Skip to main content

Lookups Three Ways

Welcome to the Cribl Stream Lookups Three Ways tutorial! In this course, we will experiment with one of Cribl Stream's most powerful Functions: the Lookup Function.

We'll look at three kinds of lookups:

  • By exact match, against consistently structured data
  • By regex (regular expressions), against intermingled data
  • By CIDR match, to route and sort data by subnet

Along the way we'll explore other Stream features and Functions – including Stream's ability to reduce load, and corresponding licensing and infrastructure costs, on downstream services.

Everything you'll need – including data samples and detailed instructions – is included in this environment, so don't worry if this is your first experience with Cribl Stream.

However, if you're looking for a more thorough introduction to all Cribl Stream has to offer, we suggest the Cribl Certified Observability Engineer course.

Before We Start

This course should take about an hour.

note

This sandbox instance will stay running for 24 hours, after which you can get a new sandbox, but your progress will be lost. To reconnect to the sandbox, just come back to https://sandbox.cribl.io/ and re-enter your email address.

Conventions

In this tutorial, the following formatting indicates (respectively) actions we expect you to take, content you can optionally skip, and commands or content you need to paste into the terminal or Stream.

important

Important text shows actions you need to take. For each of these sections, further sections will depend on your having taken these actions in Stream or the terminal.

note

Notes contain optional steps. You can skip these without breaking the infrastructure we're building.

Preformatted text contains commands to be
pasted into the terminal, or content 
to be pasted into Stream. There is 
an easy Copy option available at these 
sections' upper-right corner.

Getting Help

If you get stuck during this tutorial feel free to reach out to us on the Cribl Community Slack channel.

Terminal

You can hide the terminal to save screen space, and you can toggle its display at any time. Click the X to close the terminal; click the terminal icon to reopen it.

Terminal

Login

Stream should automatically log you in, but if you're idle for too long or get disconnected, it's possible you'll be prompted for a login. The credentials are:

UsernamePassword
admincribldemo

You might want to store these to a text file or paper now, just in case.

Let's get started!