UTStream 1.0.0 Release

Adding Cribl Stream to an existing Splunk Enterprise environment adds many new and exciting functionalities for handling observability data. But a new tool in a technology stack leads to more tool switching and requires additional knowledge of the tool. To ease the side effects of adding Cribl Stream to the stack, Datapunctum provides the UTStream Add-on for Splunk with multiple features to perform everyday tasks in Cribl Stream from within Splunk.

UTStream is available as a free app from Splunkbase. Consult the documentation in case of any questions during setup and using the app.

Orchestrating Lookup

The UTStream Add-on for Splunk brings lookup and job management inside of Cribl Stream to Splunk. With UTStream, Splunk users are able to build lookups based on search results and write them to Cribl Stream without any manual tasks. In addition, to adapt already existing lookups from Cribl Stream, UTStream provides the functionality to read both .csv and .gz formatted lookups from Cribl Stream and present the contents as a result set for further manipulation inside of Splunk.

Running Collector Jobs

Using UTStream, Splunk users can trigger collection jobs in Cribl Stream. UTStream only allows triggering full jobs. For more mature collection management, see REStream.

Monitoring your Cribl environment

UTStream automatically starts monitoring the health of all Sources, Destinations and in case of a distributed environment, worker nodes. UTStream creates a Bulletin Message for users with the role admin or utstream_admin if a Source, Destination or Worker is in an unhealthy state. Additionally, healed errors are cleared without any user interaction.