Overview
Splunk, Splunk>, Turn Data Into Doing, and Data-to-Everything are trademarks or registered trademarks of Splunk Inc. in the United States and other countries.
‘Cribl’ and the Cribl Flow Mark are trademarks of Cribl, Inc. in the United States and/or other countries.
UTStream provides the required functionality to orchestrate data stored in low-cost shared storage using Cribl Stream and Splunk. Orchestrating Cribl Replay with UTStream solves the challenge of keeping compliance-relevant logs for extended periods in cheap S3 storage but still having relevant logs available in Splunk within a reasonable timeframe. Furthermore, the app enables Splunk Users to replay data from Cribl without knowing anything about Cribl and without changing tools. Additionally, the app provides a modular alert action for automated replaying of logs based on search results.
In addition to an easy way to handle replaying data from Cribl, UTstream provides custom search commands to manage lookups and jobs in Cribl Stream. The current release of UTStream provides features in the following domains:
Lookups
The UTStream Add-on for Splunk brings lookup and job management inside of Cribl Stream to Splunk. With UTStream, Splunk users are able to build lookups based on search results and write them to Cribl Stream without any manual tasks. In addition, to adapt already existing lookups from Cribl Strea, UTStream provides the functionality to read both .csv and .gz formatted lookups from Cribl Stream and present the contents as a result set for further manipulation inside of Splunk.
Lookup functionality is implemented using the custom search commands:
Jobs
Using UTStream and the utrunjob command, Splunk users can trigger collection jobs in Cribl Stream. UTStream only allows to trigger Full jobs.
Monitoring
UTStream automatically starts monitoring the health of all Sources, Destinations and in case of a distributed environment, worker nodes. UTStream creates a Bulletin Message for users with the role admin or utstream_admin if a Source, Destination or Worker is in an unhealthy state. Additionally, UTStream removes messages automatically if a Source or Destination is healthy again.
Licensing
UTStream is packaged with a Free License.
Some features require an additional license. Please contact trials (at) datapunctum.com for a trial license. For a quote, please contact sales (at) datapunctum.com
Support
UTStream comes with Community Support.
Please contact sales(at)datapunctum.com for commercial Support.