Cribl has followed its 2021 ‘breakout’ year with new funding and a significant expansion of its capabilities, reports James Goulding A lot has happened at Cribl since Technology Reseller last reported on the observability pipeline company’s EMEA expansion plans. In the last six months, following a record-breaking 2021, in which it tripled its customer base and for the second year in a row achieved a 300% increase in annual recurring revenue, Cribl has expanded its product offering, secured $150 million in Series D funding and introduced a skills training and certification programme for observability engineers. A successful Series D funding round led by Tiger Global Management and joined by existing investors IVP, CRV, Redpoint Ventures, Sequoia and Greylock less than a year after Cribl’s Series C round brings the company’s total funding to date to $400 million, giving Cribl, in the words of Senior Director of Market Strategy Nick Heudecker, “quite a bit of runway in a very challenging macro environment”. In particular, the funding will enable Cribl to accelerate its European (and global) expansion plans, which include hiring an EMEA sales team and establishing an EMEA headquarters (location TBC), while continuing to develop new products through its newly launched Cribl Zero2One (C021) perpetual innovation lab. The first product to come out of CO21 is Cribl Search (see below), an open and vendor-agnostic analytics tool that is able to perform ‘search-in-place’ queries on any data, in any format, at any location, helping security and IT operations to keep up with the explosion of telemetry data and eliminate blind spots in data operations. Cribl Search is a good example of Cribl’s strategy to launch products that complement its flagship observability pipeline, Cribl Stream (previously known as Cribl LogStream), and customers’ existing infrastructures. Cribl Edge Another is Cribl Edge. Launched in March, this universal data collector auto-discovers mission-critical telemetry data at the edge and in highly distributed data sources and sends it into Stream or any other destination. While it can be a replacement for an existing solution, it will also work with other agents used by an enterprise. Heudecker said: “Cribl Edge is an optional component for sending data from the Edge into Stream or another destination. It allows you to begin collecting data immediately from your servers, Kubernetes clusters etc. and reduce the amount of data you send in, using the same functions you would in Stream, like removing duplicate fields, null values, whitespace etc.. Additionally, Edge allows you to teleport to any server that’s running that agent so that you can do remote debugging, you can troubleshoot any issues that may be occurring on that device. “As we were rethinking what an agent should be, fleet management was one of the capabilities that we added. The average server runs 12 to 15 agents and each one of them must be manually configured and upgraded, even when you’re running hundreds of thousands of agents. We saw that as an opportunity to take the capabilities that we built in Stream and move many of them right out to the Edge to start to really help our users with a pain point that’s ignored by other vendors.” He added: “Our core value proposition today is still very much Cribl Stream, but Edge makes a lot of sense if you’re in the middle of an upgrade cycle, because it consolidates several agents into one, removes the configuration burden, automatically looks for anything that looks like a log file and starts to catalogue data immediately. It just makes things a lot easier for end users, while offering other capabilities like being able to teleport to those machines.” Cribl Search Cribl Search has the potential to be an even bigger deal for Cribl. Effectively a federated Search that customers can use on top of existing systems, it addresses a much broader spectrum of data flow and has the potential to usher in a new era of convergence between observability and security operations by enabling queries on any data, in any format, at any location — at the edge through Cribl Edge, in flight through Cribl Stream, in an organisation’s observability lake and even within existing systems. “In today’s world, if you want to take advantage of the data you have, you typically have to move it to a centralised location like a data lake, a Splunk instance or something like that. You’re moving data before you know if it’s valuable and that can be challenging. If you’ve got 100,000 Windows machines it can be cost-prohibitive and, frankly, networkprohibitive to bring in all of that data,” explained Heudecker. “Cribl Search turns the traditional search story on its head. Instead of forwarding everything and then searching it, we search it first and then forward it. Search allows us to say ‘Alright, let’s go see if there’s anything interesting happening on those remote endpoints. And if there is, let’s bring just that data over’. “We’re moving Search to the Edge. We are also building Search on Stream, so you’ll be able to search over any data that is passing through Cribl Stream and, lastly, you’ll be able to search data at rest. We have a feature called Replay that allows our users to write data off to an object store for low-cost storage. A lot of our customers take advantage of that capability, so why not enable them to search that data as well.” He added: “I always think of a data lake as a question development environment. How do I find out the things I don’t know? Being able to search all this data in three different locations, in a unified way, helps you develop that question. And from there you can find the relevant data and then run it to a targeted analytics platform, like your SIEM, like your XDR platform. That’s the overall concept of Search: let me find what I’m interested in and then move it, versus moving everything at very high cost and then working on it.” Perpetual innovation technologyreseller.co.uk 39 OBSERVABILITY continued... Nick Heudecker
RkJQdWJsaXNoZXIy NDUxNDM=