Cribl Reviews

We use Cribl for log management.

Cribl has the ability to send data to different destinations, making it a vendor-agnostic tool. For log management, we can parse values or enhance fields at Cribl level and then send it to different destinations such as S3, Splunk, Elastic, or other destinations. This feature is the one I love most because it acts as an intermediate heavy forwarder which can route data to different destinations.

Cribl is intuitive and user-friendly in navigating the UI.

Some of the integrations such as SNMP need improvement, and I feel Cribl should improve on SNMP integration and also on the database monitoring space. These two areas need improvement.

I have been using it for one and a half to two years.

Cribl handles volume of logs effectively. In case of any issues, Cribl support does their job in resolving the issues. Overall, it handles the volume of logs very effectively.

I rate the technical support for Cribl as nine out of ten.

Cribl is solving these issues and bridging the gap. There is Splunk which is equivalent to Cribl, but Cribl is currently leading in this space. There may be other alternatives, but they are still in evolving phase. Cribl is a mature product.

Cribl is easy to deploy. Spinning it up does not take much time, just about a week's time. However, getting the data in and configuring those destination sources will take time.

For scalability, I would rate it as nine out of ten.

I am not aware of the data cost. However, Cribl solves the complexity of having different agents installed. If we shift from Splunk to Elastic, we would have to get a new agent installed and point our applications to Elastic. With Cribl, it solves the complexity of having multiple agents in between and forwarding data. We can forward it to Cribl and then Cribl can send it to wherever we like. This kind of complexity is something it solves.

Big businesses use Cribl.

I assess the stability of Cribl as eight out of ten. I recommend Cribl for others looking to implement this product. I would rate Cribl overall as eight out of ten.

My main use case for Cribl is to send and process logs from our AWS network and multiple other cloud networks to an S3 bucket to store the logs as well as to stream the logs to other service providers like Logz.io where we will set up a logging and alerting platform.

A quick specific example of how I'm using Cribl in this process is that we have been using different types of logs such as Python from ECS and EKS Kubernetes-based logs, and all those logs are in different formats. We add all the logs from different streams to Cribl and then from there we add specific formats and add certain tags to those logs so that it is easy to format and set alerts at the logging level.

Cribl is very useful because we have multiple clouds and it has been processing our logs from multiple different platforms into a single one, and it is processing to multiple other platforms as well. It is used as a bridge to stream and process the logs.

One of the best features Cribl offers is that it runs on Kubernetes clusters, which is easy to manage and comes with easier upgrades. It is very compatible with container-based environments and supports multiple different types of logs. It has many connectors and can send to many endpoints. The workflow features are also strong.

The compatibility with container-based environments has made my day-to-day work easier because it supports Kubernetes. In day-to-day work it is mostly useful for container-based logs because we mostly run on Kubernetes and ECS. We are a completely container-based organization, so most of our logs are container-based logs and application-based logs. All those logs are easily processed from Cribl.

Cribl has positively impacted my organization in terms of efficiency. We used to run on Lambda functions in AWS, which is an older process, and we used to drop many of our logs, which was problematic because those are necessary for future use cases. Now everything is working well.

This has impacted troubleshooting and compliance in my team because we are able to keep the logs indefinitely. There is no drop in the logs and no loss of the logs. This has impacted my team meaningfully because we have all the logs, we have very strict monitoring, and compatibility with all of our standards.

I think Cribl can be improved because I do not believe it is a mature product. It has gone down many times and when we are doing upgrades, many things break and we face a lot of issues, especially with scaling. If the logs are high volume, most of the time it is down or some connectors are down and it is not performing as well as we thought.

Moving from version 3 to version 4 became very difficult during the upgrade. The scalability issue is very problematic. We are running on Kubernetes and there are a lot of issues with respect to scaling. When we have more logs coming in, the connectors are failing.

I would like to see other improvements with Cribl beyond scaling and upgrades. The product should be more mature and the documentation can be improved.

I have been using Cribl for four years.

Cribl is not really stable, although it may become stable. It is close.

Cribl's scalability is not great.

The customer support is also not great. They are connecting with us, but they are not able to figure out solutions very quickly. They may need more knowledge.

I previously used a different solution, which was Lambda functions. It was highly costly and it used to drop many of our metrics and logs, which was problematic.

I assess Cribl's ability to handle high volumes of diverse data types such as logs and metrics. I think it is feature-rich, but the scalability and reliability are major issues.

I am using the new search in place technology feature of Cribl Search, and the search is good. However, we need to go into the particular workflow and then from there we need to do the search. It is not a global search, which is not a good sign.

I have seen a return on investment. With respect to money, the savings are not significant. With respect to time, there is a little bit of saving, but because things broke during the upgrade, we needed to go back to the older methods of using Lambda. In terms of employees, we did decrease the employee count, but I do not know if Cribl is really the reason for that.

My experience with pricing, setup cost, and licensing shows that I am not completely involved in the pricing part, but I did participate in the setup part. Cribl provided an image and we used that image. It is also publicly available and it is not difficult to set up in a Kubernetes cluster. I think it is easy.

Before choosing Cribl, I was not part of the team which explored Cribl. I was already part of the team implementing Cribl. We used to use Lambda functions and then we moved to Cribl. I am not sure which other options were explored.

My advice to others looking into using Cribl is that if you are not a billion dollar company or if you are a startup that does not want to go into reinventing the wheel by writing all the code, Cribl is a great solution for streaming logs. I would rate this review a 6 out of 10.

My current use cases for Cribl involve how the telemetry data moves. We have instrumented our observability backend related services, which we use specifically for our business logic. Basically, how it works is there is something called Autopage where we have all the details of whatever data was just coming in terms of from the adapters of AWS. There, we have Cribl deployed even when no queue queue Kubernetes cluster exists. We have these things and we're very well organized. Most of the use cases are on Kubernetes where we have better observability because Kubernetes generates a lot of traces, and manually, it is very difficult to manage all these things. Cribl plays a good amount of role to summarize everything properly provided all the information.

What I like the most about Cribl is that it extracts the spans very well. Honeycomb does the same thing, but Cribl does it a little bit better than that. We can route one stream from too many destinations with no problem. We have configured a center table easy instance, and we have also tried with the cloud solution. When we send the data in, it just gets extracted in different telemetry solutions such as signals and data doc. It provides all those enriched data with all the details. For example, we gave user ID as one of the attributes we wanted, and it mapped email on top automatically. So it becomes very easy to identify which customer has a problem during incidents and other things.

I'm not the right person to ask this because I only configured it for providing certain specific things. If I say one negative thing, the setup is a little bit trickier because observability setups are generally trickier.

I have been using Cribl in my career for six and a half months.

Regarding stability, I don't really face any lagging or crashing, but that comes with not a lot of data being injected there. If a very high cardinal solution or high cardinal metrics goes in, there might be some issues, but I haven't faced any problem that way till now.

Scalability, stability, and reliability can only be judged when you have a huge amount of data. Our current organization doesn't deal with a huge amount of data. What we have is around two hundred to three hundred GB of data that we are moving daily. Out of that, whatever telemetry we are getting from our total collector, there's something which we are directing to this, and this is providing to our other solutions out there such as Datadog and Honeycomb. Basically, we are not facing any problem as of now in terms of stability, reliability, and scalability.

In terms of technical support, I have not had to contact them about anything. Technical solutions are shifting now. People are more identifying things on their own, and we have a lot of solutions coming, so it's very easy now.

The initial deployment setup of Cribl was relatively easy for the first time. This comes after a certain new experience that I have. For a very new person who doesn't understand much about observability, it might be a tricky solution. When you are working with an OLTP kind of solution, versioning, pipeline, learning, and coverage are important parts. Once you have that, everything works accordingly. You just have to figure out how it will work.

I really enjoyed working with the open telemetry collectors. I have tried with some AI-related implementations. We have a vector database in the backend, and it has given us a good amount of data transformation depth, which was really good. That has given us more usage context for what we are providing to the AI model. This is a service what we had in AWS Bedrock where we were running an NLM solution. That has given us good amount of insights whether this is properly working or not. The only problem was there was no token count. For that, I have to use some different solution. For a specific integration, I would be very happy if I could get some other solution which provides me the token information also. How much token I have been consuming is not there right now in any of the auxiliary tools. I have to do it via some other aspect. No complaints with Cribl. Cribl actually has sorted out our problems, but it will probably be better.

For the deployment of Cribl, I have done the complete deployment without anyone's help. I took some documentation that they have and used it for certain structural things. For our department's sake, I deploy our changes directly without any problem.

I have seen a decrease in firewall logs with Cribl. Sampling is enabled and definitely that is something which I have actually seen a good amount of reduction in. The logs are really high, so what we had previously because a lot of those kinds of things happen on the valve, followed by a lot of things that happen on our product. Because of that, the logs get filled up very fast, and we store all those logs in history. When I compared the situation after Cribl and when we actually validated whether the amount of logs in the history compared to what they were before, the growth results significantly decreased. I don't have a number in mind right now, but I have documented it somewhere.

Regarding the pricing of Cribl, I'm not the right person to talk about pricing because all these things are taken care of by our VP of engineering. I suggested them to ship also, and then we are on a pilot with them. We have not paid any money to them yet. With respect to this current Cribl implementation, I am not hundred percent sure what we have actually done. I can answer the technical aspect of it, but the financial part is something that's out of my scope right now.

When it comes to using any similar solutions to Cribl, there are not really alternatives. We have used Chip, if you have heard of it. But the use cases are a little bit different. Chip is something which provides more enhanced metrics on top of existing metrics of what we have. So we don't have to look at ten different metrics, and we can use this. They have run a pilot with us a while back, but they are focused mainly on Kubernetes clusters, whereas our solution is more tied to the instances and other things. These are not a cluster mode running. In our case, it has given us significant value.

Regarding Cribl's ability to handle high volumes of diverse data types, for logs, it is something we have used. We have used it specifically, and I'm not saying I know how to use it completely, but not that much, to be honest. It's okay what we have done.

In my experience with Cribl's new search in place technology, Cribl search, I find the user interface when managing log processing tasks to be decent. I don't have any complaints.

I would give Cribl an overall rating of eight out of ten.

We mainly use Cribl for data optimization and log reporting to clean up the data and determine how to pass and provide this data to Splunk, which we are using. Cribl serves as a pipeline for us.

Cribl has impacted our organization very positively. Our management team was previously very concerned about costs. If we were using the traditional method, we would be giving every log to Splunk, and it became very messy and tough to handle. Because of Cribl, we have experienced very high impact in cost efficiency, data clarity, and data optimization. It has been a very big impact.

The best feature is data cleaning and data optimization, which has reduced our costs significantly. Cost optimization can be counted as one of the valuable features.

My experience with the UI is very decent compared to others, and it is very good.

Cribl handles fire logs very well because we are getting logs from many of our applications. We collect the data from APIs and everything, and it works very well with fire logs.

Cribl has handled our needs very easily and very stably. We have depended on it, and it works very well. Data costs have become very low, making it more reliable in terms of cost efficiency.

The main improvement is to provide a very clear and comprehensive user manual.

Another main improvement I would like to see is if we could get an advanced monitoring system or advanced monitoring capability, we could use Cribl in a very advanced way.

We have been using Cribl for mainly around ten months.

Cribl is very stable. Once the pipeline is configured properly, it runs consistently, even with high volume. We have not faced any major issues.

From my experience, Cribl is quite scalable and very scalable. We are using it with very high volume, and it is very scalable.

Cribl's customer service is good. We have tried contacting them one or two or three times, and it has been good.

We are using Splunk currently, but we were giving logs directly to Splunk without any clarity, without any cleaning, and without any optimization. We were giving everything to Splunk, and because of this, it became very messy. We had to make a call to Splunk's help section for assistance. Now that we are using Cribl, it is very good, and we do not have to rely on Splunk's support to help us.

Cribl's initial setup is quite complex. That is why I am recommending that they provide a very comprehensive user manual.

We integrated Cribl by ourselves.

Cribl is reliable, and while the ROI is not as significant as other metrics, we have already exceeded it because the costs are very low.

The costing part is not something I directly handle, but from what I know, the setup cost is very low.

We have not checked any other options because this option has matched our requirements.

I would like to recommend providing a very clear and comprehensive user manual so that any newcomer or new customer can understand it very easily. Our review rating for Cribl is nine.

I use Cribl for filtering service logs and reducing data volume before sending to Splunk to cut storage costs, and it is mostly for logs sharing while I am working in the PLM environment.

I have experience with Cribl Stream, and in that, I appreciate data routing, data processing, and reduction because it filters out unwanted fields, helps in removing redundant data, and has good integration support.

I have observed approximately 60% reduction in firewall logs.

Cribl was able to handle the volume of different data types, such as logs and metrics, and that is why I found it valuable. It is a good monitoring tool, and although there is a steep learning curve, once you gain hands-on experience, it is quite good.

I save roughly around 30 to 50% of operational time in log handling and everything.

I find it quite stable, and I would give it a nine.

Scalability is highly achievable with its distributed leader-worker architecture, so I would rate that a ten.

I would definitely recommend Cribl to other users because it has helped me reduce my log handling time by 40 to 50%, and it also reduces the log volume by 30 to 40%, which cuts storage and SIEM costs. Additionally, the good real-time data processing filters and transforms the data before sending it to the tools. I would definitely recommend it to new users or prospective users.

When I started using Cribl interface for managing log processing tasks, it was difficult for me to navigate because it took me a month or two to gain fluency with the software since I did not have hands-on experience initially, and I found that the documentation is not thorough enough to help users navigate how to use Cribl.

The areas that have room for improvement include the documentation because it can be improved, mostly the documentation. Otherwise, I appreciate Cribl Stream, and for new users, it should be easier to understand and learn how to use the tool and how it can help them.

I have been using Cribl Stream for one year, 13 to 14 months.

I find Cribl quite stable, and I would give it a nine.

Scalability is highly achievable with its distributed leader-worker architecture, so I would rate that a ten.

I would rate the technical support an eight.

I have used DataDog, and I find that Cribl is more about controlling the data before it reaches the tools, while DataDog is more about analyzing the data after it arrives, so there is a clear difference between both tools. However, it really depends on what you are using it for.

It is not on-cloud; it is a hybrid model for deployment.

Cribl does require maintenance, and that part is also maintained by one of our team members who handles the versioning, maintenance, and any new releases, so it is pretty taken care of, and I have not heard a complaint from him about anything, so it must be good.

I do not know about the pricing because I have not purchased it, as it was given to me by my organization.

I have not used Cribl Search yet, which includes the new Search in Place technology.

I have used Cribl Edge once; it is a data collection agent, but I have not used it that much as I mainly use Cribl Stream.

There are roughly three to four users using Cribl right now; it is a small team of people.

I would give this review an overall rating of nine.

A few use cases for Cribl include mainly reducing the amount of data that goes into our CM solution by reducing the data that flows through and only sending the important data into our CM solution.

With Cribl, I have seen a decrease in firewall logs as we send a lot of firewall logs into Cribl, aggregating and reducing the log size by aggregation or removing unwanted data, which works smoothly. Anything with logs—firewall, network logs, DNS logs—works fine.

Cribl does a great job at containing data costs, which is our major use case to reduce data costs for the CM solution, and we do that quite efficiently with Cribl by aggregating the data, masking unnecessary parts, and changing the structure into key-value pairs, thus reducing the cost significantly.

What I like about Cribl is that it is quite easy to use because everything is via UI, so there is no coding involved, making it more like a drag and drop functionality to add your items. It is an easy tool, easy to learn, and handy, allowing a lot more to be done without requiring extensive coding.

Cribl UI feels quite intuitive based on my experience after using Cribl for four years with my team and other vendors. It is easy to use, allowing many people to work at the same time, and versioning is already integrated. The same packs can be used with different machines and different workflows, which is also a good part. Cribl provides free education, unlike other tools, allowing us to learn the necessary skills and implement them in the actual production environment.

Cribl brings significant benefits like cost-effectiveness, reducing CM costs, and making our data vendor-agnostic since data flows through Cribl. If I decide to change my CM solution later, it will be an easy switch. Complex data can be simplified into easier formats like key-value pairs, making our current use cases streamlined.

I would like to see improvements in the metrics and traces, as Cribl is currently more geared towards logs, making it hard to get very long traces to view in the UI when they are quite big. I have not used metrics much because I am aware of the issues Cribl has with handling proper metrics, particularly with multi-metrics when there are multiple dimensions into a single metric. We use Cribl nearly 99.9% for logs only, not for metrics and traces, but I hope to see improvements in the future.

On the other hand, I would like to see improvements in pack management, which is currently a mess with no way to manage packs differently across worker groups. I also wish Cribl would introduce more functions, as sometimes we have to create more JavaScript functions ourselves. Aside from that, everything is going well, especially with recent AI integrations.

I have been working with Cribl for four years.

Cribl is pretty stable, with me experiencing only minor hiccups and no major alarms. Previous data loss issues have been resolved over the past two and a half years, making it a stable option.

I consider Cribl scalable as we are using the Kubernetes version, and I have seen that scaling is manageable. We have also checked on-prem and found similar results, confirming it to be a scalable solution.

Cribl technical support is generally good, albeit sometimes inconsistent. The U.S. team is excellent once a ticket is escalated, while the support in Germany or Europe could be improved. I would rate the technical support at a seven on a scale of one to ten.

Positive

Prior to Cribl, I had not used any different product of the same kind, which is an advantage for Cribl. While there are a few products emerging now, the last time I checked, they were not equivalent to Cribl.

Cribl initial setup was not complex because Cribl is very similar to another product we used for multiple years, allowing us to extend scripts easily. I would say installation is pretty straightforward, and the documentation and education provided by Cribl greatly aids the process.

Our deployment was primarily in-house, with initial assistance from Cribl engineers. We have managed it internally for the last three and a half years.

Regarding ROI, Cribl reduces our CM cost by about twenty to twenty-five percent due to the data that is flowing in and reducing the overall amount.

I did not evaluate any other options before choosing Cribl since there was hardly anything on the market like it at that time, although I see a couple of viable options now.

My advice for organizations considering Cribl is that it is a nice tool, very effective with limited competition, but you should plan thoroughly regarding your use case to avoid wasting licenses. It is essential to implement something significant, considering the infrastructure as well. I rate Cribl at an eight overall.

Our main use case for Cribl was SIEM migration, where we merged multiple SIEM solutions to a single SIEM solution. SIEM migration was the most major use case we were looking for. The second use case was a manageable logging solution which could have a nice interface and would be easy to manage. Data cutoff or Log Filtering was the third biggest use case we were looking for, where we were seeking data reduction to define what we need and don't need. Additionally, we performed data masking for PII i.e. payments and medical data. These were the main use cases that were all provided by Cribl.

My previous company did a significant amount of business using Cribl, particularly in servicing customers who had a perfect fit for the solution. From a consultant's perspective, I can say that we resold licenses for Cribl, delivered services related to Cribl, and also provided maintenance services. This brought a decent amount of business to our company.

Regarding the reduction in firewall logs due to Cribl, it did influence our overall data processing and workflow. For example, the AWS VPC flow logs were greatly reduced in size, which had a substantial impact on the licensing costs for destination platforms. It did help us and the customer quite a bit. Cribl's role in its reduction of firewall logs, either cloud or on-prem, was vital.

The data cost is an important aspect. Cribl is specifically designed to reduce the data costs associated with the destination platform. This is one of its core offerings.

Regarding platform usability, the Cribl interface is quite intuitive and easy to use. The navigation and seperate sections are easily accessible, making it very user-friendly. The color scheme and palette are excellent, and there’s nothing messy or unmanaged about the user interface. Overall, I personally find the user interface to be very comforting.

The features of Cribl I have found most valuable include its SIEM migration capability. It facilitates migration quite nicely. The data reduction and preprocessing capabilities make Cribl really unique. Data masking is an important one. And as Cribl Stream can be deployed on-prem, on cloud or as a hybrid model, its support for every sort of enterprise estate is highly appreciated.  

The UI interface is very good. It's user-friendly, intuitive, not complicated, and sufficient. It's not more than what it needs to be, and it's simple without being overly complicated.

They've already done many good things with the product, but perhaps they could implement a temporary SIEM solution where we could store logs and display them as a SIEM, though I think that's not the space that Cribl is actually looking into. Based on my experience, this product is brilliant and there isn't much or anything important lacking in the product.

We encountered some occasional issues with the syslog data stream, particularly when handling large data volume, and getting it to parse and field extracted correctly, but no major alarms that would halt the days operation. There were few source vendor specific challenges, but overall, I didn't notice anything major beyond that. Most of the process went smoothly. However, we did need to carry some troubleshooting to resolve the issues we faced while connecting with other platforms and few data stream miss-behaving, which wasn't a straightforward task for us. In terms of large datasets—whether they originated from network inputs, virtual machines, or cloud instances—ingesting the data into the destination was relatively easy. In summary, aside from the usual difficulties or issues that someone could face with any project, everything else went well.

I have been working with Cribl for more than four years now.

Cribl is quite stable and doesn't crash; there's no unusual behavior. If it's stable, then it's reliable. I could see the data that goes in and how it is being processed at each stage. There are no concerns when Cribl is working in production environment.

Cribl is quite scalable, as we could add worker nodes as our data grows, so it's sufficiently scalable and able to facilitate as much data as there can be.

Their technical support has been really great, and solution architects we worked with were really knowledgeable. They had extensive expertise with the product and were able to facilitate with everything we needed. The experience with Cribl technical staff has been one of the best.

Positive

For similar use cases, different companies were using different tactical solutions i.e. custom scripting. None of the solutions were strategic and well thought through. Some were using scripting, some were not utilizing anything. Some were ingesting into the SIEM and then doing all the tasks which should be done pre-ingestion. There was a lot of disorganization, and Cribl had really found the gap where they could offer their services.

I performed the entire setup of the Cribl infrastructure.

With the Cribl Stream setup, I first had to initiate the tenant. Once the tenant was provisioned, I configured IAM setup i.e SSO, RBAC etc. I onboarded the data sources and deployed the worker nodes to the appropriate locations. These locations could be various subnets, cloud virtual machines, on-premises virtual machines, or any ready-to-use Cribl cloud workers  we needed. The process depended on the company's IT infrastructure. After the worker nodes were set up, it was simply a matter of onboarding the data stream into the platform and then directing it to the destination platforms.

As for Cribl's deployment, it operates in a hybrid environment, utilizing both cloud and on-premises solutions, tailored to meet the needs of different customers.

I delivered Cribl services as a Certified Cribl Consultant to various customers. Cribl technical support was arranged whenever there was a need for it.

We have managed to save significant money and resources for multiple customers, reducing operational complexity and the cost of destination platforms but unfortunately I cannot quote specific numbers due to NDA. 

Cribl is very inexpensive, with enterprise pricing around 30 cents per GB, which is really decent. Organizations looking to ingest terabytes or petabytes of data each day find it quite an inexpensive solution. The pricing model for Cribl Stream is one of the best values that customers would be getting, and I don't think any other solution offers this much value at this price point.

Confluent was considered, but Cribl emerged as the best solution.

I would rate Cribl an eight out of ten.

Our use case for Cribl is that we want to make sure that we parse everything correctly, and it is easier for us to transfer our data in our system in a more compact way; it runs smoothly.

We're in the beginning stage of using Cribl, but the reduction in firewall logs will help significantly with processing speed. We just worked on handling high volumes of diverse data including logs, metrics, and files last week, and it ran very smoothly with quick processing.

The best feature about Cribl is how easy it is to move; the UI is very simple, everything is very neat, and everything is organized. We have been dealing with Cribl extensively recently.

Cribl is awesome. The university offers a lot of great resources, but there could be more detailed information about Cribl itself. It would be helpful to have a step-by-step guide that covers everything from the basics. Since Cribl is such a large platform with numerous features, having a clear, structured approach would make it easier for me and others to understand and utilize its capabilities.

I believe it would be beneficial to have a step-by-step guide for users on our endpoint. This would make it easier for them to understand how to use it. When I explored the endpoint, I found myself wishing for clearer instructions presented in a sequential manner. This is just a small critique based on my experience using it so far.

We started using Cribl around three months ago.

I would rate stability as a nine; nothing is perfect, but it's great. 

I would definitely give scalability a nine as in terms of what we're seeing and thinking about, it's solid.

We have around eight or nine users. Everyone is touching base with it. For now, it will stay at eight unless we expand. We are going through an expansion, so it’s possible we might increase the number of users; but for now, we’re steady at our current count. We are a medium-sized business.

Their customer support is fantastic.

Positive

We were using a manual solution previously; this transition to Cribl is our first time implementing an automated solution.

We are typically on-premises. I believe Cribl is currently focused more on the OT side because the primary customer base is more enterprise-oriented. OT relies heavily on this. However, if I'm not mistaken, we operate in an on-premises or hybrid environment; we are definitely not using the cloud.

We are still in the process of deployment, and so far, the deployment has been going fairly well and has been relatively quick for us.

We are in the transitioning stage; we're implementing everything from square one with our team, participating in daily calls to make that happen. We are experiencing some issues with data transfer and parsing errors, which is extending our SIEM transfer time.

Based on what our managers say, we have saved a significant amount of time and resources moving from a manual approach to something that's more automated.

As I visited different booths at the conference, I realized that I still prefer Cribl. Even though I haven't worked with any other platforms, I was impressed by how everything is laid out and how simple it feels to work with your system. I genuinely appreciate the user interface. I find it straightforward and well-organized, making it easy to navigate.

I also noticed that they have implemented something like a password manager, which sounded familiar. Overall, everything I saw reaffirmed my preference for Cribl. So, despite checking out various booths, I'm still committed to Cribl at the end of the day.

I would definitely recommend it. The user interface is great, and the customer support has been fantastic as well. Our experience with Cribl has been very smooth; everything runs seamlessly. There are no delays or sluggishness, which I really appreciate. I have to give it props for that; everything operates very smoothly.

I would rate Cribl a nine out of ten.

Our use case for Cribl is observability from an infrastructure point of view; we use Cribl for getting the logs from our infrastructure. The metrics or logs which we require from our servers or containers, or the platforms where we have deployed our product, necessitate real-time data processing, so Cribl helps us in that regard.

I love Cribl Edge feature, which is an agent we can directly deploy at our servers; that is quite a good feature that helps in collecting data locally at the server level. Additionally, the search is good; we can search across all our data sources, and it is quite fast. Cost efficiency also helps in optimizing costs.

Cribl handles high volumes of diverse data types very well. We have around 200 to 250 in-house servers, and we require observability and visibility over those servers. We don't have a team that manages them, and we cannot hire too many people to manage 200 servers. Cribl provides visibility and helps in that regard; we get real-time metrics, allowing us to see when we need to increase the compute of our servers or when we have over-provisioned resources. It helps in optimizing costs at our infrastructure level, and Cribl is quite cost-efficient, helping in that aspect as well.

We haven't gone very deep into it, so we don't have a heavy use case, but most probably, as it helps us in optimizing costs, that is the best thing about it. Cribl's UI is quite simple and minimal, helping the developer and team get familiar with it earlier; however, it provides functionalities in a very deep way. Thus, it becomes difficult if we don't require some metrics or something for filtering, as Cribl has provided many functionalities to filter out metrics which we don't require with our lighter use case. That has created some hindrance for us; otherwise, everything is quite good.

The function section is quite messy and includes too many functionalities which are generally not required at an amateur level. If we advance at that level, then definitely it is required to get the precise logs that filter out unnecessary data when the data stream is quite big. At that time, definitely it is required, but at the initial level, it becomes quite difficult to get the proper data that is required.

I used the solution about six months ago.

We haven't faced much regarding instability such as lagging or crashing; the backend team and support staff are quite nice, and we didn't encounter any significant issues with stability.

Scaling with Cribl is very easy, both horizontally and vertically, so we don't have any hindrance in scaling the tool.

My team has contacted technical support for some tasks they were facing issues with; they reported that the staff is quite nice, and the support is very good. However, we didn't require much support, only maybe twice or thrice.

We used to utilize Node Exporter, Grafana, and Prometheus.

Cribl sits in between those tools; it does not replace any of them. Node Exporter helps collect the host metrics, Prometheus is responsible for scraping the metrics, and Grafana serves as a dashboard. Cribl assists with infrastructure observability without replacing any of the tools. We use all of them right now as well.

Cribl's initial deployment is quite easy and nice; we didn't face any difficulties in doing that. Additionally, scaling it horizontally or vertically is very good.

I lead my team; I don't set and manage deployment myself anymore. Initially, when we had a very small team, I started building it, but now my team handles all this.

I'm not from the team that handles pricing; another department deals with that. However, the pricing appears to be good because I haven't been approached with concerns about why we are spending a particular amount. I think our pricing is fair.

For our use case, I would give Cribl a score of 10 out of 10, but overall, if I rated it for a large organization that requires it, it would be fair to give an eight. I would rate this review as an 8 overall.

I use Cribl to move data and help with moving data, connecting different data sources to different destinations, which is what I mainly use it for.

I also use it to help parse the data as well.

Something that I really appreciate about Cribl is the preview feature. Whether it would be on the JavaScript I'm working on, it shows me the output in real time, which really helps with development.

I also appreciate the preview feature when it comes to data pipelines, as it shows me in real time how my pipeline would be working with the data. Additionally, I really appreciate the live capture feature as well to get an idea of how the data looks at different stages in Cribl environment.

I think Cribl is an excellent tool for helping to manage data cost and keep it down as well as manage complexity.

Cribl has come a long way. I've been using it for three years, but there are still a lot of other features that I would appreciate regarding new data sources. One example would be open WebSockets.

There's currently not a native feature for that, so that requires a lot of time in development. I would also appreciate better support for JWT tokens for a REST API collection. While sometimes it does work, it seems very janky and seems like a stitched-together solution. It would be nice if there was a more supported version to help with JWT.

I've been working with Cribl for a long time, at least three years, maybe more.

Cribl is very robust. It's not perfect, but very good stability.

Cribl is very scalable. The product itself lends itself well to being scaled. Any issues I've had with scaling have mainly just been human issues of people not wanting to scale, but the product itself is very capable of scaling.

The speed was fast. The quality, however, there wasn't a solution just because I think it was a bug and it was never fixed as far as I know. The speed was nice, but there was never a solution provided.

Negative

I use Splunk.

From what I understand, I'm mainly on the engineering side, not the sales side, but the pricing is very competitive. Although the pricing can be a little bit high, I know that Cribl as a product helps save a lot of money by reducing data storage. The pricing is offset by the money I save by using Cribl.

Cribl does require maintenance, especially if I'm deploying it on-premises. If I'm deploying on-premises on my machines, I've just got to make sure that they're being provisioned well, that they're being updated successfully, and that they're constantly balancing the worker processing across them.

I definitely prefer Cribl more, mainly for the UI and the preview feature that I mentioned about being able to see in real time my in and out for development. I think that speeds things up a lot.

However, I do like Splunk a lot too.

I think Splunk is better tailored for visualizations and presenting to clients, especially around metrics. I think I can do some visualizations and presentations of metrics in Cribl, but it's not as robust as Splunk.

Definitely for large corporations, they would see the most benefit, but I think small and medium businesses could also benefit as well.