Cribl-to-Cribl Compatibility Matrix
Use this topic when you plan to move data between Cribl deployments with the Cribl HTTP and Cribl TCP Source and Destination pairs.
If you still need to configure a Source and Destination, start with the Cribl HTTP Source and Cribl HTTP Destination pages.
Communication Matrix
If you have more than one Cribl deployment, you could have these questions:
- Which combinations of components are supported over Cribl HTTP or Cribl TCP?
- Who is allowed to talk to whom?
The sections below answer these for Stream Worker Groups and for Edge sending to Stream.
Types of Cribl Environments
- Stream Managed: Cribl.Cloud-managed Stream Worker Group running in Cribl (AWS/Azure) and managed by a Cribl.Cloud Workspace.
- Stream Hybrid: Stream Worker Group running in your environment, but managed by a Cribl.Cloud Workspace.
- Stream On-Prem: Stream Worker Group in your environment, managed by a dedicated on-prem Leader, with its own license and organization.
- Stream On-Prem (shared license): Two or more on-prem Leaders that use the same Cribl license file (for example, two data centers sharing one Cribl license). This is a licensing and entitlement relationship only; it does not imply a Connected Environment or Cribl.Cloud org (those are covered separately).
- Stream On-Prem (Connected Environment): Stream On-Prem whose Leader is attached as a Connected Environment to a Cribl.Cloud org or Workspace (control plane from Cloud; data plane can send up to Cloud).
- Edge in Cribl.Cloud: Edge Fleet running on customer infrastructure but managed by a Cribl.Cloud Workspace (agents report directly to a Cloud Leader or Workspace).
- Edge On-Prem: Edge Fleet managed by an on-prem Leader; agents report only to that on-prem environment.
Stream ↔ Stream Communication Matrix
Match Source (Stream) and Destination (Stream) to your Worker Group topology. Recommended transport and Notes describe how to connect each pair. The two shorthand columns mean:
- Auth token needed? – Whether you must configure a Cribl HTTP or Cribl TCP auth token between Leaders or Workspaces for that link.
- Supported? – ✓ means the pattern is supported; ✗ means it is not.
This matrix applies to Stream Worker Groups: supported combinations, when an auth token is required, and known gaps.
| Source (Stream) | Destination (Stream) | Auth token needed? | Recommended transport | Supported? | Notes |
|---|---|---|---|---|---|
| Stream On-Prem (same on-prem Leader) | Stream On-Prem (same on-prem Leader) | No | Cribl TCP on a trusted LAN; Cribl HTTP if you need proxies or a load balancer | ✓ | Multiple Worker Groups behind a single on-prem Leader. Treat as one environment; both Cribl HTTP and Cribl TCP work without extra auth. |
| Stream On-Prem (shared license, different Leaders) | Stream On-Prem (shared license, different Leaders) | No (license-derived auth) | Cribl HTTP by default; Cribl TCP on private links | ✓ | Two on-prem environments that use the same paid Cribl license file automatically share a Cribl-to-Cribl trust domain (4.12+ / 2505+). Workers on both sides derive a common JWT secret from the license, so no extra cross-Leader token configuration is required. Suited to “two data centers, one license” designs. |
| Stream On-Prem (license A) | Stream On-Prem (license B, different license) | N/A | N/A | ✗ | Two independent on-prem Cribl environments that do not share the same paid license file are outside the same trust boundary and cannot use Cribl HTTP or Cribl TCP for internal Cribl-to-Cribl links. Use generic HTTP or syslog, storage-based exchange, or other non-Cribl-native transports instead. |
| Stream On-Prem (Connected Environment) | Stream Managed or Stream Hybrid (same Cribl.Cloud org) | Yes | Cribl HTTP over TLS | ✓ | Supported Connected Environment direction: on-prem Connected Environment can send data up into Stream Managed or Stream Hybrid Worker Groups in the attached Cribl.Cloud org over Cribl HTTP or TCP using the Connected Environment and Cloud auth model. |
| Stream Managed or Stream Hybrid | Stream On-Prem (Connected Environment) | N/A | N/A | ✗ | There is no supported auth or token path for Stream Managed or Hybrid to send data down into a Connected Environment over Cribl HTTP. Treat Connected Environment as on-prem → Cloud only for Cribl HTTP or TCP. Use alternatives (for example, storage to ingest, VPN plus non-Connected Environment on-prem Worker Group, or generic HTTP or syslog) for Cloud → on-prem. |
| Stream Managed or Stream Hybrid (same Cribl.Cloud Workspace) | Stream Managed or Stream Hybrid (same Cribl.Cloud Workspace) | No | Cribl HTTP (default); Cribl TCP for tightly coupled internal links | ✓ | All Worker Groups are in the same Workspace and Leader. Cribl HTTP and Cribl TCP are supported directly between them without extra auth tokens. |
| Stream Managed or Stream Hybrid (Workspace A) | Stream Managed or Stream Hybrid (Workspace B, same Cribl.Cloud org) | Yes | Cribl HTTP | ✓ | Workspace-to-Workspace sharing inside one Cribl.Cloud org. Requires a Cribl HTTP or TCP auth token between workspaces. Recommended for “SecOps Workspace ↔ Observability workspace” data sharing without re-ingest from storage. |
| Stream On-Prem (no Connected Environment) | Stream Managed or Stream Hybrid (Cribl.Cloud) | N/A | N/A | ✗ | Without a Connected Environment (or another supported cross-org trust model), there is no supported Cribl HTTP or TCP pattern directly between a standalone on-prem Stream environment and Cribl.Cloud-managed Stream Worker Groups. Use Connected Environment, or fall back to generic HTTP or syslog or storage-based exchange. |
Edge → Stream Communication Matrix
Match Source (Edge) and Destination (Stream) to your Fleet and Worker Group topology. Recommended transport and Notes describe how to connect each pair. The two shorthand columns mean:
- Auth token needed? – Whether you must configure a Cribl HTTP or Cribl TCP auth token between Leaders or Workspaces for that link.
- Supported? – ✓ means the pattern is supported; ✗ means it is not.
Edge always sends to a Stream Worker Group. Trust rules match Stream ↔ Stream; this table highlights common Edge → Stream combinations.
| Source (Edge) | Destination (Stream) | Auth token needed? | Recommended transport | Supported? | Notes |
|---|---|---|---|---|---|
| Edge in Cribl.Cloud (same Cribl.Cloud Workspace) | Stream Managed or Stream Hybrid (same Cribl.Cloud Workspace) | No | Cribl HTTP over TLS | ✓ | Default Cloud-managed pattern: Edge Fleet and Stream workers belong to the same Workspace and Leader. Cribl HTTP over TLS is the recommended default; no extra auth configuration required. |
| Edge in Cribl.Cloud (Workspace A) | Stream Managed or Stream Hybrid (Workspace B, same Cribl.Cloud org) | Yes | Cribl HTTP over TLS | ✓ | Direct Edge cross-Workspace support requires v4.15.0+ and auth tokens; earlier versions require the Edge → Stream same-Workspace → Stream target-Workspace workaround. |
| Edge On-Prem (same on-prem Leader) | Stream On-Prem (same on-prem Leader) | No | Cribl TCP on a trusted LAN; Cribl HTTP if you need proxies or a load balancer | ✓ | Classic on-prem Edge → Stream pattern. Edge Fleet and Stream Worker Group both report to the same on-prem Leader (including when that Leader is also a Connected Environment to Cloud). |
| Edge On-Prem (shared license, different on-prem Leaders) | Stream On-Prem (shared license, different on-prem Leaders) | No (license-derived auth) | Cribl HTTP by default; Cribl TCP on private links | ✓ | Two on-prem Leaders that share the same paid Cribl license file form one Cribl-to-Cribl trust domain (4.12+ / 2505+). Edge and Stream workers on both sides derive the same JWT secret from the license, so Edge can send to Stream over Cribl HTTP or TCP without extra cross-Leader token setup. |
| Edge On-Prem (no Connected Environment) | Stream Managed or Stream Hybrid (Cribl.Cloud) | N/A | N/A | ✗ | A standalone on-prem Edge or Leader that is not attached as a Connected Environment has no supported Cribl HTTP or TCP trust path directly into Cribl.Cloud Stream workers. Use Connected Environment, or fall back to generic HTTP or syslog or storage-based exchange. |
| Edge in Cribl.Cloud | Stream On-Prem (Connected Environment) | N/A | N/A | ✗ | Same limitation as Stream Managed or Hybrid → Stream On-Prem (Connected Environment): there is no supported auth or token path for Cloud-managed senders (including Edge in Cribl.Cloud) to send data down into a Connected Environment Stream over Cribl HTTP. Treat Connected Environment as on-prem → Cloud only for Cribl HTTP or TCP. |