Cribl Reviews

I was not regularly using the same tool, but there was a time when our team needed to migrate some data from one tool to another, and during that data migration phase, we used Cribl for six to seven months. We did some coding from Splunk to Elastic to send our data logs.

Our use case was majorly to migrate our data from Splunk to ELK, which are two different observability platforms that we use in our team. Because our team was switching to Elastic, we needed the same data that we use in Splunk. In Cribl, we created pipelines and data routes to share the data. The admin side clipped the IP address from Splunk into Cribl and from Cribl to ELK, whatever the scenario was for them. Majorly, we used it for the data migration.

When managing log processing tasks, I would go with the first option regarding the user interface; it was pretty simple. It took me some time to understand the logic and how to create pipelines, but with some time, I got really comfortable, and I would really recommend it. The UI was nice, easier, and faster. In the beginning, it was a bit tricky, but once you get a hold of it, it is really nice to use.

The things that you mentioned were easy to use, and since we did not have any experience in Cribl, it was easy to code. Index is equal to this and all that; that was pretty easy. Setting our pipelines, setting the data routes, and understanding those things was pretty simple. I really liked that and the interface. When I write code, I can see on the right-hand side that the events occur. Input and output, those sort of things, I really liked all of that. It made it pretty easier to understand the data and what we had filtered there.

In Cribl, I feel that maybe I am not aware of it, or maybe it is already there, but I think if there was a way to learn more about it. There are a lot of areas to explore. For example, if my work is only around creating pipelines, I am only expert in that. If I would like to learn more about the other things that Cribl can do, I feel there is not a lot of learning material. Or maybe I have not searched enough; maybe there is because I remember we learned from Cribl only. There was a Cribl course, and then we got a little idea of it. But if I want to explore particularly in one area, like a tool can do a lot of things, so if I want to learn about the 'B' section, how it does, what it does and all that, I feel there should be an easy manual or something. Maybe there is, I am not aware of it. That is what I thought; the application was nice. After some time, we were really comfortable. But if I want to learn more, can I get those manuals easily in the market and all that? I am confused on that part. Maybe there is, but maybe I am not aware of it.

Again, maybe I am not aware of it, maybe there is already. If there is, then nice. If in the future I would like to learn more, then maybe I will go there. But if not, that would be really nice because people are really interested in this tool when it comes to migrating and all that.

Six to seven months.

The tool is stable. I would rate it a nine.

There are times when the data is not present in the second tool, the output tool. People do some monitoring on Cribl's side to see if someone turned off the data set or something like that. I think it requires a little maintenance in six to seven months, or if there is a bug. But I am not sure if that is a painful task because I am not around for that. So I am not sure how much painful that is, but I think it does require some maintenance in short to long term, at least once.

Technical support, I think nine. Nine or 9.5. Whenever needed, there were Cribl experts and all that, so they were able to resolve anything. If they needed, the support team was always there. I would say 9.5.

I have only explored Cribl, and I did get a sample box for other tools from some people on LinkedIn, but I have not tested it out. Maybe if I was primarily working on this tool, I would have explored those things. But I have not, so I am only aware of Cribl. I cannot compare with others since I have not tried them.

The initial setup process was straightforward.

I would rate the return on investment a nine.

I am not aware of the pricing because I was not a part of it. We were developers. But as far as I understood, I think it is a bit expensive. I am no one to complain, but there was this person on LinkedIn who mentioned they also have a common tool like that, and they were saying that they have a cheaper way to do it. I heard that this might be expensive. Since the cost area was all on the admin side and the architect side, we were not in the loop with the costing, but I have heard that this is expensive. There are other tools which can do the same job cheaper, but I think they also might miss some of the advantages of the tool.

Many filters we use really decreased the number of events going on, but not in the firewall. I am not aware of that; I am not an expert in that area.

Regarding the ability to contain data cost and complexity, I felt it was pretty easy. Because of the routing system and all that, I can manage my data in a certain way that you have to filter out this and that. I would say it was nice.

I do not think regarding the new search and place technology feature of Cribl Search. Maybe if I have used it, I do not feel that I remember that part, or maybe I have not.

I have mostly positive feedback with no reason to say no because I am not paying or anything, so I am not aware of the cost. Mostly because of the positive reasons, I would say it is easy to use, it is sustainable. The support is nice, the coding is quite easy to understand, there are a lot of functionalities there. You can do a lot of things, and the data migration is very easy. For all these reasons, if you are stuck between two things and majorly what our team did was use it for migration, you can always rely on Cribl. My overall rating for this product is nine.

Our main use case for Cribl is to help us reduce cost. Currently, we use the Stream and Edge products of Cribl, and it's on-premise for us. The Stream helps us with any optimization work that we have to do in terms of reduction of the data itself.

The Stream product benefits us by giving us the ability to reduce and streamline the logs flowing into our SIEM. Cribl Stream helps us optimize the data before it reaches our SIEM tools. We've performed extensive aggregation and deduplication of logs, allowing us to cut down unnecessary data before it's sent downstream. This has helped us reduce costs by controlling exactly what data gets forwarded to the SIEM.

In our case, we deal with very chatty logs, especially firewall and other network logs. Using Cribl’s aggregation and drop functions, we were able to significantly reduce the noise. We send a full copy of the raw data to S3 or another data lake, while only the reduced logs are sent to the SIEM.

Another major value we gained from Cribl was how quickly and efficiently our data pipeline became. Previously, onboarding new sources or clients was a challenge. Now, the process is semi-automated and far more streamlined compared to what we had before.

One area that could be improved is the aggregation functionality within Cribl. It's very difficult to aggregate low-volume logs because the worker processes don't share state. Since each worker process initiates separately, it becomes very challenging for aggregation to maintain a consistent state across them. As a result, aggregation becomes problematic, with different worker processes operating in different states while pulling data. A good improvement to the aggregation functionality would be if most of these events could somehow land in a central processing unit or repository, where aggregation could be applied before the data is sent downstream.

I've been using Cribl for over three years now.

I can confidently say we’re finally getting some good sleep. Before Cribl, we were constantly getting late-night calls about data flow interruptions. Migrating from those SC4S servers to Cribl worker nodes has truly been a game-changer.

In terms of scale, Cribl scales very efficiently because we do horizontal scaling. If we have a burst in data sources or an increase in data sources, all we have to do is add a new worker nodes, and usually that solves the problem.

The customer service and the technical support team at Cribl has been very helpful to us. We've had some really unique cases where sometimes they would refer us to professional services, but they would come back with solutions from someone who may have run into that similar issue and provide us with a solution without having to go through professional services. This has been very helpful.

Positive

Prior to Cribl, we were using SC4S, which had a syslog-ng engine, and we were doing a lot of manual work, especially when we had new data sources. We had to build something that didn't have a pre-built template within SC4S; it was a challenge to build out templates for it, especially with new folks joining the team sometimes who didn't have any clue about where these things were being kept. It was a huge challenge for us to build those templates for data sources that didn't have any templates at all.

We also had our heavy forwarders, which we were writing transformations and props to help us reduce data. It wasn't doing quite a very good job, and Cribl had some of these advanced functionalities such as aggregation and those drop functions, which was very easy to configure, whereas in the past with the heavy forwarders, it was very hard sometimes to even build transformations to do the same thing.

When deploying Cribl, the process went very smooth because we had a Cribl engineer on our side who helped us significantly.

In terms of pricing, we had a very good deal with Cribl. We were paying very expensive SIEM costs, and introducing Cribl into the picture was able to bring down that cost. We were able to get the setup for the whole Cribl infrastructure at little to no cost, and it definitely brought us significant value and cost savings from that direction. In terms of reduction, we were able to save almost ~40% of our total cost.

Other products that we considered throughout the process included Splunk Ingest Processor, and we did a POC on that as well. Some of the positive aspects about the Ingest Processor was that it was right at the edge of your Splunk deployment and therefore there isn't any need to deploy or reshift your infrastructure; it actually goes right into it and then feeds into your Splunk environment. In terms of the disadvantages of Splunk Ingest Processor, it has very limited functionalities compared to what we were getting from Cribl. Cribl gives us the aggregation functionality, which was a huge win for us, being able to aggregate all the events brought us huge reductions, and also the drop functionality and some really advanced functionality within the Cribl tool itself.

Based on my experience, the advice I would give to other companies considering Cribl is that your decision should be very specific to your use case but do not underestimate the amount of data you're dealing with. Data will continue to grow over time, and a tool like Cribl can significantly help reduce costs before the data is sent downstream.

Another important consideration is whether you need to send data to multiple destinations. This was a challenge for us previously, and Cribl helped simplify that process. My advice to companies is: if you're drowning in data and cost, Cribl is essential. It gives you full control over your data and makes management much easier.

As an organization, we've adopted AI heavily and integrated it into many of the tools we use today. We're actively looking to bring similar capabilities into Cribl. It's already in our pipeline, and we see strong potential in using AI to streamline how we build Packs and Pipelines. With AI integrated, we believe it could significantly reduce the time admins spend building specific pipelines for various data sources.

On a scale of one to ten, I would rate Cribl a solid nine based on what we use it for today and the value it delivers.

My primary use case for Cribl is to manage and optimize observability data before sending it to different destinations, such as routing. I deal with a very large volume of logs coming from multiple sources, including large log systems. This includes system logs, application logs, and security-related logs. Using Cribl, I can filter unnecessary logs and transform that data as required, and I can route important data to the appropriate destinations. This is very helpful to me and helps me reduce data volume and improve performance. I also use pipeline configurations to control how logs flow through the entire system. This makes it very easy for me to maintain data consistency and manage large log systems across different environments.

The most valuable thing or feature for me in Cribl is data routing and pipeline flexibility. Cribl allows me to define how data should be processed, filtered, and routed to different destinations. One of the things I also find very useful is edge processing, which allows me to process data closer to the source, which helps reduce unnecessary data and improve performance. Overall, flexibility and control over observability data are the things I appreciate most about Cribl.

Cribl handles large logs very efficiently by using its pipeline-based architecture, which I find most useful. It allows me to transform data through routing and filtering before sending it to downstream systems. When dealing with large volumes of logs, I can define pipelines that drop unnecessary fields and remove duplicate logs. There can be so many duplicates and redundancies that filtering them out significantly reduces the overall data volume. Another helpful capability is routing, which helps me route different types of logs to different destinations and prioritize fields that I want. For example, critical logs can be sent to one destination while lowering the priority of other logs, which are stored elsewhere. This helps me in large-scale log environments very effectively. Cribl also supports horizontal scaling, where I can add more worker nodes to handle increasing log volumes. This ensures my performance remains stable, even as log ingestion increases.

I have seen a decrease in logs by using pipelines, which helps me decrease logs by filtering and optimizing data before sending it downstream. For firewall logs specifically, I have seen that it helps reduce volume by filtering unnecessary or repetitive events. When a firewall device generates a large number of logs or deny logs, many of which are repetitive or not always useful, Cribl filters out the low-priority logs such as allowed traffic and routine events. I remove the unnecessary fields from firewall logs, which reduces the log size.

The main downside of Cribl is that it is not very beginner-friendly. They could include tutorials or something more interactive for beginners. For experienced users, it works well. The learning curve is significant; learning Cribl from the initial stage for someone who doesn't have any background knowledge may be difficult. Since it offers lots of flexibility with pipelines and routing, it can take time for beginners to understand how everything works properly and to complete the configuration. The initial setup is also a little complex. Additionally, Cribl has limited built-in analytics compared to dedicated monitoring tools.

I have been working with Cribl for more than one year or one and a half years.

Technical support is very helpful. My experience with Cribl support has always been positive. They do not delay responses. The documentation covers almost everything for the use case, especially all the major features they include. For any issues I encounter, I was able to resolve them by using mostly documentation and community resources without needing to contact support directly. For technical clarification, if required, the available resources including guides and examples of best practices are quite helpful. The support ecosystem around Cribl is very good, and most issues are resolved quickly.

I was previously using Splunk. Splunk was mostly used for storing, searching, and analyzing logs. Once I discovered Cribl, I found it more useful. Cribl helped me with managing, filtering, pipeline routing, and flexibility before sending data to destinations or monitoring tools. Cribl sits between a data source and an analytics tool, which helps me reduce my flow, save time, and optimize data volume. If I had to choose between Splunk and Cribl for filtering and routing, I would obviously choose Cribl. For analyzing and searching, I continue to use Splunk.

The initial deployment of Cribl is not very user-friendly for beginners. For beginners, they might find that they have to first study and get to know everything about it. Once they get used to it, they will find that it is a very useful tool. It is not very beginner-friendly, but if the user is experienced or knows the relevant terms, then it will be very easy.

For cost optimization, Cribl's pricing is moderate. I will not say it is too high or too low.

For something similar to Cribl, I have used Splunk.

The maintenance for Cribl is relatively minimal. Most of the time, I focus on monitoring pipelines, which is manual work. I check the data flow and make small adjustments as I need them. For new log sources or adding anything, that is the manual work I have to do. I also review pipeline configurations to ensure logs are being filtered and routed correctly. If there are any changes in log formats or new data sources, I update the pipelines accordingly. Monitoring system performance and ensuring the worker nodes are running properly is something I always do. If the volume of logs increases, I scale the nodes to handle the load. Overall, maintenance from my side is minimal. Once the pipelines and configurations are done, Cribl runs very smoothly with very minimal manual intervention. I would rate this review as a nine out of ten.

My use case involves analyzing very large log files coming from middleware and system log files for both functional and non-functional errors. To perform this analysis effectively, we fetch these logs into tools such as Splunk or Dynatrace, but since those tools charge based on the volume of logs ingested, it is crucial to filter out unnecessary log data. Cribl helps us by trimming irrelevant logs and enriching the data as needed based on input from different teams, allowing us to streamline our log files before sending them to analytical tools.

The best features of Cribl include its ability to handle logs, allowing us to avoid redundant data input while ensuring that we send only the information we need to analytical tools for insights. This tool excels at performing tasks on the fly and lets us run different pipelines for our logs, combining data from various sources, such as application logs, intra logs, and network logs, and customizing it according to our data center or region.

I appreciate the twenty-four seven availability of Cribl, which is essential for ensuring our data is always accessible, even during downtime. This is a significant challenge, and maintaining that availability is crucial for operational continuity.

With Cribl Edge, the centralized fleet management has simplified how we deploy, upgrade, and manage agents across our environment. We automate configuration files based on regional needs and have developed a naming convention to categorize our configurations in a way that is easily manageable through the GUI.

Cribl handles high volumes of diverse data, including logs and metrics, exceptionally well, which is why we continue using it. With large amounts of data from enterprises such as Vodafone, it is essential to trim and enrich this data to achieve good results and avoid sending garbage data to analytics tools.

Managing log processing tasks through Cribl's user interface is quite intuitive, making it user-friendly.

There is room for improvement in Cribl, as managing data from around forty thousand servers can become complex. Automating the upgrading process for the Cribl agent would significantly improve usability, especially since we sometimes experience issues when using Blade Logic for updates.

I would appreciate more automation in the processes, and I have not explored the AI features that Cribl offers, such as ChatGPT.

I have been working with Cribl for three years and three and a half years to be precise.

Cribl is a scalable product. We have challenges integrating it with data from forty thousand servers across various platforms while maintaining stability and scalability, and I would rate our scalability at nine.

From my experience, I would rate Cribl's technical support as around eight or eight and a half. There is room for improvement, especially regarding urgent issues that occur in production environments.

Positive

The deployment was initially complex, but it is now stable and functional, largely because of the thorough documentation and excellent certifications provided by Cribl.

In my company, approximately twenty-five to thirty specialists work with Cribl.

The solution saves a significant amount of time and resources. I would estimate the return on investment to be double or triple the investment we made.

The unified management provided by Cribl Edge has dramatically reduced the time and effort needed for maintaining endpoint telemetry collection. Once the handshake occurs on the server side, any issues can be quickly identified from the GUI, and we only need to configure what information we want to fetch from the agent.

For firewall logs, we define and open specific firewall ports in our configurations to either collect bidirectional or unidirectional information, depending on the server's security requirements.

I have used Cribl Search primarily for our log patterns, but my involvement has largely been from an operational perspective, with limited usage of this feature.

I find Cribl to be cheaper compared to other solutions and believe it will become a leading product in the industry due to its fast performance and excellent results. When considering log ingestion, it allows us to extract only the necessary parameters from a larger dataset, which contributes to reduced data handling and effective dashboard creation.

Maintenance is necessary, especially for upgrades, but Cribl allows for these modifications on the fly without requiring system reboots, ensuring that production is not disrupted.

I would certainly recommend this product, emphasizing its effectiveness and potential to become a leader in the field, as its marketing presence is currently less than that of competitors such as Splunk and Dynatrace. I rate this product at nine overall.

My use cases for Cribl include ETL: Extract, Transform, Load.

One thing that I like the most about Cribl is parsing data and parsing data sets for security. I would say automation use cases and detections are also great aspects.

My favorite feature of Cribl is that the UI is pretty intuitive, and they have a very good open-source platform.

One challenge that I find with Cribl is that it's nuanced, so if you're not familiar with how to do specific data transactions, it's going to be a difficult solution for someone to use. You have to be educated to a specific degree and understand data communication from beginning to end, alongside understanding the tool itself and how it operates; it can be confusing and challenging for some people if you don't understand how to use it.

I can't sit here and say that I've physically witnessed a decrease in firewall logs with Cribl, but certainly, there probably is one because of the way the redundancy is used for extracting that data. It should be something that's common-sensical or intuitive with the solution if you're utilizing it correctly, meaning you wouldn't upload gigabytes of duplicate telemetry.

My thoughts on Cribl's ability to contain data costs and complexity is that it's an accurate assessment, given that the person behind Cribl utilization is knowledgeable, but there is a steep learning curve. If you're a customer who has no idea how to use Cribl and just buy it hoping to solve your problems, it doesn't work that way. You must have some understanding of ETL in general or just source data, root data, and then what you're actually looking to transform. Just buying Cribl hoping it will solve all your problems is far from the truth. Although Cribl is a great product, you wouldn't give a Ferrari to your sixteen-year-old son right when they get their driver's license; that's the best analogy I can give. Cribl is a Ferrari for data analytics and monitoring, but you don't hand over the power or weaponize that tool for someone who doesn't know how to use it. A customer can definitely do all the things that Cribl claims, but it comes at a steep learning curve and that intuitive cost.

I have been using Cribl in my career for probably over seven years, maybe longer, and I can't recall the first time, but it's been years though. I would say close to a decade.

I haven't personally witnessed any instability with Cribl, and any instability I have seen was caused by user error. This means performing a function within Cribl and then getting error outputs because of something, such as how the data transaction was communicated. I have heard of an issue where too much data gets backed up, but I can't think of the specific term Cribl uses for it. Such issues are fairly common.

Cribl is good for scalability, making it a good product for any organization looking to do data transformation, whether small to medium businesses or large corporations.

I have contacted customer support for Cribl, but it wasn't for anything operational; it was for some knowledge base articles. Their customer support is extremely responsive and very communicative.

If I were to put their support on a scale from one to ten, I would probably give them an eight.

Positive

There are plenty of alternatives out there.

The closest one in terms of quality and tools that comes to mind for data management is BindPlane, but those two are not comparable. There are other solutions as well, but there's really nothing Cribl. Other solutions such as Axiom also come to mind, but again, you're talking about comparing Ferraris to Volkswagens or some other vehicle. Comparatively speaking, I can't really think of a solution that operates as well.

A capable engineer should be able to deploy Cribl with ease. As I stated before, the open-source knowledge base is extremely thorough, and one with an engineering background shouldn't have a problem standing up Cribl; it should be pretty easy. The nuance comes with doing data transformation within Cribl, using pipelines, packs, and their specific solutions, which might present a learning curve. However, standing up the solution operationally is pretty straightforward.

Regarding whether one person can do the deployment or if a team is needed, the answer isn't straightforward. In a small to medium business environment, I would say one person can do it. However, for organization-wide deployment, it depends on how efficient, effective, and optimized you want to be. You can't just respond with a direct answer; you have to ask what kind of outcomes and timelines you're looking to achieve. If you're asking me straightforwardly if one person can do it, I would say it's possible, but it's a very misleading answer.

For pricing, I would say that Cribl is pretty standard across any of these other organizations, and it's pretty comparative depending on the ingest. Some people have different licensing models, and you have to consider ingest, scale, and what you're taking in and putting out. For instance, a license for Cribl would be five hundred thousand plus your ingest costs for your datasets, such as all your syslog and your third-party data sources. That being said, there are other organizations that have different pricing models, so it's hard to do a straightforward comparison. Axiom, for example, might have an all-inclusive licensing model around two hundred fifty thousand to three hundred thousand. To do a proper comparison, you would have to look at all the caveats. Overall, the pricing model for Cribl is pretty standard and straightforward.

Cribl does require maintenance from the user. You need to ensure that you're updating, including comments, service versions, and that sort of regular operational maintenance. It depends on specific endpoints and end-of-life considerations, but the general answer would be that you definitely need to maintain Cribl. You can't just deploy it and say you're done.

Transform data and reduce ingest licencing in other products (Splunk).

I have seen a decrease in logs with Cribl, but I think a lot of people expect it to decrease significantly; we are just slowing down the increase. People need to take into account that the log growth is exponential. I think this is a good takeaway. Also you get your investment back the moment you prolong your other solutions where the ingestion has decreased not sooner.

I think that most people use Cribl Stream, but not the other products; they mainly have the use case to reduce data. To get the other products to work for customers, there need to be better solutions, and it needs to be crystal clear what the product will bring them.

Searching data on the source, is not yet wanted/allowed by companies due to (to my opinion) outdated security rules.

that the right data is in the right place. talking about transforming and only sending the parts of the logs that are useful, reduce of noise.

I think the best features in Cribl are that you can do everything via the UI, making it very user-friendly, and you can see examples of the data live to preview your processing.

Using Cribl for five years has simplified a lot of use cases when onboarding data, and because it is simplified, it takes less time, which is a huge win.

I think a lot of companies would benefit from a smaller starting license. Perhaps make it free till 100GB for 1st year, that way companies will adopt easier.

I have been working with Cribl for five years.

I would rate the stability an eight out of ten because, although I rarely experience downtime, I would say it's an eight out of ten.

Cribl works fine if you scale properly, handling high volumes of diverse data like logs and metrics effectively.

Cribl is scalable for my organization and I would rate it a nine, but when onboarding a new data stream, it is sometimes hard to know how much impact it will have in your environment. Based on some calculating figures, you don't know beforehand what the impact will be.

I would rate the technical support for Cribl a nine.

Positive

No, other companies offer bits and pieces of what Cribl does, but not a comparable solution.

My experience with the deployment of Cribl is that it's really easy.

It takes a day to instrument Cribl, but onboarding all the data takes weeks.

In my company, Cribl is purchased directly, but in another company I worked with, it was via a partner.

Its an easy win for larger companies, other ingestion costs are for instance 600 dollars per GB per year and cribl maybe like a 100, thats a 500$ win per gb, so easy to get money back. the starting license however is 1tb which might by a drawback for smaller companies.

Its an easy win for larger companies, other ingestion costs are for instance 600 dollars per GB per year and cribl maybe like a 100, thats a 500$ win per gb, so easy to get money back. the starting license however is 1tb which might by a drawback for smaller companies.

I think Cribl is quite a unique product with no real competitors; there are competitors that do bits and pieces, but not the full product. If you take Splunk, you can do bits but you cannot send your data to other platforms, so it isn't really a comparison.

There are no cons for Cribl that I can think of.

Approximately 15 users work with Cribl in my organization because we don't allow everybody access, so it's local.

Cribl does not require much maintenance; just some updates from time to time, but those are really easy.

I do not use the new Search-in-place technology in Cribl Search because it's not allowed in the company that I work for.

I give Cribl a nine because it is very simple to use and it covers a lot of use cases. Best part is you can talk directly to developers / technical support on slack.

My use cases for Cribl basically involve being part of a Splunk theme organization where I was brought in to do a soft confirmation program, and I was onboarding more and more logs into Cribl as my license costs kept going up. We did some filtering using Cribl.

What I liked the most about Cribl is the way it handled firewall logs and the way it could handle Microsoft Windows server logs as well.

Cribl's ability to contain data cost and complexity is actually very good. I don't have a problem with Cribl whatsoever. It's not one of those products that says it does something it doesn't. I still think that vendors trying to compete against Cribl are going to lose this one.

Cribl handles high volumes of diverse data types such as logs and metrics very well. I was handling approximately three terabytes of logs a day, and I have had no problems with it at all. I'm sure there are bigger organizations out there, but three terabytes is still substantial. The enterprise organization I worked for had over a hundred thousand employees on a global scale and twenty thousand servers, so it's a big company.

Some downsides of Cribl include that it was quite a long sales cycle for us, but that was probably partly my fault as well. There weren't really any negatives on the product itself.

Cribl can do better by tightening up their Cribl packs, as I think there were numerous flavors of different configurations that weren't supported. There were a lot of unsupported Cribl packs and they probably need to get that certified or do something about that.

I have been using Cribl in my career for about two years in a previous role.

Regarding stability, I have not seen any lagging, crashes, or downtime at all with Cribl.

Regarding scalability, we obviously worked for a larger enterprise-based organization, and we had to build resilience into our solution. Cribl was scalable, so there were no problems with it.

I know we had access to Cribl University. I don't think we actually made any calls to Cribl support.

Neutral

I have used alternatives, and we evaluated the Splunk offering. I can't remember the name of it now. Splunk had a name for it, but that wasn't as good because it didn't actually segment the logs into different buckets. I had to ingest the whole bucket, and I didn't want that. We did look at other products on the marketplace, but obviously vendor-specific to Splunk.

The initial deployment was easy. We had a design, and we went through our own processes internally to get that all done. We put some exceptions criteria in place for what we did, and we built it out in the cloud, and we did the connections cloud to cloud. It was paced as easy.

For the deployment, we had two people: my internal guy and the Cribl presales engineer who helped me out.

I have seen a decrease in firewall logs with Cribl of about seventy percent.

Regarding current pricing, it was based on an ingress-based model that we used, and it was favorable. It was cheaper than the Splunk license. We didn't have a problem with the purchase.

It took us only a couple of weeks to fully deploy Cribl. We got it up and running, went through batches of what we were doing, and set up the Cribl stream and the heavy forwarders, and got all that working. It wasn't too bad. We looked at some of the Cribl packs, which are the predefined configurations. It was easy to get set up. It was cloud to AWS cloud in our case.

Cribl did not require any maintenance on my end. I'm not the technical person; I'm the program manager. I would rate this product an 8 out of 10.

I recommend Cribl as a solution to customers who have a lot of telemetry data because it provides flexibility within data routing.

It saves us a lot of time because the auto-deploy and auto-updates from one central panel is much easier to manage. When managing deployments manually, it takes 10, 15, or 20 times more time compared to using a central management UI.

One advantage we've seen is that during customer presentations, we can ask customers which specific use case they want us to present, and then we can use Cribl AI to present that. This has enabled us to present use cases that aren't even security telemetry.

We had a use case where we didn't know how to proceed at all, so Cribl helped us 100 percent. We didn't have any knowledge going in on how to collect temperature data and harmonize it into one format when the customer wanted us to showcase different temperature scales such as Fahrenheit and Celsius, along with different decimal separators like commas and dots.

Cribl is very easy to get started with, and you can get going very quickly. It has an interface that is very user-friendly, so you can set it up and start connecting sources with consumers fairly quickly.

Cribl offers a lot of what they call packs, which are valuable resources. However, I do think you need to be a pretty technical person in order to make sense of the UI. The product is not easy to use for just anyone.

Cribl works well and is fairly easy to set up, especially with firewalls, which are one of the baseline use cases. As long as there are packs available, it's a really good product and easy to manage. However, if there are no packs and you need to code it yourself, the learning curve is a bit steep. Thankfully, Cribl AI is now available, so you can prompt inside the tool and get help on how to set up all of the different rules.

One thing I think is that Cribl is very dependent on the packs. If you don't have packs and you need to do things on your own, it's not trivial. You'll have to make a real investment in training and experimentation.

Cribl needs to think more broadly. The product really comes down to having a higher level of flexibility in data routing. You can send data to multiple destinations at the same time and you're not locked into anything.

I would like to see an investment in a broader range of use cases beyond security telemetry data. For instance, I know that the railway industry is very interested in finding data pipeline tools for the data that trains create when they're driving.

I have been using Cribl for about two years now.

Cribl is very stable and scales really well. Besides the fact that the worker nodes consume a lot of resources if you push them, it scales very well. It's easy to spin up new nodes, and they're very stable.

I think the Cribl team is awesome. In Sweden, they're really great. The cybersecurity market in Sweden isn't that big, so it's the same people working in the industry. The Cribl team in Sweden is really a great team, and it works really well with our organization.

I work with Logstash and Gigamon, which are the main two tools I've worked with. You can also do some things in the command line, but they're more efficient with how you integrate, so that's another way to do it.

Cribl feels a lot easier to use and more intuitive. It gives you more capability, and you don't have to work as hard to set things up.

Cribl is a little bit more pricey than Logstash, which is one disadvantage.

I strongly recommend doing a proof of concept to see Cribl in action and always do an ROI calculation. Don't be surprised if you save money in the end on investing in Cribl.

I work with Logstash and Gigamon, which are the main two tools I've worked with. You can also do some things in the command line, but they're more efficient with how you integrate, so that's another way to do it.

If you're very efficient in Splunk or in Sentinel, then you could argue that you don't need Cribl because you won't save that much money. However, they are two different products with their own pros and cons.

Cribl is very focused on security telemetry, but I feel their product has really good use cases for other things, such as the temperature example I referenced earlier.

Cribl is not a solution for the smallest customers because you need to have a certain throughput of volume. If you have just 200 users, then Cribl is not the appropriate tool to discuss.

The main product we work with is Cribl Stream. I would give Cribl a rating of 9 out of 10.