Cribl - Docs

Getting started with Cribl LogStream

Questions? We'd love to help you! Meet us in #cribl (sign up)
Download manual as PDF

    Documentation

Standalone Deployment

Deployment guide to get you started with Cribl

There are at least two key factors that will determine the type of Cribl deployment in your environment:

  • Amount of Incoming Data: This is defined as the amount of data planned to be ingested per unit of time. E.g. How many MB/s or GB/day?

  • Amount of Data Processing: This is defined as the amount of processing that will happen on incoming data. E.g. Is most data passing through and just being routed? Or are there a lot of transformations, regex extractions, field encryptions? Is there a need for heavy re-serialization?

When volume is low and/or amount of processing is light, you can get started with a single instance deployment. See performance considerations. To accommodate increased load, you will need to scale up and perhaps out with multiple instances.

Single Instance Deployment

Distributed Deployment

Standalone Deployment


Deployment guide to get you started with Cribl

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.