Course Overview
At Cribl, we've long emphasized the idea of separating your system of record for machine data from your system of analysis. As of our introduction of Data Collection (in Stream 2.2), that vision became complete: Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy.
In this sandbox, we'll start with a collection of data at rest – one month's worth of generated Palo Alto Networks firewall traffic logs. You'll walk through the process of collecting a subset of that data through Stream, using the passthru Pipeline, and delivering it into an Elasticsearch/Kibana environment.
You'll learn about using your at-rest partitioning scheme to filter the data being ingested. Then you'll create another Pipeline to aggregate collected data to metrics, and see those metrics visualized in Kibana.
We'll be using a completely empty Elasticsearch environment in this sandbox, but the same approach will hold true if you want to run data collection into your existing log analytics system, or want to use a fresh instance for a specific investigation.
If you are running the Brave browser, or ad blocker software in other browsers, you'll need to disable blocking for this sandbox (and for working with data collection in the Stream UI). Please do this before proceeding.
Let's get started!