Product Updates

Stream - Collector pack to process data from Hubspot. View Pack

This release fixes four critical issues affecting Cribl Insights and HTTP-based Destinations for Cribl Insights, Cribl Stream, and Cribl Edge users. Cribl Search and Cribl Lake are not impacted.Release notes:• Stream• Edge• InsightsAction requiredCribl.Cloud:Log in to your account and launch Cribl Stream or Cribl Edge. If the update requires it, click Deploy.  The UI will clearly indicate when a deployment is needed.If you’re running hybrid Workers without auto-upgrade enabled, manually upgrade them to 4.16.1 to maintain compatibility.On-prem:Download and install the 4.16.1 update directly.

You asked. We listened. Then we shipped.Platform• Cribl Insights: Can I get a “hell yeah!”? Built-in monitoring. No bolt-ons. No guesswork.Stream• Clone Packs (with dependencies): Certs, Secrets, and vars come along automatically.• AI Packs: OpenAI, Gemini, Bedrock, SageMaker, Foundry.  Route AI data with intent.• Group Variables for Packs: Define once, reuse everywhere.Edge• More Fleets: Support for up to 250 Fleets.Lake• Lakehouse pricing update: Lower cost, and more flexible retention.Search• Notebooks Export to PDF: Portable/sharable exports.• HTTP API Provider: Proper pagination for full datasets.These are just the highlights. Check out the full release notes for Stream, Edge, Search, and Lake.Cribl.Cloud customers are already upgraded—just click Deploy.On-prem customers can download the update now.

Stream - Source Pack to collect and process Microsoft Foundry AI-related data from an Azure Event Hub View Pack

Stream - Collector Pack to collect and process Workday Activity data View Pack

Stream - Source Pack to process data from Amazon Bedrock. View Pack

Stream - Source Pack to process data from Amazon SageMaker. View Pack

Stream - This Cribl Pack is designed to streamline the integration of common Cribl data sources with Google Security Operations (SecOps). View Pack

Stream - Collector Pack for processing Abnormal.ai data View Pack

- Collector Pack to process data from the Wiz API View Pack

Search - This pack is designed handle starlink data. View Pack

Stream - This pack retrieves Slack audit logs. The VisiCore platform handles OAuth token generation. View Pack

- Collector pack to process data from the Crowdstrike Alerts, Devices, and Vulnerabilities REST endpoints. View Pack

Edge - Preserve metadata from Edge nodes when forwarding to Cribl Stream View Pack

- Provide K=V cleanup and (example) filters for Cisco Meraki logs View Pack

Search - This pack is to help display all worker groups, routes, pipelines, and packs in one location View Pack

Stream - Route to DeepTempo S3 to identify malicious behavior in NetFlow via DeepTempo's foundational LogLM View Pack

Stream - This pack retrieves proxied Webex audit logs. These logs must be proxied as Webex tokens are only good for 1 days. The VisiCire platform handles token refreshes and securely proxies events to Cribl. View Pack

Stream, Edge - Clean and parse Infoblox logs View Pack

Search - This pack provides visibility into Windows event logs, system_state, process events and AD logs. It highlights performance and security signals at a glance, helping teams quickly spot anomalies. View Pack

- Collector Pack to process Netskope Alerts and Events View Pack

This release focuses on performance, and usability across the platform. Here’s a quick taste:Stream / Edge• Breadcrumbs added to the Outpost page• Deprecation warnings for Sources and Destinations, with guided migration paths• Pipeline Simple Preview capped at 10 MB for better stability• Cleaner defaults: new Worker Groups, Fleets, and Packs no longer auto-create vars.yml• Cribl HTTP Destination now supports per-worker throttling• Azure Blob Storage now supports Azure Government• Sensitive environment variables are now redacted in Edge system viewsSearch• Faster ipv4_is_private performance• Clear error messages for encrypt/decrypt functions• Improved event details and saved search usability• One-click copy for item names and IDsLake• UI fixes for Dataset sizes and long Storage Location names, plus stability improvementsThese are just the highlights—check out the full release notes for Stream, Edge, Search, and Lake.Cribl.Cloud customers are already upgraded—just click Deploy.On-prem customers can download the update now.

This release is packed with ooey-gooey goodness across the entire product suite. Here’s a taste:Stream /   EdgeNew Cloudflare Source and R2 Destination New Databricks Destination for Unity Catalog volumes Send Cribl Stream/Edge data to Microsoft Fabric Eventstreams C.Decode and C.Encode now support MIME RFC 2047 Syslog Destination can now preserve original source IPSearchSearch Notebooks now GA Selectively decrypt Stream-encrypted fields  The 'export' operator can now write to Lake Datasets in external Storage LocationsLakeKMS bucket-level encryption on an AWS S3 bucketsThese are just the highlights—check out all the updates in the full release notes for Search, Stream, Edge, LakeIf you are using Cribl.Cloud, you have already been upgraded to the latest version. You just need to click "deploy" in your cloud instance.On-prem customers can get the update at this link.

We’ve rolled out updates across the entire Cribl Suite — here’s some hi-lights:Stream /   EdgeFresh unified Cloud home page New IAM Admin role for smoother org & SSO management Added Google Cloud Chronicle destination SearchSmarter, more flexible Notebooks New activity graphs to track workspace usageLakeAdded activity graphs + IAM Admin role Performance and UI polish throughoutYou can check out all the changes in the release notes: Search, Stream, Edge, LakeIf you are using Cribl.Cloud, you have already been upgraded to the latest version. You just need to click "deploy" in your cloud instance.On-prem customers can get the update at this link. (

StreamCribl Guard: Scan and mask sensitive data in real-time to keep compliance off your back.Wiz Webhook Source: Easily pull in Wiz Defend alerts.Expanded I/O Monitoring: Instant clarity on pipeline health.Collector Packs: You can now build Packs that include all collector sources.EdgeOutpost (Preview): Secure relay between Edge nodes and the Leader, no extra proxies needed.macOS Support (Preview): Edge now runs on macOS devices.SearchNotebooks (Preview): Code + charts + history = faster investigations.LakeBring Your Own Storage: Use your own Amazon S3 buckets for Lake Datasets.Direct Access: Ingest data straight into Lake over HTTP.Faster Queries by Default: Lakehouse queries now run directly in Lakehouse for quicker results.PlatformNew Cribl.Cloud regions: Zurich & Singapore.Terraform Provider (Preview): IaC your Cribl resources.You can check out all the changes in the release notes: Search, Stream, Edge, LakeIf you are using Cribl.Cloud, you have already been upgraded to the latest version. You just need to click "deploy" in your cloud instance.On-prem customers can get the update at this link.