These docs are for Cribl Stream 4.11 and are no longer actively maintained.
See the latest version (4.13).
Cribl.Cloud Enterprise
With a Cribl.Cloud Enterprise plan, you have the same options and flexibility that an Enterprise license provides for an on-prem Distributed deployment – and more:
- Configuring and managing multiple Worker Groups and Fleets.
- Notifications within Cribl apps, to PagerDuty, and/or to other services via webhook.
- Fine-grained, role-based control of Member Permissions on your Cribl.Cloud Organization and on individual product resources.
- Single sign-on/SSO authentication from external identity providers.
- The hybrid deployment option, described just below.
With an Enterprise Plan, the Leader resides in Cribl.Cloud, and controls a flexible mix of Cribl-managed and/or customer-managed Worker Groups. Cribl manages the Leader’s high availability on your behalf.
For other Enterprise features – and for comparisons between Cribl.Cloud plans and on-prem licenses – see Cribl’s Pricing page.
Hybrid Deployment
The diagrams below show the comparative flexibility of a hybrid Cribl.Cloud deployment. The Leader (control plane) resides in Cribl.Cloud, while the Workers that process the data can be in any combination of the following environments:
- In Cribl.Cloud, managed by Cribl.
- In public or private cloud instances that you manage.
- On-prem in your data centers.
As the footprint of your operations grows or changes, this flexibility makes it easy to reconfigure Cribl Stream in tandem. You can rapidly expand Cribl Stream observability into new cloud regions – and replace monitored hardware data centers with cloud instances – all while maintaining one centralized point of control.
You can also add Workers or Edge Nodes, and reassign them to different Worker Groups, by easily auto-generating Stream or Edge command-line scripts within Cribl Stream’s UI.
Hybrid Requirements
A hybrid deployment imposes these configuration requirements:
- Hybrid Workers (meaning, Workers that you deploy on-prem, or in cloud instances that you yourself manage) must be assigned to a different Worker Group than the Cribl-managed
defaultGroup – which can contain its own Worker Nodes. - All Worker Nodes’ hosts must allow outbound communication to the Cribl.Cloud Leader’s port 4200 at
https://main-<Organization-name>.cribl.cloud:4200, to enable configuration and workload management by the Leader. - On all Worker Nodes’ hosts, firewalls must allow outbound communication on port 443 to the Leader and to
https://cdn.cribl.io. This port is also used to bootstrap hybrid Workers from the Leader. - All Worker Nodes require connectivity to
https://cdn.cribl.io/telemetry/. For details on testing this connectivity, on the metadata transmitted to Cribl, and on how we use that data, see Telemetry Data. - If this traffic must go through a proxy, see System Proxy Configuration for configuration details.
- To verify your Leader’s region and public URL, open the Access Details modal.
Note that you are responsible for data encryption and other security measures on Worker Node instances that you manage.
Adding (Bootstrapping) Workers
To add Workers to your hybrid Cribl.Cloud deployment, Cribl recommends that you use the script outlined in Bootstrap Workers from Leader. Hosts for the new Workers must open the same ports (4200 and 443) listed in Hybrid Requirements.
You have three options for generating the script, outlined in these subsections of the Bootstrap topic linked above:
- Auto-generate it from the Leader’s UI.
- Make a
GETAPI request to the Leader. - curl the same API request.
In Cribl Edge, you access all these bootstrap options via the Manage Edge Nodes page’s Add/Update Edge Node control.
Hybrid Cribl HTTP/TCP Configuration
If you use the Cribl HTTP Destination and Source pair, or the Cribl TCP Destination and Source pair, to relay data between Worker Nodes connected to the same Leader, configuring hybrid Workers demands particular care.
The Worker Nodes that host each pair’s Destination and Source must specify exactly the same Leader Address. Otherwise, token verification will fail – breaking the connection, and preventing data flow.
In hybrid Cribl.Cloud deployments, the Leader’s Address format is main‑<your‑Org‑ID>.cribl.cloud. When configuring a hybrid Worker, use that format in the Address field.
To configure hybrid Workers:
- Log directly into their UI, then select Settings > Global > Distributed Settings. Make sure the Mode is set to Stream: Managed Worker (managed by Leader) or Edge: Managed Edge (managed by Leader) (which might require a restart).
- Then select Leader Settings, and ensure a consistent entry in the Address field.