5 ways to get the MOST out of Cribl Copilot

Cribl is a great tool when it comes to collecting, routing and transforming messy logs and telemetry data to multiple destinations. Like many things in today’s modernising world, it’s made even easier with the introduction of AI- Cribl Copilot. 

Cribl Copilot is an AI assistant designed to aid users to work more efficiently across the whole Cribl suite. In Cribl’s own words its focus is on “explainability” and “steerability” meaning it not only explains what it is doing but can be easily steered to perform the tasks the way you need it to. 

Copilots’ main features include: 

• A chatbot to use across the whole suite of Cribl products. This can help answer specific questions and point to relevant documentation. 

• The “Copilot Editor” – This is a tool which helps you create pipelines from scratch. After providing a sample event, you can give plain English requirements to build a pipeline that performs the transformations you need. This output does often require some tweaking, however, gets most of the way there and is a great way to get save significant time.  

It’s worth noting, Cribl’s AI features are turned off in settings by default and when enabled, do not store or use your data to train the AI, so your business data remains secure. 

Now that we have covered a quick overview of Copilot’s main features, there are several less obvious features that can make a real difference in optimising your workflow.

1. Copilot can be used on existing pipelines – although the main focus of the Copilot editor is creating new pipelines, it is also a really useful tool to adapt preexisting pipelines in your deployments. It can help identify and fix any issues, suggest optimisations to make pipelines more efficient and even assist in generating pipeline documentation (everyone’s least favourite task).

It’s value: Makes maintaining and improving existing pipelines faster, easier and more reliable.

2. It can suggest possible enrichments to your data – Copilot can also analyse your sample event data to highlight fields that could benefit from additional context such as geolocation or lookup-based enrichment. This helps you get the most out of your data without having to manually explore all enrichment options yourself.

Its value: Get richer, more insightful data quickly and simply.

3. Copilot can help create visualisations and dashboards in search – For Cribl Cloud customers who already use the Cribl search features, Copilot’s Visualisation Assistant can help to analyse your data and suggest charts and visualisations. These can be used as is or can be further refined to get the exact plots you need. This makes it much easier to explore your data, spot trends and present findings without having to manually create every visualisation.

Its value: Efficiently generate useful visualisations to gain insights from your data.

4. It can Structure data to match a standard schema – Many destinations require data follow specific schemas and improperly formatted events can result in dropped or rejected data. Copilot Editor has been optimised for transforming data into the OCSF, UDM, and ECS schemas. This is very useful as configuring data into specific schemas can be an arduous process however with this, Copilot can do a lot of the heavy lifting.

Its value: Easily ensure your data meets standard schemas.

5. It can help create custom event breaking rules – Copilot can assist in defining how incoming data should be split into individual events. This can be done by providing a sample and describing the desired structure and iterating to get the required format. This is particularly useful when wanting to configure more complex/irregular data and can help save lots of time.

Its value: Simplifies data ingestion, saving time and reducing complexity of event breaking.

Conclusion 

Overall, Cribl Copilot is a great tool to assist when using Cribl and by considering some of these features you can reduce the amount of time you are stuck manually creating pipelines, visualisations and event breakers. With AI being one of Cribl’s main focuses in the near future, the capability of Copilot is only going to increase, with automation becoming part of the natural workflow for Cribl engineers. 

To find out more about how Apto can help you with your Cribl deployment, including building capability and operating the platform, visit the Cribl section of our website.