Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up here)
Download entire manual as PDF – v.3.1.2

v.3.1.2 Release

16 days ago by Michael Katz

2021-10-05 – Cribl LogStream 3.1.2 – Maintenance Release

New Features

This release provides the following improvements:

CRIBL-6082 To integrate with New Relic's revised ingestion APIs, LogStream's New Relic Destination is updated to authenticate via New Relic's Ingest License API keys. For clarity, this Destination has been renamed New Relic Ingest Logs & Metrics. This release also adds a separate New Relic Events Destination to export freely structured events to New Relic.

CRIBL-6112, CRIBL-6105, CRIBL-6115 LogStream's UDP Sources and Destinations now support the IPv6 protocol. New C.Net.isIpV4AllInterfaces() and C.Net.isIpV6AllInterfaces() internal methods distinguish between IPv4 versus IPv6 addresses.

CRIBL-6152 A new C.Crypto.createHmac() internal method generates hash-based message authentication codes.

CRIBL-6109 The LogStream left nav's Help tab now provides a link to the new Cribl Support Portal.

CRIBL-5192 Leader Settings now auto-generate a script to bootstrap Workers.

CRIBL-6289 A UI shortcut is also available to auto-generate a script that updates existing Workers' assignments to Worker Groups.

CRIBL-6179 Upgrading via the Leader's UI has graduated from Beta to GA. Woo!

Breaking Change

CRIBL-5893 On four Sources, the final split character between the input_id and the appended content type has been changed from : to - . The affected Sources are: Prometheus Scraper, Office 365 Services, Office 365 Activity, and Office 365 Message Trace.

This change corrects file read error messages when opening Job Inspector logs, where the : conflicted with the reserved : concatenation character in the preceding <inputType>:<inputId>.

However, if your Route or Pipeline expressions evaluated on the : separator (e.g.: __inputId==office365_mgmt:client1:SharePoint_Activity), you will need to update these expressions accordingly (in this example, to:
__inputId==__inputId==office365_mgmt:client1-SharePoint_Activity). Generically, the format change is from <inputType>:<inputId>:<contentType> to inputType>:<inputId>-<contentType>.


This release includes the following fixes:

Security, Authentication, and Git Integration Fixes

CRIBL-6142 Worker Groups' TLS > Certificate Name drop-down no longer shows Leaders' certificates.

CRIBL-4790 TLS Settings now expose the API Server's CA certificate. This can be sent to clients to validate self-signed certificates.

CRIBL-6134 With Git > Collapse Actions enabled, the Commit & Push option now works correctly.

Source, Collector, and Destination Fixes

CRIBL-5335 All HTTP Sources now provide a configurable Activity log sample rate setting to reduce noise on internal logs, by suppressing info events that track request activity.

CRIBL-4784 Corrected S3 Source's Total VisibilityTimeout errors on SQS queues.

CRIBL-6086 The Google Pub/Sub Source now authenticates correctly over HTTPS when proxy variables are set.

CRIBL-6075 The Office 365 Services, Activity, and Message Trace Sources now correctly close TCP connections when jobs terminate.

CRIBL-5935 On Splunk Load Balanced Destinations, corrected a race condition that threw an error when Worker Processes started up during Splunk indexer discovery.

CRIBL-5937 Improved the Azure Blob Storage Destination's logging to prevent (or debug) files' filling up disk space.

CRIBL-5725 Deleting a Destination now deletes any Notifications that the Destination generated.

Pipelines Fixes

CRIBL-6124 Corrected the Aggregations Function's data loss in pre-processing Pipelines.

CRIBL-6213 A deleted Pipeline's name can now be reused on a new Pipeline without errors.

Packs Fixes

CRIBL-6245 The Packs page now loads correctly on single-instance deployments.

CRIBL-5537 Importing a Pack containing custom functions now displays a security warning and confirmation challenge.

Monitoring, Logging, and Preview Fixes

CRIBL-6166 Modifying Collectors' Preview > Capture settings no longer breaks capture behavior elsewhere.

CRIBL-6126 Capture filenames now include timestamps to prevent filename reuse.

CRIBL-6210 Routes context menu's Capture option now works correctly on Worker Nodes.

CRIBL-6212 Corrected Data Flow visualizations' details.

Other UX/UI Fixes

CRIBL-6247 On Routes actively receiving data, corrected spurious "Unreachable" warning.

CRIBL-6196 The Workers page now displays a vertical scroll bar.

CRIBL-6092 Corrected the Groups tab's delay before displaying the default Worker Group.

Documentation Fixes

CRIBL-6174, CRIBL-6152 Documented new C.Net.isIpV4AllInterfaces(), C.Net.isIpV6AllInterfaces(), and C.Crypto.Hmac() internal methods.

CRIBL-5136 The Publish Metrics Function doc now describes metric types.

CRIBL-6259 Corrected the Health API's generated docs.

The Cribl.Cloud Deployment docs now cover Organization selection and management.