SERIES E CLOSES AT $3.5B VALUATION 25% OF THE FORTUNE 500 ON BOARD GV LEADS $319M ROUND CRIBL STREAM HANDLES PB OF TELEMETRY DAILY CRIBL LAKE GA - TURNKEY OBJECT STORAGE $100M ARR IN UNDER 4 YEARS REMOTE-FIRST, ~1,100 EMPLOYEES SEARCH-IN-PLACE NOW STANDARD SERIES E CLOSES AT $3.5B VALUATION 25% OF THE FORTUNE 500 ON BOARD GV LEADS $319M ROUND CRIBL STREAM HANDLES PB OF TELEMETRY DAILY CRIBL LAKE GA - TURNKEY OBJECT STORAGE $100M ARR IN UNDER 4 YEARS REMOTE-FIRST, ~1,100 EMPLOYEES SEARCH-IN-PLACE NOW STANDARD
Cribl logo
The goat-sigil of enterprise telemetry, photographed in its natural habitat: a press kit.
YesPress / Company File No. 0042

Cribl

The vendor-agnostic data engine quietly rerouting the world's security telemetry - one terabyte at a time.

Founded 2018 San Francisco, CA $3.5B valuation ~1,100 employees Series E
SHARE / LINKEDIN SHARE / X SHARE / FACEBOOK SHARE / INSTAGRAM COPY URL
Dispatch / Who They Are Now

A polite middleman, sitting between every log and its destination

It is a Tuesday morning at a Fortune 100 bank, and somewhere in a data center an engineer is staring at a Splunk bill the size of a small country's defense budget. She has been here before. The numbers have gotten worse. Then she opens a browser tab, logs into Cribl Stream, and starts dragging boxes around like a sound engineer at a mixing console. Within an hour, a third of the noise has been routed to cheap object storage, the expensive stuff is going where the SOC analysts actually look for it, and the bill drops. Not by ten percent. By half.

This is what Cribl does. Not the marketing version. The actual one.

Today the company sits at the intersection of three things enterprises spend large sums to ignore: the explosion of telemetry data, the rigidity of legacy log analytics platforms, and the dawning realization that all those logs might, in fact, be a strategic asset. Cribl is the middleman who showed up to the negotiation with leverage.

Cribl doesn't generate the data. It doesn't store the data. It just decides where the data goes - which, it turns out, is the most valuable square inch of the entire stack. - YesPress, Company File 0042
The Problem

Telemetry is the new tax

Every modern enterprise produces an absurd, almost cartoonish amount of telemetry. Logs from web servers. Metrics from Kubernetes pods. Traces from microservices that exist for forty milliseconds and then politely die. Security events from endpoints, network gear, identity providers, cloud control planes. In aggregate, the average large enterprise produces more telemetry data in a week than it produced in the entire decade of the 2000s.

Most of that data does nothing. It sits in expensive indexes priced by the gigabyte, waiting for a query that will never come. Some of it does everything - it catches a breach, it explains an outage, it tells you that your most reliable customer is about to churn. The problem is that nobody can tell, in advance, which bytes are which.

So enterprises did the obvious thing. They ingested everything into the most expensive tool they owned, usually Splunk, and then watched their bills climb at a rate that made CFOs reach for the smelling salts. Then, to escape, they considered switching to a different vendor. Then they discovered that switching meant rebuilding every dashboard, every alert, every parser, every saved query. Lock-in, the modern version, dressed up in a hoodie.

The question wasn't "which vendor wins." It was "why does anyone have to win at all?"
The Founders' Bet

Three Splunkers walk into a sieve

Clint Sharp spent four years as a senior director of product management at Splunk. Ledion and Dritan Bitincka spent longer. Between them, the three founders had sat through every customer call where the conversation pivoted - inevitably, audibly - to the bill. They had heard the same complaint enough times to stop hearing it as a complaint and start hearing it as a market.

In 2018, in San Francisco, they incorporated Cribl. The name is an old English word for a sieve. The mascot is a goat. The bet was simple: if you could insert a neutral, vendor-agnostic engine between any data source and any destination, customers could keep their existing tools, drop the cost of ingestion, and finally - finally - decide for themselves what their data was worth.

The bet would have been laughable if it weren't true. Splunk, Elastic, Datadog and a dozen others had every incentive to keep the moat wide. Cribl's pitch was to fill the moat in.

"We exist to put customers back in control of their data." - Clint Sharp, Co-founder & CEO
2018Founded
3Co-founders
$592MRaised to date
$3.5BValuation
The Product

Four products, one job: don't be the bottleneck

Cribl began with Stream, an observability pipeline that sits between any data source and any destination. Logs come in. Useful logs go out. Useless logs go to object storage and never get indexed at full price. Sensitive logs get redacted in flight. The whole thing runs as a graph of nodes you can wire up in a browser, which feels - and is - a lot like Photoshop for telemetry.

Then came Edge, a lightweight collector that replaces the heavy, legacy agents companies installed in the late 2000s and have been afraid to touch ever since. Then Search, which lets analysts query data where it already lives, including in S3 buckets nobody bothered to index. Then Lake, a turnkey storage system for organizations who finally accepted that they wanted to keep everything but did not want to pay enterprise SIEM rates to do it.

Cribl Stream

The observability pipeline. Route, reduce, reshape and enrich any source to any destination.

Cribl Edge

Fleet-managed collection agent. The modern replacement for legacy forwarders.

Cribl Search

Federated search-in-place. Query your data where it already lives.

Cribl Lake

Turnkey telemetry storage at object-store economics.

None of these products, individually, would have been particularly remarkable. Stitched together, they are a category. The category is called observability data management, which is a phrase analysts invented after Cribl was already winning at it.

The best way to disrupt a software market is to refuse to compete in it. Cribl refused, and the market reorganized around the refusal.

Milestones, in order

2018
Cribl founded in San Francisco by Clint Sharp, Ledion Bitincka and Dritan Bitincka. All three came out of Splunk.
2020
Series A and B close back-to-back. Sequoia leads the B at $35M.
2021
$200M Series C on the back of rapid Fortune 500 adoption.
2022
$150M Series D. Cribl crosses 1,000 enterprise customers.
2023
$100M ARR reached - fourth-fastest infra company to centaur status. Cribl Search hits general availability.
2024
$319M Series E at a $3.5B valuation, led by GV. Cribl Lake reaches GA, completing the four-product platform.
The Proof

The customers, the receipts, the math

Twenty-five percent of the Fortune 500 are paying customers. Forty-three of the Fortune 100. The list runs across banks, retailers, telcos, federal agencies, biotech firms - the unromantic backbone of large-scale IT. Cribl rarely names them, because customers of this size do not like being named, which is itself a sort of proof.

The financial story is just as telling. Cribl crossed $100 million in annual recurring revenue inside its first four years - making it, by one ranking, the fourth-fastest infrastructure company to reach centaur status. The Series E in August 2024 was led by GV in what was reportedly one of its largest-ever investments. Total capital raised now exceeds half a billion dollars.

Cribl's funding climb

Series A '20
$11M
Series B '20
$35M
Series C '21
$200M
Series D '22
$150M
Series E '24
$319M

Funding rounds since 2020. Note the inflection between B and C - that is roughly the moment Cribl stopped looking like a tool and started looking like a platform.

The partnerships shelf

AWS. Deep integrations with S3, MSK and SES. Available on AWS Marketplace.

Microsoft Azure. Native connectors for Azure Monitor, Sentinel and Blob Storage.

Snowflake. Shaped telemetry feeds straight into the warehouse.

Splunk. The most common upstream and downstream destination - which is its own kind of irony.

CrowdStrike, Palo Alto, Sentinel. Pre-built routes and packs for the major SIEM and XDR platforms.

The Mission

Unlock the value of all data

Cribl's stated mission

Unlock the value of all observability data, on the customer's terms - any source, any destination, any format.

The phrase "on the customer's terms" is doing all the work in that sentence. It is the part vendors usually leave out, because including it is expensive. Cribl built a company on including it.

The culture matches the pitch. Remote-first from day one, distributed across the US, Europe and Australia, with a goat for a mascot and a relaxed willingness to talk about money in public. Cribl employees - the company calls them Criblanians, which is a name only a remote-first company could get away with - tend to come from the customers' side of the table. They have seen the bill.

A goat is not a glamorous mascot. It is, however, very good at climbing things that other animals quietly give up on.
Tomorrow

Why the next decade is even better for the middleman

The next ten years of enterprise IT are going to be defined by three things: AI workloads that produce more telemetry than any system before them, security teams under constant attack, and a regulatory environment that increasingly demands you keep records of everything. All three trends point in the same direction - more data, kept longer, queried harder, and reviewed by more people.

None of those trends are good news for vendors who price by the gigabyte. All of them are good news for the company that decides where the gigabytes go.

Cribl's next moves are obvious in retrospect, which is the cleanest signal you're building the right thing. More AI: pipelines that pre-shape data for LLM-driven analysis, which the company is already shipping. More search: federated query across more types of stores. More edge: collection from anywhere, including hardware nobody else can talk to. More lake: cheap, durable, neutral retention. The product surface grows. The pitch does not.

Back at the Fortune 100 bank, our engineer logs off for the day. The Splunk bill is no longer a crisis. The next outage will have searchable data behind it. The next breach will have months of context to investigate, instead of the seven days her old retention budget allowed. None of this is glamorous. None of it is the thing she will tell her family about at dinner. It is, however, the thing that lets the bank keep operating, and that is a kind of quiet revolution.

The middleman won. The middleman was Cribl.

The interesting companies of the 2020s aren't the ones inventing new categories. They're the ones noticing the seams between old categories and slipping in.

Links, receipts and rabbit holes

-> cribl.io (official) -> LinkedIn -> X / @cribl_io -> Facebook -> GitHub / criblio -> YouTube channel -> Product overview -> Press kit -> Series E announcement -> Wikipedia entry -> TechCrunch coverage -> YouTube product demos -> Clint Sharp interviews -> Cribl Community