Cribl Search 4.17.1 (Coming Soon)
| PRODUCT | DATE | RELEASE | ADDITIONAL RESOURCES |
|---|---|---|---|
| Search | 2026-04-22 | Maintenance | Known Issues, Cribl Lake Release Notes |
The following draft provides early access to release notes for the upcoming Cribl Suite product release. Features or functionality presented are not considered binding commitments and are subject to change at the discretion of Cribl at any time for any reason without notice. This information should not be relied upon in making purchasing decisions.
Summary
Cribl Search 4.17.1 introduces staggered Cribl.Cloud upgrade windows, adds IP allowlisting for API credentials, and improves the login experience for users with multiple Organizations or sign-in methods.
It also extends lakehouse and Dataset workflows (including Generic HTTP API POST-with-body, retention and field rules, clearing hosted data in place, and Dataset UI updates such as Notebooks and Dashboards tabs).
New Release Windows
Beginning with this release, Cribl.Cloud will have multiple upgrade windows as follows:
| Upgrade Window | Time and Date | AWS Regions Included |
|---|---|---|
| All Standard Organizations | 21 Apr 2026 between 12:00 and 24:00 UTC (8:00 AM and 8:00 PM EDT) | All regions |
| US West and APAC (Enterprise) | 22 Apr 2026 between 10:00 and 13:00 UTC (6:00 AM and 9:00 AM EDT) | ap-northeast-1, ap-southeast-1, ap-southeast-2, and us-west-2 |
| US East and EMEA (Enterprise) | 23 Apr 2026 between 00:00 and 03:00 UTC (8:00 PM and 11:00 PM EDT) | ca-central-1, eu-central-1, eu-central-2, eu-west-1, eu-west-2, eu-west-3, sa-east-1, us-east-1, and us-east-2 |
The upgrade windows apply to your Leader. Cribl.Cloud Workers will be upgraded immediately after the Leader is upgraded, regardless of the region they reside in.
On-prem binaries will be available on 22 Apr 2026. However, if you are a hybrid user, you must wait until your cloud Leader has been upgraded before upgrading your Workers. Failure to do so will result in unexpected behavior.
Upcoming Changes to Sensitive Information in API Responses
In an upcoming release, API responses for the following endpoints will no longer include sensitive information in plaintext:
/system/settings/system/settings/auth/lib/database-connections
This affects passwords and password-equivalent attributes such as bindCredentials and client_secret. The values for these attributes will be omitted or masked in responses.
What you need to do: Update any automation or scripts that depend on reading these plaintext values from the API responses for these endpoints.
IP Allowlisting for API Credentials in Cribl.Cloud
Use the new IP Allowlist option to restrict API access to specific IPv4 CIDR ranges for API Credentials.
New Login Experience for Cribl.Cloud
If you have access to multiple Organizations, you can select the Organization to log in to from the start. Also, if you have multiple authentication methods, you can choose which one to use to log in.
Billing Reader Permission in Cribl.Cloud
The new Billing Reader Permission provides read-only access to view billing information and credit consumption in the FinOps Center.
New POST with Body Method for Generic HTTP API Dataset Provider
The Generic HTTP API Dataset Provider now supports POST with body requests, so Cribl Search can query REST APIs that
require a request payload. It currently supports JSON array or simple wrapped JSON responses, plus OAuth2, custom
headers, and variable substitution, allowing you to pass a search query from the search bar into the POST body. For
example, by inserting ${queryString} into the queryString field.
Default Retention Time for main and New Lakehouse Engine Datasets
The default retention period for the main Dataset is now a maximum of 10 years. For any newly created Search Datasets,
the default retention is 1 year. You can modify these retention settings as required.
Dataset-Level Field Modification
When ingesting into Cribl Search, you can now use Dataset rules to modify fields after Datatyping parses the events. This lets you apply Dataset-specific enrichment or normalization (for example, fixing timestamps), while still taking advantage of Auto-Datatyping.
Clear a Search Dataset While Keeping the Setup
Cribl-hosted Search Datasets now let you manually wipe all their data without deleting the Dataset itself. This way, you can get rid of unwanted data while preserving your Dataset rules and retention settings.
Dashboards and Experience
Dataset Details Panel: Notebooks & Dashboards Tabs
The Dataset details panel now has dedicated Notebooks and Dashboards tabs, making it easier to see exactly where and how a Dataset is used across each feature.
Updated Dataset Columns
The Dataset table now features combined or new columns to better display metadata and engine information. You can customize visible columns using the column picker.
Corrections
Operational Fixes
| ID | Description |
|---|---|
SEARCH-12954 | Fixed an issue where certain query results could make the Search UI inaccessible. The Search UI now always loads and remains accessible, regardless of invalid or unsupported values in query results. |
| SEARCH-12864 | You can now only resize a lakehouse engine when it is in Ready status. |
| SEARCH-11955 | Scheduled searches no longer fail for SAML users or run without the Datasets they should see, while the same searches work when run interactively. |
| SEARCH-12292 | We fixed an issue for searches against a v2 Dataset backed by Azure Blob Storage V2 or Amazon S3. The timestamps returned in search results reflect when the source file was created rather than the actual timestamps recorded in the events. |
| SEARCH-12947 | Searches against v2 Datasets were intermittently failing with the following error: Error running search: Timed out waiting for node to connect. |
| MON-669 | Fixed an issue where the default system_email Notification target was not displayed and could not be selected when creating or editing Notifications in Cribl.Cloud. Previously configured Notifications that use the system_email target continued to send emails, but could not be managed through the UI. |
See the Cribl Search 4.17.0 release notes for the latest major feature updates.