Product Updates

Known issue page(s) updated: SEARCH-11922 | S3 Parquet Searches Don't Show Bytes Scanned

New known issue page(s) added: CRIBL-39937 | Cribl Edge on Windows installed in custom directory reverts to default location on upgrade MON-814 | Custom monitors and Data Insights need a namespace filter Known issue page(s) updated: CRIBL-13125 | Pipelines with Clone and other Functions can show inconsistent total processing times CRIBL-13404 | Kubernetes Logs Source doesn't collect logs from exited or short-lived containers CRIBL-13999 | Diag bundles might fail to download from teleported Worker/Edge Nodes CRIBL-14239 | Default commit message missing for non-admin users CRIBL-14627 | Recently added Worker Nodes fail to appear on the Monitoring page CRIBL-15239 | Cannot clear Messages drawer while in GitOps Push mode CRIBL-18973 | Migrated Local Users appear in the Members UI with No Access CRIBL-28742 | Bind error when changing Source address from `0.0.0.0` to `::` on TCP Sources CRIBL-38843 | Pack export in merge mode redacts email notification recipients CRIBL-40418 | Objects named `core` can be excluded from commits CRIBL-40423 | Unattended Cribl Edge upgrade on Windows can cause the host to reboot CRIBL-8600 | GitOps + License expiration = Catch-22 LAKE-1165 | Storage Locations in Cribl.Cloud Government display non-U.S. Regions LAKE-1196 | Lake Dataset IDs must be unique across all Storage Locations LAKE-1368 | Dataset size for Cribl Lake Datasets is not visible in the UI LAKE-2001 | Reserved Dataset ID prefixes for Search lakehouse engines block updates to existing Lake Datasets MON-481 | Insights time range options don't reflect available data SEARCH-12211 | rawMetrics.totalMetrics.eventsIn Can Be Inaccurate for Searches During Concurrent Ingestion SEARCH-12663 | Lakehouse metrics reshape `_metric`/`_value`; searches may fail after upgrade

Stream - Real-time analytics for AI conversations. Tracks costs across 16+ models, grades response quality (A-D), detects sentiment and intent, and provides optimization recommendations - all in-stream. View Pack

This one is all about control, precision, and making things just work better.Platform• IP Allowlist for API Credentials: Lock API keys to trusted networks.• Terraform Config Exporter: Turn live configs into Terraform. No more rebuilding by hand. Capture it once, reuse it everywhere.Stream• Cribl Guard Detection Improvements: Better signal, less noise. More accurate sensitive data detection without the alert fatigue.Search• Field Transformation on Ingest (Lakehouse Engine): Shape your data on the way in so you’re not wrangling it later.• Clear Datasets: Reset datasets without deleting them. Cleaner workflows, faster iteration.• New 2XS and 3XS Tiers: Smaller entry points for federated and lakehouse engines. Test, validate, and scale without overcommitting.These are just the highlights. Check out the full release notes for Stream, Edge, Search, and Lake.Cribl.Cloud customers are already upgraded—just click Deploy.On-prem customers can download the update now.

Stream - Process output of scripted collector for Qualys detection events View Pack

Stream - Pack to ingest events via the CyberArk API View Pack

Stream - Pack to collect Salesforce Event Log File data from Salesforce API View Pack

Stream - Collector Pack to collect and process Workday Activity data View Pack

Stream - Collector pack to process data from 1Password REST API. View Pack

Stream, Edge - This pack provides examples for how events need to be modified before sending to XSIAM. View Pack

Stream - Parse, normalize, and route Aviatrix Cloud Network syslog data for any SIEM destination. Supports 9 log types: L4 Microsegmentation, L7/TLS Inspection, Suricata IDS, FQDN Firewall, Controller API Audit, VPN Session, Gateway Network Stats, Gateway System Stats, and Tunnel Status. View Pack

Stream, Edge - Process, reduce, and transform Palo Alto Networks Firewall logs. View Pack

Edge - This Cribl Edge Pack collects Claude Code telemetry from two sources — session log files (.jsonl transcripts) via a file monitor and operational metrics/logs via OpenTelemetry (OTLP/gRPC) — and forwards them to a Cribl Stream worker group for indexing, analysis, and search. View Pack

Stream - Pack to collect and process Microsoft Entra ID activity data View Pack

Stream - Source Pack to process data from Amazon SageMaker. View Pack

Stream - Collector Pack for processing Abnormal.ai data View Pack

Stream - Collector Pack to process data from the Island Browser API View Pack

Stream - Collector Pack to process data from the Wiz API View Pack

Stream - Collector pack to process data from the Crowdstrike Alerts, Devices, and Vulnerabilities REST endpoints. View Pack

Stream - Collector pack to process data from Duo. View Pack

Stream - Collector pack to process data from the Akamai SIEM Integration REST endpoint. View Pack

Stream - Collector Pack to process Netskope Alerts and Events View Pack

Stream - Collector pack to process data from OpenAI API View Pack

Stream - Collect and process data from SentinelOne REST endpoints. View Pack

Stream - Source Pack to process data from Amazon Bedrock. View Pack