On This Page

Home / Stream/ Reference/Environment Variables

Environment Variables

You can use the following environment variables to configure your Cribl Stream installation.

NamePurpose
CRIBL_TMP_DIRDefines the root of a temporary directory. See Usage Notes below.
CRIBL_VOLUME_DIRSets a directory that persists modified data between different containers or ephemeral instances. When set, this environment variable overrides CRIBL_HOME. It also creates predefined subdirectories in the specified directory. If that directory already contains subdirectories with those names, they will be overwritten.
CRIBL_BOOTSTRAPQuickstart a Cribl instance by configuring this variable.
CRIBL_BOOTSTRAP_HOSTHost name for connecting to the Leader Node when setting up a new Worker Node.
CRIBL_API_HOSTOverrides the Host setting.
CRIBL_API_PORTOverrides the Port setting.
CRIBL_EDGE(Cribl Edge only) When set to any value, runs this command at container start: cribl mode‑edge ‑H 0.0.0.0. This launches the instance as an Edge Node, listening on a host at 0.0.0.0.
CRIBL_EDGE_FS_ROOT(Cribl Edge running in a container only) Location of the host OS filesystem when mounting in a container. Defaults to /hostfs.
CRIBL_K8S_POD(Cribl Edge on Kubernetes only) Sets the name of the Kubernetes Pod in which Cribl Edge is deployed.
CRIBL_K8S_TLS_REJECT_UNAUTHORIZED(Cribl Edge on Kubernetes only) Set to 0 to disable certificates validation when connecting to the Kubernetes APIs. When you disable this environment variable, all Kubernetes features (including Metadata, Metrics, Logs, and AppScope metadata) will tolerate invalid TLS certificates (such as, expired, self-signed, and so forth) when connecting to the Kubernetes APIs.
CRIBL_SERVICEACCOUNT_PATH(Cribl Edge on Kubernetes only) Path to the ServiceAccount to use to query the Kubernetes API. Defaults to /var/run/secrets/kubernetes.io/serviceaccount.
CRIBL_K8S_CPU_LIMIT(Cribl Stream on Kubernetes only) Automatically sets CPU shares for Cribl Stream based on the resources.limits.cpu value, configured by default in the Helm chart.
CRIBL_MAX_WORKERS(Cribl Stream on Kubernetes only) Setting a maximum amount of Worker Processes on a Kubernetes node helps to prevent overloading the node with more CPUs than it can handle.
CRIBL_NOEXECWhen set to 1, prevents the Exec Source from processing any data, effectively putting it into a “disabled” state. To re-enable, remove or unset the CRIBL_NOEXEC variable.

Distributed Deployment Variables

You can use the following environment variables to configure your distributed Cribl Stream instance.

NamePurpose
CRIBL_DIST_LEADER_URLURL of the Leader Node. Example: CRIBL_DIST_LEADER_URL=tls://<authToken>@leader:4200. See Usage Notes below.
CRIBL_DIST_MODEworker or leader. Defaults to worker, if (and only if) CRIBL_DIST_LEADER_URL is present.
CRIBL_DIST_WORKER_PROXYCommunicate to the Leader Node via a SOCKS proxy. See Usage Notes below.
CRIBL_DIST_LEADER_BUNDLE_URLSpecifies the location of configuration bundles. When set, Cribl Stream Workers and Edge Nodes will attempt to retrieve their configuration bundles from the URL specified by this variable, rather than directly from the Leader node.

Usage Notes

This section explains how to use certain complex environment variables.

CRIBL_DIST_LEADER_URL

Use this format:

<tls|tcp>://<authToken>@<host>:<port>?group=defaultGroup&tag=tag1&tag=tag2&tls.<tls_settings>

To generate a random authentication token, leave <authToken> unchanged. You can define it to add your own token instead, but make sure it’s secure enough.

The auth token can include only alphanumeric characters or the underscore (_). Do not include <, >, ", `, \r, \n, \t, {, }, |, \, ^, or '.

When configuring the node as a Leader, use 0.0.0.0 (or another suitable binding address) for host. Then, set CRIBL_DIST_MODE to leader.

Here are the components:

  • group – The preferred Worker Group assignment.
  • resiliency – The preferred Leader failover mode.
  • volume– The location of the NFS directory to support Leader failover.
  • tag – A list of tags that you can use to map (Stream, Edge) the Worker to a Worker Group.
  • disableSNIRouting – Whether Server Name Indicator (SNI) routing is enabled on the Worker Node. Boolean; defaults to false.

    Do not edit this advanced setting without supervision by Cribl Support. Changing this setting can affect the scalability of your system because it determines how Cribl Stream routes connections between Leader Nodes and Worker Nodes. See the Known Issue that resulted in this setting for more details.

  • tls.privKeyPath – Private Key Path.
  • tls.passphrase – Key Passphrase.
  • tls.caPath – CA Certificate Path.
  • tls.certPath – Certificate Path.
  • tls.rejectUnauthorized – Validate Client Certs. Boolean; defaults to false.
  • tls.requestCert – Authenticate Client (mutual auth). Boolean; defaults to false.
  • tls.commonNameRegex – Regex matching peer certificate > subject > common names allowed to connect. Used only if tls.requestCert is set to true.

CRIBL_DIST_LEADER_URL was previously called CRIBL_DIST_MASTER_URL. This name is still in use in certain contexts, for example in Helm charts.

CRIBL_TMP_DIR

Sources use this variable to construct temporary directories in which to stage downloaded Parquet data. If CRIBL_TMP_DIR is not set (the default), Cribl applications create subdirectories within your operating system’s default temporary directory:

  • For Cribl Stream: <OS_default_temporary_directory>/stream/.
  • For Cribl Edge: <OS_default_temporary_directory>/edge/.

For example, on Linux, Stream’s default staging directory would be /tmp/stream/.

If you explicitly set this CRIBL_TMP_DIR environment variable, its value replaces this OS-specific default parent directory.

CRIBL_DIST_WORKER_PROXY

CRIBL_DIST_WORKER_PROXY lets you configure a SOCKS proxy for communication between the Leader Node and Worker Nodes.

The default protocol is SOCKS5, which uses the format: socks5://<username>:<password>@<host>:<port>. Only <host>:<port> are required.

You can alternatively specify SOCKS4 as the protocol with the format: socks4://<proxyhost>:<port>. To authenticate on a SOCKS4 proxy with username and password, use this format: socks4://<username>:<password>@<proxyhost>:<port>. The <proxyhost> can be a hostname, IPv4, or IPv6.

To configure a SOCKS proxy via the UI, see Configure SOCKS Proxy. To configure an HTTP(S) proxy to use for your Sources and Destinations, refer to System Proxy Configuration.

CRIBL_BOOTSTRAP_HOST

CRIBL_BOOTSTRAP_HOST overrides the Add/Bootstrap New Worker script generator’s default hostname.

For example, if you set CRIBL_BOOTSTRAP=myhost, then myhost will appear in the script modal’s Leader hostname/IP field, instead of the URL used in the browser.

CRIBL_BOOTSTRAP

CRIBL_BOOTSTRAP enables specifying a URL, an absolute disk file path, or a YAML string, in order to bootstrap a configuration to the $CRIBL_HOME/local directory. Cribl Stream applies this configuration only upon its first startup.

For any method, Cribl Stream expects each targeted config file to be YAML-formatted. Each file’s top-level keys should be the paths to config files inside the $CRIBL_HOME/local/... subdirectory.

Below is an example of a bootstrap file. Its output, when Cribl Stream starts, would be to create three files inside the $CRIBL_HOME/local/cribl path: inputs.yml, outputs.yml, and pipelines/route.yml.

cribl/inputs.yml:
  inputs:
    <id>:
      <config>
cribl/outputs.yml:
  outputs:
    <id>:
      <config>
cribl/pipelines/route.yml:
  id: default
  groups: {}
  comments: []
  routes:
    ...

For details about each file’s syntax, see Config Files and its child topics.

Adding Fallback Leaders

You can configure fallback Leader Nodes to support high availability and failover. Use the following environment variables.

NamePurpose
CRIBL_DIST_MASTER_RESILIENCY=failoverSets the Leader’s Resiliency to Failover mode.
CRIBL_DIST_MASTER_FAILOVER_VOLUME=/tmp/sharedSets the location of the NFS directory to support Leader failover. For example: /mnt/cribl.
CRIBL_DIST_MASTER_FAILOVER_MISSED_HB_LIMITDetermines how many Lease refresh periods can elapse before the standby Leader Nodes attempt to promote themselves to primary. Cribl recommends setting this to 3.
CRIBL_DIST_MASTER_FAILOVER_PERIODDetermines how often the primary Leader refreshes its hold on the Lease file. Cribl recommends setting this to 5s.
CRIBL_INSTANCE_HOMEIn Failover mode, this variable points to the Leader Node’s root directory, as opposed to the shared volume. It is used to access $CRIBL_INSTANCE_HOME/local/_system/instance.yml (C:\ProgramData\Cribl\local\_system.yml for Cribl Edge on Windows).

GitOps Variables

Cribl Stream provides the following environment variables to facilitate using GitOps in Cribl Stream.

You can use these variables to override the defaults in the UI if you are not using systemd to manage the cribl service.

Bootstrap Variables

NamePurpose
CRIBL_GIT_REMOTELocation of the remote repo to track. Can contain username and password for HTTPS auth.
GIT_SSH / GIT_SSH_COMMANDSee Git’s documentation.
CRIBL_GIT_BRANCHGit ref (branch, tag, commit) to track/check out.
CRIBL_GIT_AUTHOne of: none, basic, or ssh.
CRIBL_GIT_USERUsed for basic auth.
CRIBL_GIT_PASSWORDUsed for basic auth.
CRIBL_GIT_OPSControls which GitOps workflow to use. One of: push to enable the GitOps push workflow, or none to disable GitOps.
CRIBL_INTERACTIVEControls whether git commands called by Cribl CLI at startup are interactive.
CRIBL_GIT_SSH_KEYContent of the SSH key used to access git remote.
CRIBL_GIT_STRICT_HOST_KEY_CHECKINGControls whether to check the host key strictly.

Additional Environment Variables

Cribl Stream uses the following variables for multiple purposes.

NamePurpose
CRIBL_SPOOL_DIRSpecifies the base path where events from various Sources and Destinations are spooled. Defaults to $CRIBL_HOME/state/spool or $CRIBL_VOLUME_DIR/state/spool.

Cribl.Cloud Certificate Variables

The following variables point to the location of default certificate files on Cribl.Cloud:

NamePurpose
CRIBL_CLOUD_KEYPath to the default private key on Cribl.Cloud.
CRIBL_CLOUD_CRTPath to the default certificate on Cribl.Cloud.

CRIBL_HOME

CRIBL_HOME is a special internal environment variable that indicates the location of the Cribl binary (bin directory). You do not set it manually, but it is referred to in multiple places and commands.