Cribl Stream

Supported OS Linux Windows

Observability Changes Everything
Cribl Stream Dashboard for Datadog

Overview

Cribl Stream helps you process machine data logs, instrumentation data, application data, and metrics in real time, and deliver it to your analysis platform of choice. It allows you to:

  • Add context to your data, by enriching it with information from external data sources.
  • Help secure your data, by redacting, obfuscating, or encrypting sensitive fields.
  • Optimize your data, per your performance and cost requirements.

This is for the self-hosted Cribl Stream version.

Use the out-of-the-box dashboard to view the performance of the Stream with base metrics like events per second, bytes per second, input types, output types, and infrastructure metrics. Monitor reduction percentages by events or bytes, which is useful for improving search performance or licensing and infrastructure costs for the systems of analysis.

Setup

You can send your Cribl Stream internal metrics to the Datadog API.

Installation

Datadog

Navigate to API Keys under Organization Settings and create an API Key for Cribl to send data.

Cribl

  1. In Cribl, navigate to Quick Connects and click the +Add Source button. step1
  2. Scroll down to System Internal , hover over Cribl Internal and choose Select Existing. Enable both CriblLogs and CriblMetrics.
  • Note: Both sources must have Quick Connect enabled instead of Routes. step3

  1. Click the +Add Destination button.

  2. Scroll to the Datadog tile and click +Add New.

  3. Give a name to the input (for example, Cribl_Datadog). step4

  4. Next, enter your Datadog API Key and select your Datadog site.

  5. Add any Datadog tags, a Message Field, Source, or Host information. For more information, see the Cribl Datadog Destination documentation.

  6. Click Save.

  7. Select Passthru to connect Cribl Metrics to your Datadog destination. step5

complete

Uninstallation

Use the delete dashboard option within the Cribl Stream dashboard settings to delete the Cribl Stream dashboard. Remove the Datadog destination from the Cribl Stream deployment to stop sending data.

Data Collected

Metrics

cribl.logstream.index.in_bytes
(count)		Inbound bytes by index
cribl.logstream.index.in_events
(count)		Inbound events by index
cribl.logstream.index.out_bytes
(count)		Outbound bytes by index
cribl.logstream.index.out_events
(count)		Outbound events by index
cribl.logstream.source.in_bytes
(count)		Inbound bytes by source
cribl.logstream.source.in_events
(count)		Inbound events by source
cribl.logstream.source.out_bytes
(count)		Outbound bytes by source
cribl.logstream.source.out_events
(count)		Outbound events by source
cribl.logstream.total.in_bytes
(count)		Total inbound bytes
cribl.logstream.total.in_events
(count)		Total inbound events
cribl.logstream.total.out_bytes
(count)		Total outbound bytes
cribl.logstream.total.out_events
(count)		Total outbound events
cribl.logstream.total.dropped_events
(count)		Dropped events total
cribl.logstream.health.inputs
(gauge)		Healthy inputs
cribl.logstream.health.outputs
(gauge)		Healthy outputs
cribl.logstream.system.load_avg
(gauge)		Load Average
cribl.logstream.system.free_mem
(gauge)		Free memory
cribl.logstream.system.disk_used
(gauge)		Disk usage
cribl.logstream.system.cpu_perc
(gauge)		CPU percentage usage
cribl.logstream.system.mem_rss
(gauge)		Ram usage
cribl.logstream.total.activeCxn
(gauge)		Total active inbound TCP connections
cribl.logstream.pipe.in_events
(count)		Inbound events per Pipeline
cribl.logstream.pipe.out_events
(count)		Outbound events per Pipeline
cribl.logstream.pipe.dropped_events
(count)		Dropped events per Pipeline
cribl.logstream.metrics_pool.num_metrics
(gauge)		The total number of unique metrics that have been allocated into memory.
cribl.logstream.collector_cache.size
(count)		Each Collector function (default/cribl/collectors//index.js) is loaded and initialized only once per job and then cached. This metric represents the current size of this cache.
cribl.logstream.cluster.metrics.sender.inflight
(gauge)		Number of metric packets currently being sent from a Worker or Edge Node Process to the API Process through IPC (interprocess communication).
cribl.logstream.backpressure.outputs
(count)		Destinations experiencing backpressure causing events to be either blocked or dropped.
cribl.logstream.blocked.outputs
(count)		Blocked Destinations. (This metric is more restrictive than the one listed just above.)
cribl.logstream.pq.queue_size
(gauge)		Current queue size per Destination per Worker or Edge NodeProcess.
cribl.logstream.host.in_bytes
(count)		Inbound bytes from a given host
cribl.logstream.host.in_events
(count)		Inbound events from a given host
cribl.logstream.host.out_bytes
(count)		Outbound bytes from a given host
cribl.logstream.host.out_events
(count)		Outbound events from a given host
cribl.logstream.route.in_bytes
(count)		Inbound bytes per Route.
cribl.logstream.route.in_events
(count)		Inbound events per Route.
cribl.logstream.route.out_bytes
(count)		Outbound bytes per Route.
cribl.logstream.route.out_events
(count)		Outbound events per Route.
cribl.logstream.sourcetype.in_bytes
(count)		Inbound bytes per sourcetype.
cribl.logstream.sourcetype.in_events
(count)		Inbound events per sourcetype.
cribl.logstream.sourcetype.out_bytes
(count)		Outbound bytes per sourcetype.
cribl.logstream.sourcetype.out_events
(count)		Outbound events per sourcetype.

Events

The Cribl Stream integration does not include any events.

Service Checks

The Cribl Stream integration does not include any service checks.

Troubleshooting

Need help? Contact Cribl Support.