Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up here)
Download entire manual as PDF – v.3.0.1

Diagnosing Issues

To help diagnose LogStream problems, you can share a diagnostic bundle with Cribl Support. The bundle contains a snapshot of configuration files and logs at the time the bundle was created, and gives troubleshooters insights into how LogStream was configured and operating at that time.

What's in the Diagnostic Bundle

The following directories (and their contents) off of $CRIBL_HOME are included:

  • /default/*
  • /local/*
  • /log/*
  • /groups/*
  • /state/jobs/* – includes only the latest 10 task from the latest 10 jobs.

Creating and Exporting a Diagnostic Bundle

Users can create and securely share bundles with Cribl Support either from the UI or from the CLI. In either case, you'll need outbound internet access to https://diag‑upload.cribl.io and a valid Support Case number.

Using the UI

To create a bundle, go to global ⚙️ Settings (lower left) > Diagnostics > Diagnostic Bundle and click Create Diagnostic Bundle.

  • To download the bundle locally to your machine, click Export.
  • To share the bundle with Cribl Support, toggle Send to Cribl Support to Yes, enter your case number, and then click Export.

You can create a bundle from individual workers if you have the Worker UI access setting enabled. Go to Workers > <worker-name> > Settings (top right) > Diagnostics > Diagnostic Bundle, and click Create Diagnostic Bundle.

Previously created bundles are stored in $CRIBL_HOME/diag. They're also listed in the UI, where you can re-download them or share them with Cribl Support.

Using the CLI

To create a bundle using the CLI, use the diag command. 

# $CRIBL_HOME/bin/cribl diag
Usage: [sub-command] [options] [args]

Commands:
get    - List existing Cribl LogStream diagnostic bundles
create - Creates diagnostic bundle for Cribl LogStream
send   - Send LogStream diagnostic bundle to Cribl Support, args:
   -c <caseNumber> - Cribl Case Number
  [-p <path>]      - Diagnostic bundle path (if empty, then new bundle will be created)


## Creating a diagnostic bundle
# $CRIBL_HOME/bin/cribl diag create
Created Cribl LogStream diagnostic bundle at /opt/cribl/diag/cribl-logstream-<hostname>-<datetime>.tar.gz.

## Creating and sending a diagnostic bundle
# $CRIBL_HOME/bin/cribl diag send -c 420420
Sent LogStream diagnostic bundle to Cribl Support

## Sending a previously created diagnostic bundle
# $CRIBL_HOME/bin/cribl diag send -p /opt/cribl/diag/cribl-logstream-<hostname>-<datetime>.tar.gz -c 420420
Sent LogStream diagnostic bundle to Cribl Support

Updated about a month ago

Diagnosing Issues

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.