Cribl LogStream – Docs

Getting started with Cribl LogStream

Questions? We'd love to help you! Meet us in #cribl (sign up)
Download manual as PDF - v2.2.0

    Docs Home

Lookups Library

What Are Lookups

Lookups are data tables that can be used in Cribl LogStream to enrich events as they're processed by the Lookup Function. You can access the Lookups library under Knowledge > Lookups, and its purpose is to provide a management interface for all lookups. The library is searchable, and each lookup can be tagged as necessary. Compressed files are supported but must be in gzip format (gz extension).

Lookups Library

How Does It Work

All files handled by the interface are stored in $CRIBL_HOME/data/lookups for standalone instances. For the paths used in distributed environments, see Distributed Deployments. You can use the Lookups Library interface to add, edit, and delete lookups within files/tables. To get started, click the Edit button to the right of a file.

Editing a lookups file

You can edit files in table or text mode. However, text mode is disabled for files larger than 1 MB.

Editing in table mode

Updated 4 days ago

Lookups Library

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.