Cribl LogStream 3.3

February 15, 2022 · 5 min read
Michael Katz
Staff Technical Writer

2022-02-15 – Cribl LogStream 3.3 – GA Release

New Features

This release includes the following new features.

Cribl Edge

Cribl Edge - new in this release! Edge helps you collect and process observability data – logs, metrics, application data, etc. – in real time, from your Linux machines, apps, containers, and other microservices, and then deliver them to LogStream or to any other supported destination.

You can launch Workers, or single instances, in Edge mode at global ⚙️ Settings (lower left) > Distributed Settings > General Settings. Edge nodes are controlled by the same Leader that (where applicable) controls your LogStream Workers.

Launching Edge nodes
Launching Edge nodes

Edge will be particularly valuable in managing and monitoring processes running on containers – such as Kubernetes clusters. Edge’s features include:

  • Automatic discovery of host, container, and application metrics, logs, etc., on endpoints.
  • Great Getting Data In (GDI) experience: Explore, preview, build configs, etc.
  • Collect logs and metrics (on hosts, processes, or containers); custom commands’ output; traces support coming soon.
  • All the processing power of LogStream’s Functions and Pipelines at your fingertips.
  • Forward data to any of the supported Destinations.
  • Centralized configuration and management: Edge offers visual configuration authoring, version-controlled configs, and…teleportation! (From your Leader, you can log directly into Edge nodes to preview and validate your configurations.)

Edge is not just an unusually rich observability agent, but also an interactive troubleshooting tool. By teleporting into any Edge node, you can look – in detail – at system performance metrics, running processes, containers, open log files, and more.

Whether you’re a fan of U2’s guitarist, or Yes’ prog rock, or both, or neither, there’s no need for delay. As you get close to the Edge, you’ll see perpetual change – and Cribl’s evolving new product will help you navigate those places where the streets have no name.

New and Enhanced Sources and Collectors

CRIBL-7103 A new native Splunk Search Source provides authentication and timing controls to run search queries against Splunk search heads.

CRIBL-7708 A new native Splunk Search Collector offers similar options in a Collector interface.

CRIBL-6378 A new Exec Source can ingest the output of arbitrary commands.

CRIBL-7608 The Elasticsearch API Source now provides multiple authentication options.

CRIBL-4533 A new native Datadog Agent Source supports ingesting dogstatsd metrics and logs.

CRIBL-5078 The Splunk HEC Source can now access Request Headers, so that LogStream Worker Groups behind an AWS Classic ELB can read the X-Forwarded-For header and pass its value to __srcIpPort.

CRIBL-7330 The System Metrics Source’s Basic mode now supports node_cpu_count metrics.

CRIBL-6204 The REST Collector now supports pagination via multiple response attributes.

CRIBL-7406 The AppScope Source’s UNIX-domain socket has a new default location, to enable Edge compatibility.

New and Enhanced Destinations

A new LogStream Destination (you read that right) enables LogStream instances, and/or Edge nodes, to send data to one or multiple LogStream instances.

CRIBL-6206 The Elasticsearch Destination now supports Elastic Cloud receivers.

CRIBL-6206 The Elasticsearch Destination’s expanded Index or data stream field now supports JavaScript expressions, allowing routing based on events’ values.

CRIBL-7555 The TCP JSON Destination and Syslog Destination (in TCP mode) now support load balancing.

CRIBL-4070 The Kafka and Confluence Cloud Sources and Destinations now support LZ4 compression.

CRIBL-6102 The InfluxDB Destination now supports token-based authentication.

CRIBL-7242 The Google Chronicle Destination now supports multiple Regions.

Enhanced Functions

CRIBL-6966 The Publish Metrics Function now supports Datadog’s distribution metric type.

Enhanced Routes

CRIBL-7239 Routes now support inserting arbitrary comments.

Data-Flow and Functional Enhancements

CRIBL-7680 Notifications are now avilable with a Cribl Standard license.

CRIBL-7691 Metric dimensions that Workers report to the Leader now include a __dist_mode field.

CRIBL-6852 UNIX socket files’ location is now configurable.

CRIBL-5606 LogStream is updated to Node v.14.18.3 (LTS).

UX/UI Improvements

CRIBL-6937 Tab/page titles now show the specific application page you are on.

CRIBL-6994 The application’s landing page > Worker Groups section now provides a + New Group tile.

CRIBL-6474 The Manage Groups page now auto-refreshes the displayed number of Groups.

CRIBL-7111 QuickConnect now warns when filtering might be hiding all Sources/Destinations.

CRIBL-7067 The Commit & Deploy button’s behavior has been standardized.

CRIBL-7121 The Monitoring > Flows - page now includes a Select check box that can be cleared to remove all dashboard filters.

CRIBL-5885, CRIBL-7382, CRIBL-7381 Modals now behave more consistently across the application.

Deprecated Content Type

CRIBL-7779 Office 365 Services Source no longer collects the Historical Status content type.

Microsoft has retired its prior Office 365 Service Communications API, forcing LogStream’s Office 365 Services Source to switch to the Microsoft Graph service communications API. Due to a limitation in this new API, LogStream 3.3 and above can no longer collect the Historical Status content type that this Source supported through LogStream 3.2.2.

Corrections

This version includes the following corrections:

CRIBL-7666 Upgraded the ansi-regex dependency from v.5.0.0 to v.5.0.1 to fix a potential ReDos vulnerability.

CRIBL-7914 Corrected the Office 365 Message Trace Source’s generation of date parameters.

CRIBL-6406 Corrected bootstrapped CentOS Workers’ restart behavior.

CRIBL-7364 Corrected backpressure when writing to file-based Destinations with the Remove staging dirs option enabled.

CRIBL-7745 Corrected the git.key file’s deletion during restart.

CRIBL-6868 Corrected memory leak observed with HTTP-based Sources.

CRIBL-7108 Corrected Azure Blob Destination’s authentication using referenced secrets.

CRIBL-7513 Corrected deletion of bin, logs, and pid subdirectories when enabling GitOps with git v.2.13.1 or earlier.

CRIBL-7657 Corrected failure to display Pack updates until Leader is restarted.

CRIBL-7429 Corrected REST Collector’s handling of unquoted relation names with Pagination set to RFC 5988 – Web Linking.

CRIBL-7679 The Elasticsearch Destination now accepts Extra parameters. This option can correct situations such as when validation of the Bulk API URL field’s base value breaks Elasticsearch ingest pipelines.

CRIBL-6347 Corrected a loophole that allowed creation of separate Sources using the same port.