them grow. At first, I thought I was a bit of a nerd for being an early adopter, but seeing so many others come on board after us reassures me that we made the right decision.
Real time validation of data transformation before pushing them into production
What is our primary use case?
We use Cribl Stream to collect logs from multiple sources, transform and enrich them, filter out unnecessary data before sending them to SIEM. We also use Cribl to route logging to data lake.
How has it helped my organization?
Since we started using Cribl, it’s made a huge difference for us. We spend a lot less time building and maintaining things, so the team can focus on the security work that really matters and brings value. Plus, by filtering out all the noisy data we don’t need, we’ve been able to cut costs and make our data a lot cleaner.
What is most valuable?
One of the biggest things I love about Cribl is that you can actually see the output in real time before you push anything to production. The UI makes it super easy to work with, and honestly, it saves a ton of time. Plus, it’s way easier to collaborate—everyone’s on the same page, and you’re not guessing what the data’s gonna look like once it’s live
What needs improvement?
So since we’re handling a ton of data, I think we could really benefit from a more integrated or connected way to manage it all. Like, if there is a way to better track data lineage, metadata, those can help with knowledge transfer.
For how long have I used the solution?
A couple of months
What do I think about the stability of the solution?
I haven’t ran into issue yet
What do I think about the scalability of the solution?
I can’t really speak to scalability yet. So far I don’t have any problem with it.
How are customer service and support?
The technical support is good. I'm happy with that.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have used something similar before, which was Logstash.
What was our ROI?
Not sure
What's my experience with pricing, setup cost, and licensing?
I think the pricing for Cribl is reasonable. For large usage, but I heard the calculation of those credits is a bit complicated.
Which other solutions did I evaluate?
We did, but Cribl just felt more mature and well-established. I think that’s the reason why we selected it.
What other advice do I have?
Cribl gives us way more control and flexibility than we ever had before. We deal with massive volumes of telemetry data, and honestly, a lot of it is just noise. Cribl allow us to easily filter, transform, and route that data exactly how we want. It’s made a big difference.
Efficiently manages high volumes of diverse data types and reduces informational logs
What is our primary use case?
For Cribl, we use only Stream, which we are using as a data pipeline in between our environment and the SIEM console. We have two SIEMs: one is a cloud SIEM and one is an on-prem SIEM. On-prem, we are using another user and entity behavior analysis tool, so we have a redirection or a copy of a log for user login and logout information. Then we have a SIEM console, and we have redirections to the SIEM through Cribl. From the environment, we have a load balancer, and from the load balancer, we have this data pipeline configured to different SIEMs, and then we have that data transferred to two different SIEMs.
What is most valuable?
Cribl's ability to handle high volumes of diverse data types is exactly the purpose that we took it for, and as far as I have seen for the last nine months, it is handling well without issues. Connectivity-wise, there is some problem, but I'm not sure whether it's from the Cribl end or the SIEM end; we are working on both ends right now, so I don't see any problems concerning that. Cribl has helped in reducing informational logs between the main entity of our SIEM and the external entity, so that actually helped.
What needs improvement?
Regarding Cribl's solution, we have limited access to Stream. I'm not sure about the other three products. We only use the Stream of Cribl. If I suggest something, it may be available on the other products. I haven't worked on those. The suggestion would be more into log information, as I'm not able to view more logs because this is a limitation that we are only using for data pipelining. If we have more visibility or if the storage structure is already there, I'm not sure; if it is there, it would be fine.
Regarding stability, lagging only happens if I exceed my data analysis stuff, but it is a limitation with Cribl as per their design. We do not use it for that purpose, but if it is improved, it would be great. For scalability, I'm not sure in my project as we are using it only for a limited purpose. Maybe, if there was an environment that required more data transfers and logs to be filtered out, it would be good, and I would suggest it.
For how long have I used the solution?
I have been using Cribl since we deployed it during November, which is close to nine months.
What do I think about the stability of the solution?
We are actually checking on a regular basis; however, the problem is with the connectivity of the data pipeline and the SIEM. It requires attention if there is an alert; for example, if the pipeline is down and we receive an alert that it's not sending information to the log collection platform for more than one or two hours, if we receive an alert, it would be great.
What do I think about the scalability of the solution?
For scalability, I'm not sure in my project as we are using it only for a limited purpose. Maybe, if there was an environment that required more data transfers and logs to be filtered out, it would be good, and I would suggest it.
How are customer service and support?
My engineering team contacts Cribl's technical support; I join the call in case any issues come up and I provide my suggestions.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Cribl is the first tool that I'm using for this particular data pipelining. We do have Dynatrace, but we use it for a different purpose, for monitoring. Cribl is for streaming purposes only, so the purpose is different. I'm not sure if there is a competitor for this particular tool or not, as I haven't worked with any competitor so far.
How was the initial setup?
The initial installation was kind of easy to understand for me, while my teammates struggled a little bit, so I would say it was okay.
What about the implementation team?
My engineering team contacts Cribl's technical support; I join the call in case any issues come up and I provide my suggestions.
Which other solutions did I evaluate?
Cribl is the first tool that I'm using for this particular data pipelining.
What other advice do I have?
For everything, my suggestion and limitation as I told, if it were there, I would give Cribl 10 out of 10; since it's not, I'm giving nine out of 10. I am just a user of Cribl; my company has a license with them. I'm not sure if they have a partnership with Cribl or not. I rate Cribl nine out of 10.
Ease of use in data parsing and manipulation saves development time
What is our primary use case?
Our use cases that we are exploring Cribl for right now are for data parsing and data manipulation.
What is most valuable?
The feature I appreciate most about Cribl is that it is really easy to use and quick to replicate data models on different data sets. We have over 1,000 log sources, and currently, we have to configure them individually with their own architecture. Cribl allows us to do a copy and paste architecture and saves us a lot of development time. It also makes it easy to add any sort of extra data parsing to specific lines. Ease of use is really our biggest benefit from it.
What needs improvement?
Something that Cribl could do better is processing time. There is not enough customization to improve performance. An example would be with AWS Lambda functions, the way we were doing it before. There are different strategies where the way we code it could save us more processing time and still have the same price. With Cribl, it is very much set in its ways. If you want better performance, then you have to pay for more resources.
The UI is a very beneficial thing that saves us a ton of time. I mentioned the copy and paste approach and little to no code anymore, as it is all UI interface-based now. There is little to no code that we do other than regex commands. If there was still some aspect of being able to add our own code, we could potentially get better performance. I understand this is the whole use case of Cribl, to remove the technical need aspect. You do not need as many experienced developers; you will pay for software and have to hire an analyst instead of an engineer and save money on wages. For how good the tool is, it would be nice to still have that data engineering aspect.
For how long have I used the solution?
I have not been using Cribl in my career. We are a company that is interested in investing in it at the moment. However, we do have several teams that have used it and we have also had access to a dev workspace that we have used.
What do I think about the stability of the solution?
I have not had any issues. So far, everything has been good.
What do I think about the scalability of the solution?
It is pretty scalable, just in terms of cost. If you have any problems, it is probably going to be more about having to pay for more resources.
Which solution did I use previously and why did I switch?
Currently, we are using Logstash, and we are also exploring a POC with DataBahn. DataBahn is a newer company. They are not as sophisticated as Cribl, and the performance is probably not there, but they make up for it in cost.
How was the initial setup?
Being new to Cribl, the setup was very easy.
What about the implementation team?
For us, it could have been done with one person, but we had different team members involved just for exposure because we were onboarding it with many people. It could have been a one-person implementation, but two to three people would have been a good healthy number.
What's my experience with pricing, setup cost, and licensing?
The current pricing is a little bit above average.
What other advice do I have?
We are using around 25% of what Cribl offers, mainly focusing on log parsing, which is what Cribl started with. We use AWS as our main source of ingestion.
There is little flexibility in pricing. It is simply the market price, and you either pay it or you do not. Cribl has significant capacity to handle high volumes of diverse data types, such as logs and metrics. Cribl can handle almost anything we throw at it, as lonthe g as budget is not an issue.
There is a team in my company that uses them, but they are part of a separate company. We do not have any partnership with them yet.
On a scale of 1-10, I rate Cribl an 8.
Enables us to gain control over data flow and optimizing log management across multiple destinations
What is our primary use case?
Entire logs from my organization go through Cribl and get routed to Splunk and various other destinations. I use it on a large scale in my organization. Cribl Stream is one of my favorite parts. I use Cribl to route the logs to various destinations. It helped us to completely remove the monopoly on Splunk. Not only firewall logs, but also cloud trail logs and many other logs were processed through Cribl.
What is most valuable?
It helped us to completely remove the monopoly on Splunk, as we previously couldn't have any control over logs and how to optimize them. When we had Cribl in place, it provided a vision and a platform for us to control what we send and how we send it in terms of data passing, data enrichment, and many more things, with massaging the data. It also helped us to open up to many tools where we could send the data to various destinations, as it is vendor-agnostic.
What needs improvement?
Cribl Stream is good, but I feel they could develop more products apart from Cribl Stream for my use case. I know Search is coming and Data Lake is there, but there can be more innovations in Cribl. They had one good product, which is Cribl Stream, which appears to be the primary revenue source for the company, but there may be many other use cases. They could explore OTel and how to connect with DynaTrace. They are looking specifically for logging, but expanding into metrics and APM would also help.
For how long have I used the solution?
I have been using Cribl for the past three to four years.
What do I think about the stability of the solution?
On-premises deployment is something which customers take care of themselves. Earlier versions had quite a few issues, but there are more stable versions now, so it is a good time to start using Cribl.
What do I think about the scalability of the solution?
They are very scalable and good.
How are customer service and support?
They are very good in terms of solving issues. Regarding availability over other time zones, since it is mostly focused on Europe and US, they are starting to build up in New Zealand and other places.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I tried a few other alternatives as POCs, but none of them worked out as effectively as Cribl.
How was the initial setup?
We worked on it for six months. Our infrastructure is complex, so it took almost six months, a couple of quarters.
What about the implementation team?
If you have a good architect and a couple of Cribl staff members to assist, three persons can handle the implementation.
What was our ROI?
It is feasible and doable. Compared to Splunk, Cribl is cheaper.
What's my experience with pricing, setup cost, and licensing?
Pricing is feasible and doable. Compared to Splunk, Cribl is cheaper.
Which other solutions did I evaluate?
I tried a few other alternatives as POCs, but none of them worked out as effectively as Cribl.
What other advice do I have?
It has been able to perform to the best of its capabilities. They are able to handle everything with their non-shared architecture. On a scale of 1-10, I would rate Cribl a solid nine.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Stream product centralizes data collection and has strong community support
What is our primary use case?
I am using Cribl to have everything centralized in one tool in terms of data collection. We were working with different Splunk customers, and Cribl helps collect data and then send it to an S3 bucket or Amazon Web Services (AWS) response plan.
How has it helped my organization?
Cribl allows us to enforce security for some customers. For instance, if they want to add fields, values, or need to change formats to comply with different security standards, Cribl makes it possible.
What is most valuable?
My favorite option in Cribl is the Stream product. It is the best use case for us and our customers. Additionally, the community on Slack is excellent for solving questions and getting ideas.
What needs improvement?
At the moment, I don't have specific feedback on what can be improved as I do not work with Cribl daily. Perhaps more flexibility in terms of metrics would be helpful.
For how long have I used the solution?
I have been using Cribl for about two years, more or less.
What do I think about the stability of the solution?
From my experience, I did not face issues with Cribl's stability. However, I heard others have faced issues.
What do I think about the scalability of the solution?
In my experience, Cribl has been perfect in terms of scalability. I did not have any issues.
How are customer service and support?
I haven't contacted them in terms of paid support. That said, the community, including the engineering and sales teams, is available on Slack and is very supportive.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is really straightforward, and the documentation is very good.
What's my experience with pricing, setup cost, and licensing?
I am not aware of the pricing details, however, I know they use a credit format for billing.
What other advice do I have?
Utilize the documentation to ensure Cribl fits your use case, and join the Cribl community for any questions or recommendations.
I'd rate the solution ten out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Provides data normalization and routes the same data to different destinations but lacks documentation
What is our primary use case?
We use Cribl for data normalization, which involves standardizing data from various sources before sending it to a SIEM. This helps reduce costs associated with SIEM ingestion. Additionally, we use Cribl to sanitize data by removing or masking sensitive information from certain fields.
How has it helped my organization?
Cribl filters out unnecessary events and data, and we reduced the costs associated with SIEM ingestion.
What is most valuable?
You can use Cribl to route the same data to different destinations. For instance, if a company uses multiple SIEMs and needs data in each, Cribl makes it easy to direct that data to various destinations. Setting up API connections to get data into the platform is easy. Cribl offers a cloud version, allowing different workspaces to segregate various functions within a company or organization.
What needs improvement?
The documentation part could be better. Their documentation could be updated, as new features often outdated existing information. Additionally, there are inconsistencies between the documentation for Cribl Cloud and Cribl on-premises. This can be confusing, as features may differ, leading to potential misunderstandings if you use documentation intended for one version while working with another. Consolidating and improving the clarity of the Cribl Cloud documentation would be very helpful.
For how long have I used the solution?
I have been using Cribl for a year and a half.
What do I think about the scalability of the solution?
It is highly scalable. If you need more cloud worker groups, you're just a click or two away from doing that at extra cost.
How are customer service and support?
Depending on the license, we usually provide a Customer Success Manager to assist with any questions or issues when onboarding Cribl. They are very responsive, and their support is quite helpful.
How would you rate customer service and support?
Neutral
How was the initial setup?
We employed a hybrid strategy, setting up Cribl Cloud as the head node in their environment. For data processing, we used worker nodes within the client’s environment, which are closer to the data sources. This setup allowed us to process data locally before sending it to our destination. For cloud assets, such as SaaS applications like Salesforce, we used the cloud-hosted Cribl instance to handle that information. Meanwhile, the on-premises data was processed by the hybrid worker nodes.
We encountered delays due to third-party issues, extending the timeline to six to seven months. Without these issues, it likely would have taken around three months, depending on the speed of obtaining API keys, authorizations from networking teams, and other factors. Under ideal circumstances, a three-month timeframe would be more accurate.
You need to maintain the pipeline, which includes data processing, before it reaches its destination. When onboarding new data, managing and rotating API keys as needed is important. Maintaining these aspects ensures faster and more efficient deployments.
If you want to reduce log ingestion or route data to multiple destinations, consider using an on-premises or cloud solution. Your choice will depend on your organization’s network constraints. For example, if critical assets on your network need to connect to the internet, your network team might have restrictions. Weigh the benefits of cloud versus on-premises options to determine what best fits your needs.
What other advice do I have?
With less data coming into our system, we can now run queries faster since we're not processing as much data as before. The reduction has made our queries more efficient because we're working with more streamlined data.
The quick connects are great for testing and allow you to rapidly set up a proof of concept, which is very beneficial. They can also be useful in production environments. Another significant feature is the recent Sentinel integration. The provided pack simplifies the setup process, making it much easier than the previous method, where you had to manually handle tasks like finding API keys. This integration makes the setup much more efficient.
Overall, I rate the solution a seven out of ten.
Enhances data management with streamlined deployment and security
What is our primary use case?
In this particular situation, we use Cribl to deploy data to various destinations. My role is to create and analyze data and deploy it to the appropriate location required by the organization. I also monitor data to manipulate or adjust it as needed. Additionally, we use it to amend or remove some lookup in the data or to add some phrases, ensuring it meets the organization's requirements. Overall, we use it for daily data management activities.
How has it helped my organization?
Cribl makes the work easier by providing a straightforward way to deploy data from the source to the destination without much coding. It is valuable for resizing data, increasing process complexity, and enhancing deployment availability. It simplifies the process of sending data to various destinations while providing options to block certain destinations, which is more efficient compared to other applications that require deploying data one at a time.
What is most valuable?
Features such as Cribl Stream, Cribl LogStream, and Cribl Edge have been the most beneficial. The Cribl LogStream, in particular, is valuable for routing data, creating firewalls on pipelines, and putting security measures in place to ensure data reaches its destination without issues.
What needs improvement?
Cribl should consider adding more features that are applicable to smaller firms, allowing broader access to their data migration through Cribl. Additionally, there's room for more enhancement concerning the desktop server so tasks can be processed more directly.
For how long have I used the solution?
I worked with Cribl for about eight months, and I stopped working on a specific project with it five months ago.
What do I think about the stability of the solution?
Cribl has been stable. Even when issues arise, having a KPI knowledge allows us to address challenges without significant difficulties.
What do I think about the scalability of the solution?
Cribl is very scalable, and I'm looking forward to continuing to work with it for a long time due to its ability to upgrade and improve continuously.
How are customer service and support?
I would rate Cribl's customer service and technical support as nine and a half out of ten. We have worked with various teams to address some issues, and the support has been exceptional.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, I worked with Azure Active Directory and other applications to handle tasks such as Azure DBN, data deployment, and subscription management
How was the initial setup?
The initial setup of Cribl was straightforward, often taking as little as thirty minutes for deployment. Cribl has QuickConnect features that simplify the process significantly. However, we preferred using routing and pipelines for more control and security measures.
What about the implementation team?
Working with the relevant implementation teams, including the network and SOC teams, ensured that deployment and maintenance processes were completed smoothly.
What was our ROI?
For now, I haven't seen a return on investment with Cribl, particularly in terms of processing time and cost-saving.
What's my experience with pricing, setup cost, and licensing?
Cribl offers a reduction in pricing, up to thirty percent, which is beneficial. Although I'm not involved in licensing, I know that the price reduction is accurate and well-received.
Which other solutions did I evaluate?
There are other solutions like Azure and Splunk, and each has its strengths. Cribl stands out due to its streaming data model and integration for security use.
What other advice do I have?
I would recommend Cribl to organizations facing data challenges due to its perfect security measures and ease of use. It offers a simple, fast, and efficient solution.
Which deployment model are you using for this solution?
Offers efficient log management but has room for better documentation
What is our primary use case?
I use Cribl to ingest logs from different platforms. These logs could come from sources like Mimecast, Windows, or CrowdStrike logs. It acts as a pipeline to send data to our destinations and also helps in reducing the amount of logs sent by applying different functions on them.
How has it helped my organization?
Cribl has helped to save thousands of dollars for our clients. It provides cost-effective solutions, particularly when you know how to use it effectively. It does require some learning to cover all aspects of it because it's not entirely intuitive. However, once you overcome the learning curve and get hands-on with the platform, it significantly contributes to cost savings.
What is most valuable?
The capability to reduce logs in a user-friendly manner is a standout feature. Cribl allows us to view logs live as they are being processed, giving us quick feedback on the changes made.
Additionally, the data routing feature is beneficial because it gives us the option to send logs through data routes or QuickConnect, facilitating quick configurations of different sources and managing them more effectively. These functionalities offer logical and useful capabilities such as deciding where logs should be sent and specifying which fields should be included within the logs.
What needs improvement?
There is room for improvement in the documentation and knowledge base, particularly regarding configurations like sources where logs are being ingested. It would be helpful to have specific guidance on configuring different data sources, such as AWS S3 buckets. Additionally, the ability to understand what type of output a function will produce is missing in Cribl, which could be improved by indicating the output type.
For how long have I used the solution?
I have been using Cribl for more than one and a half years.
What do I think about the stability of the solution?
Cribl's stability has been well documented online, and we have not encountered any significant stability issues.
What do I think about the scalability of the solution?
We have tested Cribl and found it to be sufficiently scalable for our needs.
How are customer service and support?
At the time I was trying to do the course back then, I did escalate questions to tech support, but I haven't raised any recent issues.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have experience with Splunk and CrowdStrike. I am quite familiar with Splunk.
What was our ROI?
Cribl is indeed a cost-effective solution, saving thousands of dollars for our clients. It provides value through cost savings and time efficiency once users know how to effectively use the platform.
What other advice do I have?
It's important to know what source you will be using to ingest data into Cribl. Understanding how to configure the data source is key before using the platform. Once you have that figured out, Cribl becomes a powerful solution that can ingest almost anything with its Edge capability. However, having a clear understanding of the pathways you can take to ingest data is crucial before diving into it.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Provides impressive architecture and easy setup but have administrative issues
How has it helped my organization?
We've encountered several challenges, but what's most promising and encouraging is Cribl's scalability. The architecture is impressive, and it distributes work across all worker nodes and communicates with the leader.
What needs improvement?
There have been several administrative issues. Another point is that the browsing functions aren't very intuitive.
The most challenging aspect is the versioning system. Everyone can see and potentially deploy each other's changes in a team of developers. Unlike traditional versioning systems, where you work in isolated feature branches and only merge changes after reviewing conflicts, Cribl's versioning system requires careful management because everyone works on the same repository.
I work with a team that includes both experienced and less experienced developers. Though new to this technology, the two senior developers have extensive experience with various other technologies and can get up to speed relatively quickly with the available training. The less experienced developers face significant challenges. They struggle to understand the system, suggesting it may not be intuitive.
For how long have I used the solution?
I have been using Cribl for two years.
What do I think about the stability of the solution?
I rate the solution’s stability a seven out of ten.
What do I think about the scalability of the solution?
10-15 people are using this solution.
How are customer service and support?
Everything works, but it required a lot of support. The setup wasn't easy, but the support team was very helpful and managed to get everything production-ready.
How was the initial setup?
Setting up Cribl for basic training is straightforward and effective. You can easily configure it on your laptop by downloading the binaries and using simple command-line instructions to set it up in different modes, like leader, edge node, or single deployment. Adding a worker node is also simple; just run a script generated in the UI, and it's up and running.
The enterprise setup process is more complex, and there are significant documentation challenges. Despite the system eventually being available, the process involved many support calls and workarounds. Getting everything set up for a production-ready enterprise deployment was long and challenging.
What other advice do I have?
In some of the projects I've been working on, we're still testing and exploring Cribl's capabilities. We haven't established specific business goals or fixed objectives yet. Currently, we're focused on ingesting data from various sources with minimal transformation to understand how Cribl handles different types of logs and data.
I encounter issues with the UI not accurately reflecting the current status. For example, the UI might show that a worker is still fetching the latest version of the code, but after refreshing the page, it usually updates to show that everything is up and running. Over time, I've learned to recognize when the UI is not displaying the correct information and use the refresh button to get the accurate status.
Overall, I rate the solution a six out of ten.