Skip to main content
Version: 1.0.0

Overview

info

Splunk, Splunk>, Turn Data Into Doing, and Data-to-Everything are trademarks or registered trademarks of Splunk Inc. in the United States and other countries.

‘Cribl’ and the Cribl Flow Mark are trademarks of Cribl, Inc. in the United States and/or other countries.

Adding Cribl Stream to an existing Splunk Enterprise stack adds many new and exciting functionalities for handling observability data. But a new tool in a technology stack leads to more tool switching and requires additional knowledge in the tool. To ease the side effects of adding Cribl Stream to the stack, Datapunctum AG provides the UTStream Add-on for Splunk with multiple features to perform everyday tasks in Cribl Stream from within Splunk.

The current release of UTStream provides features in following domains:

Lookups

The UTStream Add-on for Splunk brings lookup and job management inside of Cribl Stream to Splunk. With UTStream, Splunk users are able to build lookups based on search results and write them to Cribl Stream without any manual tasks. In addition, to adapt already existing lookups from Cribl Strea, UTStream provides the functionality to read both .csv and .gz formatted lookups from Cribl Stream and present the contents as a result set for further manipulation inside of Splunk.

Lookup functionality is implemented using the custom search commands:

Jobs

Using UTStream and the utrunjob command, Splunk users can trigger collection jobs in Cribl Stream. UTStream only allows to trigger Full jobs. For a more mature collection management, see REStream

Monitoring

UTStream automatically starts monitoring the health of all Sources, Destinations and in case of a distributed environment, worker nodes. UTStream creates a Bulletin Message for users with the role admin or utstream_admin if a Source, Destination or Worker is in an unhealthy state. Additionally, UTStream removes messages automatically if a Source or Destination is healthy again.