Operations | Monitoring | ITSM | DevOps | Cloud

Ever run a SIEM search only to see nothing for your firewall logs? In this video, we show a smarter way to detect when log sources stop sending data using Cribl Lake, Cribl Search, and Cribl Stream. Learn how to track “last seen” times, build efficient aggregations, and get real-time alerts—without burning SIEM resources or storage.

Get instant visibility into Windows event logs, system_state, process events and AD logs. the Cribl Search pack for Windows highlights performance and security signals at a glance, helping teams quickly spot anomalies.

Join us to chat about the latest Cribl Packs release, how AI comes into play, and a demo to see it all in action.

Clint Sharp explains why traditional schema-on-read systems cannot handle the query loads of the future. Agentic telemetry requires a 360-degree view, but structuring data only when you read it is too slow for AI-driven workloads. The solution is using LLMs to drive the cost of building parsers to near zero. Tools like Copilot Editor allow teams to map data to OCSF instantly, effectively building factories of parsers to handle the scale of agentic AI.

Clint Sharp demonstrates how Cribl Search leverages AI to streamline incident investigation. Starting from a Slack channel, the AI builds an interactive notebook, analyzes order processing logs, and identifies suspicious traffic spikes. It connects high CPU usage to a recent Jenkins deployment, hypothesizing a supply chain attack, and ultimately recommends a rollback. This isn't a far off concept. It is the future of operations arriving right now.

Clint Sharp explains why a common model like OCSF is critical for the future of AI. Agents need standardized data to analyze information effectively on your behalf. He contrasts the traditional manual workflow of checking Slack, tickets, and wikis while asking colleagues with a future where AI fuses this human context with machine data. Instead of just search results, AI agents will hand you examined hypotheses so you know exactly where to take your investigation.

Cribl Notebooks aims to streamline the investigation process by bringing everything into a single interactive interface. It functions as a virtual war room where teams can collaborate in real time. You can view AI queries and code alongside charts without switching between scattered tabs or workstations. This persistence makes it easier to document the root cause and share the story behind the data.

Get visibility into your AWS WAF logs — without shipping data to a SIEM or building dashboards from scratch. In this video, we walk through the Cribl Search Pack for AWS WAF, letting you search and visualize WAF logs directly in Amazon S3 using search-in-place.

Chris Ebley from Blackwood explains why FedRAMP In Process is a major milestone. It gives federal teams confidence that the product can handle sensitive data, meets strict security controls, and comes from a company committed to operating at the maturity level the government expects. This opens new go to market opportunities and makes it easier for agencies to move forward with Cribl.