Episode #22 - Cribl with Ed Bailey
Cribl provides a real-time data stream management platform for MELT data that enables organizations to gain insights and take action on data in place (right at the source), data at rest (already stored in a data lake), and eventually data in motion (transitioning an observability pipeline). Back in May 2022 Clint and the C021 team signaled that they would be turning search on its head, and in Nov '22 they did just that. We can now say goodbye to the swivel-chair searching which has become a rate limiter to value realization and start to unlock our observability and security data.
In this episode, Satbir and Darren speak with Ed Bailey, Cribl's Sr. Staff Technical Evangelist, about the power of Cribl's vision for the future. Though we cover a range of topics there is a heavy focus on Cribl Search and all that it promises. Search is built on an enhanced version of Kusto which provides practitioners with a familiar interface to start with. This allows organizations to get a head start by performing actions such as compiling Sigma rules into Kusto for IOC/threat hunting. This design decision goes a long way to challenge the current modus vivendi that exists between operational and security data.
Further, Cribl Search is a cloud-native construct, scaling elastically as queries are processed which dramatically reduces the infrastructure cost burden of search.
Dispatching queries to where the data is promises to drive the convergence between observability and security operations and we are excited to continue partnering with Cribl. This is an essential platform for organizations looking to gain insights and take action on their MELT and security data. Long live the goat!
Cribl was founded under the principle of getting the right observability data, to the right place, in the right format. Accomplishing that objective required a fit-for-purpose solution. Since founding the company in 2017, Cribl has been releasing products at a staggering pace.
They now have products that can universally collect (Cribl Edge), instrument (Cribl AppScope), enrich/transform/route (Cribl Stream) and perform federated search (Cribl Search) for all MELT data across the enterprise. The portfolio delivers an agnostic observability capability at the lowest possible friction for Platform Engineering and Product Teams.