Cribl provides a real-time data stream management platform for MELT data that enables organizations to gain insights and take action on data in place (right at the source), data at rest (already stored in a data lake), and eventually data in motion (transitioning an observability pipeline). Back in May 2022 Clint and the C021 team signaled that they would be turning search on its head, and in Nov '22 they did just that. We can now say goodbye to the swivel-chair searching which has become a rate limiter to value realization and start to unlock our observability and security data.
In this episode, Satbir and Darren speak with Ed Bailey, Cribl's Sr. Staff Technical Evangelist, about the power of Cribl's vision for the future. Though we cover a range of topics there is a heavy focus on Cribl Search and all that it promises. Search is built on an enhanced version of Kusto which provides practitioners a familiar interface to start with. This allows organizations to get a head start by performing actions such as compiling Sigma rules into Kusto for IOC/threat hunting. This design decision goes a long way to challenge the current modus vivendi that exists between operational and security data.
Further, Cribl Search is a cloud-native construct, scaling elastically as queries are processed which dramatically reduces the infrastructure cost burden of search.
Dispatching queries to where the data is promises to drive the convergence between observability and security operations and we are excited to continue partnering with Cribl. This is an essential platform for organizations looking to gain insights and take action on their MELT and security data. Long live the goat!