Cribl builds its own data lake
Cribl
Cribl Lake turns Cribl from a cost saving layer in front of Splunk and Datadog into a place where the data can live long term. That matters because the expensive part of observability is not just moving logs around, it is keeping huge volumes searchable for months or years. By adding its own lake, Cribl can capture storage spend, bundle search with routing, and give security teams a cheaper home for raw data they still need for audits and investigations.
-
Cribl started by stripping and rerouting noisy machine data before it hit priced by volume tools like Splunk, often saving customers 30% to 90% on those bills. Lake extends that same pitch one step backward, from send less data to expensive tools, to keep more data in Cribl's own lower cost store.
-
The product logic is concrete. A security team can send a small slice of urgent events into a SIEM for alerts, while parking the full firehose in Lake for later search. Cribl pairs that with a free tier of up to 1TB per day, which lowers the barrier to making Cribl the system of record for telemetry retention.
-
This also follows the playbook of the incumbents, but from the opposite direction. Splunk historically bundled ingest, indexing, and analysis into one expensive stack. Datadog bought Vector and Splunk launched Ingest Actions to control data earlier in the pipeline. Cribl is now building the rest of that stack around its router, with Edge, Search, and Lake.
The next step is for Cribl to become the default control plane for telemetry, where collection, filtering, retention, and search all happen in one workflow before any data reaches an incumbent platform. If that continues, Cribl can keep taking share from usage based observability vendors, while expanding from a budget optimization tool into core infrastructure for security and IT operations.