Cribl Validated Architectures (CVAs) are opinionated architectural designs for deploying Cribl in cloud, on-prem, and hybrid environments.

While general Reference Architectures describe what is possible and offer flexible options, CVAs define what is recommended. They provide a specific set of architectural patterns and operational guardrails designed to ensure system stability, performance, and maintainability.

In Scope

​

This CVA document set targets technical practitioners and covers:

• A selection of reference topologies for the Cribl product suite.
• Guidance on when to use each pattern, including trade-offs and constraints.
• Roles and responsibility models across platform, security, and application teams.
• Data collection and delivery patterns (push, pull, Worker Group→Worker Group, Cribl Edge→Worker Group).
• Core design principles for Leaders, Workers, and Edge tiers.
• Recommended operational models for configuration management, monitoring, and incident response.

Out of Scope

​

This document set does not cover:

• Detailed capacity planning or Node-level sizing for specific workloads (events/sec, GB/day). Use the Cribl Stream/Edge sizing tools and workload tests in your lab environment instead.
• Vendor (or account-specific) service quotas, network limits, or granular cost modeling.