# Cribl Documentation Cribl is a suite of observability products that help organizations collect, process, route, and analyze their data more efficiently. The Cribl suite includes Stream (observability pipeline), Edge (distributed data collection), Search (query data in place), Lake (open data lake), and Copilot (AI assistant). ## Cribl Stream - [About Cribl Stream](https://docs.cribl.io/stream/about.md): Basic overview of Cribl Stream - [Cribl Stream Basic Concepts](https://docs.cribl.io/stream/basic-concepts.md): Notable features and concepts to get a fundamental understanding of Cribl Stream As we describe features and concepts, it helps to have a mental model of Cribl Stream as a system that receives even... - [Log in to Cribl](https://docs.cribl.io/stream/login.md) - [QuickConnect](https://docs.cribl.io/stream/quickconnect.md): Using QuickConnect to drag-and-drop Sources and Destinations - [Tutorials](https://docs.cribl.io/stream/tutorials.md): Follow these tutorials to get a one-stop overview of the interface and data flow functionalities of Cribl Stream. - [Cribl Stream Tour](https://docs.cribl.io/stream/tour.md): Visual overview of configuring Cribl Stream - [Get Started with Cribl Stream](https://docs.cribl.io/stream/getting-started-guide.md): Quick start tutorial, demonstrating Data Routing UI - [Distributed Quick Start](https://docs.cribl.io/stream/distributed-guide.md): Distributed on-prem deployment tutorial for Cribl Stream - [Onboard Faster With Packs](https://docs.cribl.io/stream/packs-onboarding.md): Learn how pre-built content in Packs provide a starting point for building Routes, Pipelines, and Knowledge objects for typical use cases. - [Get Pre-Built Pack Content](https://docs.cribl.io/stream/packs-import.md): Navigate the central repository of Cribl-supported and community-contributed Packs to find validated solutions for typical use cases. - [Use Packs to Get Started With REST Collection](https://docs.cribl.io/stream/pack-usecase-okta-rest-collector.md): Install and configure the Okta REST Collector IO Pack from the Packs Dispensary - [Process Data with AI Assistance](https://docs.cribl.io/stream/copilot-editor.md): Learn how to build Pipelines and process data with AI assistance - [Create Pipelines With Cribl Copilot Editor](https://docs.cribl.io/stream/copilot-editor-pipelines.md): Use the Cribl Copilot Editor to build effective Pipelines - [Convert Data into a Custom Schema](https://docs.cribl.io/stream/copilot-editor-custom-schemas.md): Use the Cribl Copilot Editor to convert data to match a custom schema that you define - [Set Up Cribl Stream](https://docs.cribl.io/stream/set-up.md): Cribl Stream offers different types of deployments that you can choose based on your needs: - Cribl.Cloud, including a hybrid option - On-prem deployment, including: - Single-instance deployment ... - [Reference Architectures](https://docs.cribl.io/stream/deploy-reference.md): Reference architectures for Cribl Stream deployments - [Cribl.Cloud vs. Self-Hosted](https://docs.cribl.io/stream/cloud-vs-self-hosted.md): Differences between Cribl.Cloud and self-hosted installations - [Learn About Connected Environments](https://docs.cribl.io/stream/cloud-connected-env.md): Instructions for Connecting On-Prem Leaders to Cribl.Cloud - [How to Connect On-Prem Leaders to Cribl.Cloud](https://docs.cribl.io/stream/cloud-connected-env-how-to.md): How to Connect On-Prem Leaders to Cribl.Cloud - [Simplify Billing with Universal Subscription](https://docs.cribl.io/stream/about-universal-subscription.md): Learn about connecting on-prem Environments to Cribl.Cloud Leaders to simplify billing. - [Data Payloads for Connected Environments](https://docs.cribl.io/stream/cloud-connected-payloads.md): Connected Environment Data Payloads - [Send Data from On-Prem to Cribl.Cloud](https://docs.cribl.io/stream/cloud-connected-data-transfer.md): Use Connected Environments to send data from on-prem to Cribl.Cloud deployments - [Deployment Planning](https://docs.cribl.io/stream/deploy-planning.md): Plan your Cribl Stream deployment to suit your environment - [Sizing and Scaling](https://docs.cribl.io/stream/scaling.md): How to size and scale your Cribl Installation - [OS Tuning for Large Deployments](https://docs.cribl.io/stream/os-tuning.md): Learn about how to tune your OS for large deployments - [Architectural Considerations](https://docs.cribl.io/stream/deploy-architecture.md): Introduction to reference architectures for Cribl Stream deployments - [Ports](https://docs.cribl.io/stream/ports.md): Ports that need to be open for Cribl Stream and its integrations to function. - [About Cribl.Cloud](https://docs.cribl.io/stream/deploy-cloud.md): Deploying and managing Cribl.Cloud - [Register Cribl.Cloud Organization](https://docs.cribl.io/stream/cloud-initial-setup.md): Registration and initial setup of a Cribl.Cloud account - [Manage Cribl.Cloud Organization](https://docs.cribl.io/stream/cloud-portal.md): Cribl.Cloud portal user interface - [Cribl.Cloud Enterprise](https://docs.cribl.io/stream/cloud-enterprise.md): Cribl.Cloud Enterprise plan - [Manage Cribl.Cloud Worker Groups](https://docs.cribl.io/stream/cloud-workers.md): Managing Worker Groups and Workers in a Cribl.Cloud instance. - [Learn About Connected Environments](https://docs.cribl.io/stream/cloud-connected-env.md): Instructions for Connecting On-Prem Leaders to Cribl.Cloud - [How to Connect On-Prem Leaders to Cribl.Cloud](https://docs.cribl.io/stream/cloud-connected-env-how-to.md): How to Connect On-Prem Leaders to Cribl.Cloud - [Simplify Billing with Universal Subscription](https://docs.cribl.io/stream/about-universal-subscription.md): Learn about connecting on-prem Environments to Cribl.Cloud Leaders to simplify billing. - [Data Payloads for Connected Environments](https://docs.cribl.io/stream/cloud-connected-payloads.md): Connected Environment Data Payloads - [On-Prem Deployment](https://docs.cribl.io/stream/deploy-types.md): Deployment guide to get you started with self-hosted Cribl Stream In an on-prem (in other words, self-hosted) deployment, Cribl Stream runs on your own infrastructure. - [OS and System Requirements](https://docs.cribl.io/stream/requirements.md): For a successful Cribl Stream deployment, verify that your system meets the minimum hardware and software specifications outlined below. - [Single-Instance/​Basic Deployment](https://docs.cribl.io/stream/deploy-single-instance.md): Basic Cribl Stream deployment requirements and procedures - [Run Cribl Stream](https://docs.cribl.io/stream/run-stream.md): Run Cribl Stream: Start, Stop, and Reload the Service > To run Cribl Stream in FIPS mode, do not use the commands below right away; instead, first consult the FIPS Mode topic. - [Configure Cribl Stream for Non-Root User](https://docs.cribl.io/stream/deploy-runtime-user.md): Installing Cribl Stream as Non-Root - [Distributed Deployment](https://docs.cribl.io/stream/deploy-distributed.md): Configuring a Cribl Stream Distributed deployment - [Set Up Leader and Worker Nodes](https://docs.cribl.io/stream/setting-up-leader-and-worker-nodes.md): In a Distributed deployment, each Cribl Stream instance runs in a defined mode: either as a Leader Node, governing the whole deployment, or as a Worker Node managed by the Leader. - [Manage Worker Groups](https://docs.cribl.io/stream/worker-groups.md): Organize Workers into Workers Groups for easier configuration and management. - [Manage Workers](https://docs.cribl.io/stream/manage-workers.md): How to manage and filter Stream Worker Nodes - [Map Workers to Worker Groups](https://docs.cribl.io/stream/mapping-workers-to-worker-groups.md): Assign Workers to Worker Groups by configuring Mapping Rulesets. - [Manage Config Bundles](https://docs.cribl.io/stream/config-bundle-management.md): Cribl Stream uses config bundles, compressed archives containing configuration files and data essential for Worker operation. - [Deploy Stream Configurations](https://docs.cribl.io/stream/deploying-configurations.md): Cribl Stream configurations are deployed after the bundle containing them is saved and committed. - [Persistent Socket Connections](https://docs.cribl.io/stream/persisting-socket-connections.md): Distributed deployments use Unix domain sockets for inter-process communication (IPC) between a Leader Node's distributed processes and services. - [Splunk App Deployment](https://docs.cribl.io/stream/deploy-splunkapp.md): Getting started with Cribl App for Splunk - [Bootstrap Workers from Leader](https://docs.cribl.io/stream/deploy-workers.md): Boot fully provisioned Workers Cribl Stream Workers can completely provision themselves, directly from the Leader, upon initial boot. - [Leader High Availability/Failover](https://docs.cribl.io/stream/deploy-add-second-leader.md): Add standby Leader Nodes to ensure High Availability in case of failover - [High Availability Requirements](https://docs.cribl.io/stream/ha-requirements.md): Check what requirements your deployment must fulfill before configuring standby Leader Nodes - [Configure Standby Leader Nodes](https://docs.cribl.io/stream/configure-standby-leaders.md): Configure standby Leader Nodes for failover - [Manage High Availability Deployment](https://docs.cribl.io/stream/manage-ha.md): Monitor and disable Leaders and upgrade HA deployments - [Converting a Single Instance to Distributed Deployment](https://docs.cribl.io/stream/deploy-convert-single-distributed.md): If you've configured a Cribl Stream Single-instance deployment and now want to promote it to Distributed, here are a couple of approaches to doing so, while retaining the configuration you've alrea... - [Orchestrated Deployment](https://docs.cribl.io/stream/orchestrated-deployment.md): You can set up and control your Cribl Stream deployment by using orchestration tools such as Kubernetes. - [Kubernetes/Helm Deployment](https://docs.cribl.io/stream/deploy-kubernetes-leader.md): Boot fully provisioned Leader and Worker Nodes via Helm Cribl's leader and workergroup Helm charts provide a fast way to deploy a distributed Cribl Stream environment to a Kubernetes cluster. - [Kubernetes Worker Deployment](https://docs.cribl.io/stream/deploy-kubernetes.md): Boot a fully provisioned Worker Group via Helm. - [Considerations for Cribl Stream on Kubernetes](https://docs.cribl.io/stream/deploy-kubernetes-guide.md): Kubernetes can be a powerful platform for deploying Cribl Stream, offering scalability and flexibility. - [Connect Nodes to Leader Through Cribl Outpost](https://docs.cribl.io/stream/outpost.md): Simplify Stream Worker-to-Leader communication with Cribl Outpost - [Set Up Cribl Outpost](https://docs.cribl.io/stream/set-up-outpost.md): Create a Cribl Outpost to relay communication between Stream Workers and the Leader - [Configure Outpost Group Settings](https://docs.cribl.io/stream/outpost-group-settings.md): Configure settings for an Outpost Group - [Set Up Version Control](https://docs.cribl.io/stream/version-control.md): Set up version control for single-instance and distributed deployments. - [Docker Deployment](https://docs.cribl.io/stream/deploy-docker.md): You can use the following `docker-compose.yml` to stand up a Cribl Stream distributed deployment of a Leader and one or more Workers: ``` services: leader: image: cribl/cribl:latest envi... - [Administration](https://docs.cribl.io/stream/administering.md): Consult the following topics to learn how to manage and configure your Cribl Stream deployment. - [FinOps Center](https://docs.cribl.io/billing-licensing/finops-center/) - [Licensing](https://docs.cribl.io/billing-licensing/on-prem-licensing/) - [Configuration Management](https://docs.cribl.io/stream/configuration-management.md): Learn how to manage and distribute configurations from the Leader Node to ensure consistency, auditability, and version control - [Commit and Deploy Changes](https://docs.cribl.io/stream/commit-deploy.md): Use the UI to commit and deploy configuration changes and more. - [Connect to External Git Repositories](https://docs.cribl.io/stream/remote-repositories.md): Connect your deployment to a remote Git repository - [Configure Worker Group Settings](https://docs.cribl.io/stream/group-settings.md): Configure teleporting, throughput throttling, logging, and security at the Stream Worker Group level - [GitOps](https://docs.cribl.io/stream/gitops.md): Configuring separate development vs. production environments using Git version control - [Workspaces](https://docs.cribl.io/stream/workspaces.md) - [Configure Workspaces](https://docs.cribl.io/stream/workspaces-configuring.md) - [Projects](https://docs.cribl.io/stream/projects.md): Overview of using Stream Projects to curate data for specific user groups - [Configure Projects](https://docs.cribl.io/stream/configuring-projects.md): Connecting Project Sources to Destinations - [Configure Subscriptions](https://docs.cribl.io/stream/configuring-subscriptions.md): Administering Subscriptions to scope relevant data for users - [Add Users to Projects](https://docs.cribl.io/stream/sharing-projects.md): Managing Members' access to Stream Projects by assigning them specific Permissions - [Notifications](https://docs.cribl.io/stream/notifications.md): Notifications in Cribl - [Email Notifications](https://docs.cribl.io/stream/email-notifications.md): Email Notifications in Cribl - [Notification Targets](https://docs.cribl.io/stream/notifications-targets.md): Configure Notification targets - [Webhook Notification Targets](https://docs.cribl.io/stream/webhook-notification-targets.md): Configuring Webhook Notification targets - [PagerDuty Notification Targets](https://docs.cribl.io/stream/pager-duty-notification-targets.md): Configuring PagerDuty Notification targets - [Slack Notification Targets](https://docs.cribl.io/stream/slack-notification-targets.md): Configuring Slack Notification targets - [AWS SNS Notification Targets](https://docs.cribl.io/stream/aws-sns-notification-targets.md): Configuring AWS SNS Notification targets - [Email Notification Targets](https://docs.cribl.io/stream/email-notification-targets.md): Configuring Email Notification targets - [Customize the Interface](https://docs.cribl.io/stream/customizing-the-interface.md) - [Custom Banners](https://docs.cribl.io/stream/settings-banners.md): Configure notification banners to display to all users, across all of your Cribl Organization's apps - [Custom Login Page](https://docs.cribl.io/stream/settings-login-page.md): Configure a custom login page for your Cribl Organization's apps - [Scripts](https://docs.cribl.io/stream/scripts.md): How to run scripts to execute commands - [Upgrade Cribl Stream](https://docs.cribl.io/stream/upgrading.md): Upgrading to a new version, via command line or UI - [Upgrade Outpost](https://docs.cribl.io/stream/upgrade-outpost.md): Upgrade all Outpost Nodes in an Outpost Group - [Uninstall Cribl Stream](https://docs.cribl.io/stream/uninstalling.md): How to uninstall Cribl Stream or Cribl App for Splunk - [Access Management](https://docs.cribl.io/iam/) - [Secure Your Deployment](https://docs.cribl.io/stream/securing.md) - [Secure Your Cribl.Cloud Deployment](https://docs.cribl.io/stream/securing-cloud.md): Secure your Cribl.Cloud Deployment - [Secure Your On-Prem/Hybrid Deployment](https://docs.cribl.io/stream/securing-onprem.md): Secure your On-Prem Deployment - [Secure Leader/Worker Nodes Communication](https://docs.cribl.io/stream/securing-communications.md): How to protect Leader to Worker/Edge Node communications - [How to Secure the Auth Token for the Leader Node](https://docs.cribl.io/stream/securing-auth-token.md): How to Secure the Auth Token for the Leader Node - [TLS Defaults and System-wide Settings](https://docs.cribl.io/stream/securing-tls-overview.md): Overview of TLS in Cribl Stream and Edge Traffic - [Secure Cribl.Cloud with TLS and Mutual TLS](https://docs.cribl.io/stream/securing-tls-cloud.md): TLS in Cribl.Cloud - [Configure mTLS Authentication On-Prem](https://docs.cribl.io/stream/securing-mtls-onprem.md): Configure mTLS Authentication On-Prem - [Import Certificates and Keys](https://docs.cribl.io/stream/securing-import-certs.md): Protect the Leader using an existing TLS/SSL certificate and key - [Configure TLS for API and UI Access](https://docs.cribl.io/stream/securing-tls.md): Configuring TLS - [Secure Sources and Destinations with Certificates](https://docs.cribl.io/stream/securing-sources-dest.md): Set Authentication on Sources and Destinations - [Configure System Proxy](https://docs.cribl.io/stream/proxy-config.md): Direct outbound HTTP/S requests to go through proxy servers - [Configure SOCKS Proxy](https://docs.cribl.io/stream/proxy-socks-config.md): Configure SOCKS proxy - [Manage Secrets and Keys](https://docs.cribl.io/stream/manage-secrets-and-keys.md) - [Create and Manage Encryption Keys](https://docs.cribl.io/stream/securing-encryption-keys.md): Create and Manage Encryption Keys - [Create and Manage Secrets in Cribl Stream](https://docs.cribl.io/stream/securing-secrets.md): Protecting Secrets with Centralized Store - [Configure KMS Providers](https://docs.cribl.io/stream/securing-kms-config.md): Configuring internal and external Key Management Services - [Compliance](https://docs.cribl.io/stream/compliance.md): Cribl offers compliance options with different security standards, including: - FIPS - STIG - SELinux For Cribl.Cloud compliance reports and third-party security assessments, see Request Access to ... - [FIPS Mode for Cribl Stream](https://docs.cribl.io/stream/fips-mode.md): Running Cribl Stream in FIPS mode - [Running Cribl Stream on a Hardened OS](https://docs.cribl.io/stream/usecase-rhel8-stig.md): Considerations for operating Cribl Stream on a hardened operating system - [SELinux (Enforcing Mode) Configuration](https://docs.cribl.io/stream/usecase-selinux.md): Configure Cribl Stream with SELinux in Enforcing Mode - [Monitor Health and Metrics](https://docs.cribl.io/stream/monitoring.md): How monitoring works - [Internal Metrics](https://docs.cribl.io/stream/internal-metrics.md): Description of internal metrics - [Internal Logs](https://docs.cribl.io/stream/internal-logs.md): A guide to the internal logs available on Cribl Leaders, Worker and Edge Nodes, and single-instance deployments. - [Work with Data](https://docs.cribl.io/stream/working-with-data.md): Cribl Stream is a tool to collect, process, and route data. - [Ingest and Inspect Data](https://docs.cribl.io/stream/data-ingest-inspect.md): Learn how to onboard data in Cribl and capture live samples to help validate your data processing logic - [Onboard Data](https://docs.cribl.io/stream/data-onboarding.md): Learn best practices for establishing a robust data ingestion strategy. - [Use Datagens to Simulate Live Data](https://docs.cribl.io/stream/datagens.md): Use datagens to simulate data streams to validate Pipelines and data processing logic - [Create and Share Data Samples](https://docs.cribl.io/stream/data-samples.md): Learn how to import or create data samples to validate your data processing logic - [Data Sample Use Cases](https://docs.cribl.io/stream/data-sample-use-cases.md): Capture live events to test your processing logic and validate transformations before deploying changes to production - [Ingest-Time Sampling](https://docs.cribl.io/stream/usecase-sampling.md): Let's say that you wanted to analyze and troubleshoot with highly verbose/voluminous data - for example, CDN logs, ELB Access Logs, or VPC Flows - but you were concerned about storage requirements ... - [Sample Logs](https://docs.cribl.io/stream/usecase-sample-logs.md): Collecting samples of the event data you plan to work with in Cribl Stream can make your Cribl Stream onboarding experience even quicker and more efficient than if you don't. - [Access Logs: Apache, ELB, CDN, S3](https://docs.cribl.io/stream/usecase-access-logs.md): Access logs are extremely common. - [Firewall Logs: VPC Flow Logs, Cisco ASA](https://docs.cribl.io/stream/usecase-firewall-logs.md): Firewall logs are another source of important operational (and security) data. - [Event Data Structure and Flow](https://docs.cribl.io/stream/event-data-structure-and-flow.md): Learn how event data is structured and processed in Cribl - [Event Model](https://docs.cribl.io/stream/event-model.md): Event Model in Cribl - [Event Processing Order](https://docs.cribl.io/stream/event-processing-order.md): How events are proccessed in Cribl - [Event Breakers](https://docs.cribl.io/stream/event-breakers.md): Break incoming streams of data into discrete events - [Event Breaker Types](https://docs.cribl.io/stream/event-breaker-types.md): Learn about the available Event Breaker types - [Azure Virtual Network (VNet) Flow Event Breaker](https://docs.cribl.io/stream/event-breaker-type-azure-vnet-flow.md): Learn how to apply the Azure Virtual Network (VNet) Flow Event Breaker to data streams - [CSV Event Breaker](https://docs.cribl.io/stream/event-breaker-type-csv.md): Learn how to apply the CSV Event Breaker to data streams - [File Header Event Breaker](https://docs.cribl.io/stream/event-breaker-type-file-header.md): Learn how to apply the File Header Event Breaker to data streams - [JSON Array Event Breaker](https://docs.cribl.io/stream/event-breaker-type-json-array.md): Learn how to apply the JSON Array Event Breaker to data streams - [JSON New Line Delimited Event Breaker](https://docs.cribl.io/stream/event-breaker-type-json-new-line-delimited.md): Learn how to apply the JSON New Line Delimited Event Breaker to data streams - [Regex Event Breaker](https://docs.cribl.io/stream/event-breaker-type-regex.md): Learn how to apply the Regex Event Breaker to data streams - [Timestamp Event Breaker](https://docs.cribl.io/stream/event-breaker-type-timestamp.md): Learn how to apply the Timestamp Event Breaker to data streams - [Routes](https://docs.cribl.io/stream/routes.md): Filter, clone, and cascade incoming data across Pipelines and Destinations - [Pipelines](https://docs.cribl.io/stream/pipelines.md): How do Pipelines work, settings and types - [Validate Pipeline Logic Using Data Preview](https://docs.cribl.io/stream/data-preview.md): Visually inspect events as they flow into and out of a Pipeline to ensure your data processing logic works as expected - [Manage Metrics and High Cardinality](https://docs.cribl.io/stream/manage-metrics.md): Strategies for handling high-cardinality metrics and improving data efficiency - [Enrich Data Using Lookups](https://docs.cribl.io/stream/using-lookups.md): Learn practical strategies for using lookups to enrich data - [About Lookups](https://docs.cribl.io/stream/lookups-about.md): Learn practical strategies for using lookups to enrich data - [Configure Lookups](https://docs.cribl.io/stream/lookups-configure.md): Learn the key tasks for uploading, configuring, and using lookup files - [Lookup Geographic Data from IP Addresses](https://docs.cribl.io/stream/usecase-lookups-ip-addresses.md): In many observability and security use cases, raw event data includes an IP address, but not much context about where that IP originated from. - [Lookups as Filters for Masks](https://docs.cribl.io/stream/usecase-lookups-filters.md): You can make your data architecture more maintainable by using Lookups to route and transform events within Cribl Stream. - [Lookups and Regex Magic](https://docs.cribl.io/stream/usecase-lookups-regex.md): Regular expressions are not just for field extractions - they can also be used inside lookup tables, and in Functions, to replace and manipulate values within fields. - [Transforming Data](https://docs.cribl.io/stream/transforming-data.md): Cribl Stream offers multiple ways of transforming, enriching, reducing, and redacting data. - [Build Custom Logic to Route and Process Your Data](https://docs.cribl.io/stream/filter-and-transform-data.md): How to use JavaScript Expressions to filter, route, and transform data - [Ingest-Time Fields](https://docs.cribl.io/stream/usecase-ingest-time-fields.md): To add new fields to any event, we use the out-of-the-box Eval Function. - [Masking and Obfuscation](https://docs.cribl.io/stream/usecase-masking-and-obfuscation.md): To mask patterns in real time, we use the out-of-the-box Mask Function. - [Encryption of Data in Motion](https://docs.cribl.io/stream/securing-data-encryption.md): Encrypt fields or patterns within events - [Reducing Windows XML Events](https://docs.cribl.io/stream/usecase-win-xml.md): Here, we demonstrate how to use just a few Cribl Stream Functions to parse WindowsXML events and reduce their volume by 34-70%, dramatically reducing your downstream infrastructure requirements. - [Regex Filtering](https://docs.cribl.io/stream/usecase-regex-filtering.md): To filter events in real time (data in motion), we use the out-of-the-box Regex Filter Function. - [Functions](https://docs.cribl.io/stream/functions.md): All about Cribl Functions - [Aggregations](https://docs.cribl.io/stream/aggregations-function.md): Aggregate events in real time - [Aggregate Metrics](https://docs.cribl.io/stream/aggregate-metrics-function.md): Aggregate metrics and metric events in real time - [Auto Timestamp](https://docs.cribl.io/stream/auto-timestamp-function.md): Extract timestamps - [CEF Serializer](https://docs.cribl.io/stream/cef-serializer-function.md): Serialize events to CEF format for a SIEM - [Chain](https://docs.cribl.io/stream/chain-function.md): Chain data processing from one Pipeline or Pack to another - [Clone](https://docs.cribl.io/stream/clone-function.md): Duplicate events in the same Pipeline, optionally adding fields - [Code](https://docs.cribl.io/stream/code-function.md): Encapsulate your own JavaScript code in a Function - [Comment](https://docs.cribl.io/stream/comment-function.md): Add a text comment within a Pipeline's UI - [DNS Lookup](https://docs.cribl.io/stream/dns-lookup-function.md): Perform reverse DNS lookups, or DNS lookups based on host name - [Drop](https://docs.cribl.io/stream/drop-function.md): Drop events - [Drop Dimensions](https://docs.cribl.io/stream/drop-dimensions-function.md): Drop dimensions from metrics and metric events - [Dynamic Sampling](https://docs.cribl.io/stream/dynamic-sampling-function.md): Sample events (e.g, high-volume, low-value data) - [Eval](https://docs.cribl.io/stream/eval-function.md): Add or remove event fields - [Event Breaker Function](https://docs.cribl.io/stream/event-breaker-function.md): Break events within a Pipeline - [Flatten](https://docs.cribl.io/stream/flatten-function.md): Flatten nested structures (e.g., nested JSON) - [Fold Keys](https://docs.cribl.io/stream/fold-keys-function.md): Convert key names with separators into nested fields - [GeoIP](https://docs.cribl.io/stream/geoip-function.md): Add GeoIP information to events - [Grok](https://docs.cribl.io/stream/grok-function.md): Extract structured fields from unstructured log data, using modular regex patterns - [Guard](https://docs.cribl.io/stream/guard-function.md): Learn how to add the Cribl Guard Function to your Pipelines. - [JSON Unroll](https://docs.cribl.io/stream/json-unroll-function.md): Convert JSON arrays into their own events - [Lookup](https://docs.cribl.io/stream/lookup-function.md): Use lookup tables to transform events - [Mask](https://docs.cribl.io/stream/mask-function.md): Remove sensitive data from events - [Numerify](https://docs.cribl.io/stream/numerify-function.md): Extract numeric values from event fields - [OTLP Logs](https://docs.cribl.io/stream/otlp-logs-function.md): Format logs to OTLP - [OTLP Metrics](https://docs.cribl.io/stream/otlp-metrics-function.md): Format metrics to OTLP - [OTLP Traces](https://docs.cribl.io/stream/otlp-traces-function.md): Format traces to OTLP - [Parser](https://docs.cribl.io/stream/parser-function.md): Extract fields - [Publish Metrics](https://docs.cribl.io/stream/publish-metrics-function.md): Convert events to metrics format - [Redis](https://docs.cribl.io/stream/redis-function.md): Use a Redis store to accelerate lookups - [Regex Extract](https://docs.cribl.io/stream/regex-extract-function.md): Extract fields using regex - [Regex Filter](https://docs.cribl.io/stream/regex-filter-function.md): Drop events using regex - [Rename](https://docs.cribl.io/stream/rename-function.md): Change or reformat field names individually or in bulk - [Rollup Metrics](https://docs.cribl.io/stream/rollup-metrics-function.md): Merge/roll up frequently generated metrics into more manageable time windows - [Sampling](https://docs.cribl.io/stream/sampling-function.md): Sample events (e.g, high-volume, low-value data) - [Serialize](https://docs.cribl.io/stream/serialize-function.md): Serialize/change format (e.g., convert JSON to CSV) - [SNMP Trap Serialize](https://docs.cribl.io/stream/snmp-trap-serialize-function.md): Serializes compliant events into SNMP traps - [Suppress](https://docs.cribl.io/stream/suppress-function.md): Suppress events (e.g, duplicates, etc.) - [Tee](https://docs.cribl.io/stream/tee-function.md): Send events out to a command or a local file from any point in a Pipeline - [Unroll](https://docs.cribl.io/stream/unroll-function.md): Break/unroll an array into individual events - [XML Unroll](https://docs.cribl.io/stream/xml-unroll-function.md): Convert an XML event's set of elements into individual events - [Prometheus Publisher (deprecated)](https://docs.cribl.io/stream/prometheus-publisher-function.md): Convert events to metrics format - [Reverse DNS (deprecated)](https://docs.cribl.io/stream/reverse-dns-function.md): Resolve hostname from IP address - [Trim Timestamp (deprecated)](https://docs.cribl.io/stream/trim-timestamp-function.md): Remove timestamps patterns from events, and optionally store them in fields - [Integrations](https://docs.cribl.io/stream/integrations.md): Sources and Destinations provide data flow between Cribl and various systems - [Sources Overview](https://docs.cribl.io/stream/sources.md): Data Sources overview - [Collector Sources](https://docs.cribl.io/stream/collectors.md): Sources that ingest data periodically or ad hoc - [Azure Blob Storage Collector](https://docs.cribl.io/stream/collectors-azure-blob.md): Collect and replay data from Azure Blob Storage objects - [Cribl Lake Collector](https://docs.cribl.io/stream/collectors-cribl-lake.md): Replay data from Cribl Lake - [Database Collector](https://docs.cribl.io/stream/collectors-database.md): Configuring event collection from data stored in DBMSs - [File System/NFS Collector](https://docs.cribl.io/stream/collectors-filesystem.md): Collect and replay data from local or remote filesystem locations - [Google Cloud Storage Collector](https://docs.cribl.io/stream/collectors-google-cloud-storage.md): Collect and replay data from Google Cloud Storage buckets - [Health Check Collector](https://docs.cribl.io/stream/collectors-health-check.md): Use a Health Check Collector to monitor the availability of your systems - [REST / API Endpoint Collector](https://docs.cribl.io/stream/collectors-rest.md): Collect and replay data via REST API calls - [S3 Collector](https://docs.cribl.io/stream/collectors-s3.md): Collect and replay data from Amazon S3 buckets or S3-compatible stores - [Script Collector](https://docs.cribl.io/stream/collectors-script.md): Collect and replay data via custom scripts - [Splunk Search Collector](https://docs.cribl.io/stream/collectors-splunk-search.md): Collect and replay data from Splunk queries - [Manage Collector State in Database and REST API Collectors](https://docs.cribl.io/stream/collectors-manage-state.md): Manage Collector State in Database and REST API Collectors - [Schedule and Run Collector Jobs](https://docs.cribl.io/stream/collectors-schedule-run.md): Schedule a Collector to run on a recurring interval - [Job Limits](https://docs.cribl.io/stream/collectors-job-limits.md): Configure global limits to optimize execution of Collectors and scheduled jobs - [Using Collectors](https://docs.cribl.io/stream/using-collectors.md): Learn how to replay events using collectors gathering data from various senders. - [Configure a Database Connection](https://docs.cribl.io/stream/database-connections.md): Configure DBMS resources from which the Database Collector can retrieve events - [Using S3 Storage and Replay](https://docs.cribl.io/stream/usecase-replay-s3.md): Cribl Stream's Replay options offer organizations fundamentally new ways to manage data, by providing an easy way to selectively ingest, and re-ingest, data into systems of analysis. - [Using REST/API Collectors](https://docs.cribl.io/stream/usecase-rest.md): The REST/API Endpoint Collector is powerful, but complex. - [Generate HMAC Functions for REST Collector Requests](https://docs.cribl.io/stream/hmac-functions.md): Defines custom HMAC algorithm parameters for vendor-specific implementations - [Lacework API Collection](https://docs.cribl.io/stream/usecase-lacework-api.md): Collect data from the Lacework API - [Microsoft Graph API Collection](https://docs.cribl.io/stream/usecase-rest-ms-graph.md): > The Microsoft Graph Source is now available, so you no longer need to use a REST Collector to pull Message Trace data via the Microsoft Graph API. - [ServiceNow API Collection](https://docs.cribl.io/stream/usecase-rest-snow.md): This topic covers how to configure Cribl Stream REST Collectors to gather data via ServiceNow (SNOW) REST APIs and then enrich the data using Pipelines and the Redis Function. - [Creating a Custom Collector](https://docs.cribl.io/stream/usecase-rest-create-collector.md): Creating a custom Collector - [Amazon](https://docs.cribl.io/stream/amazon-sources.md): You can use the following Sources to receive data from Amazon services. - [Amazon Data Firehose Source](https://docs.cribl.io/stream/sources-kinesis-firehose.md): Receive Amazon Data Firehose streams via HTTP endpoint - [Amazon Kinesis Data Streams Source](https://docs.cribl.io/stream/sources-kinesis-streams.md): Receive data records from Amazon Kinesis Data Streams - [Amazon S3 Source](https://docs.cribl.io/stream/sources-s3.md): Receive data from Amazon S3 buckets - [Amazon Security Lake Source](https://docs.cribl.io/stream/sources-security-lake.md): Configuring Amazon Security Lake Source - [Amazon SQS Source](https://docs.cribl.io/stream/sources-sqs.md): Receive events from Amazon Simple Queuing Service - [Azure](https://docs.cribl.io/stream/azure-sources.md): You can use the following Sources to receive data from Azure services. - [Azure Blob Storage Source](https://docs.cribl.io/stream/sources-azure-blob.md): Receive data from Azure Blob Storage buckets - [Azure Event Hubs Source](https://docs.cribl.io/stream/sources-azure-event-hubs.md): Receive data records from Azure Event Hubs - [Google Cloud](https://docs.cribl.io/stream/google-cloud-sources.md): You can use the following Sources to receive data from Google Cloud services. - [Google Cloud Pub/Sub Source](https://docs.cribl.io/stream/sources-google_pubsub.md): Receive data records from Google Cloud Pub/Sub - [Kafka](https://docs.cribl.io/stream/kafka-sources.md): You can use the following Sources to receive data from Kafka services. - [Kafka Source](https://docs.cribl.io/stream/sources-kafka.md): Receive data records from a Kafka cluster - [Confluent Cloud Source](https://docs.cribl.io/stream/sources-confluent.md): Receive Kafka topics from Confluent Cloud - [Amazon MSK Source](https://docs.cribl.io/stream/sources-msk.md): Receive data records from an Amazon MSK cluster - [Microsoft 365](https://docs.cribl.io/stream/microsoft-365-sources.md): You can use the following Sources to receive data from Microsoft 365 services. - [Microsoft 365 Activity Source](https://docs.cribl.io/stream/sources-microsoft-365-activity.md): Receive data from the Office 365 Management Activity API - [Microsoft 365 Message Trace Source](https://docs.cribl.io/stream/sources-microsoft365-msg-trace.md): Receive Data from Microsoft 365 Message Trace - [Microsoft Graph Source](https://docs.cribl.io/stream/sources-microsoft-graph.md): Ingest Microsoft Message Trace data from the Microsoft Graph API - [Microsoft 365 Services Source](https://docs.cribl.io/stream/sources-microsoft-365-services.md): Receive data from the Microsoft Graph service communications API - [Prometheus](https://docs.cribl.io/stream/prometheus-sources.md): You can use the following Sources to receive data from Prometheus services. - [Prometheus Scraper Source](https://docs.cribl.io/stream/sources-prometheus.md): Receive batched data from Prometheus targets - [Prometheus Remote Write Source](https://docs.cribl.io/stream/sources-prometheus-remote-write.md): Receive metric data from Prometheus via the remote write protocol - [Grafana Source](https://docs.cribl.io/stream/sources-grafana.md): Receive metric and log data from Grafana Agent via Prometheus remote write - [Loki Source](https://docs.cribl.io/stream/sources-loki.md): Receive log data from Grafana Loki - [Splunk](https://docs.cribl.io/stream/splunk-sources.md): You can use the following Sources to receive data from Splunk services. - [Splunk HEC Source](https://docs.cribl.io/stream/sources-splunk-hec.md): Receive data over HTTP/S using the Splunk HEC - [Splunk Search Source](https://docs.cribl.io/stream/sources-splunk-search.md): Ingest data by executing Splunk search queries - [Splunk TCP Source](https://docs.cribl.io/stream/sources-splunk.md): Receive Splunk data from Universal or Heavy Forwarders - [Internal](https://docs.cribl.io/stream/internal-sources.md): You can use the following Sources to receive data from internal senders. - [Cribl Internal Source](https://docs.cribl.io/stream/sources-cribl-internal.md): Capture Cribl Stream's internal logs and metrics and send them through Routes and Pipelines - [Cribl HTTP Source](https://docs.cribl.io/stream/sources-cribl-http.md): Receive data from peer Nodes managed by the same Leader when raw TCP traffic is not an option - [Cribl TCP Source](https://docs.cribl.io/stream/sources-cribl-tcp.md): Send data between Worker Nodes/Edge Nodes connected to the same Leader - [System](https://docs.cribl.io/stream/system-sources.md): You can use the following Sources to receive data from internal senders. - [Datagen Source](https://docs.cribl.io/stream/sources-datagens.md): Generate data from datagen files - [Exec Source](https://docs.cribl.io/stream/sources-exec.md): Execute a command periodically, and collect its stdout output - [File Monitor Source](https://docs.cribl.io/stream/sources-file-monitor.md): Collect log files and generate events from the file content - [Journal Files Source](https://docs.cribl.io/stream/sources-journal-files.md): Collects data from systemd's journald service - [System Metrics Source](https://docs.cribl.io/stream/sources-system-metrics.md): Collect metrics from a host, and populate dashboards - [System State Source](https://docs.cribl.io/stream/sources-system-state.md): Collects the system's current state on a configurable schedule, relaying corresponding events to downstream systems. - [AppScope Source](https://docs.cribl.io/stream/sources-appscope.md): Deprecated application instrumentation Source. Not for production use. - [Cloudflare Source](https://docs.cribl.io/stream/sources-cloudflare-hec.md): Receive data from Cloudflare Logpush - [CrowdStrike FDR Source](https://docs.cribl.io/stream/sources-crowdstrike.md): Receive data from the CrowdStrike FDR platform - [Datadog Agent Source](https://docs.cribl.io/stream/sources-datadog-agent.md): Receive data from Datadog Agent - [Elasticsearch API Source](https://docs.cribl.io/stream/sources-elastic.md): Receive data over HTTP/S using the Elasticsearch Bulk API - [HTTP/S (Bulk API) Source](https://docs.cribl.io/stream/sources-https.md): Receive data over HTTP/S via the Cribl Bulk API, Splunk HEC, or Elastic Bulk API - [Raw HTTP/S Source](https://docs.cribl.io/stream/sources-raw-http.md): Receive raw HTTP data - [Metrics Source](https://docs.cribl.io/stream/sources-metrics.md): Receive metrics in the StatsD, StatsD Extended, and Graphite wire formats/protocols - [Model Driven Telemetry Source](https://docs.cribl.io/stream/sources-model-driven-telemetry.md): Receive network device metrics and events via Model Driven Telemetry - [NetFlow & IPFIX Source](https://docs.cribl.io/stream/sources-netflow.md): Receive NetFlow & IPFIX data over UDP - [Okta Source](https://docs.cribl.io/stream/sources-okta.md): Ingest Okta System Log events with a preconfigured REST Collector - [OpenAI Source](https://docs.cribl.io/stream/sources-openai.md): Receive organization-level telemetry from OpenAI - [OpenTelemetry (OTel) Source](https://docs.cribl.io/stream/sources-otel.md): Receive trace and metric events from OTLP-compliant senders - [SNMP Trap Source](https://docs.cribl.io/stream/sources-snmp-traps.md): Receive data from SNMP Traps - [Syslog Source](https://docs.cribl.io/stream/sources-syslog.md): Receive syslog data - [TCP JSON Source](https://docs.cribl.io/stream/sources-tcp-json.md): Receive newline-delimited JSON data over TCP - [TCP (Raw) Source](https://docs.cribl.io/stream/sources-tcp-raw.md): Receive data over TCP - [UDP (Raw) Source](https://docs.cribl.io/stream/sources-raw-udp.md): Receive data over UDP - [Windows Event Forwarder Source](https://docs.cribl.io/stream/sources-wef.md): Receive events from Windows platforms - [Client Certificate Authentication for Windows Event Forwarder](https://docs.cribl.io/stream/sources-wef-client.md): Client certificate authentication setup for the Windows Event Forwarder Source - [Kerberos Authentication for Windows Event Forwarder](https://docs.cribl.io/stream/sources-wef-kerberos.md): Kerberos authentication setup for the Windows Event Forwarder Source - [Wiz](https://docs.cribl.io/stream/sources-wiz-all.md): You can use the following Sources to receive data from Wiz. - [Wiz API Source](https://docs.cribl.io/stream/sources-wiz.md): Configuring collection from Wiz - [Wiz Webhook Source](https://docs.cribl.io/stream/sources-wiz-webhook.md): Configuring collection from Wiz - [Zscaler Cloud NSS Source](https://docs.cribl.io/stream/sources-zscaler-hec.md): Receive log data over HTTP/S from Zscaler Cloud NSS - [Destinations](https://docs.cribl.io/stream/destinations.md): Destination categories and descriptions - [Managing Destinations](https://docs.cribl.io/stream/managing-destinations.md): Creating and configuring Destinations - [Amazon](https://docs.cribl.io/stream/amazon-destinations.md): You can send data from Cribl Stream to the following Amazon services: | Destination | Description | | --- | --- | | Amazon CloudWatch Logs | Send data to Amazon CloudWatch Logs | | Amazon Kinesis D... - [Amazon CloudWatch Logs Destination](https://docs.cribl.io/stream/destinations-cloudwatch-logs.md): Send data to Amazon CloudWatch Logs - [Amazon Kinesis Data Streams Destination](https://docs.cribl.io/stream/destinations-kinesis-streams.md): Deliver data to an Amazon Kinesis Data Stream - [Amazon S3 Compatible Stores Destination](https://docs.cribl.io/stream/destinations-s3.md): Send data to Amazon S3 or to an S3-compatible store - [Amazon SQS Destination](https://docs.cribl.io/stream/destinations-sqs.md): Send events to Amazon Simple Queuing Service - [Azure](https://docs.cribl.io/stream/azure-destinations.md): You can send data from Cribl Stream to the following Azure services; | Destination | Description | | --- | --- | | Azure Blob Storage | Deliver data to Azure Blog Storage or Azure Data Lake Storage... - [Azure Blob Storage Destination](https://docs.cribl.io/stream/destinations-azure-blob.md): Deliver data to Azure Blog Storage or Azure Data Lake Storage Gen2 - [Azure Data Explorer Destination](https://docs.cribl.io/stream/destinations-azure-data-explorer.md): Send batched or streaming data to the Azure Data Explorer managed data analytics service - [Azure Event Hubs Destination](https://docs.cribl.io/stream/destinations-azure-event-hubs.md): Send data to Azure Event Hubs - [Azure Monitor Logs Destination](https://docs.cribl.io/stream/destinations-azure-monitor-logs.md): Send data to Azure Monitor Logs - [Microsoft Sentinel Destination](https://docs.cribl.io/stream/destinations-sentinel.md): Send Log and Metric Events to Microsoft Sentinel SIEM - [Data Lakes](https://docs.cribl.io/stream/data-lakes-destinations.md): You can send data from Cribl Stream to the following data lakes: | Destination | Description | | --- | --- | | Cribl Lake | Send data to Cribl Lake | | Amazon S3 | Send Cribl Search-formatted data ... - [Cribl Lake Destination](https://docs.cribl.io/stream/destinations-cribl-lake.md): Send data to Cribl Lake - [Amazon S3 Destination](https://docs.cribl.io/stream/destinations-data-lake-s3.md): Send Cribl Search-formatted data to Amazon S3 - [Amazon Security Lake Destination](https://docs.cribl.io/stream/destinations-security-lake.md): Send OCSF data to Amazon Security Lake in Parquet format - [Elastic](https://docs.cribl.io/stream/elastic-destinations.md): You can send data from Cribl Stream to the following Elastic services: | Destination | Description | | --- | --- | | Elasticsearch | Send events to an Elasticsearch cluster using the Bulk API | | E... - [Elasticsearch Destination](https://docs.cribl.io/stream/destinations-elastic.md): Send events to an Elasticsearch cluster using the Bulk API - [Elastic Cloud Destination](https://docs.cribl.io/stream/destinations-elastic-cloud.md): Send events to Elastic Cloud - [Google Cloud](https://docs.cribl.io/stream/google-cloud-destinations.md): You can send data from Cribl Stream to the following Google Cloud services: | Destination | Description | | --- | --- | | Google SecOps | Send data to Google Security Operations (SecOps) | | Google... - [Google Security Operations (SecOps) Destination](https://docs.cribl.io/stream/destinations-google_chronicle.md): Send data to Google Security Operations (SecOps) - [Google Cloud Chronicle API Destination](https://docs.cribl.io/stream/destinations-google-chronicle-api.md): Send data to Google Cloud Chronicle API - [Google Cloud Logging Destination](https://docs.cribl.io/stream/destinations-google-logging.md): Send data to Google Cloud Logging - [Google Cloud Pub/Sub Destination](https://docs.cribl.io/stream/destinations-google_pubsub.md): Send data to Google Cloud Pub/Sub - [Google Cloud Storage Destination](https://docs.cribl.io/stream/destinations-google-cloud-storage.md): Send data to Google Cloud Storage - [Kafka](https://docs.cribl.io/stream/kafka-destinations.md): You can send data from Cribl Stream to the following Kafka services: | Destination | Description | | --- | --- | | Kafka | Send data to a Kafka topic | | Confluent Cloud | Send data to Kafka topics... - [Kafka Destination](https://docs.cribl.io/stream/destinations-kafka.md): Send data to a Kafka topic - [Confluent Cloud Destination](https://docs.cribl.io/stream/destinations-confluent.md): Send data to Kafka topics on Confluent Cloud - [Amazon MSK Destination](https://docs.cribl.io/stream/destinations-msk.md): Send data to a topic in Amazon MSK - [Metrics](https://docs.cribl.io/stream/metrics-destinations.md): You can send data from Cribl Stream to the following Metrics services: | Destination | Description | | --- | --- | | Graphite | Send data to a Graphite Destination | | StatsD | Send data to a Stats... - [Graphite Destination](https://docs.cribl.io/stream/destinations-graphite.md): Send data to a Graphite Destination - [StatsD Destination](https://docs.cribl.io/stream/destinations-statsd.md): Send data to a StatsD Destination - [StatsD Extended Destination](https://docs.cribl.io/stream/destinations-statsd-extended.md): Send out data in expanded StatsD format - [New Relic Ingest](https://docs.cribl.io/stream/new-relic-ingest-destinations.md): You can send data from Cribl Stream to the following New Relic Ingest services: | Destination | Description | | --- | --- | | New Relic Events | Send events to New Relic via the New Relic Event API... - [New Relic Events Destination](https://docs.cribl.io/stream/destinations-newrelic-events.md): Send events to New Relic via the New Relic Event API - [New Relic Logs & Metrics Destination](https://docs.cribl.io/stream/destinations-newrelic.md): Send events to New Relic Log API and Metric API - [Prometheus](https://docs.cribl.io/stream/prometheus-destinations.md): You can send data from Cribl Stream to the following Prometheus services: | Destination | Description | | --- | --- | | Prometheus | Send metric events to Prometheus remote write targets | | Grafan... - [Prometheus Destination](https://docs.cribl.io/stream/destinations-prometheus.md): Send metric events to Prometheus remote write targets - [Grafana Cloud Destination](https://docs.cribl.io/stream/destinations-grafana_cloud.md): Send data to Loki for logs and Prometheus for metrics - [Loki Destination](https://docs.cribl.io/stream/destinations-loki.md): Send log events to Loki - [Splunk](https://docs.cribl.io/stream/splunk-destinations.md): You can send data from Cribl Stream to the following Splunk services: | Destination | Description | | --- | --- | | Splunk HEC | Stream data to a Splunk HEC receiver | | Splunk Single Instance | St... - [Splunk HEC Destination](https://docs.cribl.io/stream/destinations-splunk-hec.md): Stream data to a Splunk HEC receiver - [Splunk Single Instance Destination](https://docs.cribl.io/stream/destinations-splunk.md): Stream data to a Splunk instance - [Splunk Load Balanced Destination](https://docs.cribl.io/stream/destinations-splunk-lb.md): Load-balance data streaming to multiple Splunk receivers - [Internal](https://docs.cribl.io/stream/internal-destinations.md): You can send data from Cribl Stream to the following internal receivers: | Destination | Description | | --- | --- | | Cribl HTTP | Send data between peer Nodes via HTTP | | Cribl TCP | Send data b... - [Cribl HTTP Destination](https://docs.cribl.io/stream/destinations-cribl-http.md): Send data between peer Nodes via HTTP - [Cribl TCP Destination](https://docs.cribl.io/stream/destinations-cribl-tcp.md): Send data between peer Nodes via raw TCP - [Cribl Search Destination](https://docs.cribl.io/stream/destinations-cribl-search.md): Send data to Cribl Search via HTTP - [Default Destination](https://docs.cribl.io/stream/destinations-default.md): Specify a default output from among your Destinations - [DevNull Destination](https://docs.cribl.io/stream/destinations-devnull.md): Drop events when testing Pipelines and Routes - [Output Router Destination](https://docs.cribl.io/stream/destinations-output-router.md): Routes data to Destinations based on defined rules - [CrowdStrike Falcon LogScale Destination](https://docs.cribl.io/stream/destinations-humio-hec.md): Stream data to a CrowdStrike Falcon LogScale HTTP Event Collector - [ClickHouse Destination](https://docs.cribl.io/stream/destinations-click-house.md): Send events to ClickHouse - [Cloudflare R2 Destination](https://docs.cribl.io/stream/destinations-cloudflare-r2.md): Send data to Cloudflare R2 object storage using an S3-compatible API - [Cloudian HyperStore Destination](https://docs.cribl.io/stream/destinations-cloudian.md): Send data to Cloudian HyperStore object storage - [Cortex XSIAM Destination](https://docs.cribl.io/stream/destinations-xsiam.md): Stream data to Palo Alto's Cortex XSIAM platform - [CrowdStrike Falcon Next-Gen SIEM Destination](https://docs.cribl.io/stream/destinations-crowdstrike-next-gen-siem.md): Stream data to a CrowdStrike Falcon Next-Gen SIEM - [Databricks Destination](https://docs.cribl.io/stream/destinations-databricks.md): Sends data to Databricks Unity Catalog volumes - [Datadog Destination](https://docs.cribl.io/stream/destinations-datadog.md): Send log and metric events to Datadog - [Dell PowerScale OneFS Destination](https://docs.cribl.io/stream/destinations-dell.md): Send data to Dell PowerScale OneFS - [Dynatrace HTTP Destination](https://docs.cribl.io/stream/destinations-dynatrace-http.md): Send logs to Dynatrace - [Dynatrace OTLP Destination](https://docs.cribl.io/stream/destinations-dynatrace-otlp.md): Send telemetry data to Dynatrace using OTLP - [Exabeam Security Operations Platform Destination](https://docs.cribl.io/stream/destinations-exabeam.md): Send data to Exabeam SIEM - [Microsoft Fabric Real-Time Intelligence](https://docs.cribl.io/stream/destinations-fabric-real-time-intelligence.md): Send data to Microsoft Fabric Eventstreams - [Filesystem/NFS Destination](https://docs.cribl.io/stream/destinations-fs.md): Output files to a local file system or NFS - [Honeycomb Destination](https://docs.cribl.io/stream/destinations-honeycomb.md): Send events to a Honeycomb dataset - [InfluxDB Destination](https://docs.cribl.io/stream/destinations-influxdb.md): Send data to InfluxDB and InfluxDB Cloud - [MinIO Destination](https://docs.cribl.io/stream/destinations-minio.md): Send objects to MinIO buckets - [NetFlow Destination](https://docs.cribl.io/stream/destinations-netflow.md): Send data to NetFlow - [Nutanix Objects Destination](https://docs.cribl.io/stream/destinations-nutanix.md): Send data to Nutanix Objects - [OpenTelemetry (OTel) Destination](https://docs.cribl.io/stream/destinations-otel.md): Send events to OTLP-compliant targets - [Scality Destination](https://docs.cribl.io/stream/destinations-scality.md): Send data to Scality object storage - [SentinelOne AI SIEM Destination](https://docs.cribl.io/stream/destinations-sentinel-one-ai-siem.md): Stream data to SentinelOne's AI SIEM platform - [SentinelOne DataSet Destination](https://docs.cribl.io/stream/destinations-dataset.md): Send log events to SentinelOne DataSet - [ServiceNow Cloud Observability](https://docs.cribl.io/stream/destinations-servicenow.md): Send events to ServiceNow Cloud Observability - [SignalFx Destination](https://docs.cribl.io/stream/destinations-signalfx.md): Send events to SignalFx - [SNMP Trap Destination](https://docs.cribl.io/stream/destinations-snmp-traps.md): Forward SNMP Traps out - [Storj Destination](https://docs.cribl.io/stream/destinations-storj.md): Send data to Storj object storage - [Sumo Logic Destination](https://docs.cribl.io/stream/destinations-sumo-logic.md): Send log and metric events to Sumo Logic over HTTP - [Syslog Destination](https://docs.cribl.io/stream/destinations-syslog.md): Send out data over syslog via TCP or UDP - [TCP JSON Destination](https://docs.cribl.io/stream/destinations-tcp-json.md): Send data over TCP in JSON format - [Wavefront Destination](https://docs.cribl.io/stream/destinations-wavefront.md): Send events to Wavefront analytics - [Webhook Destination](https://docs.cribl.io/stream/destinations-webhook.md): Send log and metric events to webhooks and generic HTTP endpoints - [Wiz Defend](https://docs.cribl.io/stream/destinations-wiz-defend.md): Stream data to Wiz Defend - [Manage Backpressure](https://docs.cribl.io/stream/manage-backpressure.md): Learn how to use Cribl to manage backpressure and prevent data loss - [About Persistent Queues](https://docs.cribl.io/stream/persistent-queues.md): Learn how persistent queues prevent data loss - [Optimize Source Persistent Queues](https://docs.cribl.io/stream/persistent-queues-sources.md): This page explains choices to consider when enabling Source persistent queues in your system. - [Optimize Destination Persistent Queues](https://docs.cribl.io/stream/persistent-queues-destinations.md): This page explains choices to consider when enabling Destination persistent queues in your system - [About Destination Backpressure Triggers](https://docs.cribl.io/stream/destinations-backpressure-triggers.md): This page documents backpressure triggers and behavior in Cribl Stream and Cribl Edge Destinations. - [Backpressure Impacts to Sources](https://docs.cribl.io/stream/backpressure-impacts-sources.md): Learn how backpressure affects different types of Sources when Persistent Queue is not enabled. - [About Load Balancing](https://docs.cribl.io/stream/load-balancing.md): Details about configuring load balancing on Cribl Destinations - [Configure Host Metadata](https://docs.cribl.io/stream/host-metadata.md): Host metadata can be collected for enabled Sources per Worker Node. - [Cribl Edge to Cribl Stream](https://docs.cribl.io/stream/usecase-edge-stream.md): Sending data from Cribl Edge to Cribl Stream - [Transfer Data Between Workspaces or Environments](https://docs.cribl.io/stream/usecase-transfer-data.md): Transfer data between Cribl.Cloud Workspaces or on-prem Cribl environments without paying twice. - [Cribl-to-Cribl Compatibility Matrix](https://docs.cribl.io/stream/cribl-to-cribl-compatibility.md): Supported Cribl HTTP and Cribl TCP combinations, auth tokens, and environment types for Stream and Edge. - [Integrating with Other Services](https://docs.cribl.io/stream/integrating-other.md): The following topics provide detailed guides and better practice for integrating with different external services. - [Amazon](https://docs.cribl.io/stream/amazon-integrating.md): The following topics provide detailed guides and better practice for integrating with Amazon services. - [AWS Cross-Account Data Collection](https://docs.cribl.io/stream/usecase-aws-x-account.md): Collecting and writing data across multiple AWS accounts - [Integrate Cribl Stream with AWS Security Hub](https://docs.cribl.io/stream/usecase-aws-security-hub.md): Send AWS Security Hub findings to Cribl Stream for processing - [Amazon S3 Better Practices](https://docs.cribl.io/stream/usecase-s3-better-practices.md): Read, write, and replay with S3 - [Amazon Security Lake Integration](https://docs.cribl.io/stream/usecase-security-lake.md): Integrate Cribl Stream's Amazon Security Lake Destination with its Namesake Service - [Collecting Logs from Amazon ECS Containers](https://docs.cribl.io/stream/usecase-ecs-fargate.md): Collect logs from Amazon Elastic Container Service (ECS) - [Azure](https://docs.cribl.io/stream/azure-integrating.md): The following topics provide detailed guides and better practice for integrating with Azure services. - [Prepare the Azure Workspace for Cribl Integrations](https://docs.cribl.io/stream/usecase-azure-workspace.md): Preparing the Azure Workspace for Cribl Integrations - [Azure Event Hubs Integrations](https://docs.cribl.io/stream/usecase-azure-event-hubs.md): Ingest data from an Azure Event Hub - [Microsoft Sentinel SIEM Integration {#preamble}](https://docs.cribl.io/stream/usecase-azure-sentinel.md): Set up Cribl to send data to the Microsoft Sentinel SIEM - [Splunk](https://docs.cribl.io/stream/splunk-integrating.md): The following topics provide detailed guides and better practice for integrating with Splunk services. - [Splunk Cloud Platform and BYOL Integrations](https://docs.cribl.io/stream/usecase-splunk-cloud-integrations.md): Integrating with the Splunk Cloud Platform by using the Splunk HTTP Event Collector - [Switch Cribl Stream Destinations from S2S to Splunk HEC](https://docs.cribl.io/stream/s2s-to-hec.md): How to switch your data collection from Splunk to Splunk (S2S) to HTTP Event Collector (HEC) - [Splunk to Elasticsearch](https://docs.cribl.io/stream/usecase-splunk-elasticsearch.md): Routing data from Splunk to Elasticsearch services - [Splunk to Exabeam](https://docs.cribl.io/stream/usecase-exabeam.md): Exporting parsed data to Exabeam - [Splunk Stream to Cribl Stream](https://docs.cribl.io/stream/usecase-splunk-stream.md): Sending data from Splunk Stream packages to Cribl Stream - [Decryption of Data in Splunk](https://docs.cribl.io/stream/securing-data-decryption.md): Decrypting data with Splunk - [Stream-to-Splunk Encryption](https://docs.cribl.io/stream/usecase-encrypting-data.md): Encrypting and decrypting data moving from Cribl Stream to Splunk - [Syslog](https://docs.cribl.io/stream/syslog-integrating.md): The following topics provide detailed guides and better practice for integrating with Syslog services. - [Syslog Best Practices](https://docs.cribl.io/stream/usecase-syslog.md): Best practices for processing syslog events - [Syslog TLS to Cribl.Cloud (Palo Alto Example)](https://docs.cribl.io/stream/usecase-syslog-cloud.md): Palo Alto Syslog Forwarding to Cribl.Cloud - [Configure Upstream Logging Agents](https://docs.cribl.io/stream/usecase-logging-agents.md): Connect common logging agents to Cribl Stream - [BigPanda/Webhook Integration](https://docs.cribl.io/stream/usecase-webhook-bigpanda.md): Configure Cribl Stream to send Webhook notifications to the BigPanda IT Ops platform - [Gigamon to Cribl Stream](https://docs.cribl.io/stream/usecase-gigamon-stream.md): Sending data from Gigamon to Cribl Stream - [Onboarding Data Sources to Cortex XSIAM with Cribl Stream](https://docs.cribl.io/stream/usecase-xsiam.md): High-level process for third-party data onboarding into XSIAM using Cribl Stream, including datasets, parsers, and XDM - [System Metrics to Grafana](https://docs.cribl.io/stream/usecase-metrics-grafana.md): Sending data from System Metrics to Grafana - [Kafka Authentication with Kerberos](https://docs.cribl.io/stream/usecase-kafka-kerberos.md): This topic describes a procedure for configuring Kafka Sources and Destinations for Kerberos authentication. - [Moogsoft/Webhook Integration](https://docs.cribl.io/stream/usecase-moogsoft.md): Configure Cribl Stream to send Webhook notifications to Moogsoft - [Nightfall Integration](https://docs.cribl.io/stream/usecase-nightfall.md): Integrating Cribl Stream with Nightfall to detect and redact sensitive information - [Managing QRadar Licenses](https://docs.cribl.io/stream/usecase-qradar.md): Reduce QRadar costs with fine-grained control over events sent - [Slack/Webhook Integration](https://docs.cribl.io/stream/usecase-webhook-slack.md): This page describes how to integrate Cribl Stream with Slack via the Cribl Stream Webhook Destination. - [Zscaler NSS Virtual Machine](https://docs.cribl.io/stream/usecase-zscaler-logs.md): Reduce the size of ZScaler logs with Cribl Stream - [Tanium to Cribl Stream](https://docs.cribl.io/stream/usecase-tanium-stream.md): Sending data from Tanium to Cribl Stream - [Packs](https://docs.cribl.io/stream/packs.md): Share simple or complex configurations - [Pack-Based Configuration Management](https://docs.cribl.io/stream/pack-config-management-intro.md): Learn how Git integration with Packs can streamline configuration management - [Plan a Pack-Based Strategy](https://docs.cribl.io/stream/pack-config-management-plan.md): Make key decisions to ensure that your Pack-based configuration management strategy meets your needs - [Create a Pack](https://docs.cribl.io/stream/pack-config-management-create-pack.md): Set up a new Pack initially and learn how to add variables and sensitive data - [Version Control Packs in External Git Repos](https://docs.cribl.io/stream/pack-config-management-external-git-repo.md): Set up a basic Git workflow by connecting a Pack to a Git repository for version-controlled configuration management - [Packs Publication Standards](https://docs.cribl.io/stream/packs-standards.md): How Cribl Community members can create and publish Cribl Packs - [Reference](https://docs.cribl.io/stream/reference.md): A reference for Cribl Stream, including: - Cribl Expressions - CLI - Environment variables - Config files For reference documentation for the Cribl API, see the API Reference. - [Knowledge Objects](https://docs.cribl.io/stream/knowledge-library.md): Knowledge objects overview - [Variables Library](https://docs.cribl.io/stream/global-variables-library.md): Store values that automatically update everywhere they are referenced in your Pipelines and Functions - [Regexes](https://docs.cribl.io/stream/regex-library.md): A set of pre-built common regex patterns - [JSON Schemas](https://docs.cribl.io/stream/schema-library.md): Schemas for validating inbound JSON events and writing out Parquet data - [Parquet Schemas](https://docs.cribl.io/stream/parquet-schemas.md): Schemas for writing out Parquet data - [AppScope Configs](https://docs.cribl.io/stream/appscope-configs.md): Deprecated Knowledge Library objects. Not for production use. - [Cribl Expressions](https://docs.cribl.io/stream/cribl-reference.md): Native Cribl Stream methods, found under C.* - [C.Crypto - Data Encryption and Decryption](https://docs.cribl.io/stream/expressions-crypto.md): Native Cribl methods for encryption and decryption - [C.Decode and C.Encode - Encoding and Decoding](https://docs.cribl.io/stream/expressions-encode-decode.md): Native Cribl methods for encoding and decoding - [C.Lookup - Inline Lookup Methods](https://docs.cribl.io/stream/expressions-lookup.md): Native Cribl methods for lookups - [C.Mask - Data Masking Methods](https://docs.cribl.io/stream/expressions-mask.md): Native Cribl methods for masking - [C.Net - Network Methods](https://docs.cribl.io/stream/expressions-net.md): Native Cribl methods for encryption and decryption - [C.Text - Text Methods](https://docs.cribl.io/stream/expressions-text.md): Native Cribl methods for text manipulation - [C.Time - Time Methods](https://docs.cribl.io/stream/expressions-time.md): Native Cribl methods for time - [Miscellaneous Expression Methods](https://docs.cribl.io/stream/expressions-other.md): Miscellaneous native Cribl methods - [String](https://docs.cribl.io/stream/string-reference.md): How to use JavaScript strings in Cribl expressions - [Date](https://docs.cribl.io/stream/date-reference.md): How to use Cribl Expressions as inputs to Cribl Functions - [Math](https://docs.cribl.io/stream/math-reference.md): The Math JavaScript object, and its methods - [Number](https://docs.cribl.io/stream/number-reference.md): The Number JavaScript object, and its methods - [CLI Reference](https://docs.cribl.io/stream/cli-reference.md): Command line interface basics - [auth](https://docs.cribl.io/stream/cli-auth.md): Command to log into or out of the product - [boot-start](https://docs.cribl.io/stream/cli-boot-start.md): Command to enable or disable product boot-start - [cloud-workspace](https://docs.cribl.io/stream/cli-cloud-workspace.md): Command to update a Leader with new config that allows it to connect to the Cribl.Cloud Leader and send it usage metrics - [decrypt](https://docs.cribl.io/stream/cli-decrypt.md): Command to decrypt data with a secret key - [diag](https://docs.cribl.io/stream/cli-diag.md): Command to manage diagnostic bundles - [encrypt](https://docs.cribl.io/stream/cli-encrypt.md): Command to encrypt data with a secret key - [git](https://docs.cribl.io/stream/cli-git.md): Command to manage Worker Group or Fleet configuration - [help](https://docs.cribl.io/stream/cli-help.md): Displays a list of commands and their help - [keys](https://docs.cribl.io/stream/cli-keys.md): Command to manage encryption keys - [limits](https://docs.cribl.io/stream/cli-limits.md): Command to control the availability of Cribl features - [mode-master](https://docs.cribl.io/stream/cli-mode-master.md): Command to configure an instance as a Leader - [mode-single](https://docs.cribl.io/stream/cli-mode-single.md): Command to configure an instance as a Single-instance deployment - [mode-edge](https://docs.cribl.io/stream/cli-mode-edge.md): Command to configure Cribl Edge as a Single-instance deployment - [mode-worker](https://docs.cribl.io/stream/cli-mode-worker.md): Command to configure Cribl Stream as a Worker instance - [mode-managed-edge](https://docs.cribl.io/stream/cli-mode-managed-edge.md): Command to configure Cribl Edge as an Edge Node - [mode-outpost](https://docs.cribl.io/stream/cli-mode-outpost.md): Command to configure an instance as an Outpost Node - [nc](https://docs.cribl.io/stream/cli-nc.md): Command to listen a port for traffic and output stats and data - [node](https://docs.cribl.io/stream/cli-node.md): Command to execute a JavaScript file - [pack](https://docs.cribl.io/stream/cli-pack.md): Command to mange Cribl packs - [parquet](https://docs.cribl.io/stream/cli-parquet.md): Command to view a Parquet file, its metadata, or its schema - [pipe](https://docs.cribl.io/stream/cli-pipe.md): Command to feed stdin to a Pipeline - [pq](https://docs.cribl.io/stream/cli-pq.md): Command for persistent queue performance benchmarking - [reload](https://docs.cribl.io/stream/cli-reload.md): Command to reload the product - [restart](https://docs.cribl.io/stream/cli-restart.md): Command to restart the product - [start](https://docs.cribl.io/stream/cli-start.md): Command to start the product - [status](https://docs.cribl.io/stream/cli-status.md): Command to display the product status - [stop](https://docs.cribl.io/stream/cli-stop.md): Command to stop the product - [vars](https://docs.cribl.io/stream/cli-vars.md): Command to manage global variables - [version](https://docs.cribl.io/stream/cli-version.md): Command to display product version - [Environment Variables](https://docs.cribl.io/stream/environment-variables.md): Environment variables available for configuring Cribl Stream - [Configuration Files](https://docs.cribl.io/stream/configuration-files.md): How configuration paths and files are laid out on the filesystem - [breakers.yml](https://docs.cribl.io/stream/breakersyml.md): Config file where Cribl's default Event Breaker Library is stored - [certificates.yml](https://docs.cribl.io/stream/certificatesyml.md): Config file that lists configured certificates and their parameters - [cribl.yml](https://docs.cribl.io/stream/criblyml.md): Config file that contains system properties, and API settings - [groups.yml](https://docs.cribl.io/stream/groupsyml.md): Config file that lists groups and their configuration versions - [inputs.yml](https://docs.cribl.io/stream/inputsyml.md): Config file that contains settings for configuring inputs to Cribl - [instance.yml](https://docs.cribl.io/stream/instanceyml.md): Config file that contains settings for Leader, Worker, and Single instances - [iometrics.yml](https://docs.cribl.io/stream/iometricsyml.md): Config file that defines the metrics levels for individual Sources and Destinations - [jobs.yml](https://docs.cribl.io/stream/jobsyml.md): Config file that contains parameters for configured Collectors - [job-limits.yml](https://docs.cribl.io/stream/job-limitsyml.md): Config file that contains parameters for Collector jobs - [leader.yml](https://docs.cribl.io/stream/leaderyml.md): Config file that contains settings for secondary Leader when failover is configured - [limits.yml](https://docs.cribl.io/stream/limitsyml.md): Config file that contains parameters for system tasks - [logger.yml](https://docs.cribl.io/stream/loggeryml.md): Config file that maintains logging levels and redactions, per channel - [mappings.yml and fleet-mappings.yml](https://docs.cribl.io/stream/mappingsyml.md): Config file that lists mapping ruleset configurations - [messages.yml](https://docs.cribl.io/stream/messagesyml.md): Config file that stores messages displayed in the UI's Messages fly-out - [notifications.yml](https://docs.cribl.io/stream/notificationsyml.md): Config file that contains settings for configuring Notifications. - [outpost.yml](https://docs.cribl.io/stream/outpostyml.md): Config file that contains settings for a Cribl Outpost instance - [outputs.yml](https://docs.cribl.io/stream/outputsyml.md): Config file that contains settings for Cribl Stream Destinations - [parsers.yml](https://docs.cribl.io/stream/parsersyml.md): Config file that contains settings for Cribl Destinations - [persistent-queue.yml](https://docs.cribl.io/stream/persistent-queueyml.md): Config file that contains settings for configuring persistent queues. - [regexes.yml](https://docs.cribl.io/stream/regexesyml.md): Config file that lists regexes, including (by default) the Cribl Regex Library - [samples.yml](https://docs.cribl.io/stream/samplesyml.md): Config file that contains metadata about stored sample data files - [schemas.yml](https://docs.cribl.io/stream/schemasyml.md): Config file that describes schemas in the Knowledge > Schema Library - [scripts.yml](https://docs.cribl.io/stream/scriptsyml.md): Config file that contains parameters for scripts - [service.yml](https://docs.cribl.io/stream/serviceyml.md): service.yml maintains configuration for Cribl Stream and Cribl Edge service processes - [vars.yml](https://docs.cribl.io/stream/varsyml.md): Config file that contains global variables - [Troubleshoot Cribl Stream](https://docs.cribl.io/stream/troubleshooting.md): Overview of troubleshooting resources for Cribl Stream - [Diagnose Issues](https://docs.cribl.io/stream/diagnosing.md): Diagnosing issues and exporting a diagnostic bundle - [Common Errors and Warnings](https://docs.cribl.io/stream/common-errors.md): Common errors and warnings in Cribl Stream's internal logs and/or UI - [Git Push Errors](https://docs.cribl.io/stream/git-push-errors.md): This page anticipates common errors you might see in Cribl Stream's UI, or in the `git` CLI, when pushing a commit. - [Git Remote Repos & Trusted CAs](https://docs.cribl.io/stream/git-certificate-errors.md): If you are using an internal Git server, a self-signed certificate might prevent Cribl Stream from successfully pushing commits to the origin. - [Sample Logs for Login Scenarios](https://docs.cribl.io/stream/sample-login-logs.md): Sample Login Event Logs - [CrowdStream](https://docs.cribl.io/stream/deploy-crowdstream.md): Set up Cribl.Cloud's integration with CrowdStrike Falcon LogScale - [Third-Party Credits](https://docs.cribl.io/stream/third-party-current-list.md) ## Cribl Edge - [About Cribl Edge](https://docs.cribl.io/edge/about.md): Basic overview of Edge - [Basic Concepts](https://docs.cribl.io/edge/basic-concepts.md): Notable features and concepts to get a fundamental understanding of Cribl Edge - [Log in to Cribl](https://docs.cribl.io/edge/login.md) - [QuickConnect](https://docs.cribl.io/edge/quickconnect.md): Use QuickConnect to sent data from Sources to Destinations with drag-and-drop - [Onboard Faster With Packs](https://docs.cribl.io/edge/packs-onboarding.md): Learn how pre-built content in Packs provide a starting point for building Routes, Pipelines, and Knowledge objects for typical use cases. - [Get Pre-Built Pack Content](https://docs.cribl.io/edge/packs-import.md): Navigate the central repository of Cribl-supported and community-contributed Packs to find validated solutions for typical use cases. - [Explore Cribl Edge](https://docs.cribl.io/edge/explore-edge.md): Take a tour of the Cribl Edge UI - [Explore Cribl Edge Nodes](https://docs.cribl.io/edge/explore-nodes.md): Examine Edge Nodes details in the Explore tab - [Cribl Edge on Linux](https://docs.cribl.io/edge/edge-linux.md): Deploy Cribl Edge on Linux - [Install Cribl Edge on Linux](https://docs.cribl.io/edge/deploy-linux.md): Basic Cribl Edge deployment requirements and procedures - [Enable Start on Boot on Linux](https://docs.cribl.io/edge/deploy-boot-start.md): Enable Cribl Edge instances to restart on system boot - [OS Tuning for Large Deployments](https://docs.cribl.io/edge/os-tuning.md): Learn about how to tune your OS for large deployments - [Run Edge as an Unprivileged Linux User](https://docs.cribl.io/edge/deploy-runtime-user.md): Install Cribl Edge an unprivileged Linux user - [Install Edge on Linux via RPM](https://docs.cribl.io/edge/deploy-rpm.md): Securely install Edge using an RPM package - [Install Edge on Linux via .deb](https://docs.cribl.io/edge/deploy-deb.md): Install Cribl Edge from a Linux .deb package - [FIPS Mode for Cribl Edge (Linux)](https://docs.cribl.io/edge/fips-mode.md): Running Cribl in FIPS mode - [Use ACLs to Allow Cribl Edge to Read Files](https://docs.cribl.io/edge/usecase-edge-acls.md): Using Access Control Lists to allow Cribl Edge to Read Files - [Cribl Edge on Windows](https://docs.cribl.io/edge/edge-win.md): Options and limitations for running Cribl Edge on Windows - [Install Cribl Edge on Windows](https://docs.cribl.io/edge/deploy-windows.md): Install Cribl Edge on Windows - [Windows User Permissions and Requirements](https://docs.cribl.io/edge/deploy-windows-msi-options.md): User context and MSI installer options - [System Proxy Configuration on Windows](https://docs.cribl.io/edge/proxy-config-win.md): Direct outbound HTTP/S requests to go through proxy servers on Windows - [Windows Troubleshooting](https://docs.cribl.io/edge/windows-troubleshooting.md): Common issues you can encounter in a Cribl Edge Windows deployment and how to resolve them - [FIPS Mode for Cribl Edge (Windows)](https://docs.cribl.io/edge/fips-mode-win.md): Run Cribl Edge in FIPS mode (Windows) - [Cribl Edge on MacOS](https://docs.cribl.io/edge/edge-macos.md): Cribl Edge can be deployed to a macOS machine - [Install Cribl Edge on MacOS](https://docs.cribl.io/edge/deploy-macos.md): Installing Cribl Edge on macOS - [Deploy Cribl Edge on MacOS with JAMF](https://docs.cribl.io/edge/deploy-macos-jamf.md): Deploy Cribl Edge on macOS using JAMF Pro - [Cribl Edge in Containers](https://docs.cribl.io/edge/edge-in-containers.md): Deploy Cribl Edge in containerized environments using Docker or Kubernetes - [Run Cribl Edge in a Docker Container](https://docs.cribl.io/edge/deploy-running-docker.md): Install Cribl Edge in a container using a Docker image - [Deploy Cribl Edge via Kubernetes](https://docs.cribl.io/edge/deploy-running-kubernetes.md): Install Cribl Edge in Kubernetes Pods - [Set Up Cribl Edge](https://docs.cribl.io/edge/set-up.md): Deploy Cribl Edge in Cribl.Cloud, or on-prem, in the selected environment - [Get Started with Cribl Edge](https://docs.cribl.io/edge/getting-started-guide.md): Set up a functional Cribl Edge instance - [Cribl.Cloud vs. Self-Hosted](https://docs.cribl.io/edge/cloud-vs-self-hosted.md): Differences between Cribl.Cloud and self-hosted installations - [Learn About Connected Environments](https://docs.cribl.io/edge/cloud-connected-env.md): Instructions for Connecting On-Prem Leaders to Cribl.Cloud - [How to Connect On-Prem Leaders to Cribl.Cloud](https://docs.cribl.io/edge/cloud-connected-env-how-to.md): How to Connect On-Prem Leaders to Cribl.Cloud - [Simplify Billing with Universal Subscription](https://docs.cribl.io/edge/about-universal-subscription.md): Learn about connecting on-prem Environments to Cribl.Cloud Leaders to simplify billing. - [Data Payloads for Connected Environments](https://docs.cribl.io/edge/cloud-connected-payloads.md): Connected Environment Data Payloads - [Send Data from On-Prem to Cribl.Cloud](https://docs.cribl.io/edge/cloud-connected-data-transfer.md): Use Connected Environments to send data from on-prem to Cribl.Cloud deployments - [Tutorials](https://docs.cribl.io/edge/tutorials.md): Follow step-by-step tutorials for getting started and levelling up your deployment of Cribl Edge - [Getting Started Tutorial](https://docs.cribl.io/edge/getting-started-tutorial.md): Cribl Edge quick start tutorial, from setting up the first Source to sending data to Cribl Stream - [Configure Cribl Edge](https://docs.cribl.io/edge/usecase-configuring-edge.md): Configuring your Cribl Edge deployment - [Forward Custom Data with Cribl Edge Tags](https://docs.cribl.io/edge/usecase-custom-tags.md): Add unique identifiers to events forwarded from Cribl Edge by using tags - [Monitor your Infrastructure with Cribl Edge](https://docs.cribl.io/edge/usecase-infrastructure-monitoring.md): Monitor your infrastructure and visualize performance using Grafana - [Monitor and Troubleshoot Cribl Edge](https://docs.cribl.io/edge/usecase-monitoring-troubleshooting.md): Monitor and troubleshoot your Cribl Edge deployment - [Migrate from Third-Party Agents to Cribl Edge](https://docs.cribl.io/edge/usecase-migrate-to-edge.md): Migrate your data collection infrastructure from third-party agents to Cribl Edge - [Deployment Planning](https://docs.cribl.io/edge/deploy-planning.md): Plan your Cribl Edge deployment to suit your environment - [OS and System Requirements](https://docs.cribl.io/edge/requirements.md): For a successful Cribl Edge deployment, verify that your system meets the minimum hardware and software specifications outlined below. - [Plan Large-Scale Deployments of Cribl Edge](https://docs.cribl.io/edge/how-to-scale-edge.md): Configure your Leader to support a large number of Edge Nodes - [Set Up Leader and Edge Nodes](https://docs.cribl.io/edge/setting-up-leader-and-edge-nodes.md): Configure Cribl Edge Nodes to work with a Leader - [Connect Nodes to Leader Through Cribl Outpost](https://docs.cribl.io/edge/outpost.md): Simplify Edge Node-to-Leader communication with Cribl Outpost - [Set Up Cribl Outpost](https://docs.cribl.io/edge/set-up-outpost.md): Create a Cribl Outpost to relay communication between Edge Nodes and the Leader - [Configure Outpost Group Settings](https://docs.cribl.io/edge/outpost-group-settings.md): Configure settings for an Outpost Group - [Manage Edge Node Config Bundles](https://docs.cribl.io/edge/edge-nodes-config-bundle.md): Manage configuration bundles for Cribl Edge Nodes - [Leader High Availability/Failover](https://docs.cribl.io/edge/deploy-add-second-leader.md): Add standby Leader Nodes to ensure High Availability in case of failover - [High Availability Requirements](https://docs.cribl.io/edge/ha-requirements.md): Check what requirements your deployment must fulfill before configuring standby Leader Nodes - [Configure Standby Leader Nodes](https://docs.cribl.io/edge/configure-standby-leaders.md): Configure standby Leader Nodes for failover - [Manage High Availability Deployment](https://docs.cribl.io/edge/manage-ha.md): Monitor and disable Leaders and upgrade HA deployments - [Anti-Virus Exceptions](https://docs.cribl.io/edge/deploy-antivirus-exceptions.md): Add anti-virus exceptions to facilitate Cribl Edge installation - [Ports](https://docs.cribl.io/edge/ports.md): Ports that need to be open for Cribl Edge and its integrations to function - [Configure Environment Variables](https://docs.cribl.io/edge/configure-env-vars.md): Configure environment variables for Cribl Edge on Linux, macOS, and Windows - [About Cribl.Cloud](https://docs.cribl.io/edge/deploy-cloud.md): Deploying and managing Cribl.Cloud - [Register Cribl.Cloud Organization](https://docs.cribl.io/edge/cloud-initial-setup.md): Registration and initial setup of a Cribl.Cloud account - [Manage Cribl.Cloud Organization](https://docs.cribl.io/edge/cloud-portal.md): Cribl.Cloud portal user interface - [Cribl.Cloud Enterprise](https://docs.cribl.io/edge/cloud-enterprise.md): Cribl.Cloud Enterprise plan - [Manage Fleets of Edge Nodes](https://docs.cribl.io/edge/fleet-management.md): Fleets help you organize and manage your Edge Nodes - [Fleets](https://docs.cribl.io/edge/fleets.md): Access Fleets in Cribl Edge - [Design Fleet Hierarchy](https://docs.cribl.io/edge/fleets-design.md): Organize your Fleet and Subfleet hierarchy according to better practices - [Fleet Inheritance](https://docs.cribl.io/edge/fleet-inheritance.md): Simplify Fleet management with configuration inheritance - [Configure Fleet Settings](https://docs.cribl.io/edge/fleet-settings.md): Configure teleporting, throughput throttling, logging, and security at the Edge Fleet level - [Create and Manage Fleets and Subfleets](https://docs.cribl.io/edge/fleets-create-manage.md): Learn how to create and manage Fleets and Subfleets - [Configure Fleets and Deploy Changes](https://docs.cribl.io/edge/fleets-configuration.md): Learn how to configure Fleets, then commit and deploy configurations - [Recover a Deleted Fleet](https://docs.cribl.io/edge/fleets-recover.md): Recover deleted Cribl Edge Fleets - [Edge Nodes](https://docs.cribl.io/edge/edge-nodes.md): Communication between Edge Nodes and Leader Nodes - [Manage Edge Nodes](https://docs.cribl.io/edge/managing-edge-nodes.md): View, monitor, and manage Edge Nodes - [Add and Update Edge Nodes](https://docs.cribl.io/edge/edge-nodes-add-update.md): Add or update Cribl Edge Nodes by using a bootstrap script - [Filter Edge Nodes](https://docs.cribl.io/edge/edge-nodes-filter.md): Narrow down the Edge Nodes list by filtering - [Map Edge Nodes to Fleets](https://docs.cribl.io/edge/mapping-edge-nodes.md): Use Mapping Rulesets to map Edge Nodes to Fleets - [Workspaces](https://docs.cribl.io/edge/workspaces.md) - [Configure Workspaces](https://docs.cribl.io/edge/workspaces-configuring.md) - [Administration](https://docs.cribl.io/edge/administering.md): Manage your Cribl Edge deployment - [FinOps Center](https://docs.cribl.io/billing-licensing/finops-center/) - [Upgrade Cribl Edge](https://docs.cribl.io/edge/upgrading.md): Overview of upgrading a Cribl Edge deployment - [Upgrade Leader Node](https://docs.cribl.io/edge/upgrade-leader.md): Upgrade the Leader Node of your Distributed deployment of Cribl Edge - [Upgrade Outpost](https://docs.cribl.io/edge/upgrade-outpost.md): Upgrade all Outpost Nodes in an Outpost Group - [Edge Node Upgrades](https://docs.cribl.io/edge/upgrade-nodes.md): Upgrade Edge Nodes automatically or manually - [Upgrade Edge Nodes in a Fleet](https://docs.cribl.io/edge/upgrade-nodes-fleet.md): Upgrade all Edge Nodes in a given Fleet - [Upgrade Edge Nodes Manually](https://docs.cribl.io/edge/upgrade-nodes-manually.md): Upgrade Edge Nodes using CLI - [Upgrade Containers](https://docs.cribl.io/edge/upgrading-containers.md): Upgrade Cribl Edge instance in a container - [Better Practices for Upgrading Cribl Edge](https://docs.cribl.io/edge/upgrading-better-practices.md): Upgrading Better Practices - [Monitor Node Upgrade Status](https://docs.cribl.io/edge/upgrading-ui-status.md): Monitor the upgrade status of your Cribl Edge Nodes via the UI - [Fleet Upgrading Use Case](https://docs.cribl.io/edge/upgrading-fleet-usecase.md): An example of upgrading a Cribl Edge instance via the UI - [Backup & Rollback via the UI](https://docs.cribl.io/edge/upgrading-ui-rollbacks.md): Backup and rollback a Cribl Edge upgrade - [Manual Rollback](https://docs.cribl.io/edge/upgrading-manually-rollback.md): Manually rollback a Linux Cribl Edge upgrade - [Troubleshoot Edge Upgrades](https://docs.cribl.io/edge/upgrading-troubleshooting.md): Resolve common issues with upgrading Cribl Edge - [Notifications](https://docs.cribl.io/edge/notifications.md): Notifications in Cribl - [Email Notifications](https://docs.cribl.io/edge/email-notifications.md): Email Notifications in Cribl - [Notification Targets](https://docs.cribl.io/edge/notifications-targets.md): Configure Notification targets - [Webhook Notification Targets](https://docs.cribl.io/edge/webhook-notification-targets.md): Configuring Webhook Notification targets - [PagerDuty Notification Targets](https://docs.cribl.io/edge/pager-duty-notification-targets.md): Configuring PagerDuty Notification targets - [Slack Notification Targets](https://docs.cribl.io/edge/slack-notification-targets.md): Configuring Slack Notification targets - [AWS SNS Notification Targets](https://docs.cribl.io/edge/aws-sns-notification-targets.md): Configuring AWS SNS Notification targets - [Email Notification Targets](https://docs.cribl.io/edge/email-notification-targets.md): Configuring Email Notification targets - [Licensing](https://docs.cribl.io/billing-licensing/on-prem-licensing/) - [Uninstall Cribl Edge from Linux](https://docs.cribl.io/edge/uninstalling.md): Cleanly remove a Cribl Edge instance from Linux - [Uninstall Cribl Edge from Windows](https://docs.cribl.io/edge/uninstalling-win.md): Cleanly remove a Cribl Edge instance from Windows - [Uninstall Cribl Edge from MacOS](https://docs.cribl.io/edge/uninstall-macos.md): Cleanly remove a Cribl Edge instance from macOS - [Customize the Interface](https://docs.cribl.io/edge/customizing-the-interface.md) - [Custom Banners](https://docs.cribl.io/edge/settings-banners.md): Configure notification banners to display to all users, across all of your Cribl Organization's apps - [Custom Login Page](https://docs.cribl.io/edge/settings-login-page.md): Configure a custom login page for your Cribl Organization's apps - [Scripts](https://docs.cribl.io/edge/scripts.md): How to run scripts to execute commands - [Access Management](https://docs.cribl.io/iam/) - [Secure Your Deployment](https://docs.cribl.io/edge/securing.md) - [Secure Your Cribl.Cloud Deployment](https://docs.cribl.io/edge/securing-cloud.md): Secure your Cribl.Cloud Deployment - [Secure Your On-Prem/Hybrid Deployment](https://docs.cribl.io/edge/securing-onprem.md): Secure your On-Prem Deployment - [Secure Leader/Edge Nodes Communication](https://docs.cribl.io/edge/securing-communications.md): How to protect Leader to Worker/Edge Node communications - [How to Secure the Auth Token for the Leader Node](https://docs.cribl.io/edge/securing-auth-token.md): How to Secure the Auth Token for the Leader Node - [TLS Defaults and System-wide Settings](https://docs.cribl.io/edge/securing-tls-overview.md): Overview of TLS in Cribl Stream and Edge Traffic - [Secure Cribl.Cloud with TLS and Mutual TLS](https://docs.cribl.io/edge/securing-tls-cloud.md): TLS in Cribl.Cloud - [Configure mTLS Authentication On-Prem](https://docs.cribl.io/edge/securing-mtls-onprem.md): Configure mTLS Authentication On-Prem - [Import Certificates and Keys](https://docs.cribl.io/edge/securing-import-certs.md): Protect the Leader using an existing TLS/SSL certificate and key - [Configure TLS for API and UI Access](https://docs.cribl.io/edge/securing-tls.md): Configuring TLS - [Secure Sources and Destinations with Certificates](https://docs.cribl.io/edge/securing-sources-dest.md): Set Authentication on Sources and Destinations - [Configure System Proxy](https://docs.cribl.io/edge/proxy-config.md): Direct outbound HTTP/S requests to go through proxy servers - [Configure SOCKS Proxy](https://docs.cribl.io/edge/proxy-socks-config.md): Configure SOCKS proxy - [Manage Secrets and Keys](https://docs.cribl.io/edge/manage-secrets-and-keys.md) - [Create and Manage Encryption Keys](https://docs.cribl.io/edge/securing-encryption-keys.md): Create and Manage Encryption Keys - [Create and Manage Secrets in Cribl Edge](https://docs.cribl.io/edge/securing-secrets.md): Protecting Secrets with Centralized Store - [Configure KMS Providers](https://docs.cribl.io/edge/securing-kms-config.md): Configuring internal and external Key Management Services - [Compliance](https://docs.cribl.io/edge/compliance.md): Configure Cribl Edge to be compliant with the FIPS security standard - [FIPS Mode for Cribl Edge (Linux)](https://docs.cribl.io/edge/fips-mode.md): Running Cribl in FIPS mode - [FIPS Mode for Cribl Edge (Windows)](https://docs.cribl.io/edge/fips-mode-win.md): Run Cribl Edge in FIPS mode (Windows) - [SELinux (Enforcing Mode) Configuration](https://docs.cribl.io/edge/usecase-selinux.md): Configure Cribl Stream with SELinux in Enforcing Mode - [Integrations](https://docs.cribl.io/edge/integrations.md): Sources and Destinations provide data flow between Cribl and various systems - [Common Data Flows](https://docs.cribl.io/edge/common-data-flows.md): Use Sources and Destinations to collect and send data in common data flows - [Collect Logs with File Monitor](https://docs.cribl.io/edge/collect-logs-with-file-monitor.md): Collect logs from a variety of files on your systems using the File Monitor - [Collect Windows Event Logs and Metrics](https://docs.cribl.io/edge/collect-windows-event-logs-and-metrics.md): Gain real-time visibility into system health, security, applications, and performance of your Windows environment by collecting Windows Event Logs and Windows metrics with Cribl Edge - [Collect Kubernetes Logs, Events, and Metrics](https://docs.cribl.io/edge/collect-kubernetes-logs-events-and-metrics.md): Collect logs, events, and metrics from your Kubernetes deployment - [Cribl Edge to Cribl Stream](https://docs.cribl.io/edge/usecase-edge-stream.md): Sending data from Cribl Edge to Cribl Stream - [Send Data to Loki and Prometheus](https://docs.cribl.io/edge/send-data-to-loki-and-prometheus.md): Prepare your Cribl Edge data to send it to Grafana's Loki and Prometheus log and metrics tools - [Sources Overview](https://docs.cribl.io/edge/sources.md): Data Sources overview - [System](https://docs.cribl.io/edge/system-sources.md): You can use the following Sources to receive data from internal senders. - [Exec Source](https://docs.cribl.io/edge/sources-exec.md): Execute a command periodically, and collect its stdout output - [File Monitor Source](https://docs.cribl.io/edge/sources-file-monitor.md): Collect log files and generate events from the file content - [Journal Files Source](https://docs.cribl.io/edge/sources-journal-files.md): Collects data from systemd's journald service - [Kubernetes Events Source](https://docs.cribl.io/edge/sources-kubernetes-events.md): Generate events for a Kubernetes cluster - [Kubernetes Logs Source](https://docs.cribl.io/edge/sources-kubernetes-logs.md): Collects logs from containers on a Kubernetes node. - [Kubernetes Metrics Source](https://docs.cribl.io/edge/sources-kubernetes-metrics.md): Generate events for Kubernetes clusters, nodes, Pods, and containers. - [System Metrics Source](https://docs.cribl.io/edge/sources-system-metrics.md): Collect metrics from a host, and populate dashboards - [System State Source](https://docs.cribl.io/edge/sources-system-state.md): Collects the system's current state on a configurable schedule, relaying corresponding events to downstream systems. - [Internal](https://docs.cribl.io/edge/internal-sources.md): You can use the following Sources to receive data from internal senders. - [Cribl HTTP Source](https://docs.cribl.io/edge/sources-cribl-http.md): Receive data from peer Nodes managed by the same Leader when raw TCP traffic is not an option - [Cribl TCP Source](https://docs.cribl.io/edge/sources-cribl-tcp.md): Send data between Edge Nodes connected to the same Leader - [Cribl Internal Source](https://docs.cribl.io/edge/sources-cribl-internal.md): Capture Edge internal logs and metrics - [Datagen Source](https://docs.cribl.io/edge/sources-datagens.md): Generate data from datagen files - [Amazon](https://docs.cribl.io/edge/amazon-sources.md): You can use the following Sources to receive data from Amazon services. - [Amazon Data Firehose Source](https://docs.cribl.io/edge/sources-kinesis-firehose.md): Receive Amazon Data Firehose streams via Kinesis' HTTP endpoint - [Prometheus](https://docs.cribl.io/edge/prometheus-sources.md): You can use the following Sources to receive data from Prometheus services. - [Prometheus Edge Scraper Source](https://docs.cribl.io/edge/sources-edge-prometheus.md): Receive batched data from Prometheus targets for Cribl Edge - [Prometheus Remote Write Source](https://docs.cribl.io/edge/sources-prometheus-remote-write.md): Receive metric data from Prometheus via the remote write protocol - [Grafana Source](https://docs.cribl.io/edge/sources-grafana.md): Receive metric and log data from Grafana Agent via Prometheus remote write - [Loki Source](https://docs.cribl.io/edge/sources-loki.md): Receive log data from Grafana Loki - [Splunk](https://docs.cribl.io/edge/splunk-sources.md): You can use the following Sources to receive data from Splunk services. - [Splunk HEC Source](https://docs.cribl.io/edge/sources-splunk-hec.md): Receive data over HTTP/S using the Splunk HEC - [Splunk TCP Source](https://docs.cribl.io/edge/sources-splunk.md): Receive Splunk data from Universal or Heavy Forwarders - [Windows](https://docs.cribl.io/edge/windows-sources.md): You can use the following Sources to receive data from Windows services. - [Windows Event Forwarder Source](https://docs.cribl.io/edge/sources-wef.md): Receive events from Windows platforms - [Client Certificate Authentication for Windows Event Forwarder](https://docs.cribl.io/edge/sources-wef-client.md): Client certificate authentication setup for the Windows Event Forwarder Source - [Kerberos Authentication for Windows Event Forwarder](https://docs.cribl.io/edge/sources-wef-kerberos.md): Kerberos authentication setup for the Windows Event Forwarder Source - [Windows Event Logs Source](https://docs.cribl.io/edge/sources-windows-event-logs.md): Read events from the Windows Events API - [Windows Metrics Source](https://docs.cribl.io/edge/sources-windows-metrics.md): Collect metrics from a Windows host, and populate dashboards - [AppScope Source](https://docs.cribl.io/edge/sources-appscope.md): Deprecated application instrumentation Source. Not for production use. - [Cloudflare Source](https://docs.cribl.io/edge/sources-cloudflare-hec.md): Receive data from Cloudflare Logpush - [Datadog Agent Source](https://docs.cribl.io/edge/sources-datadog-agent.md): Receive data from Datadog Agent - [Elasticsearch API Source](https://docs.cribl.io/edge/sources-elastic.md): Receive data over HTTP/S using the Elasticsearch Bulk API - [HTTP/S (Bulk API) Source](https://docs.cribl.io/edge/sources-https.md): Receive data over HTTP/S via the Cribl Bulk API, Splunk HEC, or Elastic Bulk API - [Raw HTTP/S Source](https://docs.cribl.io/edge/sources-raw-http.md): Receive raw HTTP data - [Metrics Source](https://docs.cribl.io/edge/sources-metrics.md): Receive metrics in the StatsD, StatsD Extended, and Graphite wire formats/protocols - [Model Driven Telemetry Source](https://docs.cribl.io/edge/sources-model-driven-telemetry.md): Receive network device metrics and events via Model Driven Telemetry - [OpenTelemetry (OTel) Source](https://docs.cribl.io/edge/sources-otel.md): Receive trace and metric events from OTLP-compliant senders - [SNMP Trap Source](https://docs.cribl.io/edge/sources-snmp-traps.md): Receive data from SNMP Traps - [Syslog Source](https://docs.cribl.io/edge/sources-syslog.md): Receive syslog data - [TCP JSON Source](https://docs.cribl.io/edge/sources-tcp-json.md): Receive newline-delimited JSON data over TCP - [TCP (Raw) Source](https://docs.cribl.io/edge/sources-tcp-raw.md): Receive data over TCP - [UDP (Raw) Source](https://docs.cribl.io/edge/sources-raw-udp.md): Receive data over UDP - [Zscaler Cloud NSS Source](https://docs.cribl.io/edge/sources-zscaler-hec.md): Receive log data over HTTP/S from Zscaler Cloud NSS - [Destinations](https://docs.cribl.io/edge/destinations.md): Destination categories and descriptions - [Manage Destinations](https://docs.cribl.io/edge/managing-destinations.md): Creating and configuring Destinations - [Internal](https://docs.cribl.io/edge/internal-destinations.md): You can send data from Cribl Edge to the following internal receivers: | Destination | Description | | --- | --- | | Cribl HTTP | Send data between peer Nodes via HTTP | | Cribl TCP | Send data bet... - [Cribl HTTP Destination](https://docs.cribl.io/edge/destinations-cribl-http.md): Send data between peer Nodes via HTTP - [Cribl TCP Destination](https://docs.cribl.io/edge/destinations-cribl-tcp.md): Send data between peer Nodes via raw TCP - [Cribl Search Destination](https://docs.cribl.io/edge/destinations-cribl-search.md): Send data to Cribl Search via HTTP - [Disk Spool Destination](https://docs.cribl.io/edge/destinations-disk-spool.md): Spool incoming event data and hold it in a consistent location - [Default Destination](https://docs.cribl.io/edge/destinations-default.md): Specify a default output from among your Destinations - [DevNull Destination](https://docs.cribl.io/edge/destinations-devnull.md): Drop events when testing Pipelines and Routes - [Output Router Destination](https://docs.cribl.io/edge/destinations-output-router.md): Routes data to Destinations based on defined rules - [Amazon](https://docs.cribl.io/edge/amazon-destinations.md): You can send data from Cribl Edge to the following Amazon services: | Destination | Description | | --- | --- | | Amazon CloudWatch Logs | Send data to Amazon CloudWatch Logs | | Amazon Kinesis Dat... - [Amazon CloudWatch Logs Destination](https://docs.cribl.io/edge/destinations-cloudwatch-logs.md): Send data to Amazon CloudWatch Logs - [Amazon Kinesis Data Streams Destination](https://docs.cribl.io/edge/destinations-kinesis-streams.md): Deliver data to a Kinesis Data Stream - [Amazon S3 Compatible Stores Destination](https://docs.cribl.io/edge/destinations-s3.md): Send data to Amazon S3 or to an S3-compatible store - [Amazon SQS Destination](https://docs.cribl.io/edge/destinations-sqs.md): Send events to Amazon Simple Queuing Service - [Amazon Security Lake Destination](https://docs.cribl.io/edge/destinations-security-lake.md): Send OCSF data to Amazon Security Lake in Parquet format - [Azure](https://docs.cribl.io/edge/azure-destinations.md): You can send data from Cribl Edge to the following Azure services: | Destination | Description | | --- | --- | | Azure Blob Storage | Deliver data to Azure Blog Storage or Azure Data Lake Storage G... - [Azure Blob Storage Destination](https://docs.cribl.io/edge/destinations-azure-blob.md): Deliver data to Azure Blog Storage or Azure Data Lake Storage Gen2 - [Azure Data Explorer Destination](https://docs.cribl.io/edge/destinations-azure-data-explorer.md): Send batched or streaming data to the Azure Data Explorer managed data analytics service - [Azure Event Hubs Destination](https://docs.cribl.io/edge/destinations-azure-event-hubs.md): Send data to Azure Event Hubs - [Azure Monitor Logs Destination](https://docs.cribl.io/edge/destinations-azure-monitor-logs.md): Send data to Azure Monitor Logs - [Microsoft Sentinel Destination](https://docs.cribl.io/edge/destinations-sentinel.md): Send Log and Metric Events to Microsoft Sentinel SIEM - [Elastic](https://docs.cribl.io/edge/elastic-destinations.md): You can send data from Cribl Edge to the following Elastic services: | Destination | Description | | --- | --- | | Elasticsearch | Send events to an Elasticsearch cluster using the Bulk API | | Ela... - [Elasticsearch Destination](https://docs.cribl.io/edge/destinations-elastic.md): Send events to an Elasticsearch cluster using the Bulk API - [Elastic Cloud Destination](https://docs.cribl.io/edge/destinations-elastic-cloud.md): Send events to Elastic Cloud - [Google Cloud](https://docs.cribl.io/edge/google-cloud-destinations.md): You can send data from Cribl Edge to the following Google Cloud services: | Destination | Description | | --- | --- | | Google SecOps | Send data to Google Security Operations (SecOps) | | Google C... - [Google Security Operations (SecOps) Destination](https://docs.cribl.io/edge/destinations-google_chronicle.md): Send data to Google Security Operations (SecOps) - [Google Cloud Chronicle API Destination](https://docs.cribl.io/edge/destinations-google-chronicle-api.md): Send data to Google Cloud Chronicle API - [Google Cloud Logging Destination](https://docs.cribl.io/edge/destinations-google-logging.md): Send data to Google Cloud Logging - [Google Cloud Pub/Sub Destination](https://docs.cribl.io/edge/destinations-google_pubsub.md): Send data to Google Cloud Pub/Sub - [Google Cloud Storage Destination](https://docs.cribl.io/edge/destinations-google-cloud-storage.md): Send data to Google Cloud Storage - [Kafka](https://docs.cribl.io/edge/kafka-destinations.md): You can send data from Cribl Edge to the following Kafka services: | Destination | Description | | --- | --- | | Kafka | Send data to a Kafka topic | | Confluent Cloud | Send data to Kafka topics o... - [Kafka Destination](https://docs.cribl.io/edge/destinations-kafka.md): Send data to a Kafka topic - [Confluent Cloud Destination](https://docs.cribl.io/edge/destinations-confluent.md): Send data to Kafka topics on Confluent Cloud - [Amazon MSK Destination](https://docs.cribl.io/edge/destinations-msk.md): Send data to a topic in Amazon MSK - [Metrics](https://docs.cribl.io/edge/metrics-destinations.md): You can send data from Cribl Edge to the following Metrics services: | Destination | Description | | --- | --- | | Graphite | Send data to a Graphite Destination | | StatsD | Send data to a StatsD ... - [Graphite Destination](https://docs.cribl.io/edge/destinations-graphite.md): Send data to a Graphite Destination - [StatsD Destination](https://docs.cribl.io/edge/destinations-statsd.md): Send data to a StatsD Destination - [StatsD Extended Destination](https://docs.cribl.io/edge/destinations-statsd-extended.md): Send out data in expanded StatsD format - [New Relic Ingest](https://docs.cribl.io/edge/new-relic-ingest-destinations.md): You can send data from Cribl Edge to the following New Relic Ingest services: | Destination | Description | | --- | --- | | New Relic Events | Send events to New Relic via the New Relic Event API |... - [New Relic Events Destination](https://docs.cribl.io/edge/destinations-newrelic-events.md): Send events to New Relic via the New Relic Event API - [New Relic Logs & Metrics Destination](https://docs.cribl.io/edge/destinations-newrelic.md): Send events to New Relic Log API and Metric API - [Prometheus](https://docs.cribl.io/edge/prometheus-destinations.md): You can send data from Cribl Edge to the following Prometheus services: | Destination | Description | | --- | --- | | Prometheus | Send metric events to Prometheus remote write targets | | Grafana ... - [Prometheus Destination](https://docs.cribl.io/edge/destinations-prometheus.md): Send metric events to Prometheus remote write targets - [Grafana Cloud Destination](https://docs.cribl.io/edge/destinations-grafana_cloud.md): Send data to Loki for logs and Prometheus for metrics - [Loki Destination](https://docs.cribl.io/edge/destinations-loki.md): Send log events to Loki - [Splunk](https://docs.cribl.io/edge/splunk-destinations.md): You can send data from Cribl Edge to the following Splunk services: | Destination | Description | | --- | --- | | Splunk HEC | Stream data to a Splunk HEC receiver | | Splunk Single Instance | Stre... - [Splunk HEC Destination](https://docs.cribl.io/edge/destinations-splunk-hec.md): Stream data to a Splunk HEC receiver - [Splunk Single Instance Destination](https://docs.cribl.io/edge/destinations-splunk.md): Stream data to a Splunk instance - [Splunk Load Balanced Destination](https://docs.cribl.io/edge/destinations-splunk-lb.md): Load-balance data streaming to multiple Splunk receivers - [CrowdStrike Falcon LogScale Destination](https://docs.cribl.io/edge/destinations-humio-hec.md): Stream data to a CrowdStrike Falcon LogScale HTTP Event Collector - [ClickHouse Destination](https://docs.cribl.io/edge/destinations-click-house.md): Send events to ClickHouse - [Cloudflare R2 Destination](https://docs.cribl.io/edge/destinations-cloudflare-r2.md): Send data to Cloudflare R2 object storage using an S3-compatible API - [Cloudian HyperStore Destination](https://docs.cribl.io/edge/destinations-cloudian.md): Send data to Cloudian HyperStore object storage - [Cortex XSIAM Destination](https://docs.cribl.io/edge/destinations-xsiam.md): Stream data to Palo Alto's Cortex XSIAM platform - [CrowdStrike Falcon Next-Gen SIEM Destination](https://docs.cribl.io/edge/destinations-crowdstrike-next-gen-siem.md): Stream data to a CrowdStrike Falcon Next-Gen SIEM - [Databricks Destination](https://docs.cribl.io/edge/destinations-databricks.md): Sends data to Databricks Unity Catalog volumes - [Datadog Destination](https://docs.cribl.io/edge/destinations-datadog.md): Send log and metric events to Datadog - [Dell PowerScale OneFS Destination](https://docs.cribl.io/edge/destinations-dell.md): Send data to Dell PowerScale OneFS - [Dynatrace HTTP Destination](https://docs.cribl.io/edge/destinations-dynatrace-http.md): Send logs to Dynatrace - [Dynatrace OTLP Destination](https://docs.cribl.io/edge/destinations-dynatrace-otlp.md): Send telemetry data to Dynatrace using OTLP - [Exabeam Security Operations Platform Destination](https://docs.cribl.io/edge/destinations-exabeam.md): Send data to Exabeam SIEM - [Microsoft Fabric Real-Time Intelligence](https://docs.cribl.io/edge/destinations-fabric-real-time-intelligence.md): Send data to Microsoft Fabric Eventstreams - [Filesystem/NFS Destination](https://docs.cribl.io/edge/destinations-fs.md): Output files to a local file system or NFS - [Honeycomb Destination](https://docs.cribl.io/edge/destinations-honeycomb.md): Send events to a Honeycomb dataset - [InfluxDB Destination](https://docs.cribl.io/edge/destinations-influxdb.md): Send data to InfluxDB and InfluxDB Cloud - [MinIO Destination](https://docs.cribl.io/edge/destinations-minio.md): Send objects to MinIO buckets - [Nutanix Objects Destination](https://docs.cribl.io/edge/destinations-nutanix.md): Send data to Nutanix Objects - [OpenTelemetry (OTel) Destination](https://docs.cribl.io/edge/destinations-otel.md): Send events to OTLP-compliant targets - [Scality Destination](https://docs.cribl.io/edge/destinations-scality.md): Send data to Scality object storage - [SentinelOne AI SIEM Destination](https://docs.cribl.io/edge/destinations-sentinel-one-ai-siem.md): Stream data to SentinelOne's AI SIEM platform - [SentinelOne DataSet Destination](https://docs.cribl.io/edge/destinations-dataset.md): Send log events to SentinelOne DataSet - [ServiceNow Cloud Observability](https://docs.cribl.io/edge/destinations-servicenow.md): Send events to ServiceNow Cloud Observability - [SignalFx Destination](https://docs.cribl.io/edge/destinations-signalfx.md): Send events to SignalFx - [SNMP Trap Destination](https://docs.cribl.io/edge/destinations-snmp-traps.md): Forward SNMP Traps out - [Storj Destination](https://docs.cribl.io/edge/destinations-storj.md): Send data to Storj object storage - [Sumo Logic Destination](https://docs.cribl.io/edge/destinations-sumo-logic.md): Send log and metric events to Sumo Logic over HTTP - [Syslog Destination](https://docs.cribl.io/edge/destinations-syslog.md): Send out data over syslog via TCP or UDP - [TCP JSON Destination](https://docs.cribl.io/edge/destinations-tcp-json.md): Send data over TCP in JSON format - [Wavefront Destination](https://docs.cribl.io/edge/destinations-wavefront.md): Send events to Wavefront analytics - [Webhook Destination](https://docs.cribl.io/edge/destinations-webhook.md): Send log and metric events to webhooks and generic HTTP endpoints - [Manage Backpressure](https://docs.cribl.io/edge/manage-backpressure.md): Learn how to use Cribl to manage backpressure events and prevent data loss - [About Persistent Queues](https://docs.cribl.io/edge/persistent-queues.md): Learn how persistent queues prevent data loss - [Optimize Source Persistent Queues](https://docs.cribl.io/edge/persistent-queues-sources.md): This page explains choices to consider when enabling Source persistent queues in your system. - [Optimize Destination Persistent Queues](https://docs.cribl.io/edge/persistent-queues-destinations.md): This page explains choices to consider when enabling Destination persistent queues in your system - [About Destination Backpressure Triggers](https://docs.cribl.io/edge/destinations-backpressure-triggers.md): This page documents backpressure triggers and behavior in Cribl Stream and Cribl Edge Destinations. - [Backpressure Impacts to Sources](https://docs.cribl.io/edge/backpressure-impacts-sources.md): Learn how backpressure affects different types of Sources when Persistent Queue is not enabled. - [About Load Balancing](https://docs.cribl.io/edge/load-balancing.md): Details about configuring load balancing on Cribl Destinations - [Transfer Data Between Workspaces or Environments](https://docs.cribl.io/edge/usecase-transfer-data.md): Transfer data between Cribl.Cloud Workspaces or on-prem Cribl environments without paying twice. - [Cribl-to-Cribl Compatibility Matrix](https://docs.cribl.io/edge/cribl-to-cribl-compatibility.md): Supported Cribl HTTP and Cribl TCP combinations, auth tokens, and environment types for Stream and Edge. - [Integrate with Other Services](https://docs.cribl.io/edge/integrating-other.md): The following topics provide detailed guides and better practice for integrating with different external services. - [Cribl Edge as a Sidecar Container in AWS ECS](https://docs.cribl.io/edge/usecase-edge-aws.md): Cribl Edge as a Sidecar Container in AWS ECS - [Amazon Security Lake Integration](https://docs.cribl.io/edge/usecase-security-lake.md): Integrate Cribl Edge's Amazon Security Lake Destination with its Namesake Service - [Amazon Elastic Kubernetes Services (EKS) Add-On for Edge](https://docs.cribl.io/edge/usecase-edge-aws-eks.md): Use Amazon Elastic Kubernetes Services Add-On to track cost of Kubernetes application in the AWS Cloud - [Monitor Health and Metrics](https://docs.cribl.io/edge/monitoring.md): Monitor health and metrics in Cribl Edge - [Internal Metrics](https://docs.cribl.io/edge/internal-metrics.md): Description of internal metrics - [Internal Logs](https://docs.cribl.io/edge/internal-logs.md): A guide to the internal logs available on Cribl Leaders, Worker and Edge Nodes, and single-instance deployments. - [Track Data Activity for an Edge Node](https://docs.cribl.io/edge/node-data-activity.md): Monitor and troubleshoot Edge Node activity - [Work with Data](https://docs.cribl.io/edge/working-with-data.md): Process and route observability data before delivering them to Cribl Stream - [Ingest and Inspect Data](https://docs.cribl.io/edge/data-ingest-inspect.md): Learn how to onboard data in Cribl and capture live samples to help validate your data processing logic - [Onboard Data](https://docs.cribl.io/edge/data-onboarding.md): Learn best practices for establishing a robust data ingestion strategy. - [Use Datagens to Simulate Live Data](https://docs.cribl.io/edge/datagens.md): Use datagens to simulate data streams to validate Pipelines and data processing logic - [Create and Share Data Samples](https://docs.cribl.io/edge/data-samples.md): Learn how to import or create data samples to validate your data processing logic - [Event Data Structure and Flow](https://docs.cribl.io/edge/event-data-structure-and-flow.md): Learn how event data is structured and processed in Cribl - [Event Model](https://docs.cribl.io/edge/event-model.md): Event Model in Cribl - [Event Processing Order](https://docs.cribl.io/edge/event-processing-order.md): Flow of events processing in Cribl Edge - [Event Breakers](https://docs.cribl.io/edge/event-breakers.md): Break incoming streams of data into discrete events - [Event Breaker Types](https://docs.cribl.io/edge/event-breaker-types.md): Learn about the available Event Breaker types - [Azure Virtual Network (VNet) Flow Event Breaker](https://docs.cribl.io/edge/event-breaker-type-azure-vnet-flow.md): Learn how to apply the Azure Virtual Network (VNet) Flow Event Breaker to data streams - [CSV Event Breaker](https://docs.cribl.io/edge/event-breaker-type-csv.md): Learn how to apply the CSV Event Breaker to data streams - [File Header Event Breaker](https://docs.cribl.io/edge/event-breaker-type-file-header.md): Learn how to apply the File Header Event Breaker to data streams - [JSON Array Event Breaker](https://docs.cribl.io/edge/event-breaker-type-json-array.md): Learn how to apply the JSON Array Event Breaker to data streams - [JSON New Line Delimited Event Breaker](https://docs.cribl.io/edge/event-breaker-type-json-new-line-delimited.md): Learn how to apply the JSON New Line Delimited Event Breaker to data streams - [Regex Event Breaker](https://docs.cribl.io/edge/event-breaker-type-regex.md): Learn how to apply the Regex Event Breaker to data streams - [Timestamp Event Breaker](https://docs.cribl.io/edge/event-breaker-type-timestamp.md): Learn how to apply the Timestamp Event Breaker to data streams - [Routes](https://docs.cribl.io/edge/routes.md): Filter, clone, and cascade incoming data across Pipelines and Destinations - [Pipelines](https://docs.cribl.io/edge/pipelines.md): Use Pipelines to process data passed via Routes between Sources and Destinations - [Validate Pipeline Logic Using Data Preview](https://docs.cribl.io/edge/data-preview.md): Visually inspect events as they flow into and out of a Pipeline to ensure your data processing logic works as expected - [Process Data with AI Assistance](https://docs.cribl.io/edge/copilot-editor.md): Learn how to build Pipelines and process data with AI assistance - [Create Pipelines With Cribl Copilot Editor](https://docs.cribl.io/edge/copilot-editor-pipelines.md): Use the Cribl Copilot Editor to build effective Pipelines - [Convert Data into a Custom Schema](https://docs.cribl.io/edge/copilot-editor-custom-schemas.md): Use the Cribl Copilot Editor to convert data to match a custom schema that you define - [Manage Metrics and High Cardinality](https://docs.cribl.io/edge/manage-metrics.md): Strategies for handling high-cardinality metrics and improving data efficiency - [Build Custom Logic to Route and Process Your Data](https://docs.cribl.io/edge/filter-and-transform-data.md): How to use JavaScript Expressions to filter, route, and transform data - [Functions](https://docs.cribl.io/edge/functions.md): All about Cribl Functions - [Aggregations](https://docs.cribl.io/edge/aggregations-function.md): Aggregate events in real time - [Aggregate Metrics](https://docs.cribl.io/edge/aggregate-metrics-function.md): Aggregate metrics and metric events in real time - [Auto Timestamp](https://docs.cribl.io/edge/auto-timestamp-function.md): Extract timestamps - [CEF Serializer](https://docs.cribl.io/edge/cef-serializer-function.md): Serialize events to CEF format for a SIEM - [Chain](https://docs.cribl.io/edge/chain-function.md): Chain data processing from one Pipeline or Pack to another - [Clone](https://docs.cribl.io/edge/clone-function.md): Duplicate events in the same Pipeline, optionally adding fields - [Code](https://docs.cribl.io/edge/code-function.md): Encapsulate your own JavaScript code in a Function - [Comment](https://docs.cribl.io/edge/comment-function.md): Add a text comment within a Pipeline's UI - [DNS Lookup](https://docs.cribl.io/edge/dns-lookup-function.md): Perform reverse DNS lookups, or DNS lookups based on host name - [Drop](https://docs.cribl.io/edge/drop-function.md): Drop events - [Drop Dimensions](https://docs.cribl.io/edge/drop-dimensions-function.md): Drop dimensions from metrics and metric events - [Dynamic Sampling](https://docs.cribl.io/edge/dynamic-sampling-function.md): Sample events (e.g, high-volume, low-value data) - [Eval](https://docs.cribl.io/edge/eval-function.md): Add or remove event fields - [Event Breaker Function](https://docs.cribl.io/edge/event-breaker-function.md): Break events within a Pipeline - [Flatten](https://docs.cribl.io/edge/flatten-function.md): Flatten nested structures (e.g., nested JSON) - [Fold Keys](https://docs.cribl.io/edge/fold-keys-function.md): Convert key names with separators into nested fields - [GeoIP](https://docs.cribl.io/edge/geoip-function.md): Add GeoIP information to events - [Grok](https://docs.cribl.io/edge/grok-function.md): Extract structured fields from unstructured log data, using modular regex patterns - [JSON Unroll](https://docs.cribl.io/edge/json-unroll-function.md): Convert JSON arrays into their own events - [Lookup](https://docs.cribl.io/edge/lookup-function.md): Use lookup tables to transform events - [Mask](https://docs.cribl.io/edge/mask-function.md): Remove sensitive data from events - [Numerify](https://docs.cribl.io/edge/numerify-function.md): Extract numeric values from event fields - [OTLP Logs](https://docs.cribl.io/edge/otlp-logs-function.md): Format logs to OTLP - [OTLP Metrics](https://docs.cribl.io/edge/otlp-metrics-function.md): Format metrics to OTLP - [OTLP Traces](https://docs.cribl.io/edge/otlp-traces-function.md): Format traces to OTLP - [Parser](https://docs.cribl.io/edge/parser-function.md): Extract fields - [Publish Metrics](https://docs.cribl.io/edge/publish-metrics-function.md): Convert events to metrics format - [Redis](https://docs.cribl.io/edge/redis-function.md): Use a Redis store to accelerate lookups - [Regex Extract](https://docs.cribl.io/edge/regex-extract-function.md): Extract fields using regex - [Regex Filter](https://docs.cribl.io/edge/regex-filter-function.md): Drop events using regex - [Rename](https://docs.cribl.io/edge/rename-function.md): Change or reformat field names individually or in bulk - [Rollup Metrics](https://docs.cribl.io/edge/rollup-metrics-function.md): Merge/roll up frequently generated metrics into more manageable time windows - [Sampling](https://docs.cribl.io/edge/sampling-function.md): Sample events (e.g, high-volume, low-value data) - [Serialize](https://docs.cribl.io/edge/serialize-function.md): Serialize/change format (e.g., convert JSON to CSV) - [SNMP Trap Serialize](https://docs.cribl.io/edge/snmp-trap-serialize-function.md): Serializes compliant events into SNMP traps - [Suppress](https://docs.cribl.io/edge/suppress-function.md): Suppress events (e.g, duplicates, etc.) - [Tee](https://docs.cribl.io/edge/tee-function.md): Send events out to a command or a local file from any point in a Pipeline - [Unroll](https://docs.cribl.io/edge/unroll-function.md): Break/unroll an array into individual events - [XML Unroll](https://docs.cribl.io/edge/xml-unroll-function.md): Convert an XML event's elements into individual events - [Windows SID Lookup](https://docs.cribl.io/edge/windows-sidlookup-function.md): Translate Windows SIDs into account names - [Prometheus Publisher (deprecated)](https://docs.cribl.io/edge/prometheus-publisher-function.md): Convert events to metrics format - [Reverse DNS (deprecated)](https://docs.cribl.io/edge/reverse-dns-function.md): Resolve hostname from IP address - [Trim Timestamp (deprecated)](https://docs.cribl.io/edge/trim-timestamp-function.md): Remove timestamps patterns from events, and optionally store them in fields - [Packs](https://docs.cribl.io/edge/packs.md): Pack up and share configurations and workflows across organizations or Worker Groups - [Pack-Based Configuration Management](https://docs.cribl.io/edge/pack-config-management-intro.md): Learn how Git integration with Packs can streamline configuration management - [Plan a Pack-Based Strategy](https://docs.cribl.io/edge/pack-config-management-plan.md): Make key decisions to ensure that your Pack-based configuration management strategy meets your needs - [Create a Pack](https://docs.cribl.io/edge/pack-config-management-create-pack.md): Set up a new Pack initially and learn how to add variables and sensitive data - [Version Control Packs in External Git Repos](https://docs.cribl.io/edge/pack-config-management-external-git-repo.md): Set up a basic Git workflow by connecting a Pack to a Git repository for version-controlled configuration management - [Packs Publication Standards](https://docs.cribl.io/edge/packs-standards.md): How Cribl Community members can create and publish Cribl Packs - [Reference](https://docs.cribl.io/edge/reference.md): Consult reference for Cribl Edge, including Cribl Expressions, commands, environment variables, and configuration files - [Knowledge Objects](https://docs.cribl.io/edge/knowledge-library.md): Knowledge objects overview - [Variables Library](https://docs.cribl.io/edge/global-variables-library.md): Store values that automatically update everywhere they are referenced in your Pipelines and Functions - [Regexes](https://docs.cribl.io/edge/regex-library.md): A set of pre-built common regex patterns - [JSON Schemas](https://docs.cribl.io/edge/schema-library.md): Schemas for validating inbound JSON events and writing out Parquet data - [Parquet Schemas](https://docs.cribl.io/edge/parquet-schemas.md): Schemas for writing out Parquet data - [AppScope Configs](https://docs.cribl.io/edge/appscope-configs.md): Deprecated Knowledge Library objects. Not for production use. - [Cribl Expressions](https://docs.cribl.io/edge/cribl-reference.md): Native Cribl Edge methods, found under C.* - [C.Crypto - Data Encryption and Decryption](https://docs.cribl.io/edge/expressions-crypto.md): Native Cribl methods for encryption and decryption - [C.Decode and C.Encode - Encoding and Decoding](https://docs.cribl.io/edge/expressions-encode-decode.md): Native Cribl methods for encoding and decoding - [C.Lookup - Inline Lookup Methods](https://docs.cribl.io/edge/expressions-lookup.md): Native Cribl methods for lookups - [C.Mask - Data Masking Methods](https://docs.cribl.io/edge/expressions-mask.md): Native Cribl methods for masking - [C.Net - Network Methods](https://docs.cribl.io/edge/expressions-net.md): Native Cribl methods for encryption and decryption - [C.Text - Text Methods](https://docs.cribl.io/edge/expressions-text.md): Native Cribl methods for text manipulation - [C.Time - Time Methods](https://docs.cribl.io/edge/expressions-time.md): Native Cribl methods for time - [Miscellaneous Expression Methods](https://docs.cribl.io/edge/expressions-other.md): Miscellaneous native Cribl methods - [String](https://docs.cribl.io/edge/string-reference.md): How to use JavaScript strings in Cribl expressions - [Date](https://docs.cribl.io/edge/date-reference.md): How to use Cribl Expressions as inputs to Cribl Functions - [Math](https://docs.cribl.io/edge/math-reference.md): The Math JavaScript object, and its methods - [Number](https://docs.cribl.io/edge/number-reference.md): The Number JavaScript object, and its methods - [CLI Reference](https://docs.cribl.io/edge/cli-reference.md): Command line interface basics - [auth](https://docs.cribl.io/edge/cli-auth.md): Command to log into or out of the product - [boot-start](https://docs.cribl.io/edge/cli-boot-start.md): Command to enable or disable product boot-start - [cloud-workspace](https://docs.cribl.io/edge/cli-cloud-workspace.md): Command to update a Leader with new config that allows it to connect to the Cribl.Cloud Leader and send it usage metrics - [decrypt](https://docs.cribl.io/edge/cli-decrypt.md): Command to decrypt data with a secret key - [diag](https://docs.cribl.io/edge/cli-diag.md): Command to manage diagnostic bundles - [encrypt](https://docs.cribl.io/edge/cli-encrypt.md): Command to encrypt data with a secret key - [git](https://docs.cribl.io/edge/cli-git.md): Command to manage Worker Group or Fleet configuration - [help](https://docs.cribl.io/edge/cli-help.md): Displays a list of commands and their help - [keys](https://docs.cribl.io/edge/cli-keys.md): Command to manage encryption keys - [limits](https://docs.cribl.io/edge/cli-limits.md): Command to control the availability of Cribl features - [mode-master](https://docs.cribl.io/edge/cli-mode-master.md): Command to configure an instance as a Leader - [mode-single](https://docs.cribl.io/edge/cli-mode-single.md): Command to configure an instance as a Single-instance deployment - [mode-edge](https://docs.cribl.io/edge/cli-mode-edge.md): Command to configure Cribl Edge as a Single-instance deployment - [mode-worker](https://docs.cribl.io/edge/cli-mode-worker.md): Command to configure Cribl Stream as a Worker instance - [mode-managed-edge](https://docs.cribl.io/edge/cli-mode-managed-edge.md): Command to configure Cribl Edge as an Edge Node - [mode-outpost](https://docs.cribl.io/edge/cli-mode-outpost.md): Command to configure an instance as an Outpost Node - [nc](https://docs.cribl.io/edge/cli-nc.md): Command to listen a port for traffic and output stats and data - [node](https://docs.cribl.io/edge/cli-node.md): Command to execute a JavaScript file - [pack](https://docs.cribl.io/edge/cli-pack.md): Command to mange Cribl packs - [parquet](https://docs.cribl.io/edge/cli-parquet.md): Command to view a Parquet file, its metadata, or its schema - [pipe](https://docs.cribl.io/edge/cli-pipe.md): Command to feed stdin to a Pipeline - [pq](https://docs.cribl.io/edge/cli-pq.md): Command for persistent queue performance benchmarking - [reload](https://docs.cribl.io/edge/cli-reload.md): Command to reload the product - [restart](https://docs.cribl.io/edge/cli-restart.md): Command to restart the product - [start](https://docs.cribl.io/edge/cli-start.md): Command to start the product - [status](https://docs.cribl.io/edge/cli-status.md): Command to display the product status - [stop](https://docs.cribl.io/edge/cli-stop.md): Command to stop the product - [vars](https://docs.cribl.io/edge/cli-vars.md): Command to manage global variables - [version](https://docs.cribl.io/edge/cli-version.md): Command to display product version - [Environment Variables](https://docs.cribl.io/edge/environment-variables.md): Environment variables available for configuring Cribl Edge - [Configuration Files](https://docs.cribl.io/edge/configuration-files.md): How configuration paths and files are laid out on the filesystem - [breakers.yml](https://docs.cribl.io/edge/breakersyml.md): Config file where Cribl's default Event Breaker Library is stored - [certificates.yml](https://docs.cribl.io/edge/certificatesyml.md): Config file that lists configured certificates and their parameters - [cribl.yml](https://docs.cribl.io/edge/criblyml.md): Config file that contains system properties, and API settings - [groups.yml](https://docs.cribl.io/edge/groupsyml.md): Config file that lists groups and their configuration versions - [inputs.yml](https://docs.cribl.io/edge/inputsyml.md): Config file that contains settings for configuring inputs to Cribl - [instance.yml](https://docs.cribl.io/edge/instanceyml.md): Config file that contains settings for Leader, Worker, and Single instances - [jobs.yml](https://docs.cribl.io/edge/jobsyml.md): Config file that contains parameters for configured Collectors - [job-limits.yml](https://docs.cribl.io/edge/job-limitsyml.md): Config file that contains parameters for Collector jobs - [leader.yml](https://docs.cribl.io/edge/leaderyml.md): Config file that contains settings for secondary Leader when failover is configured - [limits.yml](https://docs.cribl.io/edge/limitsyml.md): Config file that contains parameters for system tasks - [logger.yml](https://docs.cribl.io/edge/loggeryml.md): Config file that maintains logging levels and redactions, per channel - [mappings.yml and fleet-mappings.yml](https://docs.cribl.io/edge/mappingsyml.md): Config file that lists mapping ruleset configurations - [messages.yml](https://docs.cribl.io/edge/messagesyml.md): Config file that stores messages displayed in the UI's Messages fly-out - [notifications.yml](https://docs.cribl.io/edge/notificationsyml.md): Config file that contains settings for configuring Notifications. - [outpost.yml](https://docs.cribl.io/edge/outpostyml.md): Config file that contains settings for a Cribl Outpost instance - [outputs.yml](https://docs.cribl.io/edge/outputsyml.md): Config file that contains settings for Cribl Edge Destinations - [parsers.yml](https://docs.cribl.io/edge/parsersyml.md): Config file that contains settings for Cribl Edge Destinations - [persistent-queue.yml](https://docs.cribl.io/edge/persistent-queueyml.md): Config file that contains settings for configuring persistent queues. - [regexes.yml](https://docs.cribl.io/edge/regexesyml.md): Config file that lists regexes, including (by default) the Cribl Regex Library - [samples.yml](https://docs.cribl.io/edge/samplesyml.md): Config file that contains metadata about stored sample data files - [schemas.yml](https://docs.cribl.io/edge/schemasyml.md): Config file that describes schemas in the Knowledge > Schema Library - [scripts.yml](https://docs.cribl.io/edge/scriptsyml.md): Config file that contains parameters for scripts - [service.yml](https://docs.cribl.io/edge/serviceyml.md): service.yml maintains configuration for Cribl Stream and Cribl Edge service processes - [vars.yml](https://docs.cribl.io/edge/varsyml.md): Config file that contains global variables - [Kubernetes Metrics Details](https://docs.cribl.io/edge/system-metrics-kubernetes-output.md): Reference of System Metrics Source output in Kubernetes - [Linux System Metrics Details](https://docs.cribl.io/edge/system-metrics-linux-output.md): Reference of System Metrics Source output on Linux - [Windows System Metrics Details](https://docs.cribl.io/edge/system-metrics-windows-output.md): Reference of System Metrics Source output on Windows - [Troubleshoot Cribl Edge](https://docs.cribl.io/edge/troubleshooting.md): Overview of troubleshooting resources for Cribl Edge - [Common Challenges on the Edge](https://docs.cribl.io/edge/edge-common-challenges.md): Common issues you can encounter in Cribl Edge and how to resolve them - [Diagnose Issues](https://docs.cribl.io/edge/diagnosing.md): Diagnosing issues and exporting a diagnostic bundle ## Cribl Search - [About Cribl Search](https://docs.cribl.io/search/about.md): Cribl Search is a unified log search and investigation platform that answers data questions with AI-assisted insights. - [Cribl Search Concepts](https://docs.cribl.io/search/basic-concepts.md): Basic terminology of Cribl Search - [Quick Start](https://docs.cribl.io/search/getting-started-guide.md): Create a Cribl.Cloud Organization to run your first search - [Cribl Search UI Tour](https://docs.cribl.io/search/tour.md): Find your way around the Cribl Search UI - [Get Data Into Cribl Search](https://docs.cribl.io/search/get-data-in.md): Ingest data directly into Cribl Search for fast, schema-aware searches - [Lakehouse Engines in Cribl Search](https://docs.cribl.io/search/engine-setup.md): Set up and manage lakehouse engines in Cribl Search - [Cribl Search Sources](https://docs.cribl.io/search/sources.md): Data sources supported by Cribl Search - [Ingest Cribl Stream/Edge Data into Cribl Search](https://docs.cribl.io/search/source-cribl-http.md): Collect data from on-prem or Cribl.Cloud tenants to store it in Cribl Search for fast analysis - [Ingest Datadog Agent Data into Cribl Search](https://docs.cribl.io/search/source-datadog-agent.md): Collect metrics, traces, and logs via the Datadog API to store them in Cribl Search for fast analysis - [Ingest Elasticsearch Data into Cribl Search](https://docs.cribl.io/search/source-elasticsearch-api.md): Collect data via the Bulk API from Beats or Elastic Agents to store it in Cribl Search for fast analysis - [Ingest OpenTelemetry Data into Cribl Search](https://docs.cribl.io/search/source-opentelemetry.md): Collect metrics, traces, and logs from OTLP-compliant agents to store them in Cribl Search for fast analysis - [Ingest Prometheus Metrics into Cribl Search](https://docs.cribl.io/search/source-prometheus-remote-write.md): Collect metrics via the Prometheus Remote Write API to store them in Cribl Search for fast analysis - [Ingest Raw HTTP Data into Cribl Search](https://docs.cribl.io/search/source-raw-http.md): Collect HTTP data in any format to store it in Cribl Search for fast analysis - [Ingest Splunk HEC Events into Cribl Search](https://docs.cribl.io/search/source-splunk-hec.md): Collect data sent via HTTP(S) protocols to store it in Cribl Search for fast analysis - [Ingest Splunk Forwarder Data into Cribl Search](https://docs.cribl.io/search/source-splunk-tcp.md): Collect S2S traffic from Splunk universal or heavy forwarders to store it in Cribl Search for fast analysis - [Ingest Syslog Messages into Cribl Search](https://docs.cribl.io/search/source-syslog.md): Collect data from syslog agents via TCP or UDP to store it in Cribl Search for fast analysis - [Ingest JSON Events via TCP into Cribl Search](https://docs.cribl.io/search/source-tcp-json.md): Collect JSON-formatted events via TCP, and automatically parse and store them in Cribl Search for fast analysis - [Ingest Raw TCP Data into Cribl Search](https://docs.cribl.io/search/source-tcp-raw.md): Collect data in any format via TCP to store it in Cribl Search for fast analysis - [Ingest Windows Events into Cribl Search](https://docs.cribl.io/search/source-wef.md): Collect Windows Event Forwarder logs from WEF servers to store them in Cribl Search for fast analysis - [Ingest Wiz Security Events into Cribl Search](https://docs.cribl.io/search/source-wiz-webhook.md): Collect security events and alerts via Wiz webhook notifications to store them in Cribl Search for fast analysis - [Shape Data with Datatype Rules](https://docs.cribl.io/search/shape-data.md): Parse and structure your data at ingest time, so you can search it accurately from the start - [Organize Data with Dataset Rules](https://docs.cribl.io/search/organize-data.md): Organize your Cribl Search data into Datasets - [Connect Cribl Search to External Data](https://docs.cribl.io/search/connect-to-data.md): Connect Cribl Search to where your data lives - [Connect Cribl Search to Cribl Lake](https://docs.cribl.io/search/set-up-cribl-lake.md): Configure Cribl Search to query your Cribl Lake data - [Connect Cribl Search to Amazon S3](https://docs.cribl.io/search/set-up-s3.md): Configure Cribl Search to query to your Amazon S3 data - [Connect Cribl Search to Cribl Edge](https://docs.cribl.io/search/set-up-edge.md): Configure Cribl Search to query your Cribl Edge Nodes - [Connect Cribl Search to AWS](https://docs.cribl.io/search/connect-to-aws.md): Connect Cribl Search to AWS data sources - [Grant Access to AWS](https://docs.cribl.io/search/aws-access.md): Allow Cribl Search to access your AWS data - [Connect Cribl Search to Amazon Security Lake](https://docs.cribl.io/search/set-up-amazon-security-lake.md): Configure Cribl Search to query your Amazon Security Lake data - [Connect Cribl Search to AWS API](https://docs.cribl.io/search/set-up-aws.md): Configure Cribl Search to query an AWS API endpoint - [Connect Cribl Search to Data Lake Amazon S3](https://docs.cribl.io/search/set-up-data-lake-amazon-s3.md): Configure Cribl Search to query Cribl Stream's Data Lake Amazon S3 Destination - [Connect Cribl Search to Azure](https://docs.cribl.io/search/connect-to-azure.md): Connect Cribl Search to Microsoft Azure data sources - [Connect Cribl Search to Azure Blob Storage](https://docs.cribl.io/search/set-up-azure-blob.md): Configure Cribl Search to query Azure Blob Storage data, including v2 Datasets and Private Link connectivity - [Connect Cribl Search to Azure Data Explorer](https://docs.cribl.io/search/set-up-azure-data-explorer.md): Configure Cribl Search to query Azure Data Explorer - [Connect Cribl Search to Azure API](https://docs.cribl.io/search/set-up-azure-api.md): Configure Cribl Search to query an Azure API endpoint - [Connect Cribl Search to Google](https://docs.cribl.io/search/connect-to-google.md): Connect Cribl Search to Google data sources - [Connect Cribl Search to Google Cloud Storage](https://docs.cribl.io/search/set-up-google-cloud-storage.md): Configure Cribl Search to query your Google Cloud Storage data - [Connect Cribl Search to Google Cloud Platform API](https://docs.cribl.io/search/set-up-google-cloud-platform.md): Configure Cribl Search to query a Google Cloud Platform API endpoint - [Connect Cribl Search to Google Workspace API](https://docs.cribl.io/search/set-up-google-workspace-api.md): Configure Cribl Search to query a Google Workspace API endpoint - [Connect Cribl Search to ClickHouse](https://docs.cribl.io/search/set-up-clickhouse.md): Configure Cribl Search to query ClickHouse Cloud or a self-managed ClickHouse server - [Connect Cribl Search to Elasticsearch](https://docs.cribl.io/search/set-up-elasticsearch.md): Configure Cribl Search to query an Elasticsearch index - [Connect Cribl Search to a Generic HTTP API](https://docs.cribl.io/search/set-up-generic-http-api.md): Configure Cribl Search to query any HTTP API - [Connect Cribl Search to Microsoft Graph API](https://docs.cribl.io/search/set-up-microsoft-graph-api.md): Configure Cribl Search to query a Microsoft Graph API endpoint - [Connect Cribl Search to Okta API](https://docs.cribl.io/search/set-up-okta.md): Configure Cribl Search to query an Okta API endpoint - [Connect Cribl Search to OpenSearch](https://docs.cribl.io/search/set-up-opensearch.md): Configure Cribl Search to query an OpenSearch index - [Connect Cribl Search to Prometheus](https://docs.cribl.io/search/set-up-prometheus.md): Configure Cribl Search to query your Prometheus instance - [Connect Cribl Search to Snowflake](https://docs.cribl.io/search/set-up-snowflake.md): Configure Cribl Search to query your Snowflake warehouse - [Connect Cribl Search to Tailscale API](https://docs.cribl.io/search/set-up-tailscale.md): Configure Cribl Search to query a Tailscale API endpoint - [Connect Cribl Search to Zoom API](https://docs.cribl.io/search/set-up-zoom.md): Configure Cribl Search to query a Zoom API endpoint - [Configure Data Connection Options in Cribl Search](https://docs.cribl.io/search/configure.md): Process data into discrete events, and control your object storage costs - [Datatypes in Cribl Search](https://docs.cribl.io/search/datatypes.md): Define how Cribl Search interprets raw data to extract meaningful fields and search faster - [v1 Datatypes in Cribl Search](https://docs.cribl.io/search/datatypes-v1.md): Define how Cribl Search interprets raw data for federated search - [v2 Datatypes in Cribl Search](https://docs.cribl.io/search/datatypes-v2.md): Simplify parsing and speed up searches with v2 Datatypes - [Federated Search v2](https://docs.cribl.io/search/federated-v2.md): Use v2 Datatypes and Datasets to speed up your federated searches. See what's currently supported - [Storage Classes](https://docs.cribl.io/search/storage-classes.md): Control costs by selectively enabling storage classes (access tiers) to search, per Dataset - [Supported Data Formats](https://docs.cribl.io/search/data-formats.md): Learn about how Cribl Search processes the most common data formats - [Explore Your Cribl Search Data](https://docs.cribl.io/search/explore.md): Explore your Cribl Search Datasets and review your search history - [Inspect Your Cribl Search Datasets](https://docs.cribl.io/search/data-explorer.md): Inspect your Cribl Search data before running a search - [View Search History in Cribl Search](https://docs.cribl.io/search/history.md): View, rerun, and reuse previously run searches in Cribl Search - [Search Your Data with Cribl Search](https://docs.cribl.io/search/search-your-data.md): Learn how to search data with Cribl Search - [Build a Search](https://docs.cribl.io/search/build-a-search.md): How to build a search - [Write Your First Query](https://docs.cribl.io/search/your-first-query.md): Learn how to write a query using Cribl Search - [Write Queries Using Cribl Copilot](https://docs.cribl.io/search/copilot-kql.md): Use the Cribl Copilot KQL assistant to translate natural language into Cribl Search queries - [Common Query Examples](https://docs.cribl.io/search/common-examples.md): Common uses of Cribl Search - [View Search Results in Cribl Search](https://docs.cribl.io/search/results.md): Understand and work with search results in Cribl Search - [Save Searches in Cribl Search](https://docs.cribl.io/search/save.md): Save, organize, and rerun searches in Cribl Search - [Example Searches by Provider](https://docs.cribl.io/search/search-tutorials-by-provider.md): See example searches for different data providers - [Searching Cribl Lake](https://docs.cribl.io/search/search-cribl-lake.md): Learn how to search your Cribl Lake data - [Searching Cribl Edge](https://docs.cribl.io/search/search-edge.md): Learn how to search your Cribl Edge data - [Built-In Cribl Edge Datasets](https://docs.cribl.io/search/edge-datasets.md): Learn about built-in Cribl Edge Datasets - [Searching Amazon S3](https://docs.cribl.io/search/search-s3.md): Learn how to search Amazon S3 - [Searching AWS API](https://docs.cribl.io/search/search-aws.md): Learn how to search AWS - [Searching Okta API](https://docs.cribl.io/search/search-okta.md): Learn how to search Okta - [Searching Zoom API](https://docs.cribl.io/search/search-zoom.md): Learn how to search Zoom - [Searching Multiple Providers](https://docs.cribl.io/search/search-multiple-providers.md): Set up and search multiple Dataset Providers - [Investigate](https://docs.cribl.io/search/investigate.md): Investigation workflows in Cribl Search - [Run Investigations (Preview) with Cribl Search](https://docs.cribl.io/search/investigations.md): Cribl Search investigations - [Cribl Search Notebooks](https://docs.cribl.io/search/notebooks.md): Run an entire investigation in one tab, and share your work with others - [Visualize Cribl Search Results](https://docs.cribl.io/search/visualize.md): Visualize your Cribl Search results with Charts, Tables and Dashboards - [Charts](https://docs.cribl.io/search/charting.md): How to visualize events with Cribl Search - [Types of Charts in Cribl Search](https://docs.cribl.io/search/chart-types.md): Learn what types of Charts Cribl Search offers - [Area Chart](https://docs.cribl.io/search/chart-area.md): Area Chart description and settings - [Column Chart](https://docs.cribl.io/search/chart-column.md): Column Chart description and settings - [Donut Chart](https://docs.cribl.io/search/chart-donut.md): Donut Chart description and settings - [Funnel Chart](https://docs.cribl.io/search/chart-funnel.md): Funnel Chart description and settings - [Gauge Chart](https://docs.cribl.io/search/chart-gauge.md): Gauge Chart description and settings - [Horizontal Bar Chart](https://docs.cribl.io/search/chart-horizontal-bar.md): Horizontal Bar Chart description and settings - [Line Chart](https://docs.cribl.io/search/chart-line.md): Line Chart description and settings - [Map Chart](https://docs.cribl.io/search/chart-map.md): Map Chart description and settings - [Scatter Chart](https://docs.cribl.io/search/chart-scatter.md): Scatter Chart description and settings - [Single Value Chart](https://docs.cribl.io/search/chart-single.md): Single Value Chart description and settings - [Results Tables](https://docs.cribl.io/search/results-table-settings.md): Settings for search results tables - [Dashboards](https://docs.cribl.io/search/dashboards.md): Overview of Cribl Search Dashboards - [Create a Dashboard](https://docs.cribl.io/search/creating-adding-to-dashboards.md): How to create Cribl Search Dashboards - [Edit a Dashboard](https://docs.cribl.io/search/editing-dashboards.md): Edit Cribl Search Dashboards - [Add Interactions to Your Cribl Search Dashboard](https://docs.cribl.io/search/dashboard-interactions.md): Enable Dashboard viewers to drill down into specific values in a visualization panel - [Add Inputs to Your Cribl Search Dashboard](https://docs.cribl.io/search/dashboard-inputs.md): Enable Dashboard viewers to control visualizations through interactive widgets - [Add Visualizations Using Cribl Copilot](https://docs.cribl.io/search/copilot-dashboards.md): Use the Cribl Copilot AI assistant to generate Cribl Search visualizations - [Manage and Share Dashboards](https://docs.cribl.io/search/managing-sharing-dashboards.md): Collect, export, and share your Cribl Search Dashboards - [Use Cribl Search with Grafana](https://docs.cribl.io/search/grafana.md): Use Cribl Search with Grafana - [Send Alerts With Cribl Search](https://docs.cribl.io/search/alert.md): Send notifications about your scheduled searches - [Scheduled Searches](https://docs.cribl.io/search/scheduled-searches.md): Run a search at a scheduled frequency - [Notifications](https://docs.cribl.io/search/notifications.md): Configure Cribl Search Notifications to alert about scheduled searches - [Email Notifications](https://docs.cribl.io/search/email-notifications.md): Get email alerts about the results of scheduled searches in Cribl Search - [AWS SNS Notifications](https://docs.cribl.io/search/aws-sns-notification-targets.md): Configure AWS SNS Notifications - [PagerDuty Notifications](https://docs.cribl.io/search/pager-duty-notification-targets.md): Configure PagerDuty Notifications - [Slack Notifications](https://docs.cribl.io/search/slack-notification-targets.md): Configure Slack Notifications - [Webhook Notifications](https://docs.cribl.io/search/webhook-notification-targets.md): Configure webhook Notifications - [Notifications via Cribl Stream](https://docs.cribl.io/search/notifications-search-stream.md): Route Cribl Search alerts through Cribl Stream to multiple downstream services - [Manage Cribl Search and Cribl.Cloud](https://docs.cribl.io/search/manage.md): Manage Cribl Search and Cribl.Cloud access and billing, and share Search resources - [Cribl.Cloud Access and Usage](https://docs.cribl.io/search/cloud.md): Overview of the Cribl.Cloud environment that hosts Cribl Search, with setup links and Enterprise options - [Manage Cribl.Cloud Organizations](https://docs.cribl.io/search/cloud-portal.md): Cribl.Cloud portal user interface - [Manage Billing in FinOps Center](https://docs.cribl.io/billing-licensing/finops-center/) - [Workspaces](https://docs.cribl.io/search/workspaces.md): Cribl.Cloud Workspaces - [Configure Workspaces](https://docs.cribl.io/search/workspaces-configuring.md): Configure your Cribl.Cloud Workspaces - [Usage Settings](https://docs.cribl.io/search/search-tools.md): Cribl Search settings to manage Notification targets, Usage Groups, and capacity limits - [Usage Groups](https://docs.cribl.io/search/usage-groups.md): Groups for controlling and assigning limits - [Limits](https://docs.cribl.io/search/limits.md): Set search limits - [Manage Access to Cribl Search Resources](https://docs.cribl.io/search/sharing.md): Share Datasets, and more, with other Search Members - [Cribl Search Engines](https://docs.cribl.io/search/engines.md): Understand engine types and sizing in Cribl Search - [Optimize Cribl Search](https://docs.cribl.io/search/better-practices.md): Strategies and tips for using Cribl Search most effectively - [Optimize Searches](https://docs.cribl.io/search/optimize-searches.md): Strategies and tips for optimizing the efficiency of Cribl Search queries - [Optimize Paths](https://docs.cribl.io/search/optimize-paths.md): Designing object stores' paths for efficient searchability - [Investigative Searching](https://docs.cribl.io/search/investigative-searching.md): Optimize investigations with Cribl Search - [Productivity Tips](https://docs.cribl.io/search/productivity-tips.md): Tips for using Cribl Search most efficiently - [Useful Queries (Analytic Cookbook)](https://docs.cribl.io/search/useful-queries.md): Cribl Search KQL analytic queries for specific purposes - [Troubleshooting Cribl Search](https://docs.cribl.io/search/troubleshooting.md): Diagnose and solve Cribl Search issues - [KQL Extensions](https://docs.cribl.io/search/kql-cribl.md): Understand KQL variations from Kusto - [Lakehouse Search Differences](https://docs.cribl.io/search/lakehouse-differences.md): Identify differences in Cribl Search behavior when querying Datasets with and without Lakehouse caching - [Search Details](https://docs.cribl.io/search/search-details.md): Identify problems with your query by looking up the details of the search - [Share Diagnostics](https://docs.cribl.io/search/diagnosing-search.md): Share a diagnostic bundle in Cribl Search - [Common Issues and Resolutions](https://docs.cribl.io/search/common-issues.md): Common issues, diagnostics, and resolutions in working with Cribl Search - [Knowledge Libraries in Cribl Search](https://docs.cribl.io/search/enrich-knowledge.md): Manage Knowledge libraries, Macros, and Packs to enrich your searches - [Lookups](https://docs.cribl.io/search/lookups.md): Enrich events with lookup tables - [Parsers](https://docs.cribl.io/search/parsers.md): Define data to extract, using Parsers - [Regexes](https://docs.cribl.io/search/regexes.md): Use the built-in library of regular expressions, or define your own - [Grok Patterns](https://docs.cribl.io/search/grok-patterns.md): Use built-in Grok patterns, or define your own - [Macros](https://docs.cribl.io/search/macros.md): Reuse query text across different searches - [Cribl Search Packs](https://docs.cribl.io/search/packs.md): Import, export, and share pre-built Cribl Search resources - [Packs Publicaton Standards](https://docs.cribl.io/stream/packs-standards) - [Language Reference](https://docs.cribl.io/search/language-reference.md): A comprehensive reference for the Cribl Search implementation of KQL - [Language Reference Index](https://docs.cribl.io/search/language-index.md): An alphabetical, linked index to all operators, functions, and other elements of the Cribl Search KQL implementation - [Operators in Cribl Search](https://docs.cribl.io/search/operators.md): A list of operators supported by Cribl Search - [Aggregation Operators](https://docs.cribl.io/search/aggregation-operators.md): A list of aggregation operators supported by Cribl Search - [count](https://docs.cribl.io/search/operators-count.md): Count the number of events - [eventstats](https://docs.cribl.io/search/eventstats.md): Enrich your events with aggregated data - [summarize](https://docs.cribl.io/search/summarize.md): Aggregate your data - [timestats](https://docs.cribl.io/search/timestats.md): Aggregate by time periods or bins - [Data Operators](https://docs.cribl.io/search/data-operators.md): A list of data operators supported by Cribl Search - [centralize](https://docs.cribl.io/search/centralize.md): Force subsequent operators to the coordinator - [export](https://docs.cribl.io/search/export.md): Send Cribl Search results to a Cribl Lake Dataset or to a lookup - [extend](https://docs.cribl.io/search/extend.md): Append fields created by calculating expressions - [externaldata](https://docs.cribl.io/search/externaldata.md): Fetches external data from HTTP(S) URLs, including public APIs - [extract](https://docs.cribl.io/search/extract-operator.md): Extracts data - [foldkeys](https://docs.cribl.io/search/foldkeys.md): Fold hierarchical field names into a nested structure - [ip-lookup](https://docs.cribl.io/search/ip-lookup.md): Enrich events with IP address data - [join](https://docs.cribl.io/search/join.md): Merge events from different Datasets, using the join operator - [lookup](https://docs.cribl.io/search/lookup.md): Enrich events with lookups - [mv-expand](https://docs.cribl.io/search/mv-expand.md): Expand an object into multiple events - [mv-pull](https://docs.cribl.io/search/mv-pull.md): Pull key-value pairs into a top-level event, or into a dedicated object or bag - [pivot](https://docs.cribl.io/search/pivot.md): Turn field values into field names. - [send](https://docs.cribl.io/search/send.md): Send search results to Cribl Stream - [top-hitters](https://docs.cribl.io/search/top-hitters.md): Count the most frequent values - [union](https://docs.cribl.io/search/union.md): Append one set of results to another - [Display Operators](https://docs.cribl.io/search/display-operators.md): A list of display operators supported by Cribl Search - [limit](https://docs.cribl.io/search/limit.md): Limit the number of events - [order](https://docs.cribl.io/search/order.md): Arrange events - [print](https://docs.cribl.io/search/print.md): Evaluate one or more scalar expressions - [project](https://docs.cribl.io/search/project.md): Define fields to return - [project-away](https://docs.cribl.io/search/project-away.md): Exclude fields from the results - [project-rename](https://docs.cribl.io/search/project-rename.md): Rename fields - [range](https://docs.cribl.io/search/range-operator.md): Generate a series of events with a defined range of generated values - [render](https://docs.cribl.io/search/render.md): Choose how to render the results of your search. - [sort](https://docs.cribl.io/search/sort.md): Arrange events - [take](https://docs.cribl.io/search/take.md): Take a number of events - [top](https://docs.cribl.io/search/top.md): Get the first N events - [Filter Operators](https://docs.cribl.io/search/filter-operators.md): A list of filter operators supported by Cribl Search - [between](https://docs.cribl.io/search/operators-between.md): Filter events that fall within an inclusive range of values - [dedup](https://docs.cribl.io/search/dedup.md): Deduplicate events - [distinct](https://docs.cribl.io/search/distinct.md): Find unique field values - [search](https://docs.cribl.io/search/search.md): Find events with specific text strings - [where](https://docs.cribl.io/search/where.md): Filter specific events - [Logical Operators](https://docs.cribl.io/search/logical-operators.md): A list of logical operators supported by Cribl Search - [Numerical Operators](https://docs.cribl.io/search/numerical-operators.md): A list of numerical operators supported by Cribl Search - [Search Operators](https://docs.cribl.io/search/search-operators.md): A list of search operators supported by Cribl Search - [cribl](https://docs.cribl.io/search/cribl.md): Find your data - [find](https://docs.cribl.io/search/find.md): Find your data - [String Operators](https://docs.cribl.io/search/string-operators.md): A list of string operators that Cribl Search supports - [==](https://docs.cribl.io/search/equals-cs.md): Equal - [!=](https://docs.cribl.io/search/not-equals-cs.md): Not equal - [=~](https://docs.cribl.io/search/equals.md): Equal case-insensitive - [!~](https://docs.cribl.io/search/not-equals.md): Not equal case-insensitive - [contains](https://docs.cribl.io/search/contains.md): Right occurs as a subsequence of left - [!contains](https://docs.cribl.io/search/not-contains.md): Right doesn't occur in the left - [contains_cs](https://docs.cribl.io/search/contains-cs.md): Right occurs as a subsequence of left - [!contains_cs](https://docs.cribl.io/search/not-contains-cs.md): Right doesn't occur in the left - [endswith](https://docs.cribl.io/search/endswith.md): Right is a closing subsequence of the left - [!endswith](https://docs.cribl.io/search/not-endswith.md): Right isn't a closing subsequence of the left - [endswith_cs](https://docs.cribl.io/search/endswith-cs.md): Right is a closing subsequence of the left - [!endswith_cs](https://docs.cribl.io/search/not-endswith-cs.md): Right isn't a closing subsequence of the left - [has](https://docs.cribl.io/search/has.md): Right occurs in the left - [!has](https://docs.cribl.io/search/not-has.md): Right doesn't occur in the left - [has_cs](https://docs.cribl.io/search/has-cs.md): Right occurs in the left - [!has_cs](https://docs.cribl.io/search/not-has-cs.md): Right doesn't occur in the left - [has_all](https://docs.cribl.io/search/has-all.md): Same as has but works on all of the elements - [!has_all](https://docs.cribl.io/search/not-has-all.md): Same as !has but works on all of the elements - [has_any](https://docs.cribl.io/search/has-any.md): Same as has but works on any of the elements - [!has_any](https://docs.cribl.io/search/not-has-any.md): Same as !has but works on any of the elements - [hasprefix](https://docs.cribl.io/search/hasprefix.md): Right is a term prefix in the left - [!hasprefix](https://docs.cribl.io/search/not-hasprefix.md): Right isn't a term prefix in the left - [hasprefix_cs](https://docs.cribl.io/search/hasprefix-cs.md): Right isn't a term prefix in the left - [!hasprefix_cs](https://docs.cribl.io/search/not-hasprefix-cs.md): Right isn't a term prefix in the left - [hassuffix](https://docs.cribl.io/search/hassuffix.md): Right is a term suffix in the left - [!hassuffix](https://docs.cribl.io/search/not-hassuffix.md): Right isn't a term suffix in the left - [hassuffix_cs](https://docs.cribl.io/search/hassuffix-cs.md): Right is a term suffix in the left - [!hassuffix_cs](https://docs.cribl.io/search/not-hassuffix-cs.md): Right isn't a term suffix in the left - [in](https://docs.cribl.io/search/in-cs.md): Equal to any of the events - [!in](https://docs.cribl.io/search/not-in-cs.md): Not equal to any of the events - [in~](https://docs.cribl.io/search/in.md): Equal to any of the events - [!in~](https://docs.cribl.io/search/not-in.md): Not equal to any of the events - [matches regex](https://docs.cribl.io/search/matches-regex.md): Matches against a field with a regex - [startswith](https://docs.cribl.io/search/startswith.md): Right is an initial subsequence of the left - [!startswith](https://docs.cribl.io/search/not-startswith.md): Right isn't an initial subsequence of the left - [startswith_cs](https://docs.cribl.io/search/startswith-cs.md): Right is an initial subsequence of the left - [!startswith_cs](https://docs.cribl.io/search/not-startswith-cs.md): Right isn't an initial subsequence of the left - [Commands](https://docs.cribl.io/search/commands.md): Commands supported by Cribl Search - [.cancel](https://docs.cribl.io/search/cancel.md): Cancel queued or running searches - [.show](https://docs.cribl.io/search/show.md): List queued and running searches, objects included in a Dataset, or set-statement options configured for your account - [.clear](https://docs.cribl.io/search/clear.md): Disable set-statement options - [.generate](https://docs.cribl.io/search/generate.md): Produce statistics about a search's results - [objects](https://docs.cribl.io/search/objects.md): Literal representing objects in a Dataset - [options](https://docs.cribl.io/search/options.md): Literal representing set-statement options - [stats](https://docs.cribl.io/search/stats.md): Literal representing statistics about the results of a search - [queries](https://docs.cribl.io/search/queries.md): Literal representing queued, running, or all pending searches - [Statements](https://docs.cribl.io/search/statements.md): A list of special statements supported by Cribl Search - [let](https://docs.cribl.io/search/let.md): Assign names to values, expressions, or entire queries, using the let statement - [set](https://docs.cribl.io/search/set.md): Use set statements to configure search options - [Functions](https://docs.cribl.io/search/functions.md): A list of all functions supported by Cribl Search - [Context Functions](https://docs.cribl.io/search/context-functions.md): Get contextual information on your search - [createdTime](https://docs.cribl.io/search/createdtime.md): Returns the time when the current search was created - [displayUsername](https://docs.cribl.io/search/displayusername.md): Returns the display name of the user who created the current search - [earliestTime](https://docs.cribl.io/search/earliesttime.md): Returns the start of the current search's time range - [jobID](https://docs.cribl.io/search/jobid.md): Returns the unique identifier of the current search job - [latestTime](https://docs.cribl.io/search/latesttime.md): Returns the end of the current search's time range - [query](https://docs.cribl.io/search/query.md): Returns the full query string of the current search - [user](https://docs.cribl.io/search/user.md): Returns the username of the user who created the current search - [Cribl Functions](https://docs.cribl.io/search/cribl-functions.md): A list of additional functions supported by Cribl Search - [findearliest](https://docs.cribl.io/search/findearliest.md): Get the earliest value - [findearliestif](https://docs.cribl.io/search/findearliestif.md): Get the earliest value of specific events - [findfirst](https://docs.cribl.io/search/findfirst.md): Get the first observed value - [findfirstif](https://docs.cribl.io/search/findfirstif.md): Get the first observed value of specific events - [findlast](https://docs.cribl.io/search/findlast.md): Get the last observed value - [findlastif](https://docs.cribl.io/search/findlastif.md): Get the last observed value of specific events - [findlatest](https://docs.cribl.io/search/findlatest.md): Get the latest value - [findlatestif](https://docs.cribl.io/search/findlatestif.md): Get the latest value of specific events - [list](https://docs.cribl.io/search/list.md): Get a list of values - [median](https://docs.cribl.io/search/median.md): Get the middle value - [medianif](https://docs.cribl.io/search/medianif.md): Get the middle value of specific events - [persecond](https://docs.cribl.io/search/persecond.md): Get the per second rate - [persecondif](https://docs.cribl.io/search/persecondif.md): Get the per second rate of specific events - [rate](https://docs.cribl.io/search/rate.md): Get the rate observed value - [rateif](https://docs.cribl.io/search/rateif.md): Get the rate observed value of specific events - [sumsq](https://docs.cribl.io/search/sumsq.md): Get the sum of squares - [sumsqif](https://docs.cribl.io/search/sumsqif.md): Get the sum of squares of specific events - [values](https://docs.cribl.io/search/values.md): Get distinct values - [Scalar Functions](https://docs.cribl.io/search/scalar-functions.md): A list of all scalar functions supported by Cribl Search - [Binary Functions](https://docs.cribl.io/search/binary-functions.md): A list of all binary functions supported by Cribl Search - [binary_and](https://docs.cribl.io/search/binary-and.md): Get the bitwise and between two numbers - [binary_not](https://docs.cribl.io/search/binary-not.md): Get the bitwise negation of a number - [binary_or](https://docs.cribl.io/search/binary-or.md): Get bitwise or of two values - [binary_shift_left](https://docs.cribl.io/search/binary-shift-left.md): Get the binary shift left on a pair of numbers - [binary_shift_right](https://docs.cribl.io/search/binary-shift-right.md): Get the binary shift right on a pair of numbers - [binary_xor](https://docs.cribl.io/search/binary-xor.md): Get the bitwise xor on a pair of numbers - [from_binary_string](https://docs.cribl.io/search/from-binary-string.md): Returns a number from a binary string - [to_binary_string](https://docs.cribl.io/search/to-binary-string.md): Returns a binary string from a number - [Conditional Functions](https://docs.cribl.io/search/conditional-functions.md): A list of all conditional functions supported by Cribl Search - [case](https://docs.cribl.io/search/case.md): Evaluates a list of predicates and returns the first result expression whose predicate is satisfied - [coalesce](https://docs.cribl.io/search/coalesce.md): Evaluates a list of expressions and returns the first non-null (or non-empty for string) expression - [iff](https://docs.cribl.io/search/iff.md): Evaluates the first argument (the predicate), and returns the value of either the second or third arguments, depending on whether the predicate evaluated to true (second) or false (third) - [iif](https://docs.cribl.io/search/iif.md): Evaluates the first argument (the predicate), and returns the value of either the second or third arguments, depending on whether the predicate evaluated to true (second) or false (third) - [max_of](https://docs.cribl.io/search/max-of.md): Returns the maximum value of several evaluated numeric expressions - [min_of](https://docs.cribl.io/search/min-of.md): Returns the minimum value of several evaluated numeric expressions - [Conversion Functions](https://docs.cribl.io/search/conversion-functions.md): A list of all conversion functions supported by Cribl Search - [bin](https://docs.cribl.io/search/bin.md): Round events into bins - [bin_auto](https://docs.cribl.io/search/bin-auto.md): Round events into bins - [floor](https://docs.cribl.io/search/floor.md): Round events into floors - [gettype](https://docs.cribl.io/search/gettype.md): Returns the type of the input value - [tobool](https://docs.cribl.io/search/tobool.md): Converts the input to a value of type bool - [todecimal](https://docs.cribl.io/search/todecimal.md): Converts the input to a value of type decimal (double, real) - [todouble](https://docs.cribl.io/search/todouble.md): Converts the input to a value of type double (real, decimal) - [toint](https://docs.cribl.io/search/toint.md): Converts the input to a value of type int (long) - [tolong](https://docs.cribl.io/search/tolong.md): Converts the input to a value of type long (int) - [toreal](https://docs.cribl.io/search/toreal.md): Converts the input to a value of type real (double, decimal) - [tostring](https://docs.cribl.io/search/tostring.md): Converts the input to a value of type string - [DateTime Functions](https://docs.cribl.io/search/datetime-functions.md): A list of all DateTime functions supported by Cribl Search - [ago](https://docs.cribl.io/search/ago.md): Subtracts from UTC - [datetime_add](https://docs.cribl.io/search/datetime-add.md): Add dates - [datetime_diff](https://docs.cribl.io/search/datetime-diff.md): Extract a diff of a date as an integer - [datetime_part](https://docs.cribl.io/search/datetime-part.md): Extract a part of a date as an integer - [dayofmonth](https://docs.cribl.io/search/dayofmonth.md): Get the day number of the month - [dayofweek](https://docs.cribl.io/search/dayofweek.md): The number of days since preceding Sunday - [dayofyear](https://docs.cribl.io/search/dayofyear.md): Get the day number of the year - [endofday](https://docs.cribl.io/search/endofday.md): The end of day - [endofmonth](https://docs.cribl.io/search/endofmonth.md): The end of month - [endofweek](https://docs.cribl.io/search/endofweek.md): The end of week - [endofyear](https://docs.cribl.io/search/endofyear.md): The end of year - [format_datetime](https://docs.cribl.io/search/format-datetime.md): Format a datetime - [format_timespan](https://docs.cribl.io/search/format-timespan.md): Format a timespan - [getmonth](https://docs.cribl.io/search/getmonth.md): Get the month number from a datetime - [getyear](https://docs.cribl.io/search/getyear.md): Get the year from a datetime - [hourofday](https://docs.cribl.io/search/hourofday.md): Get the month number from a datetime - [make_datetime](https://docs.cribl.io/search/make-datetime.md): Create a datetime - [make_timespan](https://docs.cribl.io/search/make-timespan.md): Create a timespan - [monthofyear](https://docs.cribl.io/search/monthofyear.md): Get the month number of a year - [now](https://docs.cribl.io/search/now.md): Get the current UTC time - [startofday](https://docs.cribl.io/search/startofday.md): Get the start of the day - [startofmonth](https://docs.cribl.io/search/startofmonth.md): Get the start of the month - [startofweek](https://docs.cribl.io/search/startofweek.md): Get the start of the week - [startofyear](https://docs.cribl.io/search/startofyear.md): Get the start of the year - [strftime](https://docs.cribl.io/search/strftime.md): Convert a date to a string - [strptime](https://docs.cribl.io/search/strptime.md): Extract time from a string - [todatetime](https://docs.cribl.io/search/todatetime.md): Converts the input to a value of type datetime - [totimespan](https://docs.cribl.io/search/totimespan.md): Converts input into timespan - [unixtime_microseconds_todatetime](https://docs.cribl.io/search/unixtime-microseconds-todatetime.md): Converts microseconds into datetime - [unixtime_milliseconds_todatetime](https://docs.cribl.io/search/unixtime-milliseconds-todatetime.md): Converts milliseconds into datetime - [unixtime_nanoseconds_todatetime](https://docs.cribl.io/search/unixtime-nanoseconds-todatetime.md): Converts nanoseconds into datetime - [unixtime_seconds_todatetime](https://docs.cribl.io/search/unixtime-seconds-todatetime.md): Converts seconds into datetime - [week_of_year](https://docs.cribl.io/search/week-of-year.md): Get the week number of a year - [Dynamic Functions](https://docs.cribl.io/search/dynamic-functions.md): A list of all dynamic functions supported by Cribl Search - [bag_has_key](https://docs.cribl.io/search/bag-has-key.md): Check whether a property bag contains a given key - [bag_keys](https://docs.cribl.io/search/bag-keys.md): List all root keys of a property bag - [bag_merge](https://docs.cribl.io/search/bag-merge.md): Merge multiple property bags, discarding duplicate keys - [bag_pack](https://docs.cribl.io/search/bag-pack.md): Creates a property bag from an alternating list of keys and values - [bag_pack_columns](https://docs.cribl.io/search/bag-pack-columns.md): Create a property bag from a list of fields - [bag_remove_keys](https://docs.cribl.io/search/bag-remove-keys.md): Removes keys and their values from a property bag - [bag_set_key](https://docs.cribl.io/search/bag-set-key.md): Add or overwrite a key-value pair in a property bag - [bag_zip](https://docs.cribl.io/search/bag-zip.md): Create a property bag from two dynamic arrays - [make_bag](https://docs.cribl.io/search/make-bag.md): Create a property bag from multiple input bags - [make_bag_if](https://docs.cribl.io/search/make-bag-if.md): Create a property bag from those input bags that meet the specified condition - [zip](https://docs.cribl.io/search/zip.md): Merge multiple dynamic arrays, grouping their elements by index - [Cryptographic Functions](https://docs.cribl.io/search/cryptographic-functions.md): A list of all cryptographic functions supported by Cribl Search - [encrypt](https://docs.cribl.io/search/encrypt.md): Encrypt data with a key managed by a Cribl Stream Worker Group - [decrypt](https://docs.cribl.io/search/decrypt.md): Decrypt data with a key managed by a Cribl Stream Worker Group - [Hash Functions](https://docs.cribl.io/search/hash-functions.md): A list of all hash functions supported by Cribl Search - [hash](https://docs.cribl.io/search/hash.md): Hash a value - [hash_combine](https://docs.cribl.io/search/hash-combine.md): Combine multiple hash values - [hash_many](https://docs.cribl.io/search/hash-many.md): Get a combined hash value from multiple values - [hash_md5](https://docs.cribl.io/search/hash-md5.md): Get an MD5 hash value - [hash_sha1](https://docs.cribl.io/search/hash-sha1.md): Get a SHA1 hash value - [hash_sha256](https://docs.cribl.io/search/hash-sha256.md): Get a SHA-256 hash value - [hash_xxhash64](https://docs.cribl.io/search/hash-xxhash64.md): Get a 64-bit hash value - [INET Functions](https://docs.cribl.io/search/inet-functions.md): A list of all INET functions supported by Cribl Search - [ipv4_compare](https://docs.cribl.io/search/ipv4-compare.md): Compares two IPv4 strings - [ipv4_is_in_range](https://docs.cribl.io/search/ipv4-is-in-range.md): Checks if IPv4 string address is in IPv4-prefix notation range - [ipv4_is_in_any_range](https://docs.cribl.io/search/ipv4-is-in-any-range.md): Checks whether IPv4 string address is in any of the specified IPv4 address ranges - [ipv4_is_match](https://docs.cribl.io/search/ipv4-is-match.md): Matches two IPv4 strings - [ipv4_is_private](https://docs.cribl.io/search/ipv4-is-private.md): Checks if IPv4 string address belongs to a set of private network IPs - [ipv4_netmask_suffix](https://docs.cribl.io/search/ipv4-netmask-suffix.md): Returns the value of the IPv4 netmask suffix from IPv4 string address - [ipv6_compare](https://docs.cribl.io/search/ipv6-compare.md): Compares two IPv4 or IPv6 strings - [ipv6_is_match](https://docs.cribl.io/search/ipv6-is-match.md): Matches two IPv6 or IPv4 strings - [format_bytes](https://docs.cribl.io/search/format-bytes.md): Converts a number into a data-size string - [format_ipv4](https://docs.cribl.io/search/format-ipv4.md): Parses input with a netmask and returns string representing IPv4 address - [format_ipv4_mask](https://docs.cribl.io/search/format-ipv4-mask.md): Parses input with a netmask and returns string representing IPv4 address as CIDR notation - [Mathematical Functions](https://docs.cribl.io/search/mathematical-functions.md): A list of all mathematical functions supported by Cribl Search - [abs](https://docs.cribl.io/search/abs.md): Calculates the absolute value of the input - [acos](https://docs.cribl.io/search/acos.md): Returns the angle whose cosine is the specified number - [asin](https://docs.cribl.io/search/asin.md): Returns the angle whose sine is the specified number - [atan](https://docs.cribl.io/search/atan.md): Returns the angle whose sine is the specified number - [atan2](https://docs.cribl.io/search/atan2.md): Returns the angle whose tangent is the specified number - [beta_cdf](https://docs.cribl.io/search/beta-cdf.md): Returns the standard cumulative beta distribution function - [beta_inv](https://docs.cribl.io/search/beta-inv.md): Returns the inverse of the beta cumulative probability beta density function - [beta_pdf](https://docs.cribl.io/search/beta-pdf.md): Returns the probability density beta function - [ceil](https://docs.cribl.io/search/ceil.md): Rounds up a specified numeric expression's value to its nearest integer - [ceiling](https://docs.cribl.io/search/ceiling.md): Rounds up a specified numeric expression's value to its nearest integer - [cos](https://docs.cribl.io/search/cos.md): Returns the cosine function - [cot](https://docs.cribl.io/search/cot.md): Calculates the trigonometric cotangent of the specified angle, in radians - [degrees](https://docs.cribl.io/search/degrees.md): Converts angle value in radians into value in degrees - [exp](https://docs.cribl.io/search/exp.md): The base-e exponential function of x, which is e raised to the power x - [exp2](https://docs.cribl.io/search/exp2.md): Calculates the base-2 exponential function of x, which is e raised to the power x - [exp10](https://docs.cribl.io/search/exp10.md): Calculates the base-e exponential function of x, which is e raised to the power x - [gamma](https://docs.cribl.io/search/gamma.md): Computes gamma function - [isfinite](https://docs.cribl.io/search/isfinite.md): Returns whether input is a finite value (is neither infinite nor NaN) - [isinf](https://docs.cribl.io/search/isinf.md): Returns whether input is an infinite (positive or negative) value - [isnan](https://docs.cribl.io/search/isnan.md): Returns whether input is Not-a-Number (NaN) value - [log](https://docs.cribl.io/search/log.md): Returns the natural logarithm function - [log2](https://docs.cribl.io/search/log2.md): Returns the (base-2) logarithm function - [log10](https://docs.cribl.io/search/log10.md): Returns the common (base-10) logarithm function - [loggamma](https://docs.cribl.io/search/loggamma.md): Computes loggamma function - [not](https://docs.cribl.io/search/not.md): Reverses the value of its boolean argument - [pi](https://docs.cribl.io/search/pi.md): Returns the constant value of Pi - [pow](https://docs.cribl.io/search/pow.md): Returns a result of raising to power - [radians](https://docs.cribl.io/search/radians.md): Converts angle value in degrees into value in radians - [rand](https://docs.cribl.io/search/rand.md): Get a random number - [range](https://docs.cribl.io/search/range.md): Generates a dynamic array holding a series of equally-spaced values - [round](https://docs.cribl.io/search/round.md): Returns the rounded source to the specified precision - [sign](https://docs.cribl.io/search/sign.md): Returns the sign of a numeric expression - [sin](https://docs.cribl.io/search/sin.md): Returns the sine of a numeric expression - [sqrt](https://docs.cribl.io/search/sqrt.md): Returns the square root function - [tan](https://docs.cribl.io/search/tan.md): Returns the tangent function - [String Functions](https://docs.cribl.io/search/string-functions.md): A list of all string functions supported by Cribl Search - [base64_decode_toarray](https://docs.cribl.io/search/base64-decode-toarray.md): Decodes a base64 string to an array of single-character strings - [base64_decode_tostring](https://docs.cribl.io/search/base64-decode-tostring.md): Decodes a base64 string to a UTF-8 string - [base64_encode_fromarray](https://docs.cribl.io/search/base64-encode-fromarray.md): Encodes a base64 string from a bytes array - [base64_encode_tostring](https://docs.cribl.io/search/base64-encode-tostring.md): Encodes a string as base64 string - [countof](https://docs.cribl.io/search/countof.md): Counts occurrences of a substring in a string - [extract](https://docs.cribl.io/search/extract.md): Get a match for a regular expression from a source string - [extract_all](https://docs.cribl.io/search/extract-all.md): Get a match for a regular expression from a source string - [extract_json](https://docs.cribl.io/search/extract-json.md): Get a specified element out of a JSON text using a path expression - [has_any_index](https://docs.cribl.io/search/has-any-index.md): Get a match for a regular expression from a source string - [indexof](https://docs.cribl.io/search/indexof.md): Reports the zero-based index of the first occurrence of a specified string within the input string - [isempty](https://docs.cribl.io/search/isempty.md): Returns true if the argument is an empty string, array, or object, or is null - [isnotempty](https://docs.cribl.io/search/isnotempty.md): Returns true if the argument isn't an empty string, array, or object, and isn't null - [isnotnull](https://docs.cribl.io/search/isnotnull.md): Returns true if the argument is not null - [isnull](https://docs.cribl.io/search/isnull.md): Evaluates its sole argument and returns a boolean value indicating if the argument evaluates to a null value - [match_regex](https://docs.cribl.io/search/match_regex.md): Match with a regex - [parse_csv](https://docs.cribl.io/search/parse-csv.md): Splits a given string representing a single record of comma-separated values and returns a string array with these values - [parse_ipv4](https://docs.cribl.io/search/parse-ipv4.md): Converts IPv4 string to long (signed 64-bit) number representation in big-endian order - [parse_ipv4_mask](https://docs.cribl.io/search/parse-ipv4-mask.md): Converts the input string of IPv4 and netmask to a signed, 64-bit wide, long number representation in big-endian order - [parse_ipv6](https://docs.cribl.io/search/parse-ipv6.md): Converts IPv6 or IPv4 string to a canonical IPv6 string representation - [parse_ipv6_mask](https://docs.cribl.io/search/parse-ipv6-mask.md): Converts IPv6/IPv4 string and netmask to a canonical IPv6 string representation - [parse_json](https://docs.cribl.io/search/parse-json.md): Interprets a string as a JSON value and returns the value as dynamic - [parse_url](https://docs.cribl.io/search/parse-url.md): Parses an absolute URL string and returns a dynamic object contains URL parts - [parse_urlquery](https://docs.cribl.io/search/parse-urlquery.md): Returns a dynamic object contains the Query parameters - [parse_version](https://docs.cribl.io/search/parse-version.md): Converts the input string representation of a version number to a comparable decimal number - [replace_regex](https://docs.cribl.io/search/replace-regex.md): Replaces all regex matches with another string - [reverse](https://docs.cribl.io/search/reverse.md): Reverses the order of the input string - [split](https://docs.cribl.io/search/split.md): Replaces all regex matches with another string - [strcat](https://docs.cribl.io/search/strcat.md): Concatenates between 1 and 64 arguments to a single string - [strcat_delim](https://docs.cribl.io/search/strcat-delim.md): Concatenates between 2 and 64 arguments, with a delimiter - [strcmp](https://docs.cribl.io/search/strcmp.md): Compares two strings - [strlen](https://docs.cribl.io/search/strlen.md): Returns the length, in characters, of the input string - [strrep](https://docs.cribl.io/search/strrep.md): Repeats given string provided amount of times - [substring](https://docs.cribl.io/search/substring.md): Extracts a substring from a source string starting from some index to the end of the string - [tolower](https://docs.cribl.io/search/tolower.md): Converts a string to lower case - [toupper](https://docs.cribl.io/search/toupper.md): Converts a string to upper case - [translate](https://docs.cribl.io/search/translate.md): Replace a set of characters with another set of characters in a given string - [trim](https://docs.cribl.io/search/trim.md): Removes all leading and trailing matches of the specified regular expression - [trim_end](https://docs.cribl.io/search/trim-end.md): Removes trailing match of the specified regular expression - [trim_start](https://docs.cribl.io/search/trim-start.md): Removes leading match of the specified regular expression - [url_decode](https://docs.cribl.io/search/url-decode.md): Converts encoded URL into a to regular URL representation - [url_encode](https://docs.cribl.io/search/url-encode.md): Converts characters of the input URL into a format that can be transmitted over the Internet - [Statistical Functions](https://docs.cribl.io/search/statistical-functions.md): A list of statistical functions supported by Cribl Search - [avg](https://docs.cribl.io/search/avg.md): Calculate the average across a group - [avgif](https://docs.cribl.io/search/avgif.md): Calculate the average across a group of specific events - [count](https://docs.cribl.io/search/count.md): Count the occurrences of events - [countif](https://docs.cribl.io/search/countif.md): Count the occurrences of specific events - [dcount](https://docs.cribl.io/search/dcount.md): Estimates the number of distinct values - [dcountif](https://docs.cribl.io/search/dcountif.md): Estimates the number of distinct values from specific events - [max](https://docs.cribl.io/search/max.md): Find the maximum value across a group - [maxif](https://docs.cribl.io/search/maxif.md): Find the maximum value across a group of specific events - [min](https://docs.cribl.io/search/min.md): Find the minimum value across a group - [minif](https://docs.cribl.io/search/minif.md): Find the minimum value across a group of specific events - [percentile](https://docs.cribl.io/search/percentile.md): Calculate the average across a group of specific events - [stdev](https://docs.cribl.io/search/stdev.md): Calculate the standard deviation of events - [stdevif](https://docs.cribl.io/search/stdevif.md): Find the standard deviation across a group of specific events - [stdevp](https://docs.cribl.io/search/stdevp.md): Calculate the standard deviation of population events - [sum](https://docs.cribl.io/search/sum.md): Sums the occurrences of events - [sumif](https://docs.cribl.io/search/sumif.md): Sum specific events - [variance](https://docs.cribl.io/search/variance.md): Calculate the variance of events - [varianceif](https://docs.cribl.io/search/varianceif.md): Calculate the variance of specific events - [variancep](https://docs.cribl.io/search/variancep.md): Calculate the variance of population events - [Window Functions](https://docs.cribl.io/search/window-functions.md): A list of window functions supported by Cribl Search - [next](https://docs.cribl.io/search/next.md): Returns the next value of a field - [prev](https://docs.cribl.io/search/prev.md): Returns the previous value of a field - [row_cumsum](https://docs.cribl.io/search/row_cumsum.md): Calculates the cumulative sum - [row_number](https://docs.cribl.io/search/row_number.md): Returns the current row's index - [row_rank_dense](https://docs.cribl.io/search/row_rank_dense.md): Assigns a dense rank - [row_rank_min](https://docs.cribl.io/search/row_rank_min.md): Assigns a minimal rank - [row_window_session](https://docs.cribl.io/search/row_window_session.md): Identify session starts - [Virtual Tables](https://docs.cribl.io/search/virtual-tables.md): Learn about virtual tables - [$vt_datasets](https://docs.cribl.io/search/vt_datasets.md): List available Datasets - [$vt_dataset_providers](https://docs.cribl.io/search/vt_dataset_providers.md): List available Dataset Providers - [$vt_dummy](https://docs.cribl.io/search/vt_dummy.md): Generate dummy data - [$vt_jobs](https://docs.cribl.io/search/vt_jobs.md): List previously executed searches - [$vt_list](https://docs.cribl.io/search/vt_list.md): List available virtual tables - [$vt_lookups](https://docs.cribl.io/search/vt_lookups.md): List available lookups, or get the contents of a specific lookup - [$vt_results](https://docs.cribl.io/search/vt_results.md): Access the results of previous searches - [Types](https://docs.cribl.io/search/types.md): Supported types of data in Cribl Search - [bool](https://docs.cribl.io/search/bool.md): The bool data type - [datetime](https://docs.cribl.io/search/datetime.md): The datetime data type - [decimal](https://docs.cribl.io/search/decimal.md): The decimal data type - [double](https://docs.cribl.io/search/double.md): The double data type - [dynamic](https://docs.cribl.io/search/dynamic.md): The dynamic data type - [int](https://docs.cribl.io/search/int.md): The int data type - [long](https://docs.cribl.io/search/long.md): The long data type - [null](https://docs.cribl.io/search/null.md): The null value - [real](https://docs.cribl.io/search/real.md): The real data type - [string](https://docs.cribl.io/search/string.md): The string data type - [timespan](https://docs.cribl.io/search/timespan.md): The timespan data type - [Regex Matching](https://docs.cribl.io/search/regex-matching.md): Regular expressions examples, supported flags, and syntax details - [API Reference](https://docs.cribl.io/cribl-as-code/) ## Cribl Lake - [About Cribl Lake](https://docs.cribl.io/lake/about.md): Cribl Lake is a storage solution aimed at long-term, full-fidelity data storage for IT and security data - [Cribl Lake Datasets](https://docs.cribl.io/lake/datasets.md): Organize different types of data stored in Cribl Lake - [Manage Lake Datasets](https://docs.cribl.io/lake/managing-datasets.md): Create, edit, partition, datatype, and delete Lake Datasets - [Structure Events for Cribl Lake](https://docs.cribl.io/lake/structuring-events.md): Optimize your Cribl Lake events for long-term retention or frequent access - [Search Cribl Lake](https://docs.cribl.io/lake/search-cribl-lake.md): Search your Cribl Lake Datasets with Cribl Search - [Lakehouses in Cribl Lake](https://docs.cribl.io/lake/lakehouse.md): Search Cribl Lake faster with a Lakehouse - [Streamline Logs Storage and Analysis with a Lakehouse](https://docs.cribl.io/lake/lakehouse-logs.md): Use Lakehouse with Cribl Search to analyze high-volume, recent security data in application logs - [Cribl Lake Collector](https://docs.cribl.io/lake/collectors-cribl-lake.md): Replay data from Cribl Lake - [Cribl Lake Destination](https://docs.cribl.io/lake/destinations-cribl-lake.md): Send your data from Cribl Stream to Cribl Lake - [Cribl Lake Direct Access](https://docs.cribl.io/lake/direct-access.md): Archive data directly to Cribl Lake - [Direct Access (HTTP)](https://docs.cribl.io/lake/direct-access-http.md): Archive data directly to Cribl Lake over HTTP - [Splunk Cloud Self Storage (DDSS) Direct Access](https://docs.cribl.io/lake/splunk-cloud.md): Archive Splunk Cloud Self Storage (DDSS) data directly to Cribl Lake, bypassing Cribl Stream processing - [Storage Locations (Bring Your Own Storage)](https://docs.cribl.io/lake/byos.md): Create Datasets on storage that you directly own, combining compliance with Cribl Lake streamlined provisioning, retention policies, and access control - [Integrating Cribl Lake with Cribl Edge](https://docs.cribl.io/lake/integrating-lake-with-edge.md): Archive Cribl Edge data to Cribl Lake, via Cribl Stream - [Troubleshooting](https://docs.cribl.io/lake/known-issues.md): Find bugs and limitations affecting Cribl Lake, with fix versions or workarounds ## Cribl Cribl Insights - [About Cribl Insights](https://docs.cribl.io/insights/about.md): Learn about the value of Cribl Insights - [System Insights](https://docs.cribl.io/insights/system.md): View systemwide health and key signals across products and infrastructure to quickly spot issues and trends - [Data Insights](https://docs.cribl.io/insights/data.md): Visualize end-to-end Cribl Stream data flows for troubleshooting and validation - [Alerts](https://docs.cribl.io/insights/alerts.md): Alerts is a centralized experience for detecting important conditions across your Cribl environment and routing them to the right people and systems. - [Monitors](https://docs.cribl.io/insights/monitors.md): Create and manage monitors that evaluate conditions, thresholds, and scope for proactive detection and response - [Active Alerts](https://docs.cribl.io/insights/activity.md): Review, filter, and investigate alerts across your environment - [Notification Settings](https://docs.cribl.io/insights/notifications.md): Configure notification channels, templates, severities, and routing policies to deliver alerts to the right targets - [Targets](https://docs.cribl.io/insights/targets.md): Where to send alert notifications - [Email Target](https://docs.cribl.io/insights/email-target.md): Get email alerts about the results of Monitors - [AWS SNS Target](https://docs.cribl.io/insights/aws-sns-target.md): Publish alerts to an Amazon SNS topic - [PagerDuty Target](https://docs.cribl.io/insights/pagerduty-target.md): Send alerts into PagerDuty as incidents or events - [Slack Target](https://docs.cribl.io/insights/slack-target.md): Send alerts into a Slack workspace and channel - [Webhook Target](https://docs.cribl.io/insights/webhook-target.md): Send alerts to HTTP or HTTPS endpoints - [Templates](https://docs.cribl.io/insights/templates.md): Configure notification channels, templates, severities, and routing policies to deliver alerts to the right targets - [Muting Rules](https://docs.cribl.io/insights/muting-rules.md): Control when Cribl Insights suppresses outbound alerts notifications - [Policies](https://docs.cribl.io/insights/policies.md): Control when, where, and how often Cribl Insights sends alert notifications ## API Reference - [Cribl Core API Reference](https://docs.cribl.io/cribl-as-code/api-reference/control-plane/cribl-core.md): Control Plane API for Cribl Core - [Cribl Stream API Reference](https://docs.cribl.io/cribl-as-code/api-reference/control-plane/cribl-stream.md): Control Plane API for Cribl Stream - [Cribl Edge API Reference](https://docs.cribl.io/cribl-as-code/api-reference/control-plane/cribl-edge.md): Control Plane API for Cribl Edge - [Cribl Search API Reference](https://docs.cribl.io/cribl-as-code/api-reference/control-plane/cribl-search.md): Control Plane API for Cribl Search - [Cribl Lake API Reference](https://docs.cribl.io/cribl-as-code/api-reference/control-plane/cribl-lake.md): Control Plane API for Cribl Lake - [Management Plane API Reference](https://docs.cribl.io/cribl-as-code/api-reference/management-plane.md): Management Plane API endpoints ## Reference Architectures - [Reference Architecture Overview](https://docs.cribl.io/reference-architectures/ref-arch-overview.md): Architectural Overview Framework and Purpose - [High-Level Example Architecture](https://docs.cribl.io/reference-architectures/ref-arch-diagram.md): High-Level Example Architecture - [The Cribl Three-Plane Model](https://docs.cribl.io/reference-architectures/core-arch-concepts.md): Understanding component relationships - [Product Suite Interoperation](https://docs.cribl.io/reference-architectures/ref-arch-products.md): Product Interoperation - [Interoperation Protocols](https://docs.cribl.io/reference-architectures/ref-arch-protocols.md): Interoperation Protocols - [Event Processing](https://docs.cribl.io/reference-architectures/arch-event-processing.md): Event processing architectural considerations - [Operational Monitoring](https://docs.cribl.io/reference-architectures/arch-monitoring.md): Monitoring operational health, data flows, and change events - [Monitor Leader Health and Logs](https://docs.cribl.io/reference-architectures/arch-leader-monitoring.md): Monitoring Leader operational health, data flows, and change events - [Overview of Deployment Architecture](https://docs.cribl.io/reference-architectures/arch-deploy-intro.md): Deployment Architecture and Implementation - [Deployment Terminology](https://docs.cribl.io/reference-architectures/arch-deployment-terminology.md): Deployment Terminology - [Choosing an Architecture](https://docs.cribl.io/reference-architectures/arch-deployment-framework.md): Choose your architecture - [Worker Group and Fleet Placement](https://docs.cribl.io/reference-architectures/worker-group-placement.md): Guide for deciding the placement of Worker Groups and Fleets - [High Availability Architecture](https://docs.cribl.io/reference-architectures/arch-deploy-ha.md): High Availability Architecture - [Cribl Outpost Consideration](https://docs.cribl.io/reference-architectures/arch-outpost.md): Introducing Cribl Outpost for HA deployment considerations - [Cribl.Cloud Architecture Overview](https://docs.cribl.io/reference-architectures/arch-cloud-overview.md): Architectural Concepts Overview - [Cribl.Cloud Security Practices](https://docs.cribl.io/reference-architectures/arch-cloud-security-practices.md): Cribl.Cloud Security Practices - [Cribl.Cloud Architecture Planning](https://docs.cribl.io/reference-architectures/arch-cloud-arch-planning.md): Cribl.Cloud Architecture Planning - [Required Ports in Cribl.Cloud](https://docs.cribl.io/reference-architectures/arch-cloud-ports.md): Ports in Cribl.Cloud Reference Architecture - [Cribl.Cloud/Customer Responsibilities](https://docs.cribl.io/reference-architectures/arch-cloud-security-responsibility.md): Cribl.Cloud Customer Responsibility Matrix - [Cribl.Cloud Identity and Authorization Model](https://docs.cribl.io/reference-architectures/arch-deploy-id-auth.md): Cribl.Cloud Identity and Authorization Model - [On-Prem Architecture Planning](https://docs.cribl.io/reference-architectures/arch-onprem-planning.md): On-Prem Architecture Planning - [Cribl Edge-Specific Considerations](https://docs.cribl.io/reference-architectures/arch-edge-considerations.md): Cribl Edge-Specific Considerations - [Hybrid Deployment Architecture Planning](https://docs.cribl.io/reference-architectures/arch-hybrid-planning.md): Hybrid Deployment Architecture Planning - [Securing On-Prem and Hybrid Deployments](https://docs.cribl.io/reference-architectures/arch-onprem-security.md): Securing On-Prem and Hybrid Deployments - [Sources and Destinations](https://docs.cribl.io/reference-architectures/arch-sources-destinations.md): Sources and Destinations Overview - [Source Architecture](https://docs.cribl.io/reference-architectures/arch-sources.md): Source types and architectural considerations - [Destination Architecture](https://docs.cribl.io/reference-architectures/arch-destinations.md): Destination types and architectural considerations - [Data Resilience and Workload Architecture](https://docs.cribl.io/reference-architectures/arch-resilience-workload.md): Data resilience and workload considerations - [Configuration Management](https://docs.cribl.io/reference-architectures/arch-configuration-management.md): Guide for developing an initial configuration management and content development plan - [Standard Configuration Management](https://docs.cribl.io/reference-architectures/arch-config-manage-standard.md): Overview of the Cribl control plane configuration management approach - [Advanced Configuration Management](https://docs.cribl.io/reference-architectures/arch-config-manage-advanced.md): Overview of the Pack-based configuration management approach for Cribl - [Scale Configuration Management with the API](https://docs.cribl.io/reference-architectures/arch-api-automation-and-scaling.md): Automating and scaling configuration management using the Cribl API - [Plan a Cribl Upgrade Strategy](https://docs.cribl.io/reference-architectures/arch-upgrade-cribl.md): Automating and scaling configuration management using the Cribl API - [Specialized Reference Architectures](https://docs.cribl.io/reference-architectures/arch-ref-specialized.md): An Overview page of Specialized Reference Architectures - [Cribl Reference Architecture, Full-Suite](https://docs.cribl.io/reference-architectures/reference-arch-full-suite.md): Reference architecture showing a Cribl.Cloud Leader's options to combine and interconnect all Cribl products - [Syslog to Cribl Stream Reference Architecture](https://docs.cribl.io/reference-architectures/reference-arch-syslog.md): Reference architecture demonstrating syslog data ingest and processing in Cribl Stream - [Unified Ingest & Replay Data](https://docs.cribl.io/reference-architectures/deploy-reference-data.md): Cribl Stream reference architecture for ingesting and replaying diverse data types from multiple senders - [Distributed Agents Reference Architecture](https://docs.cribl.io/reference-architectures/deploy-reference-many-agents.md): Reference Cribl Stream architecture to ingest data from a large quantity of agents - [Multi-Destination Enterprise Architecture](https://docs.cribl.io/reference-architectures/deploy-reference-destinations.md): Reference Cribl Stream architecture to minimize data egress costs to diverse destinations - [Hybrid Cloud Data Architecture](https://docs.cribl.io/reference-architectures/deploy-hybrid-data.md): Reference Cribl Stream architecture to minimize data egress costs with Cribl.Cloud hybrid Workers - [About Cribl Validated Architectures](https://docs.cribl.io/reference-architectures/cva-ref-intro.md): Introduction to Cribl Validated Architectures - [Assumptions and Terminology](https://docs.cribl.io/reference-architectures/cva-topologies-intro.md): Introduction to Cribl Validated Topologies - [Choose Your Architecture](https://docs.cribl.io/reference-architectures/cva-nav-intro.md): Navigating CVA Selection - [CVA Decision Tree](https://docs.cribl.io/reference-architectures/cva-decision-tree.md): Matrix for decisionmaking - [CVA Matrix](https://docs.cribl.io/reference-architectures/cva-matrix.md): Connecting Topology with Overlays - [CVA Solution Blueprints](https://docs.cribl.io/reference-architectures/cva-blueprint-solutions.md): CVA Solution blueprints - [Single-Instance Testing (Lab/PoC/Sandbox)](https://docs.cribl.io/reference-architectures/cva-blueprint-single.md): Blueprint for Single instance - [Standard Production (Cribl.Cloud/Hybrid)](https://docs.cribl.io/reference-architectures/cva-blueprint-standard-prod.md): Scenario for Standard Production - [Global Enterprise (Multi-Region)](https://docs.cribl.io/reference-architectures/cva-blueprint-global.md): Distributed and Global Blueprint - [Secure DMZ Bridge](https://docs.cribl.io/reference-architectures/cva-blueprint-security.md): Blueprint for Secure DMZ Bridge - [Distributed Collection](https://docs.cribl.io/reference-architectures/cva-blueprint-collections.md): Distributed Collection - [Searchable Data Lake](https://docs.cribl.io/reference-architectures/cva-blueprint-lake-search.md): Blueprint for Searchable Data lake - [CVA Operational Guardrails](https://docs.cribl.io/reference-architectures/cva-guardrails.md): Operational Guardrails - [Design Principles by Tier and Plane](https://docs.cribl.io/reference-architectures/cva-operational-guardrails-design.md): CVA operational guardrails by tier and plane - [Reliability and High Availability](https://docs.cribl.io/reference-architectures/cva-operational-guardrails-ha.md): Reliability and High Availability - [Network Ingress Design Patterns](https://docs.cribl.io/reference-architectures/cva-network-ingress.md): CVA operational guardrails by tier and plane - [Transport Choice and Tuning](https://docs.cribl.io/reference-architectures/cva-network-transport.md): Transport Choice and Tuning - [Timestamp Integrity](https://docs.cribl.io/reference-architectures/cva-network-timestamp.md): Normalizing timestamps - [Network Egress Design Patterns](https://docs.cribl.io/reference-architectures/cva-network-egress.md): Egress design patterns - [Firewalls and Network Security](https://docs.cribl.io/reference-architectures/cva-network-firewall.md): Firewall and Network Security Controls - [Network Bandwidth Optimization](https://docs.cribl.io/reference-architectures/cva-network-bandwidth.md): Optimize Bandwidth and Data Volume - [Optimize for Latency and Data Flow](https://docs.cribl.io/reference-architectures/cva-network-latency.md): Latency and topology patterns to optimize data flow - [CVA Reference Library](https://docs.cribl.io/reference-architectures/cva-reference-library.md): CVA Reference Library - [CVA Design Guide](https://docs.cribl.io/reference-architectures/cva-matrix-connect.md): Connecting Topology with Overlays - [Choose Your Foundation (Topology)](https://docs.cribl.io/reference-architectures/cva-topologies-defined.md): Baseline Toplogy - [Single-Instance Topology](https://docs.cribl.io/reference-architectures/cva-single-instance.md): Single instance, lab and POC - [Distributed (Single Worker Group/Fleet) Topology](https://docs.cribl.io/reference-architectures/cva-distributed-single.md): Distributed with a Single Worker Group - [Distributed (Multi-Worker Group/Fleet) Topology](https://docs.cribl.io/reference-architectures/cva-distributed-multiple.md): Distributed with a Multiple Worker Group - [Organize Your Workloads (Overlays)](https://docs.cribl.io/reference-architectures/cva-overlays-defined.md): Introduction to Cribl Validated overlays - [Functional Split Overlay](https://docs.cribl.io/reference-architectures/cva-functional-overlay.md): Functional overlay - [Regional/Geo Split Overlay](https://docs.cribl.io/reference-architectures/cva-geo-overlay.md): Regional/Geographical Split overlay - [Worker Group to Worker Group Bridging](https://docs.cribl.io/reference-architectures/cva-wg-bridge-overlay.md): Worker Group to Worker Group Bridging - [Cribl Edge and Stream Overlay](https://docs.cribl.io/reference-architectures/cva-edge-stream-overlay.md): Cribl Edge and Stream Overlay - [Hub-and-Spoke with Core Worker Group Overlay](https://docs.cribl.io/reference-architectures/cva-hub-spoke-overlay.md): Hub-and-Spoke with Core Worker Group Overlay - [Replay-First Overlay](https://docs.cribl.io/reference-architectures/cva-replay-first.md): Replay-First Overlay ## LLM Observability - [Instrument LLMs](https://docs.cribl.io/llm-observability/instrument-llms.md): Overview of OpenTelemetry instrumentation for Amazon Bedrock, Anthropic, Azure OpenAI, Google Gemini, LangChain, and OpenAI with Cribl Stream and Cribl Search. - [Instrument Bedrock Applications with OpenTelemetry](https://docs.cribl.io/llm-observability/bedrock.md): Instrument your Bedrock application - [Instrument Anthropic Applications with OpenTelemetry](https://docs.cribl.io/llm-observability/anthropic.md): Instrument your Anthropic (Claude) application - [Instrument Azure OpenAI Applications with OpenTelemetry](https://docs.cribl.io/llm-observability/azure-openai.md): Instrument your Azure OpenAI application - [Instrument Gemini Applications with OpenTelemetry](https://docs.cribl.io/llm-observability/gemini.md): Instrument your Gemini application - [Instrument LangChain and LangGraph Applications with OpenTelemetry](https://docs.cribl.io/llm-observability/langchain.md): Instrument your LangChain or LangGraph application - [Instrument OpenAI Applications with OpenTelemetry](https://docs.cribl.io/llm-observability/openai.md): Instrument your OpenAI application - [LLM Telemetry Use Cases in Cribl](https://docs.cribl.io/llm-observability/llm-telemetry-use-cases.md): Use cases for LLM telemetry in Cribl - [Explore LLM Telemetry in Cribl Search](https://docs.cribl.io/llm-observability/llm-use-case-cribl-search.md): Investigate, dashboard, and alert on LLM traces and logs in Cribl Search without re-indexing data routed from Stream. - [Route LLM Telemetry to Multiple Destinations](https://docs.cribl.io/llm-observability/llm-use-case-route-destinations.md): Send LLM traces and logs from Cribl Stream to the right observability, security, and analytics backends. - [Mask Sensitive LLM Prompts and Completions](https://docs.cribl.io/llm-observability/llm-use-case-mask-prompts.md): Use Cribl Stream Pipelines to redact prompts, completions, and retrieved content while keeping operational metadata. - [Emit LLM Cost and Usage Metrics from Token Counts](https://docs.cribl.io/llm-observability/llm-use-case-cost-metrics.md): Derive estimated cost from token usage in Cribl Stream and publish metrics for FinOps, alerting, and capacity planning. - [Sample or Throttle High-Volume LLM Telemetry](https://docs.cribl.io/llm-observability/llm-use-case-sample-throttle.md): Reduce LLM trace volume in Cribl Stream with sampling and drop rules while keeping high-value and error spans. ## Use Cases - [Use Cribl Products to Reduce Data Storage Costs](https://docs.cribl.io/use-cases/usecase-reduce-cost.md): Strategies to help manage and potentially reduce SIEM costs - [Simplify Data Collection, Processing, and Routing with Cribl Stream](https://docs.cribl.io/use-cases/usecase-simplify.md): How to use Cribl Stream to simplify data collection, processing, and routing in your organization - [Search and Analyze Data Directly at Its Source Using Cribl Search](https://docs.cribl.io/use-cases/usecase-search.md): How to use Cribl Search to search, explore, and analyze machine data in place without first moving it to specialized storage - [Use Cribl Edge to Collect Logs and Metrics on a Host Device](https://docs.cribl.io/use-cases/usecase-edge.md): How to use Cribl Edge to collect data in real time from your Linux and Windows machines, apps, and microservices - [Migrate from an On-Prem Deployment to Cribl.Cloud](https://docs.cribl.io/use-cases/usecase-migrate-cloud.md): How to migrate to Cribl.Cloud to simplify management, reduce overhead, and provide scalability - [Quickly implement Cribl Lake as Your Out-of-the-Box Data Lake Solution](https://docs.cribl.io/use-cases/usecase-cribl-lake.md): Implement a data lake solution that is easy to set up, configure, and manage - [Use Cribl Products to Change the Shape, Size, or Quality of Data](https://docs.cribl.io/use-cases/usecase-transform.md): How to use Cribl to transform data by processing it through a Pipeline - [Use Cribl Search to Explore Data in an Amazon S3 Bucket](https://docs.cribl.io/use-cases/usecase-s3.md): How to connect Cribl Search to AWS and start querying your Amazon S3 buckets - [Route Data to Multiple Destinations Using Cribl Stream](https://docs.cribl.io/use-cases/usecase-stream.md): How to use Cribl Stream to route data to multiple downstream analytics and storage services - [Use Cribl to Enrich Data Events with Context](https://docs.cribl.io/use-cases/usecase-enrich.md): How to use Cribl to leverage Pipelines and Functions to enrich data events - [Use Cribl Products to Remove or Disguise Sensitive Data](https://docs.cribl.io/use-cases/usecase-pii.md): How to use Cribl to remove or disguise sensitive data (PII) to comply with regulations - [Use Cribl Products to Reduce the Size of Data for Cost Savings and Performance](https://docs.cribl.io/use-cases/usecase-reduce-size.md): Use Cribl to reduce the size of your data and optimize performance - [Use Cribl to Replay Data from Low-Cost Storage](https://docs.cribl.io/use-cases/usecase-replay.md): How to use Cribl to access and analyze data stored in cost-effective locations ## FedRAMP - [Onboarding: Quick Start for Federal Users](https://docs.cribl.io/fedramp/fed_onboard.md): Quick start for onboarding to Cribl.Cloud Government - [What's Different in Cribl.Cloud Government](https://docs.cribl.io/fedramp/differences.md): Capabilities, operational behavior, and FedRAMP constraints that differ from commercial Cribl.Cloud - [Products: Tours and Getting Started](https://docs.cribl.io/fedramp/fed_products_tutorials.md): Tours and getting-started guides for the Cribl product suite - [Hybrid: Deploying Workers and Edge Nodes](https://docs.cribl.io/fedramp/fed_hybrid.md): Hybrid Workers, Edge nodes, and FIPS in Cribl.Cloud Government - [Billing: FinOps and Pricing](https://docs.cribl.io/fedramp/fed_billing.md): Pricing, credits, and FinOps Center in Cribl.Cloud Government - [Connected Environments: On-Prem and Cloud](https://docs.cribl.io/fedramp/fed_connected_env.md): Link on-prem Stream or Edge to Cribl.Cloud Government for unified billing - [Authentication: Identity, 2FA, and Access](https://docs.cribl.io/fedramp/fed_access.md): Identity integration, 2FA, and access controls in Cribl.Cloud Government - [SSO (Single Sign-On): Setup and Requirements](https://docs.cribl.io/fedramp/fed_access_sso.md): SSO setup and IdP requirements for Cribl.Cloud Government - [Deployment Security: Best Practices](https://docs.cribl.io/fedramp/securing-cloud-gov.md): Security practices for accounts, network, mTLS, RBAC, KMS, and data protection - [Federal Packs: Curated Dispensary](https://docs.cribl.io/fedramp/fed_packs.md): Curated in-product Packs dispensary for Cribl.Cloud Government - [Changelog: Cribl.Cloud Government](https://docs.cribl.io/fedramp/changelog.md): Summary of new and expanded capabilities added to Cribl.Cloud Government by release. ## Billing and Licensing - [Track Product Usage and Credit Consumption](https://docs.cribl.io/billing-licensing/finops-center.md): The FinOps Center is the source of truth for your Cribl credit consumption and product usage. - [Manage Licenses for Cribl On-Prem Deployments](https://docs.cribl.io/billing-licensing/on-prem-licensing.md): Cribl licensing options and details for on-prem Cribl Stream and Cribl Edge ## Additional Resources - [Cribl Community](https://cribl.io/community/): Join the community for discussions and support - [Cribl Support](https://cribl.io/support/): Get help from our support team - [Release Notes](https://docs.cribl.io/releases/): Stay up to date with the latest releases - [Known Issues index](https://docs.cribl.io/llms-known-issues.txt): All published known issues by product with markdown links