Cribl Search is a powerful tool that allows users to search and analyze data at rest, quickly and efficiently. But what if you need to send your search results to a different system for further analysis, audit, or compliance purposes? For instance, consider the following use cases: That’s where send operator comes in.

Whenever we start a search consulting project from scratch, the obvious question is: which search engine to use? We’ve talked about Elasticsearch vs Solr before, but here we’ll compare Elasticsearch with its fork, OpenSearch. Chances are, if you need to decide between the two, you’ll be looking at a few dimensions.

It’s been less than 4 months since we released Cribl Search, the first federated query engine focused on observability and security data. The reception has been tremendous. Customers, partners, prospects, and even our internal teams were overjoyed by the initial offering but have been anxiously awaiting the promises of the next release. The wait is over!

Elasticsearch (ES) is a powerful tool offering multiple search, content, and analytics capabilities. You can extend its capacity and relatively quickly horizontally scale the cluster by adding more nodes. When data is indexed in some Elasticsearch index, the index is not typically placed in one node but is spread across different nodes such that each node contains a “shard” of the index data. The shard (called primary shard) is replicated across the cluster into several replicas.

Disk-related issues with Elasticsearch can present themselves through various symptoms. It is important to understand their root causes and know how to deal with them when they arise. As an Elasticsearch cluster administrator, you are likely to encounter some of the following cluster symptoms.