In our latest blog, Chris Chantrey, Cribl Practice Lead for 4Data’s Cribl team, highlights the features and benefits of Cribl Stream Projects in making data available to different personas in a safe and reliable manner.


What is Cribl Stream Projects?

Cribl Stream continues to gain recognition as a valuable IT and Security team infrastructure platform. The increasing demand we’re seeing for Cribl Stream as an internal service is testament to its effectiveness in improving operations and enhancing security measures. With the rise of ITOps, SecOps, SRE, DevOps and other teams embracing Cribl Stream, Cribl has introduced a new feature – Cribl Stream Projects.

Cribl Stream Projects is a self-service model that allows a variety of users to securely access any observability data without requiring new agents or changes at the data sources. With Cribl Stream at the core of an enterprise’s observability architecture, administrators already have complete control over their observability data. Cribl Stream Projects adds to this control by enabling administrators to easily set up Projects based on department need, and shape the data in that Project to be optimised for a particular use, allowing new users to subscribe only to the data that is important to them.

Cribl Stream Projects reduces dependency on the administrator to onboard more users and tools, and reduces the time-to-value for the user. This enhances collaboration and provides deeper insights, resulting in a more personalised user experience. Cribl Stream Projects is the first product in the industry enabling organisations to allow teams to manage their own data without needing to understand the infrastructure or service being used to collect and route it. Think data democratisation in the truest sense!

What are the benefits of Stream Projects for Cribl administrators and Cribl users?

When combined with Cribl’s new authorisation support, Stream Projects benefits both Cribl administrators and users by addressing their individual needs. Cribl administrators aim to limit the scope and blast radius of users’ changes on other users to ensure teams work within a specific scope. On the other hand, Cribl users benefit from simplified views and workflows to work with data that caters to their needs and entitlements without affecting other users downstream.

Administrators create a Project and define which sources data is collected from and which destinations receive the processed data from Cribl Stream. The Project creates a defined scope for users to work within, minimising the risk of errors or unauthorised changes.

Cribl Stream Projects has three primary resources within it:

  • Data Projects: This Project serves as a dedicated space for data experts to work solely on the data they are interested in. That data has value as its fit to help them achieve their jobs. Stream admins can create secure projects with pre-determined inputs and outputs to minimise the need for data experts to understand the overall pipeline mechanics. Furthermore, it allows Cribl Stream to be embraced by new teams and departments, which reduces the need to manage other pipelines and processing tools.
  • Subscription: These are sub-streams of data obtained by applying filters and pre-processing pipelines or packs. For example, you can filter data for contractor information and have PII removed in the pre-processing pipeline before the subscription is sent to a project.
  • Role: This defines the authorised role with access permissions to a particular project. Users who are assigned this role will be able to access the project.

Cribl Stream Projects in practice

To better understand Stream Projects, let’s look a real-life scenario. In this scenario, the Cribl administrator wants to filter data from the same Firewall sources but split it between the Security and the Ops teams where each team shouldn’t have access to the other team’s data and processes. Let’s assume the Security team uses Splunk while the Operations team uses Elastic.

Without Stream Projects

  • The Cribl administrator restricts access to sources and pipelines, creates routes to filter out data and sends filtered data to custom pipelines created by the users/teams which will require back and forth due to dependencies.
  • The downside here is the teams can see each other’s data. And any changes to Route 1 can break Route 2 – making data inconsistent for both teams.

With Cribl Stream Projects:

  • The Cribl administrator creates Data Projects per team with their respective subscriptions.
  • Both teams have secure access to their own sets of data, and the changes don’t impact the other team.
  • Both teams have the ability to change the data as they need to, rather than having to go back and forth with the Cribl admin to get a custom pipeline created.
  • With Cribl’s new authorisation feature, team members perform their specific roles effectively while maintaining the appropriate level of access.

So, as we’ve seen, Cribl Stream Projects diversifies who can use Cribl Stream, and how. It creates isolated spaces for teams and users to share and manage their data. This self-service approach to Cribl Stream data can benefit its immediate users by offering them accelerated access to relevant data, with minimal configuration requirements. It can also benefit their peers. 

4Data Solutions is an expert in implementing Cribl Stream. If you are considering implementing an observability pipeline into your cloud migration strategy, talk to us to today.

Call us on +44 330 128 9180 or email