Organizations have different data lakes they use to search, whether it is Splunk, Qradar, or Sumo Logic just to name a few. Exabeam (UEBA Advanced Analytics) sits on top of those existing data lakes and pulls specific sources by running continuous queries every few minutes into Exabeam. The image below shows a Splunk query to pull windows event logs into Exabeam Advanced Analytics over the port (8089). The query is complex.

When we created Cribl Search, we wanted to give systems administrators the ability to query data without having to spend resources on collection and processing first — but we didn’t stop there. With Search, we’re also making it possible to query all the data you’ve already collected, processed, and kept in places like object stores, file systems, analytics tools, S3 buckets, or other data stores.

Picture this! The coffee is hot, the keyboard is ready to rock, the bandwidth is unused, and the software is deployed (or the cloud is waiting patiently)…. but the data is missing! That’s right, most of us have been there. In our industry, it is very common for data to be the lowest common denominator for many projects.

We’re excited to announce that Cribl integrates with Amazon Security Lake. Amazon Security Lake allows customers to build a security data lake from integrated cloud and on-premises data sources as well as from their private applications using the Open Cybersecurity Schema Framework (OSCF).

One of the most useful features of Cribl’s flagship solution Stream is its ability to separate the wheat from the chaff in your data’s journey from source to destination — Stream allows you to control what data goes to what system, Cribl Search, takes this to the next level by controlling what data should be collected before it is ever put in motion.

Keeping with our mission of helping customers gain radical levels of choice and control with their observability data, we’re excited to announce full support for the Amazon Web Services (AWS) Account Factory Customization solution within AWS Control Tower console. Customers can now use AWS Control Tower to define account blueprints that scale their multi-account provisioning in a streamlined manner.

These days, administrators typically have to deploy multiple tools to search through all of their datasets – then they get to spend the little free time they have left over dreaming of a world where they could search multiple distributed datasets simultaneously, similar to existing web search tools. They might have one tool for Splunk, another for Elastic, and some may even still be using grep or some other cumbersome function to search non-correlated data.

Here at Cribl, we’re big on GoatFooding. We not only prepare but consume our own products, in our own products. Today we’ll pull back the curtains to shine a light on how we use Cribl products within our Cribl.Cloud service. Cribl is a pioneer in the observability space, so what better way to use our products than by observing Cribl.Cloud?

The traditional approach for searching observability data is a tried-and-true: Once all the search staging is accomplished, we can perform high-speed, high-performance, deep-dive analysis of the data. But is this the best way or even the only way to search all that observability data? The answer to the first question is maybe, as it depends on what you are trying to accomplish. The answer to the second question must be a resounding no.

As of 2022, 49% of enterprise workloads and data are in a public cloud, and that number is expected to increase by 6-7% over the next year. Why? With big cloud moves come big benefits: optimized performance, reduced management overhead, and cost savings on data centers. However, it also comes with the struggle to get a handle over never-ending data growth. Customers are looking to Cribl to help route and process that data at scale and need a seamless way to get started within minutes.