Cribl Stream
-
New SentinelOne AI SIEM Destination: Send data directly for faster, flexible ingestion.
-
Better Worker Node Tracking: See connection status, last heartbeat, filter by state, and set retention for disconnected nodes.
-
Drop Dimensions: Cut storage costs and speed up queries by dropping unused metric dimensions.
Cribl Edge
-
Bye PowerShell: No more dependency = faster, smoother deployments.
-
Disconnected Edge Node Tracking: Just like Stream—know if your nodes are online, offline, or MIA.
Cribl Lake
-
Bigger Lakehouses: Up to 28 TB/day ingest + hydrate old data for faster investigations.
-
Splunk DDSS Now GA: Directly ingest archive data from Splunk Cloud.
Cribl Search
-
Skip Event-Time Filtering: Prevent gaps by filtering on partition timestamps.
-
Read Archived S3: Search restored Glacier data without permanent rehydration.
Platform
-
New FinOps Center: Track data costs, refunds, and ROI all in one place.
-
Copilot Editor: Now edit existing Pipelines, with more schema support and UX improvements.
Check out all the details in the release notes for Search, Stream, Edge, Lake
Cribl.Cloud users are already on the latest—just click Deploy.
On-prem? Grab the update here.