These docs are for Cribl Stream 4.11 and are no longer actively maintained.
See the latest version (4.13).
Deployment Planning
There are at least three key factors that will determine the type of Cribl Stream deployment in your environment:
Amount of Incoming Data: This is defined as the amount of data planned to be ingested per unit of time. E.g., how many MB/s or GB/day?
Amount of Data Processing: This is defined as the amount of processing that will happen on incoming data. E.g., are there a lot of transformations, regex extractions, parsing functions, field obfuscations, etc.?
Routing and/or Cloning: Is most data going to a single destination, or is it being cloned and routed to multiple places? This is important because destination-specific serialization tends to be relatively expensive.
These factors are covered in detail in Sizing and Scaling, and in our Architectural Considerations introduction to reference architectures.
Type of Deployment
Use Cribl.Cloud to quickly launch a Cribl-managed deployment of the combined Cribl applications suite (Stream, Edge, and Search). With this option, Cribl assumes responsibility for provisioning and managing all infrastructure, on your behalf.
Use Single-Instance/Basic Deployment when incoming data volume is low, and/or amount of processing is light.
Use Distributed Deployment to accommodate increased load. (See Sizing and Scaling for detailed guidance. See Bootstrap Workers from Leader to streamline Workers’ deployment via scripting.)
OS and System Requirements
Leader and Worker Nodes should have sufficient CPU, RAM, network, and storage capacity to handle your specific workload. It’s very important to test this before deploying to production. For details, see OS and System Requirements.
Cluster Installation/Configuration Checklist
This section compiles basic checkpoints for successfully launching a distributed cluster.
1. Provision Hardware
- 1 Leader Node (see specs/requirements in OS and System Requirements above).
- 4 Worker Nodes (see specs/requirements in OS and System Requirements above).
- Acquire an evaluation (Sales Trial) License from the Cribl Sales Team.
2. Configure Leader Node
- Install
gitif not present (for example,yum install git). - Open the necessary ports.
- Download, Install, and Launch Cribl.
- Enable Start at Boot.
- Configure as a Leader.
- Confirm Worker Processes Settings at
-2(via Settings > Global > System > Manage Processes). - Install License.
3. Configure Worker Nodes
- Enable GUI Access. Administrators will need to connect to the TCP:9000 port on each Node.
- Download, Install, and Launch Cribl.
- Enable Start at Boot.
- Configure as a Worker. (Give each Worker the (arbitrary) tag
POV.) - Confirm Worker Processes Settings at
-2(via Settings > Global > System > Manage Processes). - Install License.
4. Map Workers to Groups
- On the Leader Node, create a Worker Group.
- Name the Worker Group (arbitrarily)
POV.
- Name the Worker Group (arbitrarily)
- On the Leader Node, confirm that workers are connecting.
- In the sidebar, select Workers.
- Map Workers to
devWorker Groups.- Use the Filter:
cribl.tags.includes('POV').
- Use the Filter:
5. Other
If you will be using Cribl Stream’s GeoIP enrichment feature, install the MaxMind database onto the Cribl Stream Leader and all Worker Nodes.