These docs are for Cribl Edge 4.12 and are no longer actively maintained.
See the latest version (4.13).
Cribl.Cloud vs. Self-Hosted
A Cribl.Cloud deployment differs in several ways from a customer-managed (on-prem) deployment of Cribl Suite software on your own infrastructure. Keep in mind these differences as you choose how to launch Cribl Edge. Also consider these differences as you navigate the product’s UI, in-app help (including tooltips), and documentation.
Cribl Edge and Cribl.Cloud
A Cribl.Cloud deployment lets you connect your Edge Nodes to a Cloud-hosted Leader Node.
In contrast with Cribl Stream, where you have the option to use Cribl-managed Worker Groups, Cribl Edge Fleets can only be customer-managed. They still benefit from all the features of running a Cloud-hosted Leader Node that are listed on this page.
Cloud-Only Features
Certain Cribl products and features are available only on Cribl.Cloud:
- Cribl Search, an application for searching, exploring, and analyzing machine data in place and at API endpoints.
- Cribl Lake, a data lake solution for long-term, full-fidelity data storage.
- Workspaces, an option for isolating parallel Cribl Leaders with separate access controls and other configurations.
For details about how all Cribl products interoperate to manage data, see Cribl Reference Architecture, Full-Suite.
Simplified Administration
Cribl.Cloud has been designed with options to accommodate everyone – from first-time evaluators to Enterprise customers who manage a worldwide network of private-cloud, public-cloud, and/or data-center deployments.
Cribl.Cloud’s Free offering is designed to help you launch Cribl Edge – and to start processing data – as quickly and easily as possible. Upgrading to a paid Standard or Enterprise plan provides expanded deployment and configuration options.
For a comparison of features in Free, Standard, and Enterprise Cribl.Cloud plans, see Pricing.
Simplified Distributed Architecture
Cribl.Cloud is preconfigured as a Distributed deployment. A Free or Standard plan allows only a single Fleet, and some Distributed Settings cannot be configured.
Git Preconfigured
Without an Enterprise plan, the Settings > Global > System > Git Settings section is omitted. However, a local git client is preconfigured in your Cribl.Cloud Organization. On the top nav, use the Version Control button (with a branched symbol) to commit/push changes to git. Select Deploy to deploy your committed changes. Cribl.Cloud does not support Git remote repos.
Automatic Restarts and Upgrades
Without an Enterprise plan, the Settings > Controls link are omitted. Cribl handles Leader and Fleet restarts automatically on your behalf.
Simplified Access Management and Security
In Cribl.Cloud, you can manage access control for your Organization by selecting Organization in the sidebar and then selecting Members & Teams. The options on this tab will vary depending on your plan.
If you have a Cribl.Cloud Enterprise plan, you can use the Key Management Service (KMS), which maintains the keys Cribl Edge uses to encrypt secrets on Fleets and Edge Nodes. Go to Settings > Security > KMS to configure KMS.
If you add an Enterprise Plan, cloud and hybrid Leaders support Local and Google SSO authentication, along with OpenID Connect (OIDC) and SAML federated authentication. Cribl.Cloud does not currently support LDAP.
Permission- and Role-based access control (RBAC) is simplified in Cribl.Cloud. For details, see Permissions.
Security Features Comparison: Self-Hosted vs. Cribl.Cloud
The following table outlines the security responsibilities for self-hosted and Cribl.Cloud deployments, highlighting key differences in deployment security, data protection, threat detection, and access control.
| Feature | Self-Hosted | Cribl.Cloud |
|---|---|---|
| Deployment Security | Customer responsible for securing the deployment environment (network isolation, physical access control, user access management). | Cribl manages the security of the cloud infrastructure. |
| Configuration Security | Customer responsible for securing configuration files and tokens. | Cribl manages the security of configuration files and tokens. |
| Git Configuration Security | Customer responsible for securing the Git repository. | Cribl manages the security of the Git repository. |
| Data at Rest | Customer responsible for encryption and key management. | Encrypted at rest by using industry standard encryption (e.g., AES-256) for storage services. |
| Data in Motion | Customer configures encryption (TLS) for data in transit. | Preconfigured TLS for some Sources. Can be further configured. |
| Threat Detection & Response | Customer responsibility. Use Cribl Stream security features (limited) and external tools. | Cribl bolsters its security posture with internal security teams and an external MSSP, ensuring comprehensive protection for its production and corporate environments through threat detection, workload scanning, and vulnerability management. |
| Patch Management | Customer responsible for applying security patches to Cribl Stream and underlying infrastructure. | Cribl manages patching of Cribl.Cloud (Cribl-managed) infrastructure. |
| Access Control | Customer configures user Roles and Permissions (RBAC). | Simplified RBAC with Enterprise plans offering advanced options (SSO, KMS). |
| Authentication | Customer configures authentication methods. | Local and SAML/OIDC IDP with Enterprise plans (additional options). |
| Key Management | Customer manages encryption keys. | Enterprise plans offer Key Management Service (KMS) for key storage. |
| Compliance | Customer responsible for adhering to compliance standards. | SOC 2 Type II compliant and GDPR-compliant (Cribl.Cloud). |
Transparent Licensing
The Cribl.Cloud sidebar does not display a Settings > Global > Licensing link, nor does the Monitoring > System submenu include Licensing. Your plan is managed by your Cribl.Cloud Organization, where you can check credits and usage history on the Billing tab.
Other Simplified Settings
These features are available only in on-prem deployments:
- Settings > Global > Scripts (if enabled – Cribl.Cloud does not support configuring or running shell scripts).
Configuring persistent queues in a Cribl.Cloud deployment requires an Enterprise plan. You can freely define the Queue size limit on your Edge Nodes, based on the disk space you provision.
Available Ports and TLS Configurations
To get data into Cribl.Cloud, your Cribl.Cloud Organization provides several Sources and ports already enabled for you, plus 11 additional TCP ports (20000-20010) that you can use to add and configure more Cribl Edge Sources.
TLS Details
TLS encryption is pre-enabled for you on several Sources, also indicated on the your Workspace’s Data Sources tab.
Cribl HTTP and Cribl TCP Sources/Destinations
Use the Cribl HTTP Destination and Source, and/or the Cribl TCP Destination and Source, to relay data between Edge Nodes that are either connected to the same Leader or different Leaders. For more information about transferring data across Organizations, go to Transfer Data Between Workspaces or Environments.
This traffic does not count against your ingestion quota, so this routing prevents double-billing. (For related details, see Exemptions from License Quotas.)