On This Page

Home / Edge/ Cribl Edge on Linux·Installing Cribl Edge on Linux

Installing Cribl Edge on Linux

You can install Cribl Edge in a supported Linux environment either connected to a Leader Node, alongside Cribl Stream, or in multiple instances on one host.

Minimum Requirements

The following requirements are the minimum for installing and running an Edge Node on Linux.

Linux DistributionMinimum Requirements
RedHat, CentOS, Ubuntu, AWS Linux, Suse~1Ghz processor, 512MB RAM, 5GB free disk space (more if persistent queuing is enabled on Edge Nodes)

Edge Node sizing depends on specific workload requirements and organizational constraints. For more detailed information about requirements for complex deployments, see Deployment Planning.

Download Cribl Edge

  1. First, download the install package, which is the same binary as Cribl Stream, to your Linux machine.

  2. Next, ensure that required ports are available (see Network Ports).

  3. Then, you can install and run any of the following:

Install Cribl Edge

These instructions explain how to run Cribl Edge locally on your own machine and connect it to a Leader Node.

  1. Un-tar the install package in a directory of choice, and rename the resulting cribl directory to cribl-edge, for example:

    cd /opt/ 
tar xvzf cribl-<version>-<build>-<arch>.tgz
mv /opt/cribl/ /opt/cribl-edge

To prevent issues with Cribl file operations, /opt/cribl and all its subdirectories must reside on the same device. Mounting separate devices within /opt/cribl is not recommended. For external storage needs, such as lookups or Persistent Queues (PQs), create a completely separate directory outside of /opt/cribl. While /opt/cribl is the default installation path, Cribl can be installed to other locations if necessary.

  1. Set the renamed directory, (for example, /opt/cribl-edge/), as your $CRIBL_HOME directory.

To make the $CRIBL_HOME environment variable available on your command line, you can:

  • Assign it once, using the export command:
    export CRIBL_HOME=/opt/cribl-edge
  • Set it as a default, by adding it to your to your terminal profile file.

  1. Change the ownership of the installation to run Cribl Edge as a non-privileged user:

    chown -R cribl:cribl /opt/cribl-edge

  2. Start the Cribl service:

    /opt/cribl-edge/bin/cribl start

  3. Set the installation mode to mode-managed-edge to connect the Node to the designated Leader:

    /opt/cribl-edge/bin/cribl mode-managed-edge /
   -H <leader-hostname-or-IP> /
   -p <port> /
   -u <token> /
  [-g <fleet>]

    <token> must match the Leader token, to ensure a connection with the Leader. Get the Leader token from Settings > Global > System > Distributed Settings > Leader Settings > Auth token.

    The new Node will be assigned to a Fleet on the Leader, either default_fleet, or a different one according to Fleet mappings.

    You can manually point to a specific Fleet by providing its name as -g <fleet>, but Fleet mappings will override this choice.

    If you only need a Single-instance deployment of Cribl Edge (without a Leader), use mode-edge instead of mode-managed-edge. In that case you don’t need to provide the Leader token.

  4. Configure the installation as a service and restart it:

    /opt/cribl-edge/bin/cribl boot-start enable -m systemd -u cribl
sudo systemctl restart cribl-edge.service

    To find out more about the boot-start command, see Enabling Start on Boot.

  5. Finally, go to http://localhost:9420 (or another port you defined) and log in with default credentials (admin:admin). You can now start configuring Cribl Edge with Sources and Destinations, or start creating Routes and Pipelines.

For more ways to configure Leader and Edge Nodes, see Set Up Leader and Edge Nodes.

Cribl Edge and Cribl Stream on the Same Host

You can run an Edge Node with a Leader that is managing Cribl Stream, or an Edge Node and a Stream Worker Node on the same host. To accommodate these scenarios, each product has a distinct service name:

  • cribl-edge.service for Cribl Edge.
  • cribl.service for Cribl Stream.

Here, Cribl recommends un-tarring the download package twice, into two separate directories. This setup frees you to update and run each product individually. You could choose, e.g., /opt/cribl-edge and /opt/cribl:

cd /opt
tar zxvf /tmp/cribl-<version>-<build>-<arch>.tgz
mv cribl cribl-edge
tar zxvf /tmp/cribl-<version>-<build>-<arch>.tgz

The installation and configuration sequence will be the same for each product:

  1. Change the ownership for both installations.

    Run Cribl Stream as a non-privileged user:

    chown -R cribl:cribl /opt/cribl

    Run Cribl Edge as a non-privileged user:

    chown -R cribl:cribl /opt/cribl-edge
Do NOT Run Cribl Edge as Root!

To listen on low ports 1-1024, Cribl Edge needs privileged access. You can enable this on systemd by adding this configuration key to your override.conf file:

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE

If you want to add extra capabilities, such as reading certain resources (e.g., /var/log/*), add CAP_DAC_READ_SEARCH in a space-separated format as follows:

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH

Alternatively, you can use ACLs to allow Cribl Edge to read files.

For details, see Running Edge as an Unprivileged User.

  1. Set the correct mode, and configure each installation as a service. The -H and -p parameters are required.

    For Cribl Edge:

    /opt/cribl-edge/bin/cribl mode-managed-edge -H <leader-hostname-or-IP> -p <port> [options] [args]

/opt/cribl-edge/bin/cribl boot-start enable

sudo systemctl restart cribl-edge.service


    For Cribl Stream:

    /opt/cribl/bin/cribl mode-worker -H <leader-hostname-or-IP> -p <port> [options] [args]

/opt/cribl/bin/cribl boot-start enable

sudo systemctl restart cribl.service
Managing IP Addresses

By default, Cribl Edge’s API listens on port 9420, instead of on Cribl Stream’s default 9000 port. Some things to note:

  • You can set the CRIBL_EDGE environment variable to any value to bind to 0.0.0.0, instead of to the 127.0.0.1 address.
  • If you are starting Cribl Edge from the CLI, make sure you set the -H parameter to 0.0.0.0.
  • If you connect your Edge Node to a Leader, the Node will automatically update the binding IP address to the one configured in the Leader’s Fleet Settings. For an Edge Node to always listen on all IP addresses, you must update the Leader’s Host value. (In the Leader’s UI, go to Fleet Settings > System > General Settings, and change the Host field to 0.0.0.0.)
  • You can disable listening on the port by toggling Listen on port to off in Fleet Settings > General Settings > Advanced.

Continue with Setting Up Leader and Edge Nodes for Edge, and Setting Up Leader and Worker Nodes for Stream.

Multiple Installations of Same Product on Same Host

There are situations where it makes sense to run multiple Cribl Edge or Cribl Stream installations on the same host. For example, suppose two departments want to collect the data at the edge – and each wants to process the data differently, and to deploy its own Helm chart as a daemonset.

To support this: After un-tarring the installation package, copy or move it into a separate directory for each installation. For example, if you’re creating two Cribl Edge installations:

cd /opt
tar zxvf /tmp/cribl-<version>-<build>-<arch>.tgz
cp -r cribl/ cribl-edge-01/
mv cribl/ cribl-edge-02/

The installation and configuration procedure is the same as described for collocated Cribl Edge and Cribl Stream above, except that you must:

  • Omit steps pertaining to the product you are not installing.
  • Repeat steps pertaining to the product you are are installing – once for each instance of the product.

Ensure that each instance of the product runs on its own dedicated port. Either:

  • Specify different ports when you run the mode-managed-edge or mode-worker command; or,
  • On the host, set the CRIBL_AUTO_PORTS environment variable to 1.

Troubleshooting Resources

Cribl University’s Troubleshooting Criblet on Switching from Cribl Edge to Cribl Stream demonstrates these techniques for integrating Edge with Stream. To follow the direct course link, first log into your Cribl University account. (To create an account, select the Sign up link. You’ll need to click through a short Terms & Conditions presentation, with chill music, before proceeding to courses – but Cribl’s training is always free of charge.) Once logged in, check out other useful Troubleshooting Criblets and Advanced Troubleshooting short courses.