I have not seen a decrease in firewall logs with Cribl so far. What we do is use Event Hub. We actually redirect the entire thing to SIEM, so it will not come via Cribl. It will come via Cribl, but it will filter the required things based on our use case. We do not write all the packets because most of the packets would have been filtered in the firewall itself. Whatever packets are coming towards the firewall, if we want to collect the logs, we are directly interfacing with SIEM and we will collect it from there so that we do not want to lose what is the external activity on the internet towards our environment. Based on everything I just described, I would rate Cribl overall as 10 out of 10. I have not used other parts of the feature; for whatever log monitoring I have used for Cribl, I always try to rate the maximum. However, I have not used Cribl Lake, Cribl Search, and other things they offer, so I cannot comment on those.
Deploying Cribl is straightforward; we quickly set up our Cribl Cloud tenant and defined the architecture through resident services and core architects. We manage to create a hybrid deployment model efficiently, bringing substantial savings in licensing and infrastructure costs while enhancing our data handling capabilities. We deploy in a hybrid model, integrating worker nodes and Edge fleet in our enterprise data centers and cloud platforms near our data sources while using Cribl Cloud for management, ensuring limited access to prevent unwanted changes. In our AI journey, we are just getting started, becoming somewhat novice in this area. Cribl has enabled us to lean toward AI by integrating tools such as Copilot, which helps fast-track building pipelines and generating scripts. With Copilot, we see increased productivity, making it a key feature that enhances how we learn and utilize Cribl. Cribl Search has significantly improved the way we handle and explore data. Initially, we onboarded all networking devices to stream data into low-cost storage, using Cribl Search to query that data, which now gives our networking, security, and operations teams a single data set to query without the need to remember multiple sets. The setup is cost-effective, and the federated method of Cribl Search allows for efficient querying without performance loss, enhancing our analytics capabilities. Cribl's user interface is straightforward and user-friendly, allowing us to set up data collection sources quickly. It's self-explanatory, helping me navigate and visualize data without relying solely on commands. I appreciate how Cribl's UX caters to users, making tools accessible without needing extensive knowledge transfers. Based on our usage, I would rate Cribl a 10 overall.
Sr. Lead Security Engineer at a tech vendor with 10,001+ employees
Real User
Top 10
Oct 14, 2025
Based on my experience, the advice I would give to other companies considering Cribl is that your decision should be very specific to your use case but do not underestimate the amount of data you're dealing with. Data will continue to grow over time, and a tool like Cribl can significantly help reduce costs before the data is sent downstream. Another important consideration is whether you need to send data to multiple destinations. This was a challenge for us previously, and Cribl helped simplify that process. My advice to companies is: if you're drowning in data and cost, Cribl is essential. It gives you full control over your data and makes management much easier. As an organization, we've adopted AI heavily and integrated it into many of the tools we use today. We're actively looking to bring similar capabilities into Cribl. It's already in our pipeline, and we see strong potential in using AI to streamline how we build Packs and Pipelines. With AI integrated, we believe it could significantly reduce the time admins spend building specific pipelines for various data sources. On a scale of one to ten, I would rate Cribl a solid nine based on what we use it for today and the value it delivers.
Director, Performance Engineering at a tech services company with 10,001+ employees
Real User
Top 10
Oct 14, 2025
In terms of advice that I'd give to other companies considering Cribl, I'd say take a look at the business use case and at the data which you have that's flowing through it, and make sure you think about how to get the most on the other side of wherever that data is traveling to, specifically from using the Stream product. Make sure that you have a targeted goal in terms of data reduction, then work with your support team to make sure that you have the necessary transformations of the data in place so that you can meet those goals. That way, if you do, you can more easily justify the cost and the budget that's required in order to stand up a solution such as Cribl. On a scale of one to ten, I rate Cribl a ten due to its reliability, scalability, and comprehensive feature set that meets all our needs.
Senior Security Engineer at a university with 10,001+ employees
Real User
Top 10
Oct 14, 2025
I would advise other companies considering Cribl to just do it; it's worth it, as there's really little to no downside. It just makes your life easier. On a scale of one to ten, I would rate Cribl a nine, as it brings tremendous value. As a small security team, it really empowers us to get more useful data out of our sources, making our SOC and incident response teams more efficient and improving the overall security posture of our organization as we now have accurate, usable, easily analyzed data.
Cyber Security Engineer at a financial services firm with 10,001+ employees
Real User
Top 20
Sep 22, 2025
I have used alternatives to Cribl. I forgot the name, but it's a CrowdStrike product they just acquired that is the closest one I've used to Cribl in terms of the quality and the features. Currently, I prefer Cribl more than CrowdStrike. I still haven't played much with the other one, but I didn't find any issues with Cribl. Regarding Cribl's ability to contain data cost and complexity, if they can reduce their cost, that will make them more competitive. However, I don't know what else they can do in regards to how the application works. It's very good. For the project that I was involved in, it took me probably three weeks to set it up. We had to maintain our pipelines, not because of anything related to Cribl itself, but because the data source changed, so we had to adjust our pipelines. That was the kind of maintenance that we did. I would rate Cribl a nine out of ten.
Lead Engineer at a manufacturing company with 10,001+ employees
Real User
Top 10
Aug 8, 2025
Cribl gives us way more control and flexibility than we ever had before. We deal with massive volumes of telemetry data, and honestly, a lot of it is just noise. Cribl allow us to easily filter, transform, and route that data exactly how we want. It’s made a big difference.
Works at a manufacturing company with 10,001+ employees
Real User
Top 10
Jul 23, 2025
We are using around 25% of what Cribl offers, mainly focusing on log parsing, which is what Cribl started with. We use AWS as our main source of ingestion. There is little flexibility in pricing. It is simply the market price, and you either pay it or you do not. Cribl has significant capacity to handle high volumes of diverse data types, such as logs and metrics. Cribl can handle almost anything we throw at it, as lonthe g as budget is not an issue. There is a team in my company that uses them, but they are part of a separate company. We do not have any partnership with them yet. On a scale of 1-10, I rate Cribl an 8.
It has been able to perform to the best of its capabilities. They are able to handle everything with their non-shared architecture. On a scale of 1-10, I would rate Cribl a solid nine.
Utilize the documentation to ensure Cribl fits your use case, and join the Cribl community for any questions or recommendations. I'd rate the solution ten out of ten.
Security Engineer at a tech services company with 201-500 employees
Real User
Top 10
Sep 6, 2024
With less data coming into our system, we can now run queries faster since we're not processing as much data as before. The reduction has made our queries more efficient because we're working with more streamlined data. The quick connects are great for testing and allow you to rapidly set up a proof of concept, which is very beneficial. They can also be useful in production environments. Another significant feature is the recent Sentinel integration. The provided pack simplifies the setup process, making it much easier than the previous method, where you had to manually handle tasks like finding API keys. This integration makes the setup much more efficient. Overall, I rate the solution a seven out of ten.
I would recommend Cribl to organizations facing data challenges due to its perfect security measures and ease of use. It offers a simple, fast, and efficient solution.
Security Engineer at a tech services company with 51-200 employees
Real User
Top 20
Sep 4, 2024
It's important to know what source you will be using to ingest data into Cribl. Understanding how to configure the data source is key before using the platform. Once you have that figured out, Cribl becomes a powerful solution that can ingest almost anything with its Edge capability. However, having a clear understanding of the pathways you can take to ingest data is crucial before diving into it.
In some of the projects I've been working on, we're still testing and exploring Cribl's capabilities. We haven't established specific business goals or fixed objectives yet. Currently, we're focused on ingesting data from various sources with minimal transformation to understand how Cribl handles different types of logs and data. I encounter issues with the UI not accurately reflecting the current status. For example, the UI might show that a worker is still fetching the latest version of the code, but after refreshing the page, it usually updates to show that everything is up and running. Over time, I've learned to recognize when the UI is not displaying the correct information and use the refresh button to get the accurate status. Overall, I rate the solution a six out of ten.
Lead Engineer at a tech vendor with 1-10 employees
Real User
Top 10
Aug 23, 2024
The first thing to consider is the amount of data you're dealing with. Cribl is particularly beneficial for large-scale data environments. It allows you to process and store data efficiently, similar to how Splunk uses summary indexes. For example, when pulling raw events into Splunk, we often extract relevant logs using data models to simplify the data. Cribl enables a similar approach by letting you directly parse and filter data. If you have a raw event with hundreds of fields but only need 40% of those for day-to-day operations, Cribl lets you create multiple pipelines to extract the necessary data for your enterprise and production servers. At the same time, you can save a complete copy of the raw events in data lakes or local storage without affecting daily operations. If a security incident arises and the extracted fields don’t provide enough information, Cribl’s replay feature allows you to retrieve and analyze the raw data for a specific time range. This capability is handy when handling terabytes of data per day. When someone asks if Cribl is right for their needs, my first question is about the size of the data they're dealing with. Overall, I rate the solution a ten out of ten.
Senior Splunk Admin at a consultancy with self employed
Real User
Top 10
Jul 26, 2024
Cribl has had a positive impact on reducing the need for multiple support services. It simplifies collecting log data from various cloud vendors in a single place, which is much easier than configuring, managing, and maintaining a database for a Splunk add-on. Cribl has made it easier to handle log data. It takes about two months to get fully up to speed. Cribl provides free training and offers sandboxes for practice, allowing you to gain the necessary knowledge. Once trained, you can start working right away. Overall, I rate the solution a ten out of ten.
Cribl offers advanced data transformation and routing with features such as data reduction, plugin configurations, and log collection within a user-friendly framework supporting various deployments, significantly reducing data volumes and costs.Cribl is designed to streamline data management, offering real-time data transformation and efficient log management. It supports seamless SIEM migration, enabling organizations to optimize costs associated with platforms like Splunk through data...
I have not seen a decrease in firewall logs with Cribl so far. What we do is use Event Hub. We actually redirect the entire thing to SIEM, so it will not come via Cribl. It will come via Cribl, but it will filter the required things based on our use case. We do not write all the packets because most of the packets would have been filtered in the firewall itself. Whatever packets are coming towards the firewall, if we want to collect the logs, we are directly interfacing with SIEM and we will collect it from there so that we do not want to lose what is the external activity on the internet towards our environment. Based on everything I just described, I would rate Cribl overall as 10 out of 10. I have not used other parts of the feature; for whatever log monitoring I have used for Cribl, I always try to rate the maximum. However, I have not used Cribl Lake, Cribl Search, and other things they offer, so I cannot comment on those.
Cribl requires routine updates, with no other real maintenance required. This review is rated an eight out of ten.
Deploying Cribl is straightforward; we quickly set up our Cribl Cloud tenant and defined the architecture through resident services and core architects. We manage to create a hybrid deployment model efficiently, bringing substantial savings in licensing and infrastructure costs while enhancing our data handling capabilities. We deploy in a hybrid model, integrating worker nodes and Edge fleet in our enterprise data centers and cloud platforms near our data sources while using Cribl Cloud for management, ensuring limited access to prevent unwanted changes. In our AI journey, we are just getting started, becoming somewhat novice in this area. Cribl has enabled us to lean toward AI by integrating tools such as Copilot, which helps fast-track building pipelines and generating scripts. With Copilot, we see increased productivity, making it a key feature that enhances how we learn and utilize Cribl. Cribl Search has significantly improved the way we handle and explore data. Initially, we onboarded all networking devices to stream data into low-cost storage, using Cribl Search to query that data, which now gives our networking, security, and operations teams a single data set to query without the need to remember multiple sets. The setup is cost-effective, and the federated method of Cribl Search allows for efficient querying without performance loss, enhancing our analytics capabilities. Cribl's user interface is straightforward and user-friendly, allowing us to set up data collection sources quickly. It's self-explanatory, helping me navigate and visualize data without relying solely on commands. I appreciate how Cribl's UX caters to users, making tools accessible without needing extensive knowledge transfers. Based on our usage, I would rate Cribl a 10 overall.
Based on my experience, the advice I would give to other companies considering Cribl is that your decision should be very specific to your use case but do not underestimate the amount of data you're dealing with. Data will continue to grow over time, and a tool like Cribl can significantly help reduce costs before the data is sent downstream. Another important consideration is whether you need to send data to multiple destinations. This was a challenge for us previously, and Cribl helped simplify that process. My advice to companies is: if you're drowning in data and cost, Cribl is essential. It gives you full control over your data and makes management much easier. As an organization, we've adopted AI heavily and integrated it into many of the tools we use today. We're actively looking to bring similar capabilities into Cribl. It's already in our pipeline, and we see strong potential in using AI to streamline how we build Packs and Pipelines. With AI integrated, we believe it could significantly reduce the time admins spend building specific pipelines for various data sources. On a scale of one to ten, I would rate Cribl a solid nine based on what we use it for today and the value it delivers.
In terms of advice that I'd give to other companies considering Cribl, I'd say take a look at the business use case and at the data which you have that's flowing through it, and make sure you think about how to get the most on the other side of wherever that data is traveling to, specifically from using the Stream product. Make sure that you have a targeted goal in terms of data reduction, then work with your support team to make sure that you have the necessary transformations of the data in place so that you can meet those goals. That way, if you do, you can more easily justify the cost and the budget that's required in order to stand up a solution such as Cribl. On a scale of one to ten, I rate Cribl a ten due to its reliability, scalability, and comprehensive feature set that meets all our needs.
I would advise other companies considering Cribl to just do it; it's worth it, as there's really little to no downside. It just makes your life easier. On a scale of one to ten, I would rate Cribl a nine, as it brings tremendous value. As a small security team, it really empowers us to get more useful data out of our sources, making our SOC and incident response teams more efficient and improving the overall security posture of our organization as we now have accurate, usable, easily analyzed data.
I have used alternatives to Cribl. I forgot the name, but it's a CrowdStrike product they just acquired that is the closest one I've used to Cribl in terms of the quality and the features. Currently, I prefer Cribl more than CrowdStrike. I still haven't played much with the other one, but I didn't find any issues with Cribl. Regarding Cribl's ability to contain data cost and complexity, if they can reduce their cost, that will make them more competitive. However, I don't know what else they can do in regards to how the application works. It's very good. For the project that I was involved in, it took me probably three weeks to set it up. We had to maintain our pipelines, not because of anything related to Cribl itself, but because the data source changed, so we had to adjust our pipelines. That was the kind of maintenance that we did. I would rate Cribl a nine out of ten.
I would rate Cribl an eight out of ten.
Cribl gives us way more control and flexibility than we ever had before. We deal with massive volumes of telemetry data, and honestly, a lot of it is just noise. Cribl allow us to easily filter, transform, and route that data exactly how we want. It’s made a big difference.
We are using around 25% of what Cribl offers, mainly focusing on log parsing, which is what Cribl started with. We use AWS as our main source of ingestion. There is little flexibility in pricing. It is simply the market price, and you either pay it or you do not. Cribl has significant capacity to handle high volumes of diverse data types, such as logs and metrics. Cribl can handle almost anything we throw at it, as lonthe g as budget is not an issue. There is a team in my company that uses them, but they are part of a separate company. We do not have any partnership with them yet. On a scale of 1-10, I rate Cribl an 8.
It has been able to perform to the best of its capabilities. They are able to handle everything with their non-shared architecture. On a scale of 1-10, I would rate Cribl a solid nine.
Utilize the documentation to ensure Cribl fits your use case, and join the Cribl community for any questions or recommendations. I'd rate the solution ten out of ten.
With less data coming into our system, we can now run queries faster since we're not processing as much data as before. The reduction has made our queries more efficient because we're working with more streamlined data. The quick connects are great for testing and allow you to rapidly set up a proof of concept, which is very beneficial. They can also be useful in production environments. Another significant feature is the recent Sentinel integration. The provided pack simplifies the setup process, making it much easier than the previous method, where you had to manually handle tasks like finding API keys. This integration makes the setup much more efficient. Overall, I rate the solution a seven out of ten.
I would recommend Cribl to organizations facing data challenges due to its perfect security measures and ease of use. It offers a simple, fast, and efficient solution.
It's important to know what source you will be using to ingest data into Cribl. Understanding how to configure the data source is key before using the platform. Once you have that figured out, Cribl becomes a powerful solution that can ingest almost anything with its Edge capability. However, having a clear understanding of the pathways you can take to ingest data is crucial before diving into it.
In some of the projects I've been working on, we're still testing and exploring Cribl's capabilities. We haven't established specific business goals or fixed objectives yet. Currently, we're focused on ingesting data from various sources with minimal transformation to understand how Cribl handles different types of logs and data. I encounter issues with the UI not accurately reflecting the current status. For example, the UI might show that a worker is still fetching the latest version of the code, but after refreshing the page, it usually updates to show that everything is up and running. Over time, I've learned to recognize when the UI is not displaying the correct information and use the refresh button to get the accurate status. Overall, I rate the solution a six out of ten.
The first thing to consider is the amount of data you're dealing with. Cribl is particularly beneficial for large-scale data environments. It allows you to process and store data efficiently, similar to how Splunk uses summary indexes. For example, when pulling raw events into Splunk, we often extract relevant logs using data models to simplify the data. Cribl enables a similar approach by letting you directly parse and filter data. If you have a raw event with hundreds of fields but only need 40% of those for day-to-day operations, Cribl lets you create multiple pipelines to extract the necessary data for your enterprise and production servers. At the same time, you can save a complete copy of the raw events in data lakes or local storage without affecting daily operations. If a security incident arises and the extracted fields don’t provide enough information, Cribl’s replay feature allows you to retrieve and analyze the raw data for a specific time range. This capability is handy when handling terabytes of data per day. When someone asks if Cribl is right for their needs, my first question is about the size of the data they're dealing with. Overall, I rate the solution a ten out of ten.
Cribl has had a positive impact on reducing the need for multiple support services. It simplifies collecting log data from various cloud vendors in a single place, which is much easier than configuring, managing, and maintaining a database for a Splunk add-on. Cribl has made it easier to handle log data. It takes about two months to get fully up to speed. Cribl provides free training and offers sandboxes for practice, allowing you to gain the necessary knowledge. Once trained, you can start working right away. Overall, I rate the solution a ten out of ten.