I work on a data pipeline where I deal with a lot of log data and observability tools, so I use Cribl for data pipelines. My experience with Cribl has been around setting up pipelines, and it has been useful as I have used it to drop unnecessary logs. I have worked with Cribl Stream mainly for optimizing logs, reducing ingestion cost, and managing data routing. Currently, I am using only Cribl Stream for optimizing log flow.
What I appreciate about Cribl is that it is easy to plug into existing observability stacks, and the best thing about it is its flexible routing across multiple destinations such as Splunk and CrowdStrike. I find it beneficial because I can easily transform data in real-time before ingestion, which helps a lot with controlling costs by reducing unnecessary data.
I would describe my experience with Cribl's user interface as friendly and beginner-friendly, and the documentation is also clear. What feels intuitive to me is how Cribl drops unnecessary logs and masks sensitive fields, making it easy to plug in, and the UI is very friendly.
I would assess Cribl's ability to handle high volumes of diverse data types as good because I have to deal with a lot of log data and observability tools while managing many gigabytes of data. Cribl has been significantly helpful for me in reducing unnecessary logs and masking sensitive fields.
Regarding Cribl's ability to contain data cost and complexity, before using it, we were ingesting around 10 terabytes of data directly to Splunk, but after using Cribl, it has dropped to three to four terabytes or five to six terabytes using pipelines.
Cribl has positively impacted my organization because we were ingesting terabytes of data into Splunk directly before Cribl, but after using Cribl pipelines, we have dropped a significant two to three terabytes of data by dropping unnecessary logs. The best use case I have gotten from Cribl is helping to reduce my ingestion cost.
I would like to see better debugging visibility added to Cribl, as if I am stuck on something, it should provide better debugging visibility in the coming years.
I have been using Cribl for the past one to 1.5 years.
I have not faced any crashes, downtimes, or performance issues with Cribl's stability.
Our company has been looking for a partnership or a dedicated team towards Cribl, and we are going to expand with that, so it is a scalable tool.
I evaluate the customer service and technical support of Cribl positively as they answer us regularly. I have not faced any issues with customer service, and if I do in the near future, I will directly raise a ticket regarding that. I would rate the technical support a nine out of ten.
The initial setup was straightforward. The UI is very friendly, and I have not encountered any issues understanding how it works. The documentation is proper and clear.
The implementation was in-house.
Cribl has reduced my logs ingestion and the cost of ingestion, so I have definitely achieved a positive return on investment.
My company account handles the pricing, setup cost, and licensing part of Cribl, so all of that has been managed by my other teams. I am a Cribl user who ingests and optimizes pipelines to reduce the ingestion cost.
My advice for other organizations considering Cribl would be that it is a good cost-reducing tool for log optimization and pipelines, especially Cribl Stream for optimizing log flow. I would definitely recommend them to use that and manage data routing.
I would suggest that they keep in mind the very friendly UI, but they should refer to the documentation to understand how it works and the costs, as that should be the first step before using Cribl. I would rate this review a nine out of ten.
