On This Page

Home / Edge/ Working with Fleets and Edge Nodes/ Edge Nodes·Mapping Edge Nodes to Fleets

Mapping Edge Nodes to Fleets

Learn about Fleet Mappings and how to set up a Mapping Ruleset.

Fleet Mappings enable you to assign Edge Nodes to Fleets by applying specific rules defined in Mapping Rulesets. You can map Edge Nodes into Fleets based on geographical location, environment type, operating system, host, and more. This makes centralized configuration management easier for groups of Edge Nodes, and makes it easy for you to add and remove Edge Nodes from Fleets as your deployment scales.

Access Fleet Mappings

Click the Mappings tab (Manage > Mappings) to display status and controls for the active Mapping Ruleset.

Mappings status/controls
Mappings status/controls

This page displays a maximum of 10,000 results.

Mapping Rulesets

Within a Ruleset, a list of rules evaluate Filter expressions on the information that Edge Nodes send to the Leader.

To manage and preview the Rules in a Ruleset, click into it.

In a Ruleset, the order of Rules matters. The Filter section supports full JS expressions. The Ruleset matching strategy is first-match, and one Edge Node can belong to only one Fleet.

Managing Ruleset page
Managing Ruleset page

Only one Mapping Ruleset can be active at any one time, although a ruleset can contain multiple rules. The system should contain at least one defined and present Fleet. system.

Create a Mapping Ruleset

To create a Mapping Ruleset:

  1. Select Manage on the top nav > Mappings.
  2. Select Add Ruleset.
  3. Give the New Ruleset a unique ID and click Save.
  4. Select Configure and start adding rules with Add Rule.

As you build and define rules, the Preview pane will display all the Edge Nodes that will map to Fleets matching your defined rules.

You must activate a ruleset before the Leader can use it. To activate it, go to Mappings and click Activate on the required ruleset. The Activate button will then change to an Active toggle. Using the adjacent buttons, you can also Configure or Delete a ruleset, or Clone a ruleset if you’d like to work on it offline, test different filters, etc.

Although not required, you can configure Edge Nodes to send a preferred Fleet name with their payload (found in payload’s cribl.group key) See Mapping Order of Priority for how this ranks in mapping priority.

For platform-specific mapping, set the platform property to win32 for Windows, or to linux for Linux.

Example Mapping Rule

Within a Mapping Ruleset, click Add Rule to define a new rule. Assume that you want to define a rule for all hosts that satisfy this set of conditions:

  • IP address starts with 10.10.42, AND:
  • More than 6 CPUs OR CRIBL_HOME environment variable contains DMZ, AND:
  • Belongs to Fleet420.

Rule Configuration

  • Rule Name: myFirstRule
  • Filter: (conn_ip.startsWith('10.10.42.') && cpus > 6) || env.CRIBL_HOME.match('DMZ')
  • Fleet: Fleet420

Default Fleet and Mapping

A Cribl Edge instance will create the following automatically when it runs as Leader:

  • A default_fleet Fleet.
  • A default Mapping Ruleset,

Mapping Order of Priority

Priority for mapping to a Fleet is as follows: Mapping Rules > Fleet (cribl.group) sent by Edge Node > default_fleet Fleet.

  • If a Filter matches, use that Fleet.
  • Else, if an Edge Node has a Fleet defined, use that.
  • Else, map to the default_fleet Fleet.

Manage Edge Nodes on Multiple Platforms

The Leader is unaware of Edge Nodes’ platforms, such as Linux or Windows, within a Fleet, which means the ConfigHelper omits platform-specific limitations. Therefore, when you manage Edge Nodes on heterogeneous platforms, create a Windows-specific Fleet and mapping.

For what’s supported on Windows, see Cribl Edge on Windows.

Additional Metadata

Edge Nodes can pass additional metadata to the Leader when Edge is connected to an AWS EC2 instance or running in a container.

Additionally, Cribl Edge Nodes will surface the following metadata from your AWS instance when the data is available:

  • Security Groups
  • Identity, including Account ID and Instance ID
  • Roles
  • Tags
  • Public IPv4
  • Hostname

Find Edge Nodes Running in a Container

Edge Nodes running in a container report additional metadata about the container to the Leader. This helps you quickly identify which of your Edge Nodes are running in a container from the Leader UI and map them to the appropriate Fleets.

When Cribl Edge is running in a container, you will see the hostOs property in events collected by the System State Source. This object will contain properties about the container when they’re available, such as:

  • arch
  • cpu_count
  • cpu_speed_mhz
  • cpu_type
  • interfaces
  • memory
  • platform
  • release
  • hostname
  • timezone

From the Mappings menu, you will also see the hostOs property in the Edge Node info panel. This object will include the id, addresses, and version of the container when available.

interfaces is a set of key-value pairs that contain an array of CIDR values.

Collect AWS EC2 Instance Tag Metadata

If Cribl Edge is connected to an AWS EC2 instance, you will see metadata for AWS instance tags in the Mappings tab. You can use tags to map EC2 Nodes to the correct Fleet.

For Cribl Edge to obtain tags, you must allow access to tags in the EC2 instance metadata.