What is Cribl?
Cribl is an independent software vendor headquartered out of California. Clint Sharp founded Cribl in 2018. Clint and his founding colleagues worked for Splunk. Cribl has subsequently gone through 3 rounds of funding and in the last round in August of 2021 they raised $200 million.
So what is all the hype?
Cribl sits between the IT Infrastructure and management systems such as Splunk and elastic and acts as the data pipeline for Observability, Security and Performance.
The key value that Cribl Logstream brings is to make it easy to pre-process data by enriching, filtering, encrypting and redacting data so that when it arrives at the monitoring system it has been finely tuned to reduce cost, overhead and make it more secure. Significant amounts can be saved on licenses and storage as less data is needed and stored.
A data pipeline for Observability
Cribl LogStream can help offset increasing licence, infrastructure and storage costs by trimming data before it’s ingested. Many ‘logs’ have fields that are either repeated from one log entry to another and so don’t add value, or key-value pairs are always null (also no value). If such data is stripped before ingest then you do not have to licence for it, build infrastructure to process it, or provision storage to keep it for a lengthy retention period. It is usually quite easy to trim 25~30% of such data.
Another factor to consider is the carbon footprint of the solution, whether it be on-prem or in the cloud. Given that most organisations have (or are in the process of) setting carbon targets, the carbon footprint of the IT infrastructure and long term storage of large volumes of data should be considered.
Observability Changes everything
Cribl LogStream processes log data before you pay to analyze it. LogStream helps you discern which data you need to send to an analytics tool to analyze now; which logs can be aggregated into metrics; which data should be stored and analyzed later if needed; and which elements of data should be dropped altogether. LogStream allows you to implement data pipeline for observability which helps you parse, restructure, and enrich data in flight. Get the right data, where you want, in the formats you need.
- Cribl LogStream, designed by ex-Splunkers, optimized for Splunk
- Reduce data volumes to manage licence costs and/or avoid upgrades
- Route data to, and replay from, low cost S3 Storage
- Clone and route data to multiple destinations
- Transform, enrich and secure data before ingest
What is Observability?
Observability allows you to understand the behavior of applications and infrastructure from the data they produce.
Over the last two years, the increasing complexity of modern distributed systems and application architectures has highlighted the limits of legacy monitoring approaches. Legacy monitoring remains fixated on collecting and reporting errors, restricting its effectiveness in today’s dynamic and ephemeral environments. Observability takes a new approach, allowing teams to interrogate system behavior without the limits imposed by legacy methods and products.
