Cribl Search 4.17.0
| PRODUCT | DATE | RELEASE | ADDITIONAL RESOURCES |
|---|---|---|---|
| Search | 2026-03-11 | Feature | Known Issues, Cribl Lake Release Notes |
Cribl Search 4.17.0 adds a whole new way of using Cribl Search: lakehouse engines, data explorer, and AI-powered investigations (in Preview).
It also reinvents the existing federated-search architecture, and adds support for running queries natively on Azure.
Lakehouse Engines for Faster, AI-Enabled Searches
Ingest data directly into Cribl Search, store it in high-performance lakehouse engines, and run schema-aware, AI-assisted searches without routing through Cribl Stream.
Just add an engine and connect your Sources. Cribl Search automatically parses your events and organizes them into Datasets, which you can query in minutes instead of hours.
Available only in Cribl.Cloud Enterprise
Investigations for AI-Guided Analysis (Preview)
Cut resolution time with AI-powered investigations that highlight anomalies, isolate root causes, and suggest actionable next moves. Start from a question, let the AI generate and refine KQL queries across relevant Datasets, and capture the results as a shareable Notebook.
Make sure to enable Cribl Copilot for your Cribl.Cloud Organization first.
Available only in Cribl.Cloud Enterprise
Data Explorer for Knowing Your Data Before Searching
Use the data explorer to inspect your Datasets before running a search. For Datasets stored a lakehouse engine, you can also look up available fields to craft more efficient queries.
Available only in Cribl.Cloud Enterprise
Federated Search Evolution
Federated search is how we refer to Cribl Search’s pre-existing “search-in-place” capabilities: querying data where it lives, without needing to process it first.
v2 Architecture for Faster Federated Searches
Cribl Search now features a new, high-performance architecture for federated queries: federated search v2.
For now, you can use v2 Datatypes and Datasets with Amazon S3 and Azure Blob for NDJSON and delimited text formats.
Available only in Cribl.Cloud Enterprise
Native Microsoft Azure Support
Cribl Search can now execute federated searches on Azure, boosting query performance and reducing cross-cloud egress.
You can also configure Azure Blob Storage Dataset Providers over Azure Private Link for secure, in-tenant connectivity.
Available only in Cribl.Cloud Enterprise
Federated Engine for Easy Control Over Resources
Choose the size of your federated engine to easily control federated search capacity and costs across your Workspace.
Current subscriptions and pay-as-you-go plans remain unchanged. You can switch to the Federated Engine model when your contract allows.
Available only in Cribl.Cloud Enterprise
Dashboard Improvements
Dashboard Groups for Better Panel Organization
Dashboard groups let you organize related panels into named, collapsible sections for easier navigation.
Scheduled Searches Disabled on Cloned Dashboards
Cloning a dashboard no longer activates its scheduled searches by default, preventing excess background queries. Existing schedule settings are preserved, so you can re-enable them when needed.
AI Features
Custom AI Provider Support: Bring Your Own Model
Route Cribl AI features through your own managed LLM to gain tighter control over data privacy, compliance, and AI usage and spend.
This release supports foundational models from OpenAI (via Microsoft Foundry) and Anthropic (via Amazon Bedrock), with more to come. Configure your provider in the AI settings of your Cribl.Cloud Workspace.
Not available in Cribl.Cloud Government
Cribl MCP Server Is Now Generally Available
You can now use the official Cribl Model Context Protocol (MCP) server to let AI assistants interface directly with your Cribl environment. Access system metrics, alerts, and configurations, or use Cribl Search capabilities like natural language-to-KQL translation and Notebook management.
Corrections
| ID | Description |
|---|---|
SEARCH-10819 | Snap-to time operations (like @d and @w) now align with your selected timezone, instead of UTC. |
| SEARCH-8592 | tostring() now returns a readable JSON string for JSON fields, instead of [object Object]. |
| SEARCH-12199 | Notebook Markdown cells now capture typing reliably without unexpected line breaks. |
SDK Changelogs
The Cribl SDKs help you integrate with Cribl and reduce the need for repetitive tasks. We maintain changelogs for each version of the Cribl SDKs in their GitHub repositories:
- Go SDK changelogs: control plane and management plane
- Python SDK changelogs: control plane and management plane
- Typescript SDK changelogs: control plane and management plane