Cribl Search 4.17.0 (Coming Soon)
| PRODUCT | DATE | RELEASE | ADDITIONAL RESOURCES |
|---|---|---|---|
| Search | 2026-03-11 | Feature | Known Issues, Cribl Lake Release Notes |
The following draft provides early access to release notes for the upcoming Cribl Suite product release. Features or functionality presented are not considered binding commitments and are subject to change at the discretion of Cribl at any time for any reason without notice. This information should not be relied upon in making purchasing decisions.
Cribl Search 4.17.0 adds a whole new way of using Cribl Search: Lakehouse Engines, Data Explorer, and Copilot Investigations. It also reinvents the existing federated-search architecture with full backward compatibility for your current workflow, and adds support for running queries natively in Azure.
Lakehouse Engines for Faster, AI-Enabled Searches
You can now ingest data directly into Cribl Search, store it in high-performance Lakehouse Engines, and run schema-aware, AI-assisted searches without routing through Cribl Stream.
Just add an Engine and connect your Sources. Cribl Search automatically parses your events and organizes them into Datasets, which you can query in minutes instead of hours.
Not available in Cribl.Cloud Government.
Copilot Investigations for AI-Guided Analysis
Cut resolution time with AI-powered analysis that highlights anomalies, isolates root causes, and suggests actionable next moves.
Start from a question, let Cribl Copilot generate and refine KQL queries across relevant Datasets, and capture the results as a shareable Notebook.
Data Explorer for Knowing Your Data Before You Search
Inspect your Datasets before running a search. For Datasets stored in Lakehouse Engines, you can also look up available fields to craft more efficient queries.
Federated Search Evolution
Federated Search is the new name for Cribl Search’s existing “search-in-place” capabilities: querying data where it lives, without needing to process it first.
New Architecture for Faster Federated Searches
Cribl Search now uses an improved engine for federated queries into object storage like Amazon S3, Google Cloud Storage, and Azure Blob. The new architecture allows for significantly faster searches but preserves compatibility with your existing Datasets and query patterns.
Not available in Cribl.Cloud Government.
Native Microsoft Azure Support
Cribl Search can now execute federated searches directly in Azure, boosting query performance and reducing cross-cloud egress.
You can also configure Azure Blob Storage Dataset Providers over Azure Private Link for secure, in-tenant connectivity.
Federated Engine for Easy Control Over Resources
Choose the size of your Federated Engine (Small, Medium, Large, or XL) to easily control Federated Search capacity and costs across your Workspace.
Current subscriptions and pay-as-you-go plans remain unchanged. You can switch to the Federated Engine model when your contract allows.
Dashboard Improvements
Dashboard Groups for Better Organization
Dashboard Groups let you organize related panels into named, collapsible sections for easier navigation.
Scheduled Searches Disabled on Cloned Dashboards
Cloning a dashboard no longer activates its scheduled searches by default, preventing excess background queries. Existing schedule settings are preserved, so you can re-enable them when needed.
Custom AI Provider Support
Route Cribl AI features through your own managed LLM to gain tighter control over data privacy, compliance, and AI usage and spend. This release supports foundational models from OpenAI (via Microsoft Foundry) and Anthropic (via Amazon Bedrock), with more to come.
You can configure your provider in the AI settings of your Cribl.Cloud Workspace.
Not available in Cribl.Cloud Government.
Corrections
| ID | Description |
|---|---|
SEARCH-10819 | Snap-to time operations (like @d and @w) now align with your selected timezone, instead of UTC. |
| SEARCH-8592 | tostring() now returns a readable JSON string for JSON fields, instead of [object Object]. |
| SEARCH-12199 | Notebook Markdown cells now capture typing reliably without unexpected line breaks. |
SDK Changelogs
The Cribl SDKs help you integrate with Cribl and reduce the need for repetitive tasks. We maintain changelogs for each version of the Cribl SDKs in their GitHub repositories:
- Go SDK changelogs: control plane and management plane
- Python SDK changelogs: control plane and management plane
- Typescript SDK changelogs: control plane and management plane