Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up)
Download entire manual as PDF - v2.4.0

Known Issues

2020-01-14 – v.2.4.0 – Google Cloud Storage Destination Needs Extra Endpoint to Initialize

Problem: The Google Cloud Storage Destination fails to initialize, displaying an error of the form: Bucket does not exist!
Workaround: In the outputs.yml file, under your cribl-gcp-bucket key endpoint, add: https://storage.googleapis.com. (in a single-instance deployment, locate this file at $CRIBL_HOME/local/cribl/outputs.yml. In a distributed deployment, locate it at $CRIBL_HOME/groups/<group name>/local/cribl/outputs.yml.)
Fix: Planned for LogStream 2.4.1.

2020-01-13 – v.2.4.0 – Route Filters Aren't Copied to Capture Modal

Problem: On the Routes page, selecting Capture New in the right pane does not copy custom Filter expressions to the resulting Capture Sample Data modal. That modal's Filter Expression field always defaults to true.
Workarounds: 1. Bypass the Capture New button. Instead, from the Route's own ••• (Options) menu, select Capture. This initiates a capture with the Filter Expression correctly populated. 2. Copy/paste the expression into the Capture Sample Data modal's Filter Expression field. Or, if the expression is displayed in that field's history drop-down, retrieve it.
Fix: Planned for LogStream 2.4.1.

2020-01-13 – v.2.4.0 – Destinations' Documentation Doesn't Render from UI

Problem: Clicking the HelpHelp linkHelp linklink in a Destination's configuration modal displays the error message: "Unable to load docs. Please check LogStream's online documentation instead."
Workarounds: 1. Go directly to the online Destinations docs, starting here. 2. Follow the UI link to the docs landing page, click through to open or download the current PDF, and scroll to its Destinations section.
Fix: Planned for LogStream 2.4.1.

2020-01-13 – v.2.4.0 – Esc Key Doesn't Consistently Close Modals

Problem: Pressing Esc with focus on a modal's drop-down or slider doesn't close the modal as expected. (Pressing Esc with focus on a free-text field, combo box, or nothing does close the modal – displaying a confirmation dialog first, if you have unsaved changes.)
Workarounds: Click the X close box at upper right, or click Cancel at lower right.
Fix: Planned for LogStream 2.4.1.

2020-12-17 – v.2.3.0+ – Free-License Expiration Notice, Blocked Inputs

Problem: LogStream reports an expired Free license, and blocks inputs, even though Free licenses in v.2.3.0 do not expire.
Workaround: This is caused by time-limited Free license key originally entered in a LogStream version prior to 2.3.0. Go to Settings > Licensing, click to select and expand your expired Free license, and click Delete license. LogStream will recognize the new, permanent Free license, and will restore throughput.
Fix: Planned for LogStream 2.4.1.

2020-11-14 – v.2.3.3 – Null Fields Redacted in Preview, but Still Forwarded

Problem: Where event fields have null values, LogStream (by default) displays them as struck-out in the right Preview pane. The preview is misleading, because the events are still sent to the output.
Workaround: If you do want to prevent fields with null values from reaching the output, use an Eval Function, with an appropriate Filter expression, to remove them.
Fix: Preview corrected in LogStream 2.3.4.

2020-10-27 – v.2.3.2 – Cannot Name or Save New Event Breaker Rule

Problem: After clicking Add Rule in a new or existing Event Breaker Ruleset, the Event Breaker Rule modal's Rule Name field is disabled. Because Rule Name is mandatory field, this also disables saving the Rule via the OK button.
Fix: In LogStream 2.3.3.

2020-10-12 – v.2.3.1 – Deleting One Function Deletes Others in Same Group

Problem: After inserting a new Function into a group and saving the Pipeline, deleting the Function also deletes other Functions lower down in the same group.
Fix: In LogStream 2.3.2.
Workaround: Move the target Function out of the group, resave the Pipeline, and only then delete the Function.

2020-09-27 – v.2.3.1 – Enabling Boot Start as Different User Fails

Problem: When a root user tries to enable boot-start as a different user (e.g., using /opt/cribl/bin/cribl boot-start enable -u <some‑username>), they receive an error of this form:

error: found user=0 as owner for path=/opt/cribl, expected uid=NaN. 
Please make sure CRIBL_HOME and its contents are owned by the uid=NaN by running: 
[sudo] chown -R NaN:[$group] /opt/cribl 

Fix: In LogStream 2.3.2.
Workaround: Install LogStream 2.2.3 (which you can download here), then upgrade to 2.3.1.

2020-09-17 – v.2.3.0 – Worker Groups menu tab hidden after upgrade to LogStream 2.3.0

Problem: Upon upgrading an earlier, licensed LogStream installation to v. 2.3.0, the Worker Groups tab might be absent from the Master Node's top menu.
Fix: In LogStream 2.3.1.
Workaround: Click the Home > Worker Groups tile to access Worker Groups.

2020-09-17 – v.2.3.0 – Cannot Start LogStream 2.3.0 on RHEL 6, RHEL 7

Problem: Upon upgrading to v. 2.3.0, LogStream might fail to start on RHEL 6 or 7, with an error message of the following form. This occurs when the user running LogStream doesn't match the LogStream binary's owner. LogStream 2.3.0 applies a restrictive permissions check using id -un <uid>, which does not work with the version of id that ships with these RHEL releases.

id: 0: No such user
ERROR: Cannot run command because user=root with uid=0 does not own executable 

Fix: In LogStream 2.3.1.
Workaround: Update your RHEL environment's id version, if possible.

2020-09-17 – v.2.3.0 – Cannot Start LogStream 2.3.0 with OpenId Connect

Problem: Upon upgrading an earlier LogStream installation to v. 2.3.0, OIDC users might be unable to restart the LogStream server.
Fix: In LogStream 2.3.1.
Workaround: Edit $CRIBL_HOME/default/cribl/cribl.yml to add the following lines to its the auth section:

filter_type: email_whitelist
scope: openid profile email

2020-06-11 – v.2.1.x – Can't switch from Worker to Master Mode

Problem: In a Distributed deployment, attempting to switch Distributed Settings from Worker to Master Mode blocks with a spurious "Git not available...Please install and try again" error message.
Fix: In LogStream 2.3.0.
Workaround: To initialize git, switch first from Worker to Single mode, and then from Single to Master mode.

2020-05-19 – v.2.1.x – Login page blocks

Problem: Entering valid credentials on the login page (e.g., http://localhost:9000/login) yields only a spinner.
Fix: In LogStream 2.3.0.
Workaround: Trim /login from the URL.

2020-02-22 – v.2.1.x – Deleting resources in default/

Problem: In a Distributed deployment, deleting resources in default/ causes them to reappear on restart.
Workaround/Fix: In progress.

2019-10-22 – v. 2.0 – In-product upgrade issue on v2.0

Problem: Using in-product upgrade feature in v.1.7 (or earlier) fails to upgrade to v2.0, due to package-name convention change.
Workaround/Fix: Download the new version and upgrade per steps laid out here.

2019-08-27 – v.1.7 – In-product upgrade issue on v1.7

Problem: Using in-product upgrade feature in v1.6 (or earlier) fails to upgrade to v1.7 due to package name convention change.
Workaround/Fix: Download the new package and upgrade per steps laid out here.

2019-03-21 – v.1.4 – S3 stagePath issue on upgrade to v.1.4+

Problem: When upgrading from v1.2 with a S3 output configured, stagePath was allowed to be undefined. In v.1.4+, stagePath is a required field. This might causing schema violations when upgrading older configs.
Workaround/Fix: Reconfigure the output with a valid stagePath filesystem path.

Updated 3 days ago

Known Issues


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.