1. Product Overview Cribl Stream

What is Stream?

• A vendor agnostic data collection, reduction, enrichment and routing system for observability data.

• Move large volumes of IT and security data from multiple sources to multiple destinations.

• Purpose-built large scale, high-performance and real-time processing architecture.

• Provides a rich user experience for data onboarding, processing and routing.

• Can be deployed in multiple environments.

• Reduces the cost & complexity of the growing volume of data while giving users choice.

---

Stream Data Processing

1. Source Data (e.g. Windows Event Logs, SysLogs...)
2. You've then got multiple options there at the front end to pre process the data.
3. You can shape it, you can use event breakers, you can add metadata to it. (You shape the data before it actually flows in.)
4. Then you are going to hit a route, you're going to do quick connect. (The idea of these is to set up the path that data is going to take as it goes through stream.)
5. Routes allow me to actually filter the data. (I got a input coming in and don't need everything coming from that source. So I use routes as filters.)
6. Those filters will direct the traffic to different pipelines.
7. The pipelines have functions in there that will accomplish all sorts of things. (e.g. They cann add data, mask data, transform data)
8. Then I can go to the post processing pipelines, this allows me to shape the data to meet the needs of the destination.
9. Destination Endpoint (e.g. File System, Data Lake, WebHook...)

---

Key Use Cases

Key Highlights

• Full Control
  • Of all your observability data from central control plane

• 80+ Built-In Integrations
  • For collecting and sending data

• Routing

  • Route data from any source to any destination with a simple drag and drop interface

• Pipelines

  • Reduce, transform, mask and enrich events with Stream pipelines

• Monitoring & Notifications
  • Singe source of truth for all IT and security data