Cribl Co-Founder Discusses Observability Trends (Part 1)

Recently, we had the opportunity to speak with Dritan Bitincka, co-founder of Cribl, an Observability Infrastructure vendor.  All three of Cribl’s co-founders were employees at Splunk, a leading observability vendor.  It was exciting to hear how Dritan’s experience with Splunk led him and his co-founders to seek a new place in the value chain in the observability market.  We also discussed the industry’s future.  The interview proceeded on three different tracks: (a) Mr. Bitincka’s Journey to Cribl, and (b) Industry Changes, and (c) The Future of Observability and Cribl.  A week after this post, we publish about Industry Changes and The Future of Observability.

Dritan Bitincka’s Journey to Cribl.  Dritan is the VP of products, and I noticed that he was very active in posting blog articles about the company’s first product, LogStream, in 2018 and 2019. By the time 2020 came along, Dritan’s posts were occasional (my favorite is here because it explains how simple it is to connect LogStream to Azure Sentinel), and he’s only posted once in 2021.  My takeaway, which Dritan confirmed, was that he has been very busy expanding his team and building new products, the typical next phase of a startup in growth mode.

I asked Mr. Bitincka what it was like moving from Splunk to becoming a co-founder at Cribl and found his response both interesting and informative.  First, Dritan said that when he was at Splunk, he saw the observability market through the lens of Splunk only.  But, what became clear is that many Splunk customers were using as many as a dozen other tools besides Splunk to perform observability.  This insight of the fact there are dozens of other tools out there is part of what drove the current products at Cribl because what Cribl’s LogStream product does is it integrates with many “sources” and many “destinations,” with Splunk being just one of them.  His second response was that Amazon S3 is one the biggest of the dozen data destinations that customers use and that customers are building analytical solutions on top of S3.  He is seeing his customers adopt S3 instead of local storage increasingly.  He explained that in the past, organizations would place their data into Splunk or Elasticsearch or other analytics solutions, keep it there for 90 days and then send it to archive.  These systems tend to be costly, explains Mr. Bitincka, and hence the data must be sent to archive.  But, sending the data to an archive means those organizations cannot use analytical tools on the data.  S3, though, while not as responsive as down to the millisecond range as local storage, is now quick enough, explains Dritan.  He explained that since S3 is far more affordable, the economics favor using S3 for both current and old data and then making the data accessible for periods much greater than 90 days.  And third, I asked Dritan to elaborate more on the trends between local storage and S3 (or other cloud object storage), and what I learned was that the Cribl team is getting a lot more customers requests for S3, or object storage in general.  More specifically, customers are “reading” the S3 data, which means they use it to do functions such as “data replay.”  Customer requests for object-based storage and for more object reading activity give Mr. Bitincka confidence that his customers will deploy in the cloud.

dritan-bitincka-of-cribl-november-2021_orig-5722372

Dritan Bitincka of Cribl November 2021

Mr. Bitincka’s background is in deploying multi-terabyte distributed systems, so I asked him to explain the challenges in deploying these kinds of large-scale systems.  I enjoyed this discussion because it shows that as the growth of the observability industry has soared, this growth has caused new headaches.  Dritan explained that he had deployed Splunk at somewhere around 150 customers in his years there.  During that time, he learned that it became increasingly difficult to manage the systems effectively as they got larger, and often customers would need external tools like Chef or Puppet to handle configurations.  The problem is that increasing the size of these systems to higher capacities when using these third-party tools became large drains on administrative or development operations professionals.  So, in Cribl’s system, these version-controlled, deployment and configuration authoring capabilities are built-in, and thus they’re more accessible for customers to deploy, maintain and increase capacity.  Additionally, he said Cribl’s products also have built-in health monitoring and native cloud tooling that deal with user and machine roles.