Get familiar with Cribl Search terminology.

Search

​

A query that filters, aggregates, or transforms your data to answer a question, trigger an alert, or populate a dashboard.

In Cribl Search, you can query data ingested directly into a lakehouse engine for best performance, or run federated search-in-place queries on data stored elsewhere with no onboarding or indexing required.

Engine

​

A storage and compute resource that powers Cribl Search queries.

Lakehouse engines search data stored in Cribl Search. You can add multiple lakehouse engines and size each one for your ingest rate.

Federated engine runs search-in-place of data stored elsewhere. Each Workspace has one federated engine.

Datatype

​

A set of rules that lets Cribl Search recognize data of a certain type, break it into discrete events, timestamp them, and parse them into meaningful fields for more efficient searching.

Datatypes v1 work with federated searches.

Datatypes v2 support all search types and are the most efficient.

Read about Datatypes

Dataset

​

A named container that logically groups related events so you can easily specify what data to query.

Cribl Search Datasets group events stored in a lakehouse engine.

Federated Datasets reference data stored externally, using Dataset Providers to access it.

Kusto Query Language (KQL)

​

Query language used to run searches in Cribl Search.

See Language Reference for full syntax reference.