Cribl Search Notebooks (Preview)
Combine searches, visualizations, and notes into a single collaborative document.
Why Use Notebooks
A Notebook is a document-like workspace in Cribl Search where you and other data analysts can combine search queries, data visualizations, and Markdown notes into persistent, shareable investigations.
Here’s what you can do with Notebooks:
- Reiterate: Run multiple searches next to one another, for faster, more efficient investigations.
- Annotate: Add context and clarity with Markdown notes for rich storytelling.
- Collaborate: Share your work through fine-grained edit or read-only permissions.
- Control: See who, and when, last edited your Notebook.
- Summarize: Use Cribl Copilot to generate summaries of your findings, and run queries from natural language.
Start working with Notebooks from anywhere in Cribl.Cloud: On the top bar, select Products > Search > Notebooks.
What’s in a Notebook
A Notebook consists of search cells and note cells.
Notebook Maintainers can add and edit cells, move them up and down, or clone them. Read Only users can view the cells and their results. Read more on Notebooks access.
Start a New Notebook
You can create an empty Notebook, and then add searches and notes as needed.
- Go to the Notebooks page in Cribl Search: On the top bar, select Products > Search > Notebooks.
- Select Add Notebook. Your new Notebook opens and gets autosaved.
- Start running searches and adding notes.
You can start a Notebook from a search you just ran.
- Start running your search from Search Home.
- Select the Actions drop-down, and select Add to Notebook.
- Enter the Notebook name.
- Enter the Cell title. This will be the name of the search cell in your Notebook.
- Select Add & Go to Notebook.
You can turn any saved search (as long as it’s not part of a Pack) into a Notebook search cell, creating a new Notebook.
- Go the Saved Searches page in Cribl Search: On the top bar, select Products > Search > Saved Searches.
- Select the Actions button to the right of a search, and select Add to Notebook.
- Enter the Notebook name.
- Enter the Cell title. This will be the name of the search cell in your Notebook.
- Select Add & Go to Notebook.
You can turn any search kept in History into a Notebook search cell, creating a new Notebook.
Go the History page in Cribl Search: On the top bar, select Products > Search > History.
Select the Actions button to the right of a search, and select Add to Notebook.
Enter the Notebook name.
Enter the Cell title. This will be the name of the search cell in your Notebook.
Select Add & Go to Notebook.
Add Searches to Your Notebook
You can run multiple new searches directly from your Notebook. You need to be the Notebook Maintainer for this.
- Open an existing Notebook or create a new one.
- At the bottom of the Notebook, select New Search. A cell with a query box opens.
- Run your query, as you would anywhere else in Cribl Search. To learn how, see some quick examples, or this tutorial: Write Your First Query. If your Organization has Cribl Copilot enabled, you can also use your search cells to run natural-language queries.
- To add another query, select New Search again. You can start another search while the first one is still running.
You can add a search you just ran to an existing Notebook. You need to be the Notebook Maintainer for this.
- Start running your search from Search Home.
- Select the Actions drop-down, and select Add to Notebook.
- Select Use Existing.
- Select the Notebook.
- Enter the Cell title. This will be the name of the search cell in your Notebook.
- Select Add & Go to Notebook.
You can turn any saved search (as long as it’s not part of a Pack) into a Notebook search cell, adding it to an existing Notebook. You need to be the Notebook Maintainer for this.
- Go the Saved Searches page in Cribl Search: On the top bar, select Products > Search > Saved Searches.
- Select the Actions button to the right of a search, and select Add to Notebook.
- Select Use Existing.
- Select the Notebook.
- Enter the Cell title. This will be the name of the search cell in your Notebook.
- Select Add & Go to Notebook.
You can turn any search kept in History into a Notebook search cell, adding it to an existing Notebook. You need to be the Notebook Maintainer for this.
- Go the History page in Cribl Search: On the top bar, select Products > Search > History.
- Select the Actions button to the right of a search, and select Add to Notebook.
- Select Use Existing.
- Select the Notebook.
- Enter the Cell title. This will be the name of the search cell in your Notebook.
- Select Add & Go to Notebook.
Add Notes to Your Notebook
You can add Markdown-formatted notes to your Notebook using headings, lists, links, and more. See Markdown Guide for basic syntax.
You need to be the Notebook Maintainer for this.
- Open an existing Notebook or create a new one.
- At the bottom of the Notebook, select Add Note. A new note cell opens.
- Write your notes using Markdown. The Notebook gets autosaved.
Summarize Your Notebook With Cribl Copilot
If your Organization has Cribl Copilot enabled, you can generate an AI summary of your Notebook findings.
- Open an existing Notebook or create a new one.
- In the top-right corner, select Summarize.
A summary of your Notebook appears in a new note cell at the top of the Notebook. You can edit the summary as needed.
Export Notebook Search Results
You can export the results of a Notebook search as a CSV or NDJSON file.
- Open an existing Notebook or create a new one.
- In a search cell, select the Actions
button. - From the drop-down, select Export as, and then either Export Results as CSV or Export Results as NDJSON.
Export a Notebook Chart
You can export a Chart contained in a Notebook search cell, as a JPG or PNG file.
- Open an existing Notebook or create a new one.
- In a search cell, select the Actions
button.
- From the drop-down, select Export as, and then either Export Chart as JPG or Export Results as PNG.
Share Your Notebook
You can allow others to view or edit your Notebook at any time. For example, you might want to:
- Invite colleagues to join the investigation and contribute their expertise.
- Let others retrace your steps and pick up where you left off.
- Tell the full story behind your analysis, so stakeholders can understand how you reached your conclusions and review any assumptions you made.
You can share a Notebook with other Members or Teams. You need to be the Notebook Maintainer for this.
- Open an existing Notebook or create a new one.
- In the top-right corner, select the Share button. Now, you can see who has access to the Notebook and at what level.
- Search for the Members or Teams you want.
- Select the access level (Read Only or Maintainer). For details, see Notebooks Access.
- Confirm with Add Access.
Notebooks Access
By default, your Notebooks are available to you, Search Admins, Organization Admins, and Organization Owners.
| Search Member Type | Create Notebooks | List Notebooks | Delete Notebooks |
|---|---|---|---|
| Search Editor | ✓ | Only own or shared | Only own or shared |
| Search User | ✓ | Only own or shared | Only own or shared |
| Search Admin | ✓ | ✓ | ✓ |
| Organization Admin | ✓ | ✓ | ✓ |
| Organization Owner | ✓ | ✓ | ✓ |
When you share a Notebook, you can assign one of two access levels: Read Only or Maintainer. Here’s what each level allows:
| Action | Read Only | Maintainer |
|---|---|---|
| View the Notebook | ✓ | ✓ |
| View Results | ✓ | ✓ |
| Export Results | ✓ | ✓ |
| Open in Cribl Search | ✓ | ✓ |
| Rerun cells | ✓ | |
| Add cells | ✓ | |
| Edit cells | ✓ | |
| Delete cells | ✓ | |
| Share the Notebook | ✓ | |
| Delete the Notebook | ✓ |