We use Cribl for log management.

Cribl has the ability to send data to different destinations, making it a vendor-agnostic tool. For log management, we can parse values or enhance fields at Cribl level and then send it to different destinations such as S3, Splunk, Elastic, or other destinations. This feature is the one I love most because it acts as an intermediate heavy forwarder which can route data to different destinations.

Cribl is intuitive and user-friendly in navigating the UI.

Some of the integrations such as SNMP need improvement, and I feel Cribl should improve on SNMP integration and also on the database monitoring space. These two areas need improvement.

I have been using it for one and a half to two years.

Cribl handles volume of logs effectively. In case of any issues, Cribl support does their job in resolving the issues. Overall, it handles the volume of logs very effectively.

I rate the technical support for Cribl as nine out of ten.

Cribl is solving these issues and bridging the gap. There is Splunk which is equivalent to Cribl, but Cribl is currently leading in this space. There may be other alternatives, but they are still in evolving phase. Cribl is a mature product.

Cribl is easy to deploy. Spinning it up does not take much time, just about a week's time. However, getting the data in and configuring those destination sources will take time.

For scalability, I would rate it as nine out of ten.

I am not aware of the data cost. However, Cribl solves the complexity of having different agents installed. If we shift from Splunk to Elastic, we would have to get a new agent installed and point our applications to Elastic. With Cribl, it solves the complexity of having multiple agents in between and forwarding data. We can forward it to Cribl and then Cribl can send it to wherever we like. This kind of complexity is something it solves.

Big businesses use Cribl.

I assess the stability of Cribl as eight out of ten. I recommend Cribl for others looking to implement this product. I would rate Cribl overall as eight out of ten.

Transform data and reduce ingest licencing in other products (Splunk).

I have seen a decrease in logs with Cribl, but I think a lot of people expect it to decrease significantly; we are just slowing down the increase. People need to take into account that the log growth is exponential. I think this is a good takeaway. Also you get your investment back the moment you prolong your other solutions where the ingestion has decreased not sooner.

I think that most people use Cribl Stream, but not the other products; they mainly have the use case to reduce data. To get the other products to work for customers, there need to be better solutions, and it needs to be crystal clear what the product will bring them.

Searching data on the source, is not yet wanted/allowed by companies due to (to my opinion) outdated security rules.

that the right data is in the right place. talking about transforming and only sending the parts of the logs that are useful, reduce of noise.

I think the best features in Cribl are that you can do everything via the UI, making it very user-friendly, and you can see examples of the data live to preview your processing.

Using Cribl for five years has simplified a lot of use cases when onboarding data, and because it is simplified, it takes less time, which is a huge win.

I think a lot of companies would benefit from a smaller starting license. Perhaps make it free till 100GB for 1st year, that way companies will adopt easier.

I have been working with Cribl for five years.

I would rate the stability an eight out of ten because, although I rarely experience downtime, I would say it's an eight out of ten.

Cribl works fine if you scale properly, handling high volumes of diverse data like logs and metrics effectively.

Cribl is scalable for my organization and I would rate it a nine, but when onboarding a new data stream, it is sometimes hard to know how much impact it will have in your environment. Based on some calculating figures, you don't know beforehand what the impact will be.

I would rate the technical support for Cribl a nine.

No, other companies offer bits and pieces of what Cribl does, but not a comparable solution.

My experience with the deployment of Cribl is that it's really easy.

It takes a day to instrument Cribl, but onboarding all the data takes weeks.

In my company, Cribl is purchased directly, but in another company I worked with, it was via a partner.

Its an easy win for larger companies, other ingestion costs are for instance 600 dollars per GB per year and cribl maybe like a 100, thats a 500$ win per gb, so easy to get money back. the starting license however is 1tb which might by a drawback for smaller companies.

Its an easy win for larger companies, other ingestion costs are for instance 600 dollars per GB per year and cribl maybe like a 100, thats a 500$ win per gb, so easy to get money back. the starting license however is 1tb which might by a drawback for smaller companies.

I think Cribl is quite a unique product with no real competitors; there are competitors that do bits and pieces, but not the full product. If you take Splunk, you can do bits but you cannot send your data to other platforms, so it isn't really a comparison.

There are no cons for Cribl that I can think of.

Approximately 15 users work with Cribl in my organization because we don't allow everybody access, so it's local.

Cribl does not require much maintenance; just some updates from time to time, but those are really easy.

I do not use the new Search-in-place technology in Cribl Search because it's not allowed in the company that I work for.

I give Cribl a nine because it is very simple to use and it covers a lot of use cases. Best part is you can talk directly to developers / technical support on slack.

My use case is log management. The problem was in Sentinel where Syslogs park in a separate table and CEF logs park in a separate table. We were planning to convert the Syslogs to CEF format, which was not easy in Sentinel. Cribl helped us accomplish that.

There were many applications working in the client environment with ingested logs that had different column names. We normalized those using Cribl.

I appreciate Cribl's overall flexibility. If I can use regex, I can write KQL things in the pipeline. The built-in functions, which are really good, are very helpful.

I value that Cribl shows the payload before conversion, after conversion, and what has been transferred to the destination. This transparency is really great.

Cribl is intuitive. A user can easily see how the payload or log looks before conversion and how it looks after conversion, and what has been transferred to the destination. This makes it very interesting and intuitive for the user.

I don't think there is much complexity because the documentation is good and Cribl University helps a lot to understand the product. Cost is sometimes a problem with customers if they don't have budgets. Otherwise, it is not that much. The value addition that Cribl provides compared to the cost is significant.

Cribl is easier to use. The only area that Cribl should focus on is cost-effectiveness. I have deployed Cribl at four clients, and the major challenge in convincing them was the cost.

I have been a user of Cribl for the last three years.

I don't think any of my customers have required maintenance or generated a ticket complaining about any problems in Cribl. It's working fine.

It is manageable. It depends on how you manage it. If you manage smartly, then there is no problem. Otherwise, sometimes one or two logs can create a problem.

I encountered technical support three times and I must rate it as eight out of ten. It was really awesome and very supportive.

I would rate it as nine out of ten. During deployment of four customers, I had to contact the support team only three times, and that was also my fault. There was not a problem in the product. Cribl is very stable and a mature product.

I have worked on Virtual Metrics, which is a Dutch solution, and Ninja, which is something else, but they also provide similar services. However, Cribl is a very mature product.

I have seen a few more tools like Virtual Metrics and others, but Cribl is on top.

If you have gone through the documentation properly and completed Cribl University's courses, then it is easy to deploy and implement. It is not a difficult thing.

Currently, I am not pursuing a partnership. Earlier, we discussed with Cribl, but then we decided to go for three to four years without any partnership, and later on, we will look into it. Maybe in 2027, we will discuss with Cribl to develop a partnership, like becoming a reseller.

If I count the total of four customers, it is almost 23 users.

I have not used it until now, but I am working on Cribl AIDI, the AI feature which has been recently given in Cribl. I am learning in that area.

I think it will reduce my workload a lot. It will manage many things on my behalf if I successfully use it in a smart way.

I have seen two other solutions which claim to be competitors to Cribl. If I compare with them, I will give ten out of ten to Cribl. It is a very detailed and very mature product.

It depends on whether your use case is strong enough and you think that Cribl is the only solution which can solve your problem. If so, then cost is nothing. Otherwise, it is a little expensive.

First, when I feel that any of my customers should deploy Cribl for their use case, I discuss it with them. If they don't have budget or any constraints, then we look around. Otherwise, my first priority is always Cribl. Going with my first customer, I was a little hesitant to deploy Cribl. However, once I deployed it at my first customer and seen the results, I had evidence. Then my first priority became recommending Cribl.

Basically, it is not my area, but if you convince the customer and the end user upon the value addition that Cribl will provide them, then cost is a secondary thing.

I give this review an overall rating of nine out of ten.

My current use cases mostly involve using Cribl before Splunk to reduce the license by normalizing the logs, by reducing the raw data and dropping the unwanted data. Cribl can process different formats, and the team can easily adopt it, so any data will be modified. These are the use cases, as I mostly use Cribl for Splunk purposes. Additionally, if I am required to send the data to other destinations, I can use Cribl because during a migration process, I typically have two similar solutions to send the data to those two particular destinations.

For instance, if auto information is not available, Cribl will remove it from the log itself.

If the firewall logs are needed for security or IT purposes, I can easily send them to different destinations.

What I like the most about Cribl is its Web UI feature, which is totally user-friendly and has many functions that can change the data structure. That is the main thing I appreciate. I can also reduce the size of particular items, and since Splunk's license is high, this functionality is very helpful. This is the main feature, but for this purpose only, I am using it. Most of the tasks are handled in Cribl, which makes it easier for Splunk to parse the data and maintain SIM compliance.

Cribl handles high volumes of diverse data types, including logs and metrics, quite effectively. It has separate handling for metrics and can manage them easily based on size. Prior to handling data, the appropriate memory size for the CPU needs to be determined to accommodate a higher amount of logs and metrics.

Cribl acts as a super product because it enables one source to send to multiple destinations using only one copy.

To develop user skills in Cribl, it needs to improve some certifications, as the ones I have taken are not entirely helpful in the main projects for the clients. The documentation requires more improvement in the certification aspect to better develop user skills.

I have been working with Cribl for two years.

Cribl's stability is good, with no issues present. I have been working with it for two years, and it is only helpful in changing the data.

For scalability, I would mark it as nine out of ten.

I have contacted the technical support for Cribl, and I found their service to be good. I faced an issue for one of my customers who couldn't send the universal forwarder internal logs to display in the monitoring console. They quickly resolved this by enabling something in their worker, allowing the customer to receive all the information they required.

I have not used any alternatives to Cribl; there is no similar product I have utilized.

The initial deployment of Cribl is easy, with a few steps similar to Splunk. The installation process is straightforward, and ample information is available in the documents. All the documentation can be found in Cribl university.

I remember that it takes approximately two hours to fully deploy Cribl for the first time, especially for clustering. For the deployment of the leader and the workers, if all the requirements are met, including network requirements with no port issues, I can deploy Cribl base within that timeframe.

One person is enough to deploy Cribl; a team is not necessary.

I have seen a decrease in firewall logs with Cribl; I have almost a thirty percent decrease when estimating usage. Cribl effectively reduces unwanted logs, eliminating what is not required or what is unavailable.

Regarding pricing, I find it okay because Cribl is used to reduce the costs associated with Splunk. Comparatively, the Splunk license pricing is acceptable, so I have no issues with the pricing. Customers prefer to use Cribl instead of the Splunk license due to these benefits.

I have not used any alternatives to Cribl; there is no similar product I have utilized.

I have no dislikes about Cribl, but I notice that there is only an extra product in between when using Splunk. However, if I have different destinations, Cribl acts as a super product because it enables one source to send to multiple destinations using only one copy.

Their ongoing improvisation means they are consistently getting new features, and they are continuously improving.

I would give Cribl a score of nine out of ten.

I was not regularly using the same tool, but there was a time when our team needed to migrate some data from one tool to another, and during that data migration phase, we used Cribl for six to seven months. We did some coding from Splunk to Elastic to send our data logs.

Our use case was majorly to migrate our data from Splunk to ELK, which are two different observability platforms that we use in our team. Because our team was switching to Elastic, we needed the same data that we use in Splunk. In Cribl, we created pipelines and data routes to share the data. The admin side clipped the IP address from Splunk into Cribl and from Cribl to ELK, whatever the scenario was for them. Majorly, we used it for the data migration.

When managing log processing tasks, I would go with the first option regarding the user interface; it was pretty simple. It took me some time to understand the logic and how to create pipelines, but with some time, I got really comfortable, and I would really recommend it. The UI was nice, easier, and faster. In the beginning, it was a bit tricky, but once you get a hold of it, it is really nice to use.

The things that you mentioned were easy to use, and since we did not have any experience in Cribl, it was easy to code. Index is equal to this and all that; that was pretty easy. Setting our pipelines, setting the data routes, and understanding those things was pretty simple. I really liked that and the interface. When I write code, I can see on the right-hand side that the events occur. Input and output, those sort of things, I really liked all of that. It made it pretty easier to understand the data and what we had filtered there.

In Cribl, I feel that maybe I am not aware of it, or maybe it is already there, but I think if there was a way to learn more about it. There are a lot of areas to explore. For example, if my work is only around creating pipelines, I am only expert in that. If I would like to learn more about the other things that Cribl can do, I feel there is not a lot of learning material. Or maybe I have not searched enough; maybe there is because I remember we learned from Cribl only. There was a Cribl course, and then we got a little idea of it. But if I want to explore particularly in one area, like a tool can do a lot of things, so if I want to learn about the 'B' section, how it does, what it does and all that, I feel there should be an easy manual or something. Maybe there is, I am not aware of it. That is what I thought; the application was nice. After some time, we were really comfortable. But if I want to learn more, can I get those manuals easily in the market and all that? I am confused on that part. Maybe there is, but maybe I am not aware of it.

Again, maybe I am not aware of it, maybe there is already. If there is, then nice. If in the future I would like to learn more, then maybe I will go there. But if not, that would be really nice because people are really interested in this tool when it comes to migrating and all that.

Six to seven months.

The tool is stable. I would rate it a nine.

There are times when the data is not present in the second tool, the output tool. People do some monitoring on Cribl's side to see if someone turned off the data set or something like that. I think it requires a little maintenance in six to seven months, or if there is a bug. But I am not sure if that is a painful task because I am not around for that. So I am not sure how much painful that is, but I think it does require some maintenance in short to long term, at least once.

Technical support, I think nine. Nine or 9.5. Whenever needed, there were Cribl experts and all that, so they were able to resolve anything. If they needed, the support team was always there. I would say 9.5.

I have only explored Cribl, and I did get a sample box for other tools from some people on LinkedIn, but I have not tested it out. Maybe if I was primarily working on this tool, I would have explored those things. But I have not, so I am only aware of Cribl. I cannot compare with others since I have not tried them.

The initial setup process was straightforward.

I would rate the return on investment a nine.

I am not aware of the pricing because I was not a part of it. We were developers. But as far as I understood, I think it is a bit expensive. I am no one to complain, but there was this person on LinkedIn who mentioned they also have a common tool like that, and they were saying that they have a cheaper way to do it. I heard that this might be expensive. Since the cost area was all on the admin side and the architect side, we were not in the loop with the costing, but I have heard that this is expensive. There are other tools which can do the same job cheaper, but I think they also might miss some of the advantages of the tool.

Many filters we use really decreased the number of events going on, but not in the firewall. I am not aware of that; I am not an expert in that area.

Regarding the ability to contain data cost and complexity, I felt it was pretty easy. Because of the routing system and all that, I can manage my data in a certain way that you have to filter out this and that. I would say it was nice.

I do not think regarding the new search and place technology feature of Cribl Search. Maybe if I have used it, I do not feel that I remember that part, or maybe I have not.

I have mostly positive feedback with no reason to say no because I am not paying or anything, so I am not aware of the cost. Mostly because of the positive reasons, I would say it is easy to use, it is sustainable. The support is nice, the coding is quite easy to understand, there are a lot of functionalities there. You can do a lot of things, and the data migration is very easy. For all these reasons, if you are stuck between two things and majorly what our team did was use it for migration, you can always rely on Cribl. My overall rating for this product is nine.

Cribl is used to manage routing of different log systems and vulnerability type log scanning and retention, which is then re-routed to log retention servers. Firewall logs are sent directly from firewalls into Splunk, which is where Cribl also sends data, so Cribl is bypassed for firewalls. Cribl is primarily utilized for internal servers, systems, and endpoints.

The ability to make different variations and adjustments within Cribl to scan for specific items or to get an overall scan is valuable. Cribl's ability to contain data cost and complexity makes the system much easier to use. The cost is higher than preferred, but it is considered the cost of doing business. Data ingestion costs increase with higher ingestion levels, but by maintaining similar or lower levels and refining tuning and ingestion as it comes, costs have been maintained and remain within expectations.

Cribl's interface is user-friendly and easy to learn, making it simple to teach new users how to use it.

Cribl handles a high volume of diverse data types very well, such as logs and metrics. However, the endpoint plug-in tool can use some refinement, as it tends to hit system resources and can sometimes be detrimental to systems to the point where it must be turned off and a scan restarted when a user is offline.

Outside of the endpoint issue, there may not be much that Cribl can do better in the program itself. It becomes tedious when one-off fixes are needed because a user submits a ticket complaining that their system is unusable due to Cribl performing a scan.

Cribl has been used for approximately six years in a career, not necessarily on this job only.

No lagging, crashing, downtime, or instability has been observed in Cribl itself, only in the endpoint scanner. The system itself has been very solid.

Cribl is fairly easy to scale. If ingestion levels need to increase or decrease, adding new nodes is not an issue. Adding the endpoint scanner is not difficult and is fairly easy to use and upscale as needed.

Customer support or technical support through a ticket or email has not been contacted personally. The DevOps team, which handles maintenance updates, has contacted support when running into an issue, which may occur once a year if that, so nothing major has been cause for concern.

The initial deployment of Cribl was somewhat tedious due to the environment being specialized and restricted in an air-gapped setup, so everything had to be built on-premise. This made deployment more difficult when unable to reach the internet to get updates. It took some time, but this was strictly due to the restricted environment, as everything had to be placed on a hard drive, brought across, updated, and then troubleshot through that effort.

No alternatives to Cribl have been tried because there has been no need to.

Cribl requires routine updates, with no other real maintenance required. This review is rated an eight out of ten.

I'm a SIEM engineer and we use Splunk and other SIEM tools. Since other SIEM tools are too expensive and security teams need different data to come into their SIEM tools, Cribl helps us filter out unwanted logs coming from syslog devices and other networking devices, which saves our license. We save around 2.2 TB every day using Cribl. All our logs go to Splunk, and we have Cribl positioned between our log sources and Splunk as the main function.

We also use Cribl for filtering and sending data to different outputs. One output is Splunk, and others include Kafka topics and different source sites like Pub/Subs, HEC endpoints, Google Pub/Sub, and Amazon S3 buckets for long-term retention of certain logs.

Recently, I have not yet worked with Cribl Cloud in production, but I had an opportunity to get hands-on experience with their lab environment.

I loved the way they created their cloud and their AI capabilities are good there. Another valuable feature of Cribl on-premises is the way it helps us filter out logs. It's a very easy tool to understand for someone new to these things, and it's easy for us to explain to new recruits we hire.

Firewall logs contain a lot of entries that security teams and audit teams don't require. We use filtering and regex in Cribl to remove unwanted logs that no one requires, such as entry logs and in-and-out logs that the syslog and firewall device would send anyway. We only need the threat logs and security logs. We save around 1 to 2 TB of logs every day using Cribl.

Regarding complexity, as I mentioned before, Cribl is very simple to use. When I started 2.5 years ago, it was very easy to learn. I learned Cribl within a week, and even though I was a fresher at the time, it was easy to understand and not complex enough that someone would need to spend money on labs. It's not that complex to learn.

Regarding cost efficiency, it's very good because nowadays the SIEM tools we use are too expensive on license, and SIEM tools base their license on how many logs get ingested. The unwanted logs, particularly firewall logs, represent a significant portion of unnecessary ingestion. Cribl saves our license by filtering out half of the firewall logs that are unwanted. Our main purpose for using Cribl is to save our license and save money.

Currently, everyone is moving toward AI agents. We currently use regex, and AI agents could help us create those regex patterns to drop events or add raw data to events. Currently, we sit down, review the logs, and create regex patterns manually, which can be time-consuming. An AI agent could reduce this time. I read some articles indicating that Cribl Cloud has started using AI and considering MCPs and model context, but I'm not certain how far along they are. If Cribl asked me what they could improve, that would be my suggestion. The support is very good, and I had a few issues with Cribl where I raised support cases and received good responses, which is better than the quick response I didn't get from other SIEM tools and vendor tools I use.

Compared to other SIEM tools, Cribl is cheaper than Splunk and DataDogs. However, it's still a bit expensive from my point of view, though I won't call it expensive. Overall, I think 99% of companies use Cribl before their SIEM tools, and compared to SIEM tools, Cribl is cheaper. Companies can use any SIEM tool such as Google, Splunk, or Cisco, and Cribl is cheaper than those SIEM tools. They might have a slight chance to reduce costs further, but I'm not the correct person to evaluate that since I'm more focused on the operational side.

Regarding training, it was quite easy to grasp. It took me almost a week to understand the basic functionalities and what Cribl does. Getting more expertise took additional time, but basic functionalities and understanding what Cribl does took around four to five days. One point I want to mention is that Cribl could improve their labs or training materials in their Cribl Cloud or whatever portal they have.

I have been using Cribl personally for around 2.5 to 2.8 years. My company has been using it for a longer time, but I joined the company seven months ago, so my hands-on experience with it is around 2.5 to 2.8 years.

Regarding the metric part, I haven't worked much with it, so I can't tell much more about that. However, regarding log volume, it's very good. I have personally used Cribl with 10 to 12 TB of data per day in 24 hours, and I have not found any problem with log latency or ingestion issues, or Cribl not being able to handle this volume. I have not faced such issues on the logging side. On the metric side, I'm too new to provide an answer.

Currently, I haven't seen any instability or latency issues. We tried to boost logs from 4 to 5 TB up to 7 to 10 to 12 TB, and we didn't find any lagging or Cribl going down. We found initially negligible latency, but with the help of their support team, we figured out how to improve our latency. Till now, I haven't seen any outage or severe outage that would require a serious discussion about needing a resource to maintain Cribl. I don't recall the last time we maintained Cribl or checked how it's running. Maintenance is very rare.

Cribl scales very well. I'm not entirely certain about the license aspect since it's based on how much log volume we put in. Initially, we had around 3 to 4 TB of license ingestion, and then we increased it to 8 to 10 TB. We raised a request to increase the license and got a new license with 8 to 10 TB of logs per day ingestion capacity. We were able to scale it very quickly without much effort required. That was a doubling from four to eight or 10 TB, but I have never tried scaling beyond that, and I haven't heard people complaining that Cribl cannot scale up.

The best part about Cribl from a scalability point of view is that it doesn't require much operating system configuration. Otherwise, we need to check every time those servers get patched, and we need to verify that anything changed on the operating system doesn't affect Cribl. That's not happening with Cribl. Any small issue on the operating system end also doesn't impact Cribl. Compared to other SIEM tools I use, any slight change on the operating system end impacts a lot on our SIEM tools and other things, but Cribl performs well in that regard.

The support is very good. I raised a few Cribl support cases for issues I encountered and received good support from them. This is better than the quick response I didn't receive from other SIEM tools and vendor tools I use.

We have not used license-based tools previously. We tried using Logstash and Fluentd, which are open-source tools, but only for demo purposes. Since those are open-source tools, we cannot compare open-source tools with license-based tools. I never had a chance to work on any license or vendor tool related to Cribl before.

We check the latest version of Cribl and upgrade to the latest version or whatever version we are comfortable with if a new version is available. Overall, we don't see any regular maintenance required. We are using Cribl on our virtual machines, and one good point is that Cribl doesn't require much operating system configuration. Basic operating system configuration can run Cribl. Compared to other SIEM tools that need legitimate operating system configuration and their operating system kernel versions, Cribl is quite friendly in that regard. Simple basic operating system configuration works, and Cribl doesn't need regular maintenance where we need a resource running maintenance tasks every day.

From an engineering view, I would rate Cribl nine out of ten. I'm not certain about the license and pricing aspects, which is the one thing I consider. Overall, I enjoy working with Cribl and would give it an eight to nine rating. However, I'll give it an eight because there are always points of refinement, and nothing is perfect. My overall review rating for this product is eight out of ten.

Our main use cases for Cribl are Cribl Search, which allows us to search for logs and metrics for our cloud engineering data.

The features of Cribl that I appreciate the most are the ability for in-place searching for our logs, so we don't have to move our logs outside of our cloud, which gives us privacy and compliance requirements.

Other features that we appreciate are dashboarding, alerting, and the ability to save searches so we can rerun them again on a scheduled basis. These features benefit our company in a variety of ways; mostly, our operations team can rerun their searches on a daily basis without having to rewrite the queries, and the ability to keep the data privately in our buckets is a huge requirement for us.

Cribl's ability to contain data cost and complexity is good. The complexity is very minimal. The reason for that is that the data does not move from where it lives. So there is no cost and there is no complexity in terms of moving the data and processing the data out of where it lives currently. Everything is in place, which is huge, and it makes everything so simple.

Cribl is great at handling a variety of volume logs as it is scalable and it uses scalable infrastructure behind the scenes, which allows us to constantly add more logs and it is able to handle it nicely.

Cribl search affected our data exploration practices overall. Cribl search has affected us greatly, and it has optimized our operations teams' time and efficiency. They're able to troubleshoot and find issues for our customers in a minimal amount of time. It also allows us to go back and look, for example, three months back for specific issues. With other tools, it was taking us a lot longer.

The UI is very intuitive in the sense that it gives you the chance to write your own query and customize it. And then once you figure that out, you're able to save it and rerun it on a scheduled basis so you don't have to reconfigure the query every single time.

Cribl can be improved in some ways; one of which is the ability to search multiple regions. Currently, Cribl Search is dedicated to one bucket at a time in the case of S3 buckets. The ability to search for multiple buckets would be awesome.

We have been using Cribl for a little over a year now, and we use specifically Cribl Search.

We have not experienced any downtime or crashes with Cribl; however, we have experienced some delays with some of the Cribl Search queries when the volume of data is humongous. In some parts, due to how the data is partitioned in our cloud, we were aware of those situations. Even though we did experience them, we anticipated those delays, so that was expected.

The process of expanding usage is very smooth, and Cribl Search is very scalable since it does the searches in place where the data grows, and the infrastructure behind Cribl Search is also scalable as it uses a CPU and it just spawns horizontally more instances as it demands and requires.

I would evaluate the customer service and technical support of Cribl as superb; honestly. Every time we had an issue, we created and opened a new ticket for Cribl support, and they were very responsive. Usually, within an hour, we get a response, and we are able to work with them back and forth until we resolve the issues.

Prior to Cribl, we were able to use cloud-native specific solutions which were costly and time-consuming to pinpoint and figure out problems that can happen within a time window. It was not an easy user interface, and operations complained. Because of that, we started looking into other solutions, and that's how we stumbled upon Cribl.

The biggest return on investment when using Cribl is our time minimization for our operations team. They're able to look for customer issues real quickly, as opposed to the previous tools that we had, which were more time-consuming and also more costly. The time saved using Cribl is hours per engineer - about three hours' worth.

I did not deal with pricing directly. We had a team that dealt with Cribl.

We have looked into other solutions without naming names, and we considered major tools that are in the industry that are cloud-specific, cloud-native. What stood out was that Cribl is more cost-effective, and also, the main issue for us was we wanted to keep the data in our cloud.

We don't want to migrate it due to privacy concerns and compliance requirements. Cribl was about the only tool that actually was able to satisfy our requirements, which is mostly the reason why we chose Cribl.

I would advise someone considering Cribl to really look into Cribl products, such as we did for Cribl Search, and really examine the challenges of huge volumes of logs, as Cribl has a really nice suite of products that would satisfy these requirements. Additionally, consider the requirements of data privacy, as the data does not get moved out of your cloud.

On a scale of one to ten, I rate this solution a nine.

We started our Cribl journey at the end of 2022, but we have been evaluating Cribl since 2020. We have been using Cribl from the end of 2022 till now, and the use case that brought Cribl into the picture is a critical business application sending its transactional logs into a database which got overwhelmed due to the sheer volume of logs. We evaluated Cribl for that use case, and now it has evolved into much more than just servicing that use case in our organization, making it a three-plus-year journey into Cribl.

Cribl plays the core essential function of handling the data telemetry pipeline in our organization, enhancing the way we collect data and bring logs from different sources. The way we have deployed Cribl is to coexist with our existing toolsets, not replacing them but working alongside them to bring the data faster and easier while managing the licensing and transforming the data from various sources. The easy agentless collection is the first feature that comes to mind as one of the critical features I appreciate the most, along with its versatility to deploy Cribl Stream for agentless collection and Cribl Edge for agented collection wherever necessary.

Collecting data is where Cribl excels, as it allows us to collect data from diverse sources easily and route it to multiple destinations, all while providing the ability to transform or apply any type of redaction on the fly through an easy-to-use UI. The features mentioned, such as easy data collection from different sources, benefit us by allowing us to be agentless wherever possible. In today's IT world, with a hybrid multi-cloud environment, we can't always deploy agents to collect data, so Cribl's agentless collection mechanism helps us get data into our environment quickly.

Cribl has been instrumental in containing our data costs, especially as we use leading log aggregation and SIEM tools known for their heavy licensing costs by ingest. Placing Cribl in our data telemetry pipeline enables us to achieve streaming the same information to multiple destinations, which fast-tracks the way we conduct POCs with various tools in the realm of observability. I saved over $200,000 in licensing by enriching and transforming the data efficiently, dropping unnecessary information and only sending relevant data to our teams.

When discussing Cribl's ability to handle high volumes of diverse data, such as logs and metrics, it plays a pivotal role. It can be deployed as an agentless collector or an agented collector, giving us control over how we collect data from sources more efficiently. We can send data into an S3 or Cribl Lake, which helps control storage costs while providing better retention aligned with our organizational needs. Firewalls produce a lot of data essential for network troubleshooting and security analytics, and handling it with a third-party log aggregation vendor often incurs high licensing and storage costs. With Cribl, we offload firewall logs from our existing log aggregation tool into low-cost storage with higher retention periods, enabling us to search the data directly using Cribl's search functionalities, creating a unified view for our networking and security teams and achieving close to a 40% reduction in firewall logs.

Cribl can improve by providing automated analytics and advanced parsing capabilities since it handles data at its core. I'm particularly interested in innovations such as Cribl Guard for automated PCI and PII masking, and a more stringent role-based access control feature would enhance security and allow granular control over what users can see and access.

I've been working in this industry for over a decade now, close to a 15-year mark, as I started my career as a system administrator and slowly grew into this managerial role. I've stayed close with the current technology I've worked with since my start till now, and for over seven years, I have been in the monitoring and logging area where I have developed myself into this management role.

Cribl's scalability is impressive, playing a vital role in transforming our logging strategy with its vendor-agnostic design. We use a hybrid deployment approach and a pull mechanism for most data sources. Managing data onboarding and transition becomes easier with Cribl, allowing for efficient growth as needs increase.

Cribl's customer service and technical support exceed expectations, with a knowledgeable sales team and service executive who assist in resolving issues swiftly. Most support requests arise from our limited product knowledge rather than product issues, and the Cribl support team resolves queries typically within four hours.

The biggest return on investment with Cribl is improved handling of data and efficient routing to multiple destinations, saving costs across infrastructure and licensing. Cribl is versatile and continues to develop, allowing us to strategize and manage our observability landscape effectively.

Cribl has been excellent when it comes to pricing, setup cost, and licensing. The team navigates us through their models seamlessly and we adopt Cribl Cloud easily. Within a month's time, we're able to transfer 400 to 500 GB of data from a different logging solution, thus positioning Cribl as a core piece in our telemetry pipeline.

Deploying Cribl is straightforward; we quickly set up our Cribl Cloud tenant and defined the architecture through resident services and core architects. We manage to create a hybrid deployment model efficiently, bringing substantial savings in licensing and infrastructure costs while enhancing our data handling capabilities.

We deploy in a hybrid model, integrating worker nodes and Edge fleet in our enterprise data centers and cloud platforms near our data sources while using Cribl Cloud for management, ensuring limited access to prevent unwanted changes. In our AI journey, we are just getting started, becoming somewhat novice in this area. Cribl has enabled us to lean toward AI by integrating tools such as Copilot, which helps fast-track building pipelines and generating scripts. With Copilot, we see increased productivity, making it a key feature that enhances how we learn and utilize Cribl.

Cribl Search has significantly improved the way we handle and explore data. Initially, we onboarded all networking devices to stream data into low-cost storage, using Cribl Search to query that data, which now gives our networking, security, and operations teams a single data set to query without the need to remember multiple sets. The setup is cost-effective, and the federated method of Cribl Search allows for efficient querying without performance loss, enhancing our analytics capabilities.

Cribl's user interface is straightforward and user-friendly, allowing us to set up data collection sources quickly. It's self-explanatory, helping me navigate and visualize data without relying solely on commands. I appreciate how Cribl's UX caters to users, making tools accessible without needing extensive knowledge transfers. Based on our usage, I would rate Cribl a 10 overall.