As an engineer, you know your company’s problems, and you know what to do about them. However, being heard within your organization and funding a project can be challenging. Top executives might not understand your job’s ins and outs of the tools you need to do it well. Still, you need people holding the purse strings to understand why investing in your idea is brilliant.

“Hasn’t everyone already migrated to the cloud?” is a question you might be considering now. For many businesses – sure, they’ve migrated workloads and operations to the major cloud providers like Amazon Web Service, Google Cloud Platform, and Microsoft Azure. Still, many businesses have just now worked through their due diligence and scalability concerns. While many businesses are “fully cloud,” there are just as many yet to migrate.

Understanding the expected behavior of the Splunk Load Balanced (Splunk LB) Destination when Splunk indexers are blocking involves complex logic. While existing documentation provides details into how the load-balancing algorithm works, this blog post dives into how a Splunk LB Destination sends events downstream and explains the intricacies of blocking vs. queuing when multiple targets (i.e., indexers) are involved.

While tuning isn’t strictly required, Cribl Support frequently encounters users who are having trouble getting data into Stream from Splunk forwarders. More often than not, this is a performance issue that results in the forwarders getting blocked by Stream. When they encounter this situation, customers often ask: How do I get data into Stream from my Splunk forwarders as efficiently as possible? The answer is proper tuning!

Cribl Stream is awesome at routing your server logs and making your job easier, but could it help you outside of work and potentially make your personal life easier? The short answer is: Yes. I’ve personally used Stream to build a notification system to inform me when certain products go on sale or when fully booked appointments become available. In this blog, I’m going to take this a step further and show you how to.

In this conversation, Cribl’s Carley Rosato talks to Aflac’s Shawn Cannon about his role as a Threat Management Consultant, and how he manages their SIEM environment, brings in new data as needed, and works to improve the ingestion process. Our customers are always coming up with new and exciting ways to implement Cribl tools — importing a 34 million-row CSV file into Redis and enriching events in Splunk might be one of the most impressive we’ve seen so far.

Google Workspace is a robust set of productivity applications with billions of users and millions of paying organizations. These include small mom-and-pop shops and the largest enterprises. Google provides the Google Reports API, “a RESTful API you can use to access information about the Google Workspace activities of your users.” This data is critical for establishing a solid security posture.

Data is growing, and we are being asked to search larger and larger amounts of data. This puts larger and larger demands on Search resources. Reading all the data to find matching events is muscling through the data. Wouldn’t it be more efficient to be able to do filtering before reading the data? Cribl Search does precisely that by leveraging Parquet Pushdowns.

In the US, a recurring news topic is the state of the federal budget – and if we’ll get one signed. Government budgets have hundreds of thousands of line items; each bickered over to gain or lose political capital with one group or another. However, most government budgets aren’t up for debate. Only about 30% of the US federal budget is discretionary or flexible. Nearly two-thirds, or 63%, is mandatory spending required due to prior commitments.

In the ever-evolving world of data analysis, the ability to interact directly with live API endpoints is a significant advancement for practitioners. Cribl Search now offers this capability, enhancing your data analysis toolkit. This new feature allows you to gain broader visibility into the periphery of your infrastructure, enabling a more comprehensive analysis of user journeys and operational trends.

In the world of data management, Cribl offers various methods to enhance data using the Lookup Function and many C.Lookup Expressions. While Cribl’s documentation is comprehensive, practical examples are often the most effective learning tools. That’s why we’ve introduced the new Lookup Examples Pack.

Cribl Stream is a real-time security and observability data processing pipeline that can be used to collect, transform, enrich, reduce, redact, and route data from a variety of sources to a variety of destinations. One of the popular destinations for Cribl users is Elastic SIEM. This blog post will walk you through the steps on how to set up Cribl Stream to normalize and forward data to use with Elastic Security for SIEM.

In this blog series, we’ll explore how Cribl Stream can leverage your existing cross-domain solution (CDS) to easily collect and send your log and metric data between disparate security domains or across air-gapped networks. The goal is to retain as much fidelity of the data as possible, deduplicating processes and simplifying management efforts.

Transunion is an American consumer credit reporting agency that operates in over 30 countries. They use Cribl Stream to aggregate and route regional data into a centralized hub, presenting it in a single dashboard that admins can use to interpret the overall health of their system. Watch the full video on YouTube or below to see Transunion’s Steve Koelpin and Don Reilly walk through this use case.