Cribl CrowdStream

CrowdStream is a special Cloud hosted version of Cribl Stream, available through CrowdStrike Falcon LogScale starting in June 2023. This collaboration is tailored to forward data from a wide range of sources into LogScale.

En route, you can process events using all of Stream's options for aggregating, sampling, redacting, cloning, and otherwise shaping and directing your data. CrowdStream provides parallel options to route data to cost effective Amazon S3 storage, and to S3 data lakes, for later replay and analysis.

Getting Started

These steps assume that you've set up your CrowdStrike Falcon LogScale account, obtained your corresponding API token, and logged into LogScale.

  1. On the CrowdStream tile at right, click the Set up Cribl link.

  2. On the resulting Organization settings page, click Log in.

  3. This brings you to the CrowdStream home page. Click Manage on the CrowdStream tile at left.

  4. On CrowdStream's Worker Groups page, click the default Group's tile at the upper left.

    (A Worker Group is a collection of processing instances that share the same configuration. For details, see Cribl Stream's Distributed Deployment topic.)

  5. This brings you to the Manage page of CrowdStream's top nav, and to the Overview tab of this Group's submenu.

  6. To begin configuring this Group, you now have a two up choice of QuickConnect or Routes tiles. How to choose? See the next section.

For More Information see Cribl.Cloud Launch Guide