2019-02-19 - Cribl LogStream v1.4 is now available.
- Added capability to work with structured events in various formats: CSV, K=V Pairs, Extended Log File Format, Common Log Format, and JSON
- Added capability to extract field or re-write (re-serialize) parsed and modified events to original format
- Added capability to filter fields based on
- Added out of the box parsing support for the following sources:
Palo Alto: Traffic, Threat, System and Config events
AWS: ALB, ELB, VPC Flow Logs, CloudFront, S3 Server Access Logs
Apache Access: Combined and Common Log Formats
- Added capability suppress (drop) incoming events based on an arbitrary key expression
- Added capability to mark only suppressed events. Useful for other downstream decisions.
- Added support for accepting events via Splunk HEC.
- HEC capability supports the
/services/collectorevent-endpoint for JSON-formatted events
- Added support for real-time status reporting of configured sources and destinations. Various metrics include bytes & events in buffer, bytes & events out, last connect time, and error messages.
- Added capability to execute scripts on demand
- This enables Cribl admins to fire automation tasks directly from the UI. (e.g., on config change)
- Added support for end-to-end for previewing data transformations
- Preview is now no longer limited to a single pipeline
C.Net.isPrivate()functions to help with manipulating of network related fields/events
C.Text.hashCode()functions to help with text hashcode and entropy calculations.
- General UX improvements and Fixes
- Added command line options to change mode:
mode-searchhead - Configure Cribl for running on a Splunk Search Head. This will disable all event processing routes and pipelines.
mode-hwf - Configure Cribl for running on a Splunk Heavy Forwarder. Default mode.
mode-idx - Configure Cribl for running in a Splunk Indexer (demo package only).