Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up here)
Download entire manual as PDF – v.3.1.2

Cribl LogStream 2.1

about a year ago by dritan bitincka

2020-01-22 - Cribl LogStream 2.1 - GA Release

New Features


SSO Authentication

  • Added support for SSO authentication (Open ID Connect). See User Authentication for more.
    • Google
    • Okta
    • Manual/Custom

Global Variables and Expressions

  • Added support for Global Variables and Expressions. These are re-usable and composable JS expressions that can be referenced by any Function. More here.

Inline Lookups

  • Added support for inline Lookups via C.Lookup functions. This allows for referencing, checking and performing a lookup in almost all Functions instead of exclusively via the Lookup function. More here.

New Sources

  • SNMP Traps: Added support for direct receiving SNMP Traps. More here.
  • Cribl Internal Metrics: Added support for exposing internal metrics as a regular data source. Now downstream solutions can be used to monitor a Cribl LogStream deployment more comprehensively. More here.

New Destinations

  • SNMP Traps: Added support for forwarding of SNMP traps to trap receivers. More here.
  • InfluxDB: Added support for forwarding of metrics to InfluxDB destinations.

Destination Throttling

  • Added support for rate throttling of various destinations. This provides admins with a mechanism to control and police the bandwidth utilization per output.

Data Generators

  • Added support for in-product Datagens and several of them ship with the product. This feature helps with troubleshooting routes, pipelines, functions and general connectivity issues.
  • Added support authoring datagens from Sample files and live traffic captures.

Event Schema Validation

  • Added support for JSON Schemas for validating and enforcing integrity and structure of JSON events. Routing and other decisions can now be made on the outcome of the validation.
    More here.

Certificate and SSH Key Management

  • Added support for in-product uploading (and managing) of SSL/TLS Certificates that can be used with various Sources and Destinations. In distributed deployments it is now possible for a Master node to distribute certificates to Worker Groups as part of the configuration bundle. Uploading of SSH keys for git is also supported.

UX improvements on Routes, Pipelines and Functions

  • Added support for copying and pasting of routes, pipelines and functions.
  • Added support for visual grouping of functions within a pipeline.
  • Added support for cloning of Worker Group configurations.

Improvements or Changes


  • A large number of general UX improvements.

  • Moved all cribl.sh functionality into ./bin/cribl.

  • Added support for starting on boot via both systemd and initd.

  • Exposed status reporting in Monitoring under Sources and Destinations.

  • Exposed license consumption in Monitoring.

  • Added support for per route traffic metrics in logs.

  • Added Backpressure support for various Destinations.

  • Added ability to perform common name check on inbound TLS connections.

  • Added support for storing encrypted versions of password/phrase fields.

  • Various performance and optimizations across the board.

  • Optimizations and tuning improvements in metrics and status reporting.

  • Shipped a new license that expires on 2020-05-01.

  • Deprecated environment variables: CRIBL_CONFIG_LOCATION, CRIBL_SCRIPTS_LOCATION