Cribl Reviews

My usual use cases for Cribl involve collecting logs from many endpoints, including user activities. We collect logs into either Log Analytical Workspace or Event Hub and redirect to Cribl so that Cribl filters the required logs and redirects them to the SIEM tool.

We do not get a chance to use the user interface of Cribl because our client has access to that; we only implement and do that. They will check whether it is there, but based on my experience, it will be pretty easy to see what is in the user interface, and it will be easy to manage as well.

We have not used Cribl Search to a large extent because the client requirement was to only implement Cribl and integrate it with the SIEM. We have not used Cribl Search extensively, and I do not have any information about it.

The features of Cribl that I prefer most include the way it can easily be interfaced to SIEM and Event Hubs in Log Analytical Workspace. From Sentinel and from any other tool, it can easily be interfaced and it can send data to SIEM; those features I prefer to use most.

In assessing Cribl's ability to handle high volumes of diverse data types such as logs and metrics, as of now we have not faced any problems in collecting a large number of logs. Cribl is pretty efficient in collecting logs even when there are too many logs flowing at a time. We can collect not only server logs but also OS logs and even audit logs without any difficulty, and there has been no blockage in the system. There are no complaints, but it has been a very good experience using Cribl. Since this is a software as a service, if any problem exists, we just raise a ticket to Cribl team, and they will immediately jump into that and resolve all the questions or queries we raise.

Regarding Cribl's scalability, we did not have any problems with any cloud compatibility. The client requirement was to use Cribl, and we were checking whether it is compatible with Azure. Within a single day, we got a solution that it is easily compatible. We just needed some prerequisites, such as opening a few ports, and we wanted to ensure that everything was working regarding the reachability of the client to the agents. Once this was done, we did not have any issues.

I am not in a position to comment on how Cribl could be improved or enhanced because it is a good tool, and I have only used a small part of the entire Cribl product. As of now I am pretty happy with the entire Cribl component, but there are still a lot of things to learn.

I have been working with Cribl for the last six months.

In assessing the stability and reliability of Cribl, as of now we do not have any problems with stability. Even though we had two worker nodes in one region and a load balancer, we did not face any system issues. In case of vulnerability where we wanted to patch any one worker node, we easily did that and switched it on. We never faced a problem where some software was not there and therefore not working. Reliability-wise, Cribl is working perfectly fine.

Regarding scalability, we started with zero servers and have around 285 servers now. We did not experience any problems or slowdowns due to a lot of load. Cribl neatly managed everything.

I can rate Cribl's scalability around 9; I would say 9.5.

I have addressed the technical support team of Cribl. Every now and then, if there are servers having legacy operating systems, the latest versions of Cribl will not be supported. We have to contact them and ask which version will be supported because they have prerequisites. Based on the prerequisite, we have to downgrade to an older version of Cribl rather than use the newer version because it expects some advanced Java version. However, due to legacy systems, we do not get all those things. We manage this because those are all crown jewels of the client, and we do not want to change anything there, so we downgrade Cribl version and install it. We did not find any blockers because of this downgrading.

The skills and professionalism of the technical support team from Cribl are very good in terms of timing and skills. They understand the problem clearly, and once they understand it, they will resolve it within a day. Sometimes they resolve it within hours. Sometimes by hearing the problem itself, they will know what the solution is, and they will let us know how to resolve it, and we do it immediately.

I left the organization and I am no longer in the same organization, so I do not get a chance to work with these products (Darktrace, Microsoft Defender, and Perception Point Advanced Email Security) anymore.

For deploying or setting up Cribl, the requirements were given by the client, and we had to abide by that. Cribl was the only tool we had to use according to our requirement. We started with the deployment where they had given the requirements, and then we started with that and performed it successfully, starting with installing agents in all other servers.

The deployment and setup process of Cribl was straightforward because there are two ways to deploy. We can get an EXE, click and enter the details, or there is an automated script where we can run it and it will do it automatically. In the case of Linux, it will update and install the latest package, which is also quite easy. It is not a very tough thing to install any agent inside the system. It is pretty easy.

For support, we always raise a ticket to Cribl. We do not get the entire thing, but support activity is what we get. I have just implemented and I have just redirected the logs into Cribl for collecting all the security loggings.

I am an end user of Cribl. We manage Cribl for only implementation. As we have just implemented it, I am using it in our organization.

In sharing my thoughts on Cribl's ability to contain data cost and complexity, nowadays because of events per second, the way of SIEM billability is based on events per second. If you inject logs into Cribl, we can save a lot of data. Many logs are repeated logs. We can easily avoid repeated logging into the SIEM, which will also reduce the fatigue for the SOC engineers. This is one positive aspect of using Cribl, as we can reduce the number of events and increase flexibility and efficiency in the environment.

I'm not sure of Cribl pricing because it has been procured as a package by our client, and we are not exposed to or do not have an idea of how much they have spent to get a license from Cribl. But I understand that it is a little bit on the higher side. However, for what we have paid, the quality of service which they have provided makes us happy with that.

I do not think that if the pricing is on the higher side, it could be suitable for all types of users, such as small or medium ones. Each security component is important these days, and I feel Cribl usage always helps the product. However, it also depends on the budget they have. If they are able to use Cribl as a log monitoring tool for the SIEM according to their budget, it would be good. Again, there are pros and cons which we have to consider about their budget. If it is a very small organization, Log Analytical Workspace would be enough to collect all the logs. But if it is a big organization and budget is not a concern, I think they can go for log monitoring.

I have not seen a decrease in firewall logs with Cribl so far. What we do is use Event Hub. We actually redirect the entire thing to SIEM, so it will not come via Cribl. It will come via Cribl, but it will filter the required things based on our use case. We do not write all the packets because most of the packets would have been filtered in the firewall itself. Whatever packets are coming towards the firewall, if we want to collect the logs, we are directly interfacing with SIEM and we will collect it from there so that we do not want to lose what is the external activity on the internet towards our environment.

Based on everything I just described, I would rate Cribl overall as 10 out of 10. I have not used other parts of the feature; for whatever log monitoring I have used for Cribl, I always try to rate the maximum. However, I have not used Cribl Lake, Cribl Search, and other things they offer, so I cannot comment on those.

I was not regularly using the same tool, but there was a time when our team needed to migrate some data from one tool to another, and during that data migration phase, we used Cribl for six to seven months. We did some coding from Splunk to Elastic to send our data logs.

Our use case was majorly to migrate our data from Splunk to ELK, which are two different observability platforms that we use in our team. Because our team was switching to Elastic, we needed the same data that we use in Splunk. In Cribl, we created pipelines and data routes to share the data. The admin side clipped the IP address from Splunk into Cribl and from Cribl to ELK, whatever the scenario was for them. Majorly, we used it for the data migration.

When managing log processing tasks, I would go with the first option regarding the user interface; it was pretty simple. It took me some time to understand the logic and how to create pipelines, but with some time, I got really comfortable, and I would really recommend it. The UI was nice, easier, and faster. In the beginning, it was a bit tricky, but once you get a hold of it, it is really nice to use.

The things that you mentioned were easy to use, and since we did not have any experience in Cribl, it was easy to code. Index is equal to this and all that; that was pretty easy. Setting our pipelines, setting the data routes, and understanding those things was pretty simple. I really liked that and the interface. When I write code, I can see on the right-hand side that the events occur. Input and output, those sort of things, I really liked all of that. It made it pretty easier to understand the data and what we had filtered there.

In Cribl, I feel that maybe I am not aware of it, or maybe it is already there, but I think if there was a way to learn more about it. There are a lot of areas to explore. For example, if my work is only around creating pipelines, I am only expert in that. If I would like to learn more about the other things that Cribl can do, I feel there is not a lot of learning material. Or maybe I have not searched enough; maybe there is because I remember we learned from Cribl only. There was a Cribl course, and then we got a little idea of it. But if I want to explore particularly in one area, like a tool can do a lot of things, so if I want to learn about the 'B' section, how it does, what it does and all that, I feel there should be an easy manual or something. Maybe there is, I am not aware of it. That is what I thought; the application was nice. After some time, we were really comfortable. But if I want to learn more, can I get those manuals easily in the market and all that? I am confused on that part. Maybe there is, but maybe I am not aware of it.

Again, maybe I am not aware of it, maybe there is already. If there is, then nice. If in the future I would like to learn more, then maybe I will go there. But if not, that would be really nice because people are really interested in this tool when it comes to migrating and all that.

Six to seven months.

The tool is stable. I would rate it a nine.

There are times when the data is not present in the second tool, the output tool. People do some monitoring on Cribl's side to see if someone turned off the data set or something like that. I think it requires a little maintenance in six to seven months, or if there is a bug. But I am not sure if that is a painful task because I am not around for that. So I am not sure how much painful that is, but I think it does require some maintenance in short to long term, at least once.

Technical support, I think nine. Nine or 9.5. Whenever needed, there were Cribl experts and all that, so they were able to resolve anything. If they needed, the support team was always there. I would say 9.5.

Positive

I have only explored Cribl, and I did get a sample box for other tools from some people on LinkedIn, but I have not tested it out. Maybe if I was primarily working on this tool, I would have explored those things. But I have not, so I am only aware of Cribl. I cannot compare with others since I have not tried them.

The initial setup process was straightforward.

I would rate the return on investment a nine.

I am not aware of the pricing because I was not a part of it. We were developers. But as far as I understood, I think it is a bit expensive. I am no one to complain, but there was this person on LinkedIn who mentioned they also have a common tool like that, and they were saying that they have a cheaper way to do it. I heard that this might be expensive. Since the cost area was all on the admin side and the architect side, we were not in the loop with the costing, but I have heard that this is expensive. There are other tools which can do the same job cheaper, but I think they also might miss some of the advantages of the tool.

Many filters we use really decreased the number of events going on, but not in the firewall. I am not aware of that; I am not an expert in that area.

Regarding the ability to contain data cost and complexity, I felt it was pretty easy. Because of the routing system and all that, I can manage my data in a certain way that you have to filter out this and that. I would say it was nice.

I do not think regarding the new search and place technology feature of Cribl Search. Maybe if I have used it, I do not feel that I remember that part, or maybe I have not.

I have mostly positive feedback with no reason to say no because I am not paying or anything, so I am not aware of the cost. Mostly because of the positive reasons, I would say it is easy to use, it is sustainable. The support is nice, the coding is quite easy to understand, there are a lot of functionalities there. You can do a lot of things, and the data migration is very easy. For all these reasons, if you are stuck between two things and majorly what our team did was use it for migration, you can always rely on Cribl. My overall rating for this product is nine.

Our use case for Cribl is actually a data pipeline where we collect logs from the source and we stream it through Cribl and then to a destination. The destination is mainly the SIEM tools such as CrowdStrike or SecOps. We collect the logs from various sources, and even the Windows logs are streamed through Cribl worker nodes and data lakes. For example, if it is AWS, from the S3 bucket we stream to Cribl and then send it to Google SecOps, which is the primary SIEM we are using.

The best feature in Cribl, when getting logs from some custom application, is the ability to break up logs that pile up together and come as one event. 

Cribl has a feature called JSON Unroll or Unroll function that allows you to differentiate the events; each event will come ingested as a single log instead of piling it up with multiple events. This is critical as this generally happens in CrowdStrike. This feature helps us significantly.

When the ingestion is high from unwanted logs, logs not related to security purposes can be dropped by writing the parser function. By dropping events that are not required for security purpose monitoring, we can reduce the ingestion, which drastically reduces the cost as well. Cribl gives another option where I can store some logs, and when needed, I can pick them up from there.

The interface is very handy and not very complicated, yet there are many functions you can perform. You can play around with numerous functions, parse there, and add UDMs to SecOps, which makes it really easy.

To simplify the pipeline, when we go to the pipelines, there are vast options. We can make it specific requirements based on the customers. I would prefer a customized or simplified version. Cribl is a very good platform to work with, with lots of features that other platforms don't provide.

Cribl is a stable product, however, there are areas for improvement. Their documentation should be updated.

I have been using Cribl for a year and a half.

Cribl is a stable product, but there are areas for improvement. Since Cribl is on-premises, server maintenance is required, and we have an IT team specifically to look into that. We are not worried about that.

There is a similar platform by Google called BindPlane, which is not capable of handling high volumes of data as the data gets stuck in the pipeline, causing ingestion delays. 

However, Cribl does not present that problem. Since I have worked with both data pipeline tools, I can compare and say that Cribl is more mature than others.

I have not reached out to Cribl support. That said, my colleagues have.

Positive

I'm using another product called BindPlane, which does almost the same things; however, Cribl is a very mature product with many functions. You can use the Eval function, Unroll function, break events, add any particular field you want, or parse in Cribl before sending to a destination.

The initial setup involves dropping some events that are not required for security purpose monitoring. This is based on suggestions from our SOC team or customers.

The deployment itself is a bit compicated and the documentation is not very clear.

We are a partner with Cribl. We have CrowdStrike, and CrowdStrike has partnered with Cribl; they even changed the name to CrowdStream.

It has saved my cost and our customers' cost drastically since I cannot drop the logs directly in SIEM. In Cribl, I can drop the logs, and when I'm not ingesting them, their licensing cost is drastically reduced.

Cribl Search is quite handy; you can use regex where there's a function that contains, and you can search for a specific keyword, which shows everything that matches that keyword. After playing around a couple of times, it becomes easy. At first, it is complicated; you need to go to worker groups, select the data lake, select the worker node. Once you get used to it, it's quite handy. I would definitely recommend Cribl to other users. 

Based on my experience, I would rate Cribl eight out of ten.

Our main use case for Cribl was SIEM migration, where we merged multiple SIEM solutions to a single SIEM solution. SIEM migration was the most major use case we were looking for. The second use case was a manageable logging solution which could have a nice interface and would be easy to manage. Data cutoff or Log Filtering was the third biggest use case we were looking for, where we were seeking data reduction to define what we need and don't need. Additionally, we performed data masking for PII i.e. payments and medical data. These were the main use cases that were all provided by Cribl.

My previous company did a significant amount of business using Cribl, particularly in servicing customers who had a perfect fit for the solution. From a consultant's perspective, I can say that we resold licenses for Cribl, delivered services related to Cribl, and also provided maintenance services. This brought a decent amount of business to our company.

Regarding the reduction in firewall logs due to Cribl, it did influence our overall data processing and workflow. For example, the AWS VPC flow logs were greatly reduced in size, which had a substantial impact on the licensing costs for destination platforms. It did help us and the customer quite a bit. Cribl's role in its reduction of firewall logs, either cloud or on-prem, was vital.

The data cost is an important aspect. Cribl is specifically designed to reduce the data costs associated with the destination platform. This is one of its core offerings.

Regarding platform usability, the Cribl interface is quite intuitive and easy to use. The navigation and seperate sections are easily accessible, making it very user-friendly. The color scheme and palette are excellent, and there’s nothing messy or unmanaged about the user interface. Overall, I personally find the user interface to be very comforting.

The features of Cribl I have found most valuable include its SIEM migration capability. It facilitates migration quite nicely. The data reduction and preprocessing capabilities make Cribl really unique. Data masking is an important one. And as Cribl Stream can be deployed on-prem, on cloud or as a hybrid model, its support for every sort of enterprise estate is highly appreciated.  

The UI interface is very good. It's user-friendly, intuitive, not complicated, and sufficient. It's not more than what it needs to be, and it's simple without being overly complicated.

They've already done many good things with the product, but perhaps they could implement a temporary SIEM solution where we could store logs and display them as a SIEM, though I think that's not the space that Cribl is actually looking into. Based on my experience, this product is brilliant and there isn't much or anything important lacking in the product.

We encountered some occasional issues with the syslog data stream, particularly when handling large data volume, and getting it to parse and field extracted correctly, but no major alarms that would halt the days operation. There were few source vendor specific challenges, but overall, I didn't notice anything major beyond that. Most of the process went smoothly. However, we did need to carry some troubleshooting to resolve the issues we faced while connecting with other platforms and few data stream miss-behaving, which wasn't a straightforward task for us. In terms of large datasets—whether they originated from network inputs, virtual machines, or cloud instances—ingesting the data into the destination was relatively easy. In summary, aside from the usual difficulties or issues that someone could face with any project, everything else went well.

I have been working with Cribl for more than four years now.

Cribl is quite stable and doesn't crash; there's no unusual behavior. If it's stable, then it's reliable. I could see the data that goes in and how it is being processed at each stage. There are no concerns when Cribl is working in production environment.

Cribl is quite scalable, as we could add worker nodes as our data grows, so it's sufficiently scalable and able to facilitate as much data as there can be.

Their technical support has been really great, and solution architects we worked with were really knowledgeable. They had extensive expertise with the product and were able to facilitate with everything we needed. The experience with Cribl technical staff has been one of the best.

Positive

For similar use cases, different companies were using different tactical solutions i.e. custom scripting. None of the solutions were strategic and well thought through. Some were using scripting, some were not utilizing anything. Some were ingesting into the SIEM and then doing all the tasks which should be done pre-ingestion. There was a lot of disorganization, and Cribl had really found the gap where they could offer their services.

I performed the entire setup of the Cribl infrastructure.

With the Cribl Stream setup, I first had to initiate the tenant. Once the tenant was provisioned, I configured IAM setup i.e SSO, RBAC etc. I onboarded the data sources and deployed the worker nodes to the appropriate locations. These locations could be various subnets, cloud virtual machines, on-premises virtual machines, or any ready-to-use Cribl cloud workers  we needed. The process depended on the company's IT infrastructure. After the worker nodes were set up, it was simply a matter of onboarding the data stream into the platform and then directing it to the destination platforms.

As for Cribl's deployment, it operates in a hybrid environment, utilizing both cloud and on-premises solutions, tailored to meet the needs of different customers.

I delivered Cribl services as a Certified Cribl Consultant to various customers. Cribl technical support was arranged whenever there was a need for it.

We have managed to save significant money and resources for multiple customers, reducing operational complexity and the cost of destination platforms but unfortunately I cannot quote specific numbers due to NDA. 

Cribl is very inexpensive, with enterprise pricing around 30 cents per GB, which is really decent. Organizations looking to ingest terabytes or petabytes of data each day find it quite an inexpensive solution. The pricing model for Cribl Stream is one of the best values that customers would be getting, and I don't think any other solution offers this much value at this price point.

Confluent was considered, but Cribl emerged as the best solution.

I would rate Cribl an eight out of ten.

My main use case for Cribl is to send and process logs from our AWS network and multiple other cloud networks to an S3 bucket to store the logs as well as to stream the logs to other service providers like Logz.io where we will set up a logging and alerting platform.

A quick specific example of how I'm using Cribl in this process is that we have been using different types of logs such as Python from ECS and EKS Kubernetes-based logs, and all those logs are in different formats. We add all the logs from different streams to Cribl and then from there we add specific formats and add certain tags to those logs so that it is easy to format and set alerts at the logging level.

Cribl is very useful because we have multiple clouds and it has been processing our logs from multiple different platforms into a single one, and it is processing to multiple other platforms as well. It is used as a bridge to stream and process the logs.

One of the best features Cribl offers is that it runs on Kubernetes clusters, which is easy to manage and comes with easier upgrades. It is very compatible with container-based environments and supports multiple different types of logs. It has many connectors and can send to many endpoints. The workflow features are also strong.

The compatibility with container-based environments has made my day-to-day work easier because it supports Kubernetes. In day-to-day work it is mostly useful for container-based logs because we mostly run on Kubernetes and ECS. We are a completely container-based organization, so most of our logs are container-based logs and application-based logs. All those logs are easily processed from Cribl.

Cribl has positively impacted my organization in terms of efficiency. We used to run on Lambda functions in AWS, which is an older process, and we used to drop many of our logs, which was problematic because those are necessary for future use cases. Now everything is working well.

This has impacted troubleshooting and compliance in my team because we are able to keep the logs indefinitely. There is no drop in the logs and no loss of the logs. This has impacted my team meaningfully because we have all the logs, we have very strict monitoring, and compatibility with all of our standards.

I think Cribl can be improved because I do not believe it is a mature product. It has gone down many times and when we are doing upgrades, many things break and we face a lot of issues, especially with scaling. If the logs are high volume, most of the time it is down or some connectors are down and it is not performing as well as we thought.

Moving from version 3 to version 4 became very difficult during the upgrade. The scalability issue is very problematic. We are running on Kubernetes and there are a lot of issues with respect to scaling. When we have more logs coming in, the connectors are failing.

I would like to see other improvements with Cribl beyond scaling and upgrades. The product should be more mature and the documentation can be improved.

I have been using Cribl for four years.

Cribl is not really stable, although it may become stable. It is close.

Cribl's scalability is not great.

The customer support is also not great. They are connecting with us, but they are not able to figure out solutions very quickly. They may need more knowledge.

I previously used a different solution, which was Lambda functions. It was highly costly and it used to drop many of our metrics and logs, which was problematic.

I assess Cribl's ability to handle high volumes of diverse data types such as logs and metrics. I think it is feature-rich, but the scalability and reliability are major issues.

I am using the new search in place technology feature of Cribl Search, and the search is good. However, we need to go into the particular workflow and then from there we need to do the search. It is not a global search, which is not a good sign.

I have seen a return on investment. With respect to money, the savings are not significant. With respect to time, there is a little bit of saving, but because things broke during the upgrade, we needed to go back to the older methods of using Lambda. In terms of employees, we did decrease the employee count, but I do not know if Cribl is really the reason for that.

My experience with pricing, setup cost, and licensing shows that I am not completely involved in the pricing part, but I did participate in the setup part. Cribl provided an image and we used that image. It is also publicly available and it is not difficult to set up in a Kubernetes cluster. I think it is easy.

Before choosing Cribl, I was not part of the team which explored Cribl. I was already part of the team implementing Cribl. We used to use Lambda functions and then we moved to Cribl. I am not sure which other options were explored.

My advice to others looking into using Cribl is that if you are not a billion dollar company or if you are a startup that does not want to go into reinventing the wheel by writing all the code, Cribl is a great solution for streaming logs. I would rate this review a 6 out of 10.

My use case is log management, specifically for SIEM and log management.

The best features of Cribl that I personally like are its support, so many integrations with all the tools, and the ability to install it on our local systems. We personally install it on Kubernetes clusters inside our network, which feels safe.

I feel the user interface of Cribl is intuitive when managing log processing tasks.

I am using the new Search-in-Place technology feature.

The Search-in-Place technology helps with my data exploration strategies by decreasing a lot of effort. We don't have to go to each pipeline to do all those searches, making it easier now.

In terms of containing data cost and complexity, I feel Cribl is a really great tool as it decreases complexity. We used to work with AWS Lambda functions before, which were really complex, and we faced a lot of issues in terms of maintenance and engineering time. Cribl has reduced a lot of engineering effort.

I estimate the reduction in engineering time to be at least 40 to 50%.

It is a little complex to manage log processing tasks with Cribl. It is not very straightforward. If it is a simple task, then it will be easy, such as processing logs to different destinations and from different sources. However, while writing those pipelines, it can be overwhelming sometimes.

Cribl is able to process multiple different log types, but in terms of volumes, it is not doing great. There are a lot of logs being dropped, and we have seen many issues when the data volume increases. Some teams are ingesting more than 10 GB of logs, so we had to restrict them to use less capacity of logging due to the drop in logs, which is really an issue for observability and alerting purposes.

Other areas with room for improvement include upgrades and documentation, as the management of log processing tasks can be simplified and log volume management can be improved.

I have been using Cribl for four years.

I would rate the stability of Cribl a six. There have been a lot of bugs introduced after upgrades.

Positive

I would rate the scalability of Cribl a seven for my organization.

Positive

Support for Cribl can be improved.

Positive

Personally, I estimate that Cribl saves me at least 30 to 40% in terms of engineering time and resources.

I think we are customers of the vendor. I'm not completely aware if we are more than that.

I am an end user of Cribl, as I implemented and upgraded it to version 4 for my organization.

I'm not completely aware of the pricing for Cribl. My managers and leadership team take care of the billing perspective.

I would recommend Cribl to other users because it has a lot of integrations with many tools, supporting pretty much all observability tools out there. It can process logs from anything and stream them to any other tool, making it a good product compared to other competitors.

I would rate Cribl a six overall.

Our main use case for Cribl was primarily data reduction, as we were spending a lot of money on data ingest, and we brought Cribl on board to reduce the amount of money we were spending on that ingest. 

Reduction in firewall logs was our primary use case for Cribl, as 80% of our data is Palo Alto firewall logs, and a lot of it we don't necessarily need in the SIEM tool, so we use Cribl to reduce that, keep only the stuff we want, drop the rest, and keep it out of the SIEM tool. The reduction in firewall logs keeps the unwanted data out so that when the security engineers are inside the SIEM tool, they only see the stuff they need to see.

The features of Cribl that I appreciate the most are the vendor agnosticism and the ability to send data almost anywhere you want, regardless of the data type, the format, or the destination; it's very flexible, and we've been able to integrate it with the tools that we have used in the past and are planning to use in the future.

The UI is very clean and super intuitive, making it very easy to bring data on via the sources, route the data to any number of destinations that you want, and create pipelines to transform and morph that data however you want. 

Cribl is great in the sense that it can handle a large amount of volume and scales with the amount of data that you want to bring on board; if you need to bring on board more data, you just increase the amount of workers that you have.

We use Cribl to reduce data cost and complexity by both dropping fields that we don't want or parts of events that we don't want while keeping the things we do want, while also keeping all of the data, the event in its full form. We're a government agency, so we ned to keep everything. With Cribl, we can have our cake and eat it too, in a sense.

I'm an engineer, so I think about logging. Improvement could be made in the logging area, as sometimes we encounter issues in a pipeline or something, and it's not immediately obvious when you look at the logs that the pipeline is failing.

I've been using Cribl for around four years.

I would give Cribl a great rating on stability and reliability, especially if you use the built-in alerting engine that they have, as you can get alerts directly if there are any problems with the worker itself or worker processes, and the built-in monitoring page makes it super easy to monitor the health of all your worker processes.

Cribl scales great with our company as we're actually bringing on a lot more data with all the AI tools rolling out, which generate a lot of logs, and Cribl scales horizontally by just adding more workers and worker processes, allowing us to tackle that data smoothly, quickly, and efficiently.

We've had a great experience with Cribl customer service, as we have dedicated PS resources that have been super helpful when we were rolling out Cribl initially, migrating sources of data from syslog over to Cribl, routing, and parsing, with the support being A+ on both the PS side and the technical support side.

Positive

Cribl is really the only tool out there that does what it does, especially when looking at Splunk, as when Cribl first came out, Splunk wasn't able to intuitively do a lot of the things that Cribl did just out of the box with a GUI, making it super easy. 

We were dabbling in data reduction, transformation using Splunk's Universal Forwarder and even the Heavy Forwarder in some instances, but it was just not as intuitive, with a lot of command line interaction and no GUI on the front end, making it harder to do, while Cribl makes it super easy.

When we deployed Cribl, we were on-prem. All of our workers are on-prem. Our leaders are on-prem. Nothing's in the cloud. The major challenges that we faced really were related to the load balancer that needs to sit in front of the workers. I would like to maybe see that rolled up into Cribl in the future. That posed a lot of challenges for us just coordinating with our infrastructure team, getting the F5 engineers involved, using F5 load balancer. That was a challenge for us. We ultimately tackled it, however.

From my point of view, the biggest return on investment is just the downstream licensing costs we save on the SIEM side; we've reduced our data by a certain amount, and it has almost paid for Cribl itself and also allowed us to chop some licensing off of the SIEM side. We've reduced our amount of ingest by about 40% overall.

I'm not really involved in the pricing and payment aspect of Cribl. I'm just the guy who implements it all once it's bought and paid for.

We're not using Cribl Search at the moment; we're only using Stream and Edge.

If you're a company out there considering Cribl, I would highly recommend at least giving it due diligence; get linked up with the sales rep, as they're going to explain everything to you, and the sales engineers are great and very knowledgeable, making it worth your time and money, so you're going to be glad you did. 

I rate Cribl nine out of ten.

Our use case for Cribl is that we want to make sure that we parse everything correctly, and it is easier for us to transfer our data in our system in a more compact way; it runs smoothly.

We're in the beginning stage of using Cribl, but the reduction in firewall logs will help significantly with processing speed. We just worked on handling high volumes of diverse data including logs, metrics, and files last week, and it ran very smoothly with quick processing.

The best feature about Cribl is how easy it is to move; the UI is very simple, everything is very neat, and everything is organized. We have been dealing with Cribl extensively recently.

Cribl is awesome. The university offers a lot of great resources, but there could be more detailed information about Cribl itself. It would be helpful to have a step-by-step guide that covers everything from the basics. Since Cribl is such a large platform with numerous features, having a clear, structured approach would make it easier for me and others to understand and utilize its capabilities.

I believe it would be beneficial to have a step-by-step guide for users on our endpoint. This would make it easier for them to understand how to use it. When I explored the endpoint, I found myself wishing for clearer instructions presented in a sequential manner. This is just a small critique based on my experience using it so far.

We started using Cribl around three months ago.

I would rate stability as a nine; nothing is perfect, but it's great. 

I would definitely give scalability a nine as in terms of what we're seeing and thinking about, it's solid.

We have around eight or nine users. Everyone is touching base with it. For now, it will stay at eight unless we expand. We are going through an expansion, so it’s possible we might increase the number of users; but for now, we’re steady at our current count. We are a medium-sized business.

Their customer support is fantastic.

Positive

We were using a manual solution previously; this transition to Cribl is our first time implementing an automated solution.

We are typically on-premises. I believe Cribl is currently focused more on the OT side because the primary customer base is more enterprise-oriented. OT relies heavily on this. However, if I'm not mistaken, we operate in an on-premises or hybrid environment; we are definitely not using the cloud.

We are still in the process of deployment, and so far, the deployment has been going fairly well and has been relatively quick for us.

We are in the transitioning stage; we're implementing everything from square one with our team, participating in daily calls to make that happen. We are experiencing some issues with data transfer and parsing errors, which is extending our SIEM transfer time.

Based on what our managers say, we have saved a significant amount of time and resources moving from a manual approach to something that's more automated.

As I visited different booths at the conference, I realized that I still prefer Cribl. Even though I haven't worked with any other platforms, I was impressed by how everything is laid out and how simple it feels to work with your system. I genuinely appreciate the user interface. I find it straightforward and well-organized, making it easy to navigate.

I also noticed that they have implemented something like a password manager, which sounded familiar. Overall, everything I saw reaffirmed my preference for Cribl. So, despite checking out various booths, I'm still committed to Cribl at the end of the day.

I would definitely recommend it. The user interface is great, and the customer support has been fantastic as well. Our experience with Cribl has been very smooth; everything runs seamlessly. There are no delays or sluggishness, which I really appreciate. I have to give it props for that; everything operates very smoothly.

I would rate Cribl a nine out of ten.