Cribl Streaming Output and Integration

George Alpizar
George Alpizar
  • Updated

Overview

The Cribl output will stream analytics and insights to your Cribl endpoint.


Review Parameters

Review the following parameters that you can configure in the Edge Delta App:

Parameter Description
name

Enter a descriptive name for the output or integration.

For outputs, this name will be used to map this destination to a workflow.

This parameter is required. 

Review the following example: 

name: cribl-http
integration_name

This parameter only appears when you create an individual output.

This parameter refers to the organization-level integration created in the Integrations page. If you enter this name, then the rest of the fields will be automatically populated.

If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name field. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.

This parameter is optional. 

Review the following example: 

integration_name: orgs-cribl
type

Enter cribl.

This parameter is required. 

Review the following example: 

type: cribl
endpoint

Enter the full Cribl ingress endpoint. 

This parameter is required. 

Review the following example: 

endpoint: http://in.logstream.<tenant-id>.cribl.cloud:10080/crible/_bulk
token

Enter the Cribl token.

This parameter is required. 

Review the following example: 

token: "<add token>"

tls:

  disable_verify

To disable a TLS verification of a certificate, in the YAML file, enter:

  • disable_verify:true.

To enable a TLS verification of the certificate, in the YAML file, you can enter disable_verify:false or you can remove this line entirely. 

This parameter is optional. 

Review the following example: 

tls:
  disable_verify: true

tls:

  ca_file

Enter the absolute file path to the CA certificate file. 

This parameter is optional. 

Review the following example: 

tls:
ca_file: /var/etc/cribl/ca_file

tls:

  ca_path

Enter the absolute path to scan the CA certificate file. 

This parameter is optional. 

Review the following example: 

tls:
ca_path: /var/etc/cribl

tls:

  crt_file

Enter the absolute path to the certificate file. 

This parameter is optional. 

Review the following example: 

tls:
crt_file: /var/etc/kafka/crt_file

tls:

  key_file

Enter the absolute path to the private key file. 

This parameter is optional. 

Review the following example: 

tls:
  key_file: /certs/server-key.pem

tls:

  key_password

Enter the password for the key file. 

This parameter is optional. 

Review the following example: 

tls:
  key_password: p@ssword123

tls:

  client_auth_type

Enter a client authorization type. 

You can enter:

  • noclientcert
  • requestclientcert
  • requireanyclientcert
  • verifyclientcertifgiven
  • requireandverifyclientcert

The default setting is noclientcert.

This parameter is optional. 

Review the following example: 

tls:
client_auth_type: noclientcert

tls:

  min_version

Enter the minimum version of TLS to accept. 

This parameter is optional. 

Review the following example: 

tls:
min_version: TLSv1_1

tls:

  max

Enter the maximum version of TLS to accept. 

This parameter is optional. 

Review the following example: 

tls:
max_version: TLSv1_3
features

This parameter defines which data types to stream to the destination.

To learn more, review the Review Feature Types section in Stream Outputs and Integrations Overview.

This parameter is optional. 

Review the following example: 

features: log,edac,metric,alert
buffer_ttl

Enter a length of time to retry failed streaming data.

After this length of time is reached, the failed streaming data will no longer be tried.

This parameter is optional. 

Review the following example: 

buffer_ttl: 2h
buffer_path

Enter a folder path to temporarily store failed streaming data.

The failed streaming data will be retried until the data reaches its destinations or until the Buffer TTL value is reached.

If you enter a path that does not exist, then the agent will create directories, as needed.

This parameter is optional. 

Review the following example: 

buffer_path: /var/log/edgedelta/pushbuffer/
buffer_max_bytesize

Enter the maximum size of failed streaming data that you want to retry.

If the failed streaming data is larger than this size, then the failed streaming data will not be retried.

This parameter is optional. 

Review the following example: 

buffer_max_bytesize: 100MB

Review Sample Configuration

The following sample configuration displays an output without the name of the organization-level integration:

    - name: cribl-http
      type: cribl
      endpoint: http://in.logstream..cribl.cloud:10080/crible/_bulk
      token: ""
      features: log,edac,metric,alert

 

Share this document