I use Cribl for filtering service logs and reducing data volume before sending to Splunk to cut storage costs, and it is mostly for logs sharing while I am working in the PLM environment.

I have experience with Cribl Stream, and in that, I appreciate data routing, data processing, and reduction because it filters out unwanted fields, helps in removing redundant data, and has good integration support.

I have observed approximately 60% reduction in firewall logs.

Cribl was able to handle the volume of different data types, such as logs and metrics, and that is why I found it valuable. It is a good monitoring tool, and although there is a steep learning curve, once you gain hands-on experience, it is quite good.

I save roughly around 30 to 50% of operational time in log handling and everything.

I find it quite stable, and I would give it a nine.

Scalability is highly achievable with its distributed leader-worker architecture, so I would rate that a ten.

I would definitely recommend Cribl to other users because it has helped me reduce my log handling time by 40 to 50%, and it also reduces the log volume by 30 to 40%, which cuts storage and SIEM costs. Additionally, the good real-time data processing filters and transforms the data before sending it to the tools. I would definitely recommend it to new users or prospective users.

When I started using Cribl interface for managing log processing tasks, it was difficult for me to navigate because it took me a month or two to gain fluency with the software since I did not have hands-on experience initially, and I found that the documentation is not thorough enough to help users navigate how to use Cribl.

The areas that have room for improvement include the documentation because it can be improved, mostly the documentation. Otherwise, I appreciate Cribl Stream, and for new users, it should be easier to understand and learn how to use the tool and how it can help them.

I have been using Cribl Stream for one year, 13 to 14 months.

I find Cribl quite stable, and I would give it a nine.

Scalability is highly achievable with its distributed leader-worker architecture, so I would rate that a ten.

I would rate the technical support an eight.

I have used DataDog, and I find that Cribl is more about controlling the data before it reaches the tools, while DataDog is more about analyzing the data after it arrives, so there is a clear difference between both tools. However, it really depends on what you are using it for.

It is not on-cloud; it is a hybrid model for deployment.

Cribl does require maintenance, and that part is also maintained by one of our team members who handles the versioning, maintenance, and any new releases, so it is pretty taken care of, and I have not heard a complaint from him about anything, so it must be good.

I do not know about the pricing because I have not purchased it, as it was given to me by my organization.

I have not used Cribl Search yet, which includes the new Search in Place technology.

I have used Cribl Edge once; it is a data collection agent, but I have not used it that much as I mainly use Cribl Stream.

There are roughly three to four users using Cribl right now; it is a small team of people.

I would give this review an overall rating of nine.

Cribl is used for log management and SIEM in terms of optimization of the data that we are collecting.

The flexibility that Cribl provides allows us to manage the data and work with the data effectively.

Implementing Cribl has optimized the infrastructure that we have and is improving the optimization of the services that we are providing.

Other than the Cribl module that we are using, Cribl Search has several modules, so there is room to improve that capability in Cribl.

In Cribl Search, the language and the flexibility in querying the data can be improved because it is not as good as other solutions.

Cribl Search does not currently help search data in place for investigative issues or answer questions across our data stores at this moment because we are not using it at that level yet, but hopefully in the future.

I would advise others looking to implement Cribl that if they are evolving Cribl Search, it would be very interesting to see more capability, more flexibility, and more ways to share the data similar to Splunk.

I have around three and a half years of experience working with Cribl.

Cribl's stability is an eight.

For scalability, I would rate it a ten.

I would rate the technical support as an eight.

I would compare Cribl with other solutions or vendors as mature. We have seen another solution similar but not as mature as Cribl at the moment.

I am talking about the Data Stream Processor from Splunk and also Omnium from Spain.

Cribl is easy to deploy; the team managing the deployment did not report any concerns about the complexity of the deployment of the solution.

The deployment is straightforward; it is just a matter of coordination with other teams, but everything was released in one day.

Regarding the firewall logs with Cribl, the digression of the data that we are experiencing thanks to Cribl is amazing. Although I cannot provide exact numbers, the reduction is significant.

I use Cribl Stream, Cribl Lake, and Cribl Search. My experience with Cribl Search and Cribl Lake is just initial; we are just starting to use them. Cribl Stream is the optimization we are using right now in terms of data collection and data management and is more mature.

Cribl Search has changed my approach to long-term log retention and historical investigation.

I would rate this review an eight overall.

We use Cribl for log management.

Cribl has the ability to send data to different destinations, making it a vendor-agnostic tool. For log management, we can parse values or enhance fields at Cribl level and then send it to different destinations such as S3, Splunk, Elastic, or other destinations. This feature is the one I love most because it acts as an intermediate heavy forwarder which can route data to different destinations.

Cribl is intuitive and user-friendly in navigating the UI.

Some of the integrations such as SNMP need improvement, and I feel Cribl should improve on SNMP integration and also on the database monitoring space. These two areas need improvement.

I have been using it for one and a half to two years.

Cribl handles volume of logs effectively. In case of any issues, Cribl support does their job in resolving the issues. Overall, it handles the volume of logs very effectively.

I rate the technical support for Cribl as nine out of ten.

Cribl is solving these issues and bridging the gap. There is Splunk which is equivalent to Cribl, but Cribl is currently leading in this space. There may be other alternatives, but they are still in evolving phase. Cribl is a mature product.

Cribl is easy to deploy. Spinning it up does not take much time, just about a week's time. However, getting the data in and configuring those destination sources will take time.

For scalability, I would rate it as nine out of ten.

I am not aware of the data cost. However, Cribl solves the complexity of having different agents installed. If we shift from Splunk to Elastic, we would have to get a new agent installed and point our applications to Elastic. With Cribl, it solves the complexity of having multiple agents in between and forwarding data. We can forward it to Cribl and then Cribl can send it to wherever we like. This kind of complexity is something it solves.

Big businesses use Cribl.

I assess the stability of Cribl as eight out of ten. I recommend Cribl for others looking to implement this product. I would rate Cribl overall as eight out of ten.

Transform data and reduce ingest licencing in other products (Splunk).

I have seen a decrease in logs with Cribl, but I think a lot of people expect it to decrease significantly; we are just slowing down the increase. People need to take into account that the log growth is exponential. I think this is a good takeaway. Also you get your investment back the moment you prolong your other solutions where the ingestion has decreased not sooner.

I think that most people use Cribl Stream, but not the other products; they mainly have the use case to reduce data. To get the other products to work for customers, there need to be better solutions, and it needs to be crystal clear what the product will bring them.

Searching data on the source, is not yet wanted/allowed by companies due to (to my opinion) outdated security rules.

that the right data is in the right place. talking about transforming and only sending the parts of the logs that are useful, reduce of noise.

I think the best features in Cribl are that you can do everything via the UI, making it very user-friendly, and you can see examples of the data live to preview your processing.

Using Cribl for five years has simplified a lot of use cases when onboarding data, and because it is simplified, it takes less time, which is a huge win.

I think a lot of companies would benefit from a smaller starting license. Perhaps make it free till 100GB for 1st year, that way companies will adopt easier.

I have been working with Cribl for five years.

I would rate the stability an eight out of ten because, although I rarely experience downtime, I would say it's an eight out of ten.

Cribl works fine if you scale properly, handling high volumes of diverse data like logs and metrics effectively.

Cribl is scalable for my organization and I would rate it a nine, but when onboarding a new data stream, it is sometimes hard to know how much impact it will have in your environment. Based on some calculating figures, you don't know beforehand what the impact will be.

I would rate the technical support for Cribl a nine.

No, other companies offer bits and pieces of what Cribl does, but not a comparable solution.

My experience with the deployment of Cribl is that it's really easy.

It takes a day to instrument Cribl, but onboarding all the data takes weeks.

In my company, Cribl is purchased directly, but in another company I worked with, it was via a partner.

Its an easy win for larger companies, other ingestion costs are for instance 600 dollars per GB per year and cribl maybe like a 100, thats a 500$ win per gb, so easy to get money back. the starting license however is 1tb which might by a drawback for smaller companies.

Its an easy win for larger companies, other ingestion costs are for instance 600 dollars per GB per year and cribl maybe like a 100, thats a 500$ win per gb, so easy to get money back. the starting license however is 1tb which might by a drawback for smaller companies.

I think Cribl is quite a unique product with no real competitors; there are competitors that do bits and pieces, but not the full product. If you take Splunk, you can do bits but you cannot send your data to other platforms, so it isn't really a comparison.

There are no cons for Cribl that I can think of.

Approximately 15 users work with Cribl in my organization because we don't allow everybody access, so it's local.

Cribl does not require much maintenance; just some updates from time to time, but those are really easy.

I do not use the new Search-in-place technology in Cribl Search because it's not allowed in the company that I work for.

I give Cribl a nine because it is very simple to use and it covers a lot of use cases. Best part is you can talk directly to developers / technical support on slack.

Our main use cases for Cribl are Cribl Search, which allows us to search for logs and metrics for our cloud engineering data.

The features of Cribl that I appreciate the most are the ability for in-place searching for our logs, so we don't have to move our logs outside of our cloud, which gives us privacy and compliance requirements.

Other features that we appreciate are dashboarding, alerting, and the ability to save searches so we can rerun them again on a scheduled basis. These features benefit our company in a variety of ways; mostly, our operations team can rerun their searches on a daily basis without having to rewrite the queries, and the ability to keep the data privately in our buckets is a huge requirement for us.

Cribl's ability to contain data cost and complexity is good. The complexity is very minimal. The reason for that is that the data does not move from where it lives. So there is no cost and there is no complexity in terms of moving the data and processing the data out of where it lives currently. Everything is in place, which is huge, and it makes everything so simple.

Cribl is great at handling a variety of volume logs as it is scalable and it uses scalable infrastructure behind the scenes, which allows us to constantly add more logs and it is able to handle it nicely.

Cribl search affected our data exploration practices overall. Cribl search has affected us greatly, and it has optimized our operations teams' time and efficiency. They're able to troubleshoot and find issues for our customers in a minimal amount of time. It also allows us to go back and look, for example, three months back for specific issues. With other tools, it was taking us a lot longer.

The UI is very intuitive in the sense that it gives you the chance to write your own query and customize it. And then once you figure that out, you're able to save it and rerun it on a scheduled basis so you don't have to reconfigure the query every single time.

Cribl can be improved in some ways; one of which is the ability to search multiple regions. Currently, Cribl Search is dedicated to one bucket at a time in the case of S3 buckets. The ability to search for multiple buckets would be awesome.

We have been using Cribl for a little over a year now, and we use specifically Cribl Search.

We have not experienced any downtime or crashes with Cribl; however, we have experienced some delays with some of the Cribl Search queries when the volume of data is humongous. In some parts, due to how the data is partitioned in our cloud, we were aware of those situations. Even though we did experience them, we anticipated those delays, so that was expected.

The process of expanding usage is very smooth, and Cribl Search is very scalable since it does the searches in place where the data grows, and the infrastructure behind Cribl Search is also scalable as it uses a CPU and it just spawns horizontally more instances as it demands and requires.

I would evaluate the customer service and technical support of Cribl as superb; honestly. Every time we had an issue, we created and opened a new ticket for Cribl support, and they were very responsive. Usually, within an hour, we get a response, and we are able to work with them back and forth until we resolve the issues.

Prior to Cribl, we were able to use cloud-native specific solutions which were costly and time-consuming to pinpoint and figure out problems that can happen within a time window. It was not an easy user interface, and operations complained. Because of that, we started looking into other solutions, and that's how we stumbled upon Cribl.

The biggest return on investment when using Cribl is our time minimization for our operations team. They're able to look for customer issues real quickly, as opposed to the previous tools that we had, which were more time-consuming and also more costly. The time saved using Cribl is hours per engineer - about three hours' worth.

I did not deal with pricing directly. We had a team that dealt with Cribl.

We have looked into other solutions without naming names, and we considered major tools that are in the industry that are cloud-specific, cloud-native. What stood out was that Cribl is more cost-effective, and also, the main issue for us was we wanted to keep the data in our cloud.

We don't want to migrate it due to privacy concerns and compliance requirements. Cribl was about the only tool that actually was able to satisfy our requirements, which is mostly the reason why we chose Cribl.

I would advise someone considering Cribl to really look into Cribl products, such as we did for Cribl Search, and really examine the challenges of huge volumes of logs, as Cribl has a really nice suite of products that would satisfy these requirements. Additionally, consider the requirements of data privacy, as the data does not get moved out of your cloud.

On a scale of one to ten, I rate this solution a nine.

We started our Cribl journey at the end of 2022, but we have been evaluating Cribl since 2020. We have been using Cribl from the end of 2022 till now, and the use case that brought Cribl into the picture is a critical business application sending its transactional logs into a database which got overwhelmed due to the sheer volume of logs. We evaluated Cribl for that use case, and now it has evolved into much more than just servicing that use case in our organization, making it a three-plus-year journey into Cribl.

Cribl plays the core essential function of handling the data telemetry pipeline in our organization, enhancing the way we collect data and bring logs from different sources. The way we have deployed Cribl is to coexist with our existing toolsets, not replacing them but working alongside them to bring the data faster and easier while managing the licensing and transforming the data from various sources. The easy agentless collection is the first feature that comes to mind as one of the critical features I appreciate the most, along with its versatility to deploy Cribl Stream for agentless collection and Cribl Edge for agented collection wherever necessary.

Collecting data is where Cribl excels, as it allows us to collect data from diverse sources easily and route it to multiple destinations, all while providing the ability to transform or apply any type of redaction on the fly through an easy-to-use UI. The features mentioned, such as easy data collection from different sources, benefit us by allowing us to be agentless wherever possible. In today's IT world, with a hybrid multi-cloud environment, we can't always deploy agents to collect data, so Cribl's agentless collection mechanism helps us get data into our environment quickly.

Cribl has been instrumental in containing our data costs, especially as we use leading log aggregation and SIEM tools known for their heavy licensing costs by ingest. Placing Cribl in our data telemetry pipeline enables us to achieve streaming the same information to multiple destinations, which fast-tracks the way we conduct POCs with various tools in the realm of observability. I saved over $200,000 in licensing by enriching and transforming the data efficiently, dropping unnecessary information and only sending relevant data to our teams.

When discussing Cribl's ability to handle high volumes of diverse data, such as logs and metrics, it plays a pivotal role. It can be deployed as an agentless collector or an agented collector, giving us control over how we collect data from sources more efficiently. We can send data into an S3 or Cribl Lake, which helps control storage costs while providing better retention aligned with our organizational needs. Firewalls produce a lot of data essential for network troubleshooting and security analytics, and handling it with a third-party log aggregation vendor often incurs high licensing and storage costs. With Cribl, we offload firewall logs from our existing log aggregation tool into low-cost storage with higher retention periods, enabling us to search the data directly using Cribl's search functionalities, creating a unified view for our networking and security teams and achieving close to a 40% reduction in firewall logs.

Cribl can improve by providing automated analytics and advanced parsing capabilities since it handles data at its core. I'm particularly interested in innovations such as Cribl Guard for automated PCI and PII masking, and a more stringent role-based access control feature would enhance security and allow granular control over what users can see and access.

I've been working in this industry for over a decade now, close to a 15-year mark, as I started my career as a system administrator and slowly grew into this managerial role. I've stayed close with the current technology I've worked with since my start till now, and for over seven years, I have been in the monitoring and logging area where I have developed myself into this management role.

Cribl's scalability is impressive, playing a vital role in transforming our logging strategy with its vendor-agnostic design. We use a hybrid deployment approach and a pull mechanism for most data sources. Managing data onboarding and transition becomes easier with Cribl, allowing for efficient growth as needs increase.

Cribl's customer service and technical support exceed expectations, with a knowledgeable sales team and service executive who assist in resolving issues swiftly. Most support requests arise from our limited product knowledge rather than product issues, and the Cribl support team resolves queries typically within four hours.

The biggest return on investment with Cribl is improved handling of data and efficient routing to multiple destinations, saving costs across infrastructure and licensing. Cribl is versatile and continues to develop, allowing us to strategize and manage our observability landscape effectively.

Cribl has been excellent when it comes to pricing, setup cost, and licensing. The team navigates us through their models seamlessly and we adopt Cribl Cloud easily. Within a month's time, we're able to transfer 400 to 500 GB of data from a different logging solution, thus positioning Cribl as a core piece in our telemetry pipeline.

Deploying Cribl is straightforward; we quickly set up our Cribl Cloud tenant and defined the architecture through resident services and core architects. We manage to create a hybrid deployment model efficiently, bringing substantial savings in licensing and infrastructure costs while enhancing our data handling capabilities.

We deploy in a hybrid model, integrating worker nodes and Edge fleet in our enterprise data centers and cloud platforms near our data sources while using Cribl Cloud for management, ensuring limited access to prevent unwanted changes. In our AI journey, we are just getting started, becoming somewhat novice in this area. Cribl has enabled us to lean toward AI by integrating tools such as Copilot, which helps fast-track building pipelines and generating scripts. With Copilot, we see increased productivity, making it a key feature that enhances how we learn and utilize Cribl.

Cribl Search has significantly improved the way we handle and explore data. Initially, we onboarded all networking devices to stream data into low-cost storage, using Cribl Search to query that data, which now gives our networking, security, and operations teams a single data set to query without the need to remember multiple sets. The setup is cost-effective, and the federated method of Cribl Search allows for efficient querying without performance loss, enhancing our analytics capabilities.

Cribl's user interface is straightforward and user-friendly, allowing us to set up data collection sources quickly. It's self-explanatory, helping me navigate and visualize data without relying solely on commands. I appreciate how Cribl's UX caters to users, making tools accessible without needing extensive knowledge transfers. Based on our usage, I would rate Cribl a 10 overall.

Security data is my main use case for Cribl. I ingest data using Cribl Edge and then process the data using Cribl Stream to reduce the amount of volume of the data collected for use in other platforms.

The Cribl Edge features that are easier to use or to manage help me to reduce the amount of people I need to help manage the product.

As part of Stream, reducing the amount of volume provides a financial benefit to allow us to pay less for the other products that we are using the data in down the data path or stream.

The ease of management and configuration of Cribl Edge features is highly beneficial. I have many thousands of Cribl Edge nodes deployed, and it's very easy to make configuration changes across the board or update the agent.

It can contain data cost and complexity. In terms of data complexity and cost, Cribl does a good job at providing solutions that will compress the data while retaining its usable form, or split the data in such that you can retain its original form and send a reduced form to your end destination. In terms of reducing the amount of logs with Cribl for firewall specifically, I am able to reduce the size and reformat the logs so that they are better able to be used downstream.

Cribl has influenced the data processing workflow by allowing us to be platform-agnostic, and being able to separate the data into different destinations is quite easy.

The Cribl UI in general is very intuitive in how to manage log processing and configurations. Customer service and support deserves an 8.5 rating. They are really good at what they do, and you can tell that they are passionate about their product and helping customers have success.

Cribl could be improved by some UI tweaks and some usability tweaks, mostly centered around error troubleshooting for large volumes of Edge nodes.

I have talked to the developers of the Cribl Edge software and they're very open and welcoming to the feedback and are looking to implement changes to help make the product better.

I have been using Cribl for a few months since July of 2025.

Cribl is overall a very reliable product and solution. The few times that I've had any reliability issues, they were quick to help me identify and proactive in helping me identify potential issues in the platform.

We have over 10,000 employees.

Cribl does a good job of handling large volumes of data very quickly. The Cribl Cloud that we have deployed allows for easy scaling to meet the needs of onboarding tens of thousands of Cribl Edge devices in a single day in some cases. Cribl makes scaling for Edge or Cribl Cloud data nodes very easy to add or replace Cribl worker nodes and allows you to, with one click, reconfigure Cribl Cloud workers to be able to ingest higher volumes of data.

Cribl technical support and customer service has been great so far. I really appreciate having a direct line to my Cribl SE or many different Cribl private resources via their Slack channel.

It is a really easy way to quickly get an answer on something rather than having to put in a support ticket, however, support tickets are also fairly straightforward and easy to use.

I did not use other solutions before Cribl that do the same thing as Cribl does.

My experience for deploying Cribl was pretty easy. We have Cribl Cloud, and they make that a very simple solution to stand up. And for the on-prem resources that we have for Cribl workers, those were also easy to stand up and get connected to the cloud. So, overall, it's very easy to deploy the platform and to get it to configure.

The biggest return on investment is probably the log reduction capabilities while retaining the essential information from the logs. In some cases, greater than 80% reduction is achievable. Across thousands of endpoints, it really adds up quickly.

The pricing for Cribl was fairly straightforward. They have a universal license that allows us to consume the portions of Cribl that we want to use or flex into other portions of Cribl. We primarily use Cribl Edge and Cribl Stream at this point, but we could also use the same license for Cribl Lake or Cribl Search.

I did not consider other solutions in my company before choosing Cribl.

I've worked in information security for over ten years.

With any SaaS solution, it's sometimes a difficult decision to decide to do on-premises versus a SaaS solution for on-cloud. I would recommend Cribl on Cloud for its ease of use and manageability. The managed updates are very nice and they have a proactive services team that helps monitor the infrastructure.

Overall, I would rate Cribl nine out of ten. While there are some shortcomings, the direct feedback loop they give to customers makes it a really good product overall.

Our use case for Cribl is actually a data pipeline where we collect logs from the source and we stream it through Cribl and then to a destination. The destination is mainly the SIEM tools such as CrowdStrike or SecOps. We collect the logs from various sources, and even the Windows logs are streamed through Cribl worker nodes and data lakes. For example, if it is AWS, from the S3 bucket we stream to Cribl and then send it to Google SecOps, which is the primary SIEM we are using.

The best feature in Cribl, when getting logs from some custom application, is the ability to break up logs that pile up together and come as one event.

Cribl has a feature called JSON Unroll or Unroll function that allows you to differentiate the events; each event will come ingested as a single log instead of piling it up with multiple events. This is critical as this generally happens in CrowdStrike. This feature helps us significantly.

When the ingestion is high from unwanted logs, logs not related to security purposes can be dropped by writing the parser function. By dropping events that are not required for security purpose monitoring, we can reduce the ingestion, which drastically reduces the cost as well. Cribl gives another option where I can store some logs, and when needed, I can pick them up from there.

The interface is very handy and not very complicated, yet there are many functions you can perform. You can play around with numerous functions, parse there, and add UDMs to SecOps, which makes it really easy.

To simplify the pipeline, when we go to the pipelines, there are vast options. We can make it specific requirements based on the customers. I would prefer a customized or simplified version. Cribl is a very good platform to work with, with lots of features that other platforms don't provide.

Cribl is a stable product, however, there are areas for improvement. Their documentation should be updated.

I have been using Cribl for a year and a half.

Cribl is a stable product, but there are areas for improvement. Since Cribl is on-premises, server maintenance is required, and we have an IT team specifically to look into that. We are not worried about that.

There is a similar platform by Google called BindPlane, which is not capable of handling high volumes of data as the data gets stuck in the pipeline, causing ingestion delays.

However, Cribl does not present that problem. Since I have worked with both data pipeline tools, I can compare and say that Cribl is more mature than others.

I have not reached out to Cribl support. That said, my colleagues have.

I'm using another product called BindPlane, which does almost the same things; however, Cribl is a very mature product with many functions. You can use the Eval function, Unroll function, break events, add any particular field you want, or parse in Cribl before sending to a destination.

The initial setup involves dropping some events that are not required for security purpose monitoring. This is based on suggestions from our SOC team or customers.

The deployment itself is a bit compicated and the documentation is not very clear.

We are a partner with Cribl. We have CrowdStrike, and CrowdStrike has partnered with Cribl; they even changed the name to CrowdStream.

It has saved my cost and our customers' cost drastically since I cannot drop the logs directly in SIEM. In Cribl, I can drop the logs, and when I'm not ingesting them, their licensing cost is drastically reduced.

Cribl Search is quite handy; you can use regex where there's a function that contains, and you can search for a specific keyword, which shows everything that matches that keyword. After playing around a couple of times, it becomes easy. At first, it is complicated; you need to go to worker groups, select the data lake, select the worker node. Once you get used to it, it's quite handy. I would definitely recommend Cribl to other users.

Based on my experience, I would rate Cribl eight out of ten.