Product Updates

Search - This pack helps display worker groups, routes, pipelines, packs, and Edge Node Statistics (top 10 by bytes in and by events in) in one location View Pack

As of March 18, 2026, FinOps Center dashboards and invoices are fully restored and available. No action is required.If you have any questions, please reach out to your account team or contact us through our Support Portal. 

Search - This pack helps display worker groups, routes, pipelines, packs, and Edge Node Statistics (top 10 by bytes in and by events in) in one location View Pack

Search - Analyze Zscaler Logs View Pack

Search - Profile search usage by user, type, credits, and more based on internal Cribl logs View Pack

Search - Analyze Zscaler Logs View Pack

Search - This Pack provides a dashboard to explore AlphaSOC OCSF Detection Findings and hunt threats across your applications, cloud workloads, networks, and endpoints. View Pack

Stream, Edge - Clean and parse Infoblox logs View Pack

Stream, Edge - Clean and parse Infoblox logs View Pack

Unscheduled Maintenance began March 7 and is expected to complete by Wednesday March 18.During this time, FinOps dashboards and invoices may be unavailable.No action is required, and all other Cribl services remain unaffected.We’ll share an update once maintenance is complete. If you have questions, please contact your account team or support@cribl.io

This release brings faster search performance, more flexible data collection, and reliability improvements across the platform! Search• Copilot Investigator: AI-assisted investigations that generate queries, analyze results, and summarize findings from natural language prompts.• Federated Search Improvements: Pushdown execution across S3, Azure Blob, and Cribl Lake for faster queries.Search/Lake• Lakehouse Search Engines: High-performance ingestion with near real-time search and automatic parsing across 200+ datatypes.Stream / Edge• Cribl Guard Background Detection: Always-on scanning that samples pipeline data to detect sensitive data patterns like PII, secrets, and regulated data.• Microsoft Graph Source: Microsoft is deprecating the legacy O365 Message Trace API on April 6, 2026. Customers using the legacy source should migrate to the new Microsoft Graph Source.• OpenAI Source: Easily ingest OpenAI model invocation logs and audit logs. Platform• Bring Your Own AI Model: Route Cribl AI features through your own managed LLM for better control over privacy, compliance, and AI spend.• Reliability Improvements: Persistent Queue stability updates and fixes for HTTPS proxy deadlocks and long-running HTTP requests. There is SO MUCH MORE in this release. Check out the full release notes for Stream, Edge, Search, Lake, and Insights.Cribl.Cloud customers are already upgraded, just click Deploy.On-prem customers can download the update now.

Stream - The SailPoint V3 Search API provides functionality to query and retrieve data from your IdentityNow tenant. View Pack

Edge - Enhances Windows Event logs from Cribl Edge by resolving Security Identifiers to readable account information. View Pack

Stream, Edge - Clean and parse Infoblox logs View Pack

Stream - Collector Pack for processing Abnormal.ai data View Pack

Stream, Edge - This pack provides examples for how events need to be modified before sending to XSIAM. View Pack

Stream - Collector Pack to process data from the Island Browser API View Pack

Stream - Collector pack to process data from the Crowdstrike Alerts, Devices, and Vulnerabilities REST endpoints. View Pack

Stream - Pack to collect Salesforce Event Log File data from Salesforce API View Pack

Search - Profile search usage by user, type, credits, and more based on internal Cribl logs View Pack

Stream - Collector pack to process data from Duo. View Pack

Search - This pack is to help display all worker groups, routes, pipelines, and packs in one location View Pack

Stream - Collector pack to process data from Hubspot. View Pack

This release fixes four critical issues affecting Cribl Insights and HTTP-based Destinations for Cribl Insights, Cribl Stream, and Cribl Edge users. Cribl Search and Cribl Lake are not impacted.Release notes:• Stream• Edge• InsightsAction requiredCribl.Cloud:Log in to your account and launch Cribl Stream or Cribl Edge. If the update requires it, click Deploy.  The UI will clearly indicate when a deployment is needed.If you’re running hybrid Workers without auto-upgrade enabled, manually upgrade them to 4.16.1 to maintain compatibility.On-prem:Download and install the 4.16.1 update directly.

You asked. We listened. Then we shipped.Platform• Cribl Insights: Can I get a “hell yeah!”? Built-in monitoring. No bolt-ons. No guesswork.Stream• Clone Packs (with dependencies): Certs, Secrets, and vars come along automatically.• AI Packs: OpenAI, Gemini, Bedrock, SageMaker, Foundry.  Route AI data with intent.• Group Variables for Packs: Define once, reuse everywhere.Edge• More Fleets: Support for up to 250 Fleets.Lake• Lakehouse pricing update: Lower cost, and more flexible retention.Search• Notebooks Export to PDF: Portable/sharable exports.• HTTP API Provider: Proper pagination for full datasets.These are just the highlights. Check out the full release notes for Stream, Edge, Search, and Lake.Cribl.Cloud customers are already upgraded—just click Deploy.On-prem customers can download the update now.