Cribl Stream 4.15.1 (Coming Soon)
| PRODUCT | DATE | RELEASE | ADDITIONAL RESOURCES |
|---|---|---|---|
| Stream | 2025-12-17 | Maintenance | Known Issues, Cribl Edge Release Notes |
Cribl Stream 4.15.1 includes significant performance improvements, new capabilities, and important bug fixes.
Experience Improvements
- The Outpost page now offers breadcrumbs for easier navigation.
- To help you prepare for future major releases, the integrations list view now displays a deprecation warning if you have active configurations for Sources or Destinations that are scheduled for deprecation. This warning includes clear instructions for migrating your existing configurations to the recommended replacement integration.
- To prevent excessive data processing and safeguard system stability, data preview on the Pipeline Simple Preview tab is now limited to 10 MB of data.
- We have updated the default behavior when creating new Worker Groups and Packs. To simplify configuration and reduce clutter, new Worker Groups and Packs will no longer automatically include a default
vars.ymlfile with sample variables. This change only affects newly created Worker Groups and Packs. Existing Worker Groups and Packs that already contain default variables will remain unchanged. You can still create and use your own custom variables as needed.
Sources and Destinations
- For Azure Blob Storage Sources and Destinations, Cribl now supports Azure Government as a cloud environment option when you select the Client secret or Certificate authentication method.
Packs
We implemented a stricter validation check to ensure that Pack names are unique regardless of case, such as HelloPacks and hellopacks. This fixes potential conflicts and inconsistent behavior when deploying to operating systems with case-insensitive file systems, such as Windows and macOS. Existing Packs with similar names are not affected.
Corrections
This release contains the following bug fixes:
Operational Fixes
| ID | Description |
|---|---|
CRIBL-36946 | Fixed an issue where the Advanced Mode icon would sometimes disappear when mousing over fields in various Functions. For example, it disappeared in the Eval Function when the Value Expression field, making it difficult to open the editor for Advanced Mode. |
| CRIBL-36567 | Fixed an issue where the Log in with SAML 2.0 button did not correctly respect the configured Cribl base URL. Users running Cribl behind a reverse proxy with a base URL (such as /cribl) can now use the SAML authentication button without manually editing the login URL. |
| CRIBL-36926 | Resolved an issue that caused Packs to fail during import from a Git repository if the branch name included a forward slash (such as feature/new-pipeline). Importing Packs from Git branches that use this common naming convention is now fully functional. |
| CRIBL-34889 | Pipeline Data Preview now correctly displays nested resource attributes during OTLP Function conversion. Previously, these attributes were hidden in the Data Preview pane despite being correctly present in the payload sent to the Destination. |
| CRIBL-36927 | Resolved a regression in the Auto Timestamp Function where it failed to correctly parse timestamps with milli and microsecond precision. The Function now accurately processes these high-precision timestamps again. |
| CRIBL-36572 | Fixed an issue where the Leader and Worker Group upgrade pages would fail to load if the user’s browser could not reach the Cribl CDN (Content Delivery Network). The UI now correctly allows offline upgrades to proceed, even if access to the CDN is unavailable. |
| CRIBL-36020 | Resolved a minor UI issue in the Monitoring tab for Sources where the log filter expression did not update when switching between different Sources. The filter now correctly resets to reflect the logs of the currently selected Source. |
| CRIBL-36566 | Fixed an issue with the Live capture filter on the Packs and Pipelines Monitoring pages. The filter now correctly captures events associated with the selected Pack or Pipeline, restoring their intended monitoring capabilities. |
| CRIBL-36431 | Resolved an issue where CIDR lookups (such as those used for IP matching and IPAM data) would temporarily stop enriching events while the lookup file was asynchronously reloaded. Enrichment now continues uninterrupted while the new lookup table is being prepared and swapped in. |
| CRIBL-36801 | Implemented a change to prevent Worker Processes from concurrently executing conflicting management commands (such as configuration, upgrade, or restart). This ensures Worker stability and predictable behavior when handling multiple requests from the Leader, particularly during system-critical operations. |
Source and Destination Fixes
| ID | Description |
|---|---|
CRIBL-36456 | Fixed a regression introduced in version 4.14.0 where AWS Destinations failed to fall back to the global STS endpoint if the custom endpoint (configured via CRIBL_AWS_STS_ENDPOINT) was unreachable or invalid. |
| CRIBL-36093 | Resolved an issue with the Prometheus Scraper Source where histogram metrics were skipped if the metrics block did not end with a newline. Histogram data is now properly parsed and emitted regardless of line termination. |
| CRIBL-22001 | Resolved an issue where the allowedIndexesAtToken setting was ignored when creating or updating Splunk HEC tokens via the REST API. Index restrictions are now enforced immediately upon request, ensuring tokens can only write to specified indexes without requiring a manual UI update or backend restart. |
| CRIBL-36825 | Resolved an issue where AWS Sources using Assume Role could hang for up to 20 minutes if a regional STS endpoint was unreachable. A default 30-second timeout is now enforced for these requests. This ensures prompt failover to the global STS endpoint, significantly reducing ingestion delays during connection issues or Node restarts. |
| CRIBL-37029 | Resolved an issue where Nodes sending data to HTTP Destinations could silently stall if the connection to the downstream system is interrupted while the Node is awaiting a response. Previously, these unhandled events caused the process to hang indefinitely without reporting errors. This fix ensures all response events are handled correctly, preventing stalls and eliminating the need to manually restart the Node. |
| CRIBL-35940 | Versions 4.10.0 through 4.15.0 enforced a maximum requestTimeout of 600,000 ms for database connections. This correction removes the requestTimeout limit. |
| CRIBL-37063 | Fixed an intermittent issue where load-balanced Cribl TCP Sources or Destinations would occasionally fail to transfer data between environments due to an authentication error. Data transfer is now consistently reliable when using Cribl TCP with load-balancing. |