Let's See How We Did

Course Map

Stream is made to handle terabyte scale data flow. For us, this means the Collector runs quickly. We have little hope of catching a Live Sample from the Destinations page. Instead we’ll go to the Monitoring page.

important

Click Monitoring on the top nav

On this page you might be able to see the Collector run by looking at the overall Events In and Out or Bytes In and Out graphs. However, in the real world there is probably so much data flow that these aren’t great for telling that you just pumped specific data through. For our proof, we’ll turn to the data through our specific Pipeline designed for our job.

important

1. Scroll over the Data submenu, click Pipelines

Here we can see graphs depicting the data flowing through all active Pipelines in Stream and what do you know: breachlookup has a spike in data. Since that Pipeline isn’t in use in any routes, that spike has to be from us running the Collector. Good job!

What's next?

Whoa! Done already? Nice job! Thank you for taking the time to go through our Cribl Stream -- Security Breach Analysism How-To!

Now that you're done there are a couple options open:

• Check out some of the other sandbox courses!
• Download Cribl Stream and take it for a spin! Stream is free to use for up to 1TB/day ingest! Setup takes less time than this course, too.
• Go outside and get some fresh air!

Cribl.Cloud

There's a party and you're invited! We'll bring the Cribl, you bring the data. Sign up for a Cribl.Cloud account to try out what you just did with your own data. Up to 1TB / day of ingest at absolutely no cost! Neat! And no need to use valuable resources or infrastructure getting Cribl up and running. We’ll take care of that. And the updates. And feeding the goats. Just bring your own data (BYOD)!

AWS Quick Start

Got your own AWS infrastructure and want to try Cribl there? No worries, we also have an AWS Quick Start for Cribl Stream!