Command-line interface for the Cribl Cloud REST API. Manage pipelines, routes, sources, destinations, Edge fleets, search, health monitoring, FinOps billing, and 70+ resources from your terminal.
- Python 3.10+
# Clone and install in a virtual environment
git clone https://github.com/VisiCore/vct-cribl-cli.git
cd vct-cribl-cli
python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"Configure authentication via ~/.criblrc profiles, environment variables, or CLI flags.
# Create a profile for Cribl Cloud
cribl config set cloud \
--base-url https://your-org.cribl.cloud \
--client-id your-client-id \
--client-secret your-client-secret
# Set it as default
cribl config use cloud
# List profiles
cribl config listexport CRIBL_BASE_URL=https://your-org.cribl.cloud
export CRIBL_CLIENT_ID=your-client-id
export CRIBL_CLIENT_SECRET=your-client-secretSee .env.example for all supported variables.
cribl --base-url https://your-org.cribl.cloud --client-id ... --client-secret ... workers listcribl <command> <subcommand> [options]| Command | Description |
|---|---|
config |
Manage CLI configuration profiles |
workers |
Worker group management and deployment |
sources |
Source/input management |
destinations |
Destination/output management |
pipelines |
Pipeline management |
routes |
Route table management (insert-before-catch-all) |
search |
Search job submission, polling, and results |
notebooks |
Notebook management |
edge |
Edge node operations (system info, file inspect, errors, metrics) |
jobs |
Job management |
version |
Version and deployment management |
system |
System settings |
metrics |
Metrics queries |
kms |
KMS key management |
preview |
Pipeline preview |
logger |
Logger configuration |
profiler |
Profiler management |
health |
Health checks, reports, and CPU spike detection |
overview |
Environment summary |
alerts |
Alerts (scheduled saved searches) |
packs |
Pack export, install, upgrade, delete |
ingest |
Ingest dashboards and metric queries |
billing |
Billing usage and cost tracking |
finops |
FinOps consumption tracking and dashboards |
license-usage |
Daily license throughput metrics |
Factory-generated commands (52) — standard CRUD (list, get, create, update, delete)
ai-settings, alert-monitors, appscope, auth-settings, banners, certificates, collectors, conditions, credentials, dashboard-categories, dashboards, dataset-providers, datasets, datatypes, db-connections, encryption-keys, event-breakers, executors, feature-flags, functions, git-settings, global-vars, grok, hmac-functions, lake-datasets, licenses, lookups, macros, messages, notification-targets, notifications, outposts, parquet-schemas, parsers, policies, protobuf-libs, regex, roles, samples, saved-searches, schemas, scripts, sds-rules, sds-rulesets, secrets, storage-locations, subscriptions, teams, trust-policies, usage-groups, users, workspaces
# List all worker groups
cribl workers list
# Deploy config to a group
cribl workers deploy pi
# List sources for a group
cribl sources list -g defaultHybrid --table
# Create a file source
cribl sources create --type file --id my_source --path /var/log --filenames "*.log" -g pi
# Run a search and wait for results
cribl search run -q "dataset=='default_catch_all'" --earliest "-1h" --latest "now" --poll
# List edge nodes in a fleet
cribl edge nodes -f pi
# Inspect a file on an edge node
cribl edge fileinspect pi5-cribl /var/log/syslog -f pi
# Scan edge nodes for errors
cribl edge errors -f pi
# Environment overview
cribl overview summary
# Health report across all groups
cribl health report
# CPU spike detection for a group
cribl health cpu -g defaultHybrid
# Daily ingest dashboard
cribl ingest dashboard
# FinOps consumption tracking
cribl finops consumption
# Dry-run mode (preview API calls without sending)
cribl --dry-run sources list -g defaultAll commands default to JSON output. Use --table for tabular output where supported.
cribl workers list --table
cribl search results <job_id> --table# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Run a specific test
pytest tests/unit/test_routes.py
# Skip integration tests (default)
pytest -m "not integration"
# Run integration tests (requires live Cribl instance)
CRIBL_INTEGRATION_TEST=true pytest -m integrationcribl_cli/
api/
endpoints/ # Hand-written API endpoint modules
client.py # httpx client with auth interceptor
endpoint_factory.py # Generic CRUD endpoint factory
auth/ # OAuth2 token management
commands/ # CLI command implementations
command_factory.py # Auto-generates CRUD subcommands
registry.py # Declarative list of factory commands
config/ # Profile and config loading
output/ # JSON and table formatters
utils/ # Error handling, pagination, group resolution
tests/
unit/ # Unit tests (pytest + responses)
integration/ # Integration tests (gated)
| Doc | Description |
|---|---|
| Configuration | Profiles, environment variables, authentication, global flags |
| Command Reference | Every command, subcommand, option, and argument |
| Architecture | Codebase structure, design patterns, developer guide |
| Examples | Common workflows and scripting patterns |
Contributions are welcome! Here's how to get started:
- Fork the repo and clone your fork
- Create a feature branch:
git checkout -b my-feature - Install dev dependencies:
pip install -e ".[dev]" - Make your changes
- Run the tests:
pytest - Commit and push to your fork
- Open a pull request against
main
- All new commands should have corresponding unit tests
- Follow existing code patterns — use the command factory for standard CRUD, hand-written commands for anything with special logic
- Keep
--tableoutput support for any command that returns lists - Run
pytestbefore submitting — all 138 tests must pass - Do not commit credentials,
.envfiles, or~/.criblrcprofiles
Open an issue at github.com/VisiCore/vct-cribl-cli/issues with:
- What you expected vs what happened
- CLI command you ran
- Cribl version and deployment type (cloud/on-prem/hybrid)
MIT