Skip to main content

Ahead in the Cloud

First at bat for our new features is Cribl.Cloud, the gateway to navigating and managing the entire Cribl Suite of products in the Cribl.Cloud SaaS offering. Now with AI!

Cribl Copilot

AI comes for us all! And so too does AI come for Cribl. Our version is called Cribl Copilot, and it is here to help you with all things Cribl; from helping you understand how to use our products (read: generate pipelines & writing queries) to helping you understand your data, Cribl Copilot is here to help.

Because AI is a non-deterministic beast, we have some general walkthroughs that let you determine the outcomes. Like your very own Cribl Goosebumps "choose your own adventure" book.

Natural Language Queries

Let's start with Cribl Search where we can use "natural language" to generate queries (and follow-up queries).

Talk to me Goose
  1. On the Cribl.Cloud home page, click Explore in the Search card on the top-left.
  2. Just above the query box (under the Home header), click into the text box that says In plain English, describe what you're looking for
  3. Type in the following sentence (or similar if you're feeling creative): 
    I want to find events with source address 10.0.0.164 and destination port 53 in the cribl search sample dataset
  4. Once the search completes, feel free to explore.
  5. After you're done exploring, click any of the Follow-up queries underneath the query box. For example: Traffic volume over time for dns queries
    I don't have that follow-up...

    Since AI is finicky your follow-up queries may vary depending on how you phrased the original query. If you don't have the same follow-up query, try a different one.

Such AI. Much wow. This natural language query conversion can be very useful at lowering the barrier to entry for users not familiar with KQL or other QLs (or that QL means query language). Also useful for running quick searches in meetings with higher-ups as they rattle off random questions about KPIs and other business metrics. "Sure, let me just ask Cribl Copilot to generate a query for that." And then you can run the query and show them the results. Instant credibility!

Pipeline Editor

Cribl Copilot can also help you build pipelines in Cribl Stream! You select the data, and Cribl Copilot will help (collaboratively) build the pipeline.

Pipeline Editor Setup
  1. Still on the Search page, click Products in the top-left corner
  2. Click into Stream > Worker Groups > default
  3. In the default Worker Group, click Processing > Pipelines in the top sub menu
  4. Click Add Pipeline > Build with Copilot Editor

Welcome to the Cribl Copilot Pipeline Editor! Here, you can harness AI to build and refine your data Pipelines. Let's get started!

Pipeline Editor Walkthrough
  1. Click Select an existing sample file
  2. From the dropdown, select palo_alto_traffic.log and click Confirm
  3. In the resulting objectives, select Convert my input events to a specific target schema (e.g. OCSF)
  4. Click Continue with selected options (1)
  5. In the resulting Target Schema box, click the ocsf@v1.4-network-activity-4001 suggestion.
    Schema Selection

    There are many other schema to choose from. You can select Pick from our library to see more options. If you select a different schema, you will get different results than the ones shown here. And that's ok.

  6. After the schema preview, click Confirm
  7. When presented with the plan, click Confirm
    What if I want to change the plan?

    On the target schema and plan tabs in your Copilot Pipeline Editor workspace, you can click Edit in the top right to change the target schema or plan respectively as you are building your Pipeline.

  8. Look through the amazing generated Pipeline at the right!
  9. When done, click Approve Pipeline on the left
  10. In the resulting prompt, type something akin to Save the pipeline and exit
  11. We can now Close Copilot.

What a trip! Did you think you could convert your Palo Alto traffic logs into OCSF format in under five minutes when you came into work today? Wait, are you doing this at work? Nevermind. The point is that Cribl Copilot can accelerate your time to value. In the two cases we showed, it can help you Search using natural language and build pipelines using, well, natural language.

Since we're in Stream, let's go check out our latest enhancement to Packs: the inclusion of Sources and Destinations!