Cribl Search 4.18.0 (Coming Soon)
| PRODUCT | DATE | RELEASE | ADDITIONAL RESOURCES |
|---|---|---|---|
| Search | 2026-05-20 | Feature | Known Issues, Cribl Lake Release Notes |
The following draft provides early access to release notes for the upcoming Cribl Suite product release. Features or functionality described are not considered binding commitments and are subject to change at the discretion of Cribl at any time for any reason without notice. This information should not be relied upon in making purchasing decisions.
Summary
Cribl Search 4.18.0 adds lakehouse engines and Search Datasets in Cribl.Cloud Government, lakehouse accelerated fields and export to Search Datasets, and updates to notebooks, the timepicker and timezone, Generic HTTP dataField paths, and large-number handling. Cribl AI, Copilot, and Investigations (Preview) gain Custom AI Provider improvements, MCP support, Copilot controls, environment-aware chat, and richer investigation workflows.
Some system and database-connection API responses no longer return sensitive values in plaintext. See Important Changes if you depend on those responses.
Important Changes
Breaking Changes to Sensitive Information in API Responses
API responses for the following endpoints no longer include sensitive information in plaintext:
/system/settings/system/settings/auth/lib/database-connections
This affects passwords and password-equivalent attributes such as bindCredentials and client_secret. The values for these attributes are omitted or masked in responses.
What you need to do: Update any automation or scripts that depend on reading these plaintext values from the API responses for these endpoints.
New Features
Lakehouse Engines with Search Datasets in Cribl.Cloud Government
Cribl.Cloud Government now supports the same lakehouse engines and Search Datasets as commercial Cribl Search. The new lakehouse engines use FedRAMP-approved, FIPS-compliant cryptography and stay fully inside the Cribl.Cloud Government boundary. The Lakehouses in Cribl Lake are being deprecated.
Lakehouse Engine Accelerated Fields
We’re adding support for accelerated fields in Cribl Search lakehouse engines. This means you can designate frequently filtered fields (like hostname or sourcetype) to speed up lookups across large volumes of data.
App Platform (Preview)
Use the new App Platform (Preview) to build and run custom apps in Cribl. Apps are packaged UI experiences that call Cribl and third-party APIs, letting you create tailored workflows and front-end experiences that go beyond the built-in product surfaces.
Search Experience
Export Search Results to Search Datasets
You can now export search results directly to Search Datasets in lakehouse engines for use in future searches. Use the export operator with the new search parameter. For example:
| export to search myDataset
Notebook Templates
Notebook templates let you start new Notebooks from your own saved layouts or from Cribl-built templates, so sections, queries, and visualizations are already in place for repeatable investigations. You can also use a template as an operational runbook: a fixed sequence of steps, queries, and notes your team follows for incidents or routine checks.
Timepicker Improvements
The Search timepicker is faster for common ranges, with quick actions that stay in sync and a calendar that supports flexible selections and automatic full-day boundaries. When a search uses an explicit time range, the timepicker shows that window for direct edits.
Saved searches and Notebooks include the timezone control in the timepicker, and the Event List Viewer now follows the shared timepicker timezone instead of a separate selector.
Generic HTTP API Dataset Provider Supports Dotted dataField Paths
For the Generic HTTP API Dataset Provider, dataField now supports dotted paths (for example, data.issues.nodes) so Search can navigate nested JSON responses and turn each item in the resulting array into a separate event, while single-level and blank dataField values continue to behave as before.
Large Number Precision in Searches
Numeric searches and computations now follow the IEEE 754 standard for large-number precision. For values larger than the maximum safe number (2^53 - 1), wrap the number in quotes so it’s treated as a string. For example:
dataset="my_dataset" | where id=="10001900000009910000"
Cribl AI and Copilot
Custom AI Provider Enhancements
We’ve streamlined AI provider setup with a new 3-step wizard, added support for LiteLLM and OpenAI-compatible endpoints, and introduced Model Tier assignments (Small, Frontier, Reasoning). You can now test model connections before saving and manage providers directly from the AI Settings dashboard.
MCP Integrations for Cribl AI
Cribl AI now supports external Model Context Protocol (MCP) servers, enabling AI agents to access third-party tools during conversations. You can connect external servers via endpoint URLs, with full support for authentication headers and external providers using API keys. For maximum security, all credentials are encrypted at rest.
Cribl Copilot Chatbot Toggle
Admins can now enable or disable the Cribl Copilot chatbot widget independently of other Cribl AI features. This allows you to hide the chat interface without impacting broader AI functionality. The toggle is enabled by default for consented deployments, preserving existing behavior upon upgrade.
Cribl Copilot Chat: Environment-Aware Operational Queries
Cribl Copilot Chat now supports environment-aware queries, allowing Cribl.Cloud users to ask natural language questions about their live deployment configuration. By combining documentation with real time operational data, Copilot can list configured Routes and Pipelines and provide surface system-level warnings and errors directly in the chat. To ensure security, this feature uses read only tools that automatically redact sensitive information and provides answers tailored to your specific Stream, Edge, Search, or Lake environment.
Investigations (Preview)
More for AI-guided Analysis
AI-guided investigations (Preview) now give you more control and room to dig in:
- Choose the reasoning model for each investigation when your organization uses Custom AI Providers. Pick the model that fits the question instead of being locked into one default.
- Use MCP integrations to tie Search to third-party tools and pull relevant context into the chat without leaving the investigation.
- Sessions save automatically, so you can restart or continue where you left off, revisit prompts, and review earlier results.
- Dataset intelligence adds context so the investigation stays grounded in your data.
- Use Deep Investigations to map and test multiple hypotheses in sequence and follow how each search and finding connects over the course of an investigation.
Corrections
| ID | Description |
|---|---|
SEARCH-13269 | Fixed an issue where lakehouse queries could return incorrect results or no results when you used tostring() on addressed fields in a where clause. Queries that apply functions to addressed fields now build and run correctly instead of failing during logical plan generation. |
| PLAT-11363 | In Cribl.Cloud, the Cribl.Cloud Role/Permission list at Organization > SSO Management > Organization-Level Mappings now includes IAM Admin and Billing Reader. |
SDK Changelogs
The Cribl SDKs help you integrate with Cribl and reduce the need for repetitive tasks. We maintain changelogs for each version of the Cribl SDKs in their GitHub repositories:
- Go SDK changelogs: control plane and management plane
- Python SDK changelogs: control plane and management plane
- Typescript SDK changelogs: control plane and management plane