Skip to main content
Version: 1.0.0

Overview

info

Splunk, Splunk>, Turn Data Into Doing, and Data-to-Everything are trademarks or registered trademarks of Splunk Inc. in the United States and other countries.

‘Cribl’ and the Cribl Flow Mark are trademarks of Cribl, Inc. in the United States and/or other countries.

REStream Add-on for Splunk provides the required functionality to orchestrate data stored in low-cost shared storage using Cribl Stream and Splunk. Orchestrating Cribl Replay with REStream solves the challenge of keeping compliance-relevant logs for extended periods in cheap S3 storage but still having relevant logs available in Splunk within a reasonable timeframe. Furthermore, the app enables Splunk Users to replay data from Cribl without knowing anything about Cribl and without changing tools. Additionally, the app provides a modular alert action for automated replaying of logs based on search results.

REStream supports orchestrating distributed and Single-Instance Cribl Stream deployments at the same time. For both Single-Instance and distributed deployments, multiple concurrent collectors are also possible.

For more information on REStream see the official product announcement.