Skip to main content

Data Shaping in Cribl Stream

Welcome to our tutorial sandbox! This interactive course shows how to shape your data before ingesting it into your IT and Security data tools.

Shaping data is easy in Stream. You'll go through an example of transforming information from a source that generates JSON data, but this approach can be used with any kind of data. Here, you'll use Stream's:

  • JSON Unroll Function to split events containing JSON lists into separate events.
  • Parser Function to extract data out of a JSON-formatted _raw field.
  • Flatten and Eval Functions to clean up your events.

This course should take less than 10 minutes. This sandbox instance will stay running for 24 hours, after which you can get a new sandbox, but your progress will be lost. To reconnect to the sandbox, just come back to https://sandbox.cribl.io/ and re-enter your email address.

Conventions

In this tutorial, the following formatting indicates (respectively) actions we expect you to take; content you can optionally skip; and commands or content you need to paste into the terminal or Stream.

important

Important text shows actions you need to take. For each of these sections, further sections will depend on your having taken these actions in Stream or the terminal.

note

Notes contain optional steps. You can skip these without breaking the infrastructure we're building.

Preformatted text contains commands to be
pasted into the terminal, or content 
to be pasted into Stream. There is 
an easy Copy option available at these 
sections' upper-right corner.

Getting Help

If you get stuck during this tutorial feel free to reach out to us on the Cribl Community Slack channel.

Login

Stream should automatically log you in, but if you're idle for too long or get disconnected, it's possible you'll be prompted for a login. The Username is admin and the Password is cribldemo. You might want to store these to a text file or paper now, just in case.

Terminal

You can hide the terminal to save screen space. Click the X to close the terminal. Click the terminal icon to reopen it. Terminal

You can toggle the terminal at any time.

Get Started

Next, let's take a look at the course overview!