Cribl Reviews

Our use case for Cribl is that we want to make sure that we parse everything correctly, and it is easier for us to transfer our data in our system in a more compact way; it runs smoothly.

We're in the beginning stage of using Cribl, but the reduction in firewall logs will help significantly with processing speed. We just worked on handling high volumes of diverse data including logs, metrics, and files last week, and it ran very smoothly with quick processing.

The best feature about Cribl is how easy it is to move; the UI is very simple, everything is very neat, and everything is organized. We have been dealing with Cribl extensively recently.

Cribl is awesome. The university offers a lot of great resources, but there could be more detailed information about Cribl itself. It would be helpful to have a step-by-step guide that covers everything from the basics. Since Cribl is such a large platform with numerous features, having a clear, structured approach would make it easier for me and others to understand and utilize its capabilities.

I believe it would be beneficial to have a step-by-step guide for users on our endpoint. This would make it easier for them to understand how to use it. When I explored the endpoint, I found myself wishing for clearer instructions presented in a sequential manner. This is just a small critique based on my experience using it so far.

We started using Cribl around three months ago.

I would rate stability as a nine; nothing is perfect, but it's great. 

I would definitely give scalability a nine as in terms of what we're seeing and thinking about, it's solid.

We have around eight or nine users. Everyone is touching base with it. For now, it will stay at eight unless we expand. We are going through an expansion, so it’s possible we might increase the number of users; but for now, we’re steady at our current count. We are a medium-sized business.

Their customer support is fantastic.

Positive

We were using a manual solution previously; this transition to Cribl is our first time implementing an automated solution.

We are typically on-premises. I believe Cribl is currently focused more on the OT side because the primary customer base is more enterprise-oriented. OT relies heavily on this. However, if I'm not mistaken, we operate in an on-premises or hybrid environment; we are definitely not using the cloud.

We are still in the process of deployment, and so far, the deployment has been going fairly well and has been relatively quick for us.

We are in the transitioning stage; we're implementing everything from square one with our team, participating in daily calls to make that happen. We are experiencing some issues with data transfer and parsing errors, which is extending our SIEM transfer time.

Based on what our managers say, we have saved a significant amount of time and resources moving from a manual approach to something that's more automated.

As I visited different booths at the conference, I realized that I still prefer Cribl. Even though I haven't worked with any other platforms, I was impressed by how everything is laid out and how simple it feels to work with your system. I genuinely appreciate the user interface. I find it straightforward and well-organized, making it easy to navigate.

I also noticed that they have implemented something like a password manager, which sounded familiar. Overall, everything I saw reaffirmed my preference for Cribl. So, despite checking out various booths, I'm still committed to Cribl at the end of the day.

I would definitely recommend it. The user interface is great, and the customer support has been fantastic as well. Our experience with Cribl has been very smooth; everything runs seamlessly. There are no delays or sluggishness, which I really appreciate. I have to give it props for that; everything operates very smoothly.

I would rate Cribl a nine out of ten.

I use Cribl with all of my customers that I manage services for. It's how I get their third-party log sources into Microsoft Sentinel.

We save about 75% percent of our costs by processing network and firewall logs through Cribl. This is largely due to the compression and duplication that exists within those logs. They tend to be very noisy, and most of the information isn’t useful from a security standpoint. While some of the data might be valuable to other departments, we don’t need to store all that extra information. By removing these unnecessary details, we quickly reduce our data retention costs by 75%.

Cribl makes it very easy to contain data cost and complexity. As far as complexity is concerned, there might be manual ways to do it in other products, but not with the ease and durability. It remains the same, whereas you might try to put a patchwork of other things together to get the same result. In terms of controlling costs, we achieve about 75% savings on data storage, which is fantastic. However, it’s worth noting that Cribl is not free, so we do pay for it to realize these savings. As long as Cribl doesn’t increase their prices too steeply or too quickly, we should be fine in terms of managing our costs.

Cribl definitely handles high volumes of diverse data types. Anything from firewall logs, endpoint security logs, to Windows event logs can become very noisy, especially in large environments. I've not had an issue with Cribl dropping logs. Occasionally there could be a short-term outage, but that's definitely very rare.

My favorite feature is Cribl Stream. That's probably the only Cribl product I have a lot of experience with, and Cribl Stream makes it very easy to identify where all the customer's log sources are and to quickly connect them to a destination source such as Microsoft Sentinel and Microsoft Azure Data Storage.

Cribl Stream does two things: not only does it make it easy to connect one log source or one dataset to multiple storage locations, but it also has compression features, which greatly reduce the storage cost for that data. It strips out and compresses data so that only the absolute information remains and not any duplicates. Dual destination and compression are the two top features.

I would Cribl to become more Microsoft-focused. A lot of my work is in the Microsoft environment. Cribl supports all of these other platforms out there, and they seem to be developing a lot for CrowdStrike. I'd prefer to see some Microsoft-specific connectors built inside of Cribl.

I have been using Cribl for about two years now. They've only been around for about four years, so I've been using them for half of their existence.

The performance and stability of Cribl are fantastic. The uptime is 99.9%. We are realizing all of the cost savings promised, and there are no failures.

Scalability is easy because we can just go into the portal and add a new log source. If we onboard a new firewall or something we want to collect logs on, we can quickly implement that. I don't need to talk to a Cribl engineer to connect a new log source. The only requirement might be purchasing more Cribl credits if I'm running low because I'm asking it to do more than originally specified.

We've engaged their customer service and support, and anytime there's an outage, they've been very receptive. They've quickly escalated our tickets and helped us get resolution. We've never felt we were waiting for a response or that they didn't know what was going on. I think it's maybe because we were an early customer. I would assume it's the same for all customers, but we've gotten great treatment. 

I would give them a 10 out of 10 for support. They are very responsive. We deal with a lot of other cloud solution providers who have tried to save money on support. It could be that because Cribl is new and they really want to make sure all new customers are being successful, but we really hope this continues. We don't feel we're alone.

The only alternative I can compare Cribl to would be Azure Data Transformation, Azure Data Time configuration rules and policies, basically making the storage source sort the data, and that is very painful. I don't see any next-best options when it comes to Cribl. They seem to be a leader and standing alone in their service offering, specific to Cribl Stream. For other products such as Cribl Lake, there's now Microsoft Sentinel Lake, which is a competitor, and I haven't really analyzed the pricing to see how competitive that is. But regarding Cribl Stream, there's no close competitor. The closest is extremely painful, requiring about 20 pages of configuration to even get close.

It's straightforward. They have a really nice user interface, and their service engineers will guide you through the initial setup. Since they are compensated based on product usage, they ensure that we are properly onboarded and that our experience is as successful as possible.

To deploy Cribl probably took an hour. Identifying all the different log sources that we wanted to bring in took about another eight hours of human work as it was a data exercise of determining which log sources are important to us, and where we can get the best compression or data size reduction. You can connect to them all automatically, but you want to have the thought process of which ones matter and what actual data you need. 

It does not require any maintenance on my end. The big thing is just checking connector health to make sure everything is running and that logs aren't dropping and that there haven't been any changes. In case there's any outage, putting in a ticket for any outage issues is very minimal. It's set it and forget it, and then just monitor to make sure nothing's bad or nothing has gone wrong.

We're a large organization, so we have a team of about five people who worked on the deployment of Cribl. I'm sure smaller organizations could use a lot less. We probably could have gotten away with two or three people. Not to say one person couldn't do it, but it's always good to have another person putting eyes on the process just so that we don't have a single point of failure.

The pricing has been increasing year-over-year, and I understand that the cost of business continues to grow. The cost of log retention and all the aspects they're fighting against, they are also a victim of. It is a concern that I'm watching as they raise prices about 10% year-over-year. I am still observing significant cost savings, although the amount of savings is gradually decreasing. Additionally, they are currently the sole provider of this type of solution, which means they face no competitive threats.

I would rate Cribl a ten out of ten. I truly appreciate them as partners. They genuinely feel like they're with us on this journey to manage the increasing volume of data. It's been exciting to watch them grow. At first, I thought I was a bit of a nerd for being an early adopter, but seeing so many others come on board after us reassures me that we made the right decision.

My current use cases involve using it as a pipeline to process data, to route data from cloud logs to different repositories. Some data goes to Splunk and others go to different data lakes. I didn't work with the firewall logs directly. We use Cribl to process web activity and route data that we wanted to into Splunk ES to create detections.

What I appreciate the most about Cribl is the free training, the free access to all the training, and how easy it is to learn it. Cribl is great in handling high volumes of diverse data types, such as logs and metrics. It does the job.

The product is very good. They could add more AI-assisted pipeline development in the future release.

I have been using Cribl for six months.

I haven't seen any lagging or crashing with Cribl.

Cribl's scalability is very good.

I have never contacted the technical support or customer support of Cribl.

Positive

The initial deployment when I first started with Cribl was fairly easy, very easy.

We were a team for this job.

I have used alternatives to Cribl. I forgot the name, but it's a CrowdStrike product they just acquired that is the closest one I've used to Cribl in terms of the quality and the features. Currently, I prefer Cribl more than CrowdStrike. I still haven't played much with the other one, but I didn't find any issues with Cribl.

Regarding Cribl's ability to contain data cost and complexity, if they can reduce their cost, that will make them more competitive. However, I don't know what else they can do in regards to how the application works. It's very good.

For the project that I was involved in, it took me probably three weeks to set it up. We had to maintain our pipelines, not because of anything related to Cribl itself, but because the data source changed, so we had to adjust our pipelines. That was the kind of maintenance that we did.

I would rate Cribl a nine out of ten.

For Cribl, we use only Stream, which we are using as a data pipeline in between our environment and the SIEM console. We have two SIEMs: one is a cloud SIEM and one is an on-prem SIEM. On-prem, we are using another user and entity behavior analysis tool, so we have a redirection or a copy of a log for user login and logout information. Then we have a SIEM console, and we have redirections to the SIEM through Cribl. From the environment, we have a load balancer, and from the load balancer, we have this data pipeline configured to different SIEMs, and then we have that data transferred to two different SIEMs.

Cribl's ability to handle high volumes of diverse data types is exactly the purpose that we took it for, and as far as I have seen for the last nine months, it is handling well without issues. Connectivity-wise, there is some problem, but I'm not sure whether it's from the Cribl end or the SIEM end; we are working on both ends right now, so I don't see any problems concerning that. Cribl has helped in reducing informational logs between the main entity of our SIEM and the external entity, so that actually helped.

Regarding Cribl's solution, we have limited access to Stream. I'm not sure about the other three products. We only use the Stream of Cribl. If I suggest something, it may be available on the other products. I haven't worked on those. The suggestion would be more into log information, as I'm not able to view more logs because this is a limitation that we are only using for data pipelining. If we have more visibility or if the storage structure is already there, I'm not sure; if it is there, it would be fine.

Regarding stability, lagging only happens if I exceed my data analysis stuff, but it is a limitation with Cribl as per their design. We do not use it for that purpose, but if it is improved, it would be great. For scalability, I'm not sure in my project as we are using it only for a limited purpose. Maybe, if there was an environment that required more data transfers and logs to be filtered out, it would be good, and I would suggest it.

I have been using Cribl since we deployed it during November, which is close to nine months.

We are actually checking on a regular basis; however, the problem is with the connectivity of the data pipeline and the SIEM. It requires attention if there is an alert; for example, if the pipeline is down and we receive an alert that it's not sending information to the log collection platform for more than one or two hours, if we receive an alert, it would be great.

For scalability, I'm not sure in my project as we are using it only for a limited purpose. Maybe, if there was an environment that required more data transfers and logs to be filtered out, it would be good, and I would suggest it.

My engineering team contacts Cribl's technical support; I join the call in case any issues come up and I provide my suggestions.

Positive

Cribl is the first tool that I'm using for this particular data pipelining. We do have Dynatrace, but we use it for a different purpose, for monitoring. Cribl is for streaming purposes only, so the purpose is different. I'm not sure if there is a competitor for this particular tool or not, as I haven't worked with any competitor so far.

The initial installation was kind of easy to understand for me, while my teammates struggled a little bit, so I would say it was okay.

My engineering team contacts Cribl's technical support; I join the call in case any issues come up and I provide my suggestions.

Cribl is the first tool that I'm using for this particular data pipelining.

For everything, my suggestion and limitation as I told, if it were there, I would give Cribl 10 out of 10; since it's not, I'm giving nine out of 10. I am just a user of Cribl; my company has a license with them. I'm not sure if they have a partnership with Cribl or not. I rate Cribl nine out of 10.

Our use cases that we are exploring Cribl for right now are for data parsing and data manipulation.

The feature I appreciate most about Cribl is that it is really easy to use and quick to replicate data models on different data sets. We have over 1,000 log sources, and currently, we have to configure them individually with their own architecture. Cribl allows us to do a copy and paste architecture and saves us a lot of development time. It also makes it easy to add any sort of extra data parsing to specific lines. Ease of use is really our biggest benefit from it.

Something that Cribl could do better is processing time. There is not enough customization to improve performance. An example would be with AWS Lambda functions, the way we were doing it before. There are different strategies where the way we code it could save us more processing time and still have the same price. With Cribl, it is very much set in its ways. If you want better performance, then you have to pay for more resources.

The UI is a very beneficial thing that saves us a ton of time. I mentioned the copy and paste approach and little to no code anymore, as it is all UI interface-based now. There is little to no code that we do other than regex commands. If there was still some aspect of being able to add our own code, we could potentially get better performance. I understand this is the whole use case of Cribl, to remove the technical need aspect. You do not need as many experienced developers; you will pay for software and have to hire an analyst instead of an engineer and save money on wages. For how good the tool is, it would be nice to still have that data engineering aspect.

I have not been using Cribl in my career. We are a company that is interested in investing in it at the moment. However, we do have several teams that have used it and we have also had access to a dev workspace that we have used.

I have not had any issues. So far, everything has been good.

It is pretty scalable, just in terms of cost. If you have any problems, it is probably going to be more about having to pay for more resources.

Currently, we are using Logstash, and we are also exploring a POC with DataBahn. DataBahn is a newer company. They are not as sophisticated as Cribl, and the performance is probably not there, but they make up for it in cost.

Being new to Cribl, the setup was very easy.

For us, it could have been done with one person, but we had different team members involved just for exposure because we were onboarding it with many people. It could have been a one-person implementation, but two to three people would have been a good healthy number.

The current pricing is a little bit above average.

We are using around 25% of what Cribl offers, mainly focusing on log parsing, which is what Cribl started with. We use AWS as our main source of ingestion.

There is little flexibility in pricing. It is simply the market price, and you either pay it or you do not. Cribl has significant capacity to handle high volumes of diverse data types, such as logs and metrics. Cribl can handle almost anything we throw at it, as lonthe g as budget is not an issue.

There is a team in my company that uses them, but they are part of a separate company. We do not have any partnership with them yet.

On a scale of 1-10, I rate Cribl an 8.

We use Cribl Stream to collect logs from multiple sources, transform and enrich them, filter out unnecessary data before sending them to SIEM. We also use Cribl to route logging to data lake.

Since we started using Cribl, it’s made a huge difference for us. We spend a lot less time building and maintaining things, so the team can focus on the security work that really matters and brings value. Plus, by filtering out all the noisy data we don’t need, we’ve been able to cut costs and make our data a lot cleaner.

One of the biggest things I love about Cribl is that you can actually see the output in real time before you push anything to production. The UI makes it super easy to work with, and honestly, it saves a ton of time. Plus, it’s way easier to collaborate—everyone’s on the same page, and you’re not guessing what the data’s gonna look like once it’s live

So since we’re handling a ton of data, I think we could really benefit from a more integrated or connected way to manage it all. Like, if there is a way to better track data lineage, metadata, those can help with knowledge transfer.

A couple of months

I haven’t ran into issue yet

I can’t really speak to scalability yet. So far I don’t have any problem with it.

The technical support is good. I'm happy with that.

Positive

We have used something similar before, which was Logstash.

Not sure

I think the pricing for Cribl is reasonable. For large usage, but I heard the calculation of those credits is a bit complicated.

We did, but Cribl just felt more mature and well-established. I think that’s the reason why we selected it.

Cribl gives us way more control and flexibility than we ever had before. We deal with massive volumes of telemetry data, and honestly, a lot of it is just noise. Cribl allow us to easily filter, transform, and route that data exactly how we want. It’s made a big difference.

I am using Cribl to have everything centralized in one tool in terms of data collection. We were working with different Splunk customers, and Cribl helps collect data and then send it to an S3 bucket or Amazon Web Services (AWS) response plan.

Cribl allows us to enforce security for some customers. For instance, if they want to add fields, values, or need to change formats to comply with different security standards, Cribl makes it possible.

My favorite option in Cribl is the Stream product. It is the best use case for us and our customers. Additionally, the community on Slack is excellent for solving questions and getting ideas.

At the moment, I don't have specific feedback on what can be improved as I do not work with Cribl daily. Perhaps more flexibility in terms of metrics would be helpful.

I have been using Cribl for about two years, more or less.

From my experience, I did not face issues with Cribl's stability. However, I heard others have faced issues.

In my experience, Cribl has been perfect in terms of scalability. I did not have any issues.

I haven't contacted them in terms of paid support. That said, the community, including the engineering and sales teams, is available on Slack and is very supportive.

Positive

The initial setup is really straightforward, and the documentation is very good.

I am not aware of the pricing details, however, I know they use a credit format for billing.

Utilize the documentation to ensure Cribl fits your use case, and join the Cribl community for any questions or recommendations.

I'd rate the solution ten out of ten.

In my previous organization, I did not get a very good opportunity to explore Cribl. Right now, I am in a different company. I have started to use the tool for my client. I started using Cirbl in my company to leverage Splunk's licenses. We use Cribl to massage the data, trim it, reduce it, and drop any unwanted data. It has been really worth it to have Cribl in our environment to save on Splunk licenses. Also, it is easy to connect the different sources, and you can create the routes. So you can connect from anywhere to anywhere. It is like a connector between the clouds or any kind of source and the Splunk. There are a lot of things, so I am still learning Cribl. Cribl is giving its certifications for free and has not yet started charging people for it. I think it has been seven years since Cribl has come into the boom. I also registered for the next level of courses with Cribl since it is free and is also used widely across companies. Most of the companies are using Cribl right now. After Cisco acquired Splunk, I believe Splunk's licensing costs might increase. People who already have a Splunk environment in their companies or organizations might expect a rise in price because it is merged with Cisco. In the future, Splunk's certification costs will also go high. I think Cribl will come into the picture, and people with Cribl's experience will have good opportunities.

Currently, cyber threats, security threats, and vulnerabilities have become more common. Every day, you see more than two or three vulnerabilities coming out, and every company is thinking about its security. When every organization thinks about its security, it expands its security devices, such as firewalls, EDR devices, or whatever devices are related to security. Companies are expanding their security solutions in their data centers or cloud platforms. What is happening is that because of these security devices, people are unable to ignore any kind of log that is coming into our environment. When you talk about security devices, the amount of data they produce per hour, five minutes, or per day is huge. As the entire world is moving towards cybersecurity to protect their environment, the number of security devices in the environment is also increasing. A lot of logs and huge data are coming into the picture, and companies have to think about every log. They don't have or are not able to ignore any log, so when this is the case, companies might have 10 TB or 10 GB per day invested into Splunk. In the future, if you want to secure your environment and you are installing security devices, you will have a burst of logs. If you have to purchase 30 TB of license with Splunk, but in Cribl, everything can be managed within 15 TB of license or 20 TB of license. I can leverage all the security logs talking to the security teams that can be ignored and even the ones that cannot be ignored.

As of now, there are some environments where some organizations are still on legacy infrastructure, so they are still in virtual environments and are using old versions of devices. Some companies bought Splunk, while others bought Cribl for a very low-priced license. There are some protocols to connect from Cribl to Splunk. I understand Cribl has come into the market very recently, but the tool might have had a picture in its mind where organizations might also have some legacy infrastructure. In the future, with our protocols or our level of architecture, Cribl should not come and say that it is not compatible with them. If Cribl is the reason because I have to change my environment, then I will have to end up investing more.

There are some organizations where the end machines have forwarders that forward the data to Cribl, and from it, the data is forwarded to Splunk. This is how general architecture works. There are two methods of connection between Cribl and Splunk. One is the S2S protocol, which collects logs from Cribl or sends data between Cribl and Splunk. There is another method called HTTP Event Collector (HEC) and HTTPS protocol. With Cribl, connecting to Splunk mostly uses the S2S protocol. The tool supports all the latest devices and platform devices, like all the latest operating systems. There are some organizations where there is legacy infrastructure or if they are still on the old platforms. Companies using old platforms have to consider HTTP Event Collector (HEC), and then they have to change their infrastructure setup in order to fulfill that setup. In order to have Google and Splunk set up in my organization, if I have to change my existing infrastructure connectivity or setup, that might incur more cost or more investment for me to have Cribl and Splunk. Cribl should provide compatibility, or else the tool's developers should speak to the people of such organizations and understand the challenges. Cribl could have developed some version that can give backward compatibility.

I have been using Cribl for two years. I am a user of the tool.

I think it is a stable product. According to my observations, people who have five to six years of experience can add more value. However, you will have bugs in any product. You will never know what happens. I rate the stability an eight out of ten.

I never got the chance to contact the solution's technical support, but my counterpart, who is a direct employee in the company, had contacted Cribl's support team, and it seems we get pretty good support.

I never used anything before Cribl.

When it comes to the product's installation phase, it is not tough for people who have good knowledge. I would like to highlight a similarity between Splunk and Cribl. Their official site's documentation makes even a layman's job easy. Just following the documentation, they can install the tool, but they still have to do it under some supervision.

The solution is deployed on the cloud and on an on-premises model. When you talk to the tool's global support, you can have the cloud version provided as a SaaS solution, or you can also have an enterprise-level version where you can have it in your own environment. If you have your own data center setup, you can buy Cribl's enterprise version, and you can install it, so it all depends on the requirements.

The tool is worth the investment.

I would not say it is a cheaply priced tool as it has been doing wonders in the market. The tool has been budget-friendly for organizations. It would be good if people get into that data analytics area and understand the usage of Cribl and use it wisely. I wouldn't say it is a cheap product or it is of a higher price. I would say it is really a helpful tool for any mid-level company.

I am not really sure if there are any competitors to Cribl at the moment. I would say Cribl had used its marketing strategy in a better way to advertise its brand than its competitors, and maybe that is why every company thought about it more. I did not see that much advertisement from Datadog. Most of the people still don't know about Datadog.

Datadog is famous for application performance monitoring. I would disagree with those who use it to reduce their costs, as most people would prefer to use Cribl. Cribl's major agenda is to reduce the need for Splunk licenses.

In my company, Splunk’s team uses Cribl to reduce its current number of licenses. My client does not have a very big IT infrastructure, so they have a very small infrastructure, and that may be why more people are not using it. In my previous organization, there were a lot of people who were using Cribl, where they could log their data easily.

If your organization has a lot of security data and wants to expand cybersecurity to protect your organization, and if you are using Splunk and want to reduce Splunk licenses, as Splunk has been in the market for a longer time, I recommend using Cribl. Cribl is also expanding its technology into observability and can also show dashboards or do some data analytics like that. If you talk about expenditures or investments, like if a company has a lot of money to invest, then it is okay. If a company has a very low budget, then it is good to start off with Cribl for data analytics.

For beginners, Cribl would be a tough subject because before using the tool, they need to understand the cloud, AWS, and the different data sources. Beginners won't understand what AWS or S3 is, why they need to connect them both, why they have to reduce the logs, or what the use of logs is. Cribl can be a tough subject for a person or a fresher who just passed out of college. It also depends on the background of the person using the tool. For example, if someone has taken computer networks as a major subject or has a specialization in networks, cloud management, or cloud computing, using Cribl would be a cakewalk.

You totally need to understand why you need Cribl, and so it all depends on your requirements. If my requirement is to work on log analytics, I would rate Cribl a nine out of ten. If my company is not much worried about the data analytics concept, then I would not use Cribl. Overall, I rate the tool a nine out of ten.