Search Your Feelings
Now that we've seen how to configure Lakehouse, let's see how to interact with it: Cribl Search.
Lakehouse pt. Deux: The Search for Data
- From the product switcher (
Products) at the upper left, clickSearch - In the
Available Datasetson the left side, hover overcribl_logsand click theSearch Nowbutton
Uh, cool? Not much feels different. And that's kind of the point -- it's the same interface and same feel as before, but now you're searching data in Lakehouse, kind of. If you look at the top right under the Search box, you'll see a tiny house icon with a yellow dot. When you hover over it, it will say
cribl_logs: The timeframe of your search exceeds the range of data stored in Lakehouse (earliest cached events: 2069-04-20T10:23:09.028Z)
Or something like that, but with a real time. Unfortunately caching only starts from time of configuration. We can compensate for that by changing the search window, though.
At the top right, click 1 hour ago and change it to 60 seconds ago in the resulting dropdown
This should automatically re-run the search and you'll see the little house icon now has a green dot! Even if you have no data yet...
I wish I could show you more, but that's it for now. We'll have to wait for more data to come in before we can do anything else. But the idea is there right? A caching layer on top of your long-term cost-effective storage that enables teams to more quickly search for data that isn't in their analysis tools at the moment. It's awesome!
You know what else is awesome? Cribl.Cloud is free up to 1TB of ingest! So you can play around with Lakehouse and your own data to see how it all works. And if you have any questions, feel free to email perrysrealemail@cribl.io. I'm sure he won't mind. 😉