In Part 1 of this series, we talked about the origins of observability and why you need it. In this blog (Part 2), we will cover exactly what observability is, what it isn’t, and how to get started. Before we can dive into how to approach observability, let’s get one thing clear: You can’t buy a one-size-fits-all observability solution.
In this post, we’ll discuss two functions in the Cribl Stream arsenal: The Aggregations function, which allows you to perform stats and metrics collection in flight, and the Chain function allows you to call one Pipeline from within another. The event flow will continue when the Chained Pipeline returns. To demonstrate their use, we’ll answer this question: How long did it take for Cribl to process events using your pipeline?
With its market size reaching more than $2 billion in 2020, you’d think that a universal definition of the term observability would have emerged by now. But it turns out that a clear definition of a term or industry isn’t necessarily a prerequisite for the rapid growth of its market size — just ask everyone at your next dinner party to define blockchain for you and see how many different answers you get!
The best part of my job is talking with prospects and customers about their logging and data practices while explaining how Cribl focuses on getting more value from observability data. I love to talk about everything they are doing and hope to accomplish so I can get a sense of the end state. That is vital to developing solutions that provide overall value across the enterprise and not just a narrow tactical win with limited impact.
A SIEM (Security Information Event Management) platform, along with several other tools that make you crave Alphabet Soup (XDR, UBA, NDR, etc), is a critical component of any organization’s security infrastructure. Between a constantly growing volume of logs, increasing attacks and breaches, and challenges finding qualified staff, many organizations may consider a SIEM migration. There could be several reasons for this.
“Why is it so bad right now? Why does it seem like we’re fighting this up-hill battle?” The internet, it seems, is having a mid-life crisis. As industries progress through their life cycle, they are expected to reach a quasi-steady state of maturity, but the internet hasn’t gotten that message. In fact, it seems to be stuck in the growth phase, expanding exponentially with no end in sight, and securing it just feels so hard. Let’s dive into my Black Hat recap.
If you asked your engineering team how well they can handle all of the security and observability data they’re managing, would you get a resounding “Yeah boss, we’re good to go!” in response? Possible, but unlikely. Chances are they feel like they’re stuck on a boat that’s taking on water, spending their day using tiny buckets to scoop some of it out, with no way to plug any of the leaks.
We’ve reached the point in the DevOps transformation where efficiency and automation are no longer the highest objectives. The next step is engineering past automation and towards fully autonomous, self-healing systems. If you aren’t conversing about building this type of resilience into your systems and applications, there’s never been a better time than now to start.
It’s time for the Black Hat conference in the United States, so we’re onsite meeting with customers and prospects looking to untangle their data from the grip of vendors holding their data hostage. We aim to start a rebellion against this lock-in and encourage customers to focus on radical choice and control with their observability data. Pushing back against “The Empire” is challenging, but you can achieve it with Cribl Stream and Edge.
When I had my first child almost six years ago, I expected that most of my time would be spent in the role of a teacher rather than a student. I have two kids now — and I’m certainly teaching them as much as I can as they grow and learn to navigate the world — but if someone were keeping score, my kids might end up on top when it comes to who’s taught who more. Another thing that surprised me is how similar building a family is to build a company from the ground up.
If you were pulled into a meeting right now and asked to give your thoughts on how to achieve better outcomes with monitoring and observability, what would you recommend? Would you default to suggesting that your team improve Mean Time To Detect (MTTD)? Sure, you might make some improvements in that area, but it turns out that most of the opportunities lie in what comes after your system detects an issue. Let’s examine how to measure improvements in monitoring and observability.
The best part of my job is talking with prospects and customers about their logging and data practices. I love to talk about everything they are currently doing and hope to accomplish so I can get a sense of overall goals and understand current pain points. It’s vital to come up with solutions that provide broad value across the enterprise and not just a narrow tactical win with limited impact.
One year ago, we launched Cribl.Cloud as a cloud-hosted option for our industry-leading data pipeline product, Cribl Stream. Customers had a choice of either deploying on-premises with a subscription-based tiered license model or opting for our cloud service with a similar tiered billing model. Fast-forward one year, and Cribl is now a multi-product company with several unique observability products (Stream, Edge, AppScope, and soon Search) to offer our customers.
Organizations leverage many different cybersecurity and observability tools for different departments. It’s common to see the IT department using Splunk Enterprise, while the SOC uses Exabeam. Both of these tools use separate agents, each feeding different data to their destinations. Normally this isn’t a problem unless you’re talking about domain controllers. Domain controllers only allow a single agent, meaning you can’t feed two platforms with data.
