Click here to view the original link.
Question:
- Is Cribl Stream basically the cloud‑hosted platform, while Cribl Edge is the on‑prem agent that runs on your own servers or VMs?
Solved
Cribl Stream Cloud-Hosted Platform Versus Cribl Edge On-Prem Agent Clarification
This message originated from Cribl Community Slack.
Click here to view the original link.
Question:
Click here to view the original link.
Question:
Best answer by thomas.hakes228
the way i always think about it abstractly is
stream: "my whole existence as a system is to collect and process events from other systems"
edge: "I am an agent that gets installed on the system I need to collect events from to process"
and that covers about 95% of scenarios that i run into, but these tools are really flexible and can handle scenarios beyond what's described to meet a need.
"it depends"
You can run Stream on-prem or in Cribl Cloud. Most of our clients are primarily running Stream on-prem (along with Edge as requried)
Recommendation: Stream should be as close to the log producers as possible, ESPECIALLY for syslog deliveries and doubly so for UDP syslog
the way i always think about it abstractly is
stream: "my whole existence as a system is to collect and process events from other systems"
edge: "I am an agent that gets installed on the system I need to collect events from to process"
and that covers about 95% of scenarios that i run into, but these tools are really flexible and can handle scenarios beyond what's described to meet a need.
Is Cribl Stream a different agent to install instead of Cribl Edge. I can take syslogs send it to Cribl Stream / Cribl Edge and Directly to S3?
both tools report to Cribl Cloud. In edge you have "fleets" which is how you manage a group of agents. In Stream you have "worker groups" which is a group of dedicated log collection servers.
The scenario you're describing could technically use either tool, what i would think about is: if the system you plan to send syslog to is a dedicated system that is for log collection, you probably want stream. if the system you're sending to is multi-purpose in nature and you're only sending a small volume of syslog, you can absolutely use edge for this.
a bunch of this is in the cribl university training that i highly recommend because it covers all this stuff. I know there is some planned maintenance of the university portal but you may be able to check out a few of the trainings there that go over these exact scenarios
I would check out this video that cribl has on their youtube page, they've got a bunch of pretty good videos here that you can reference. This one is a step by step on consuming from syslog and sending to s3 just as you described but using stream.
https://www.youtube.com/watch?v=BKNEdNPONVo
Explore our reference architecture docs: https://docs.cribl.io/reference-architectures/ref-arch-overview/
Sign up
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.