Splunk IP suit against Cribl

flounder3

Splunk, as a company, is a shell of its former self. All they care about is pimping themselves out to maximize profits to an extreme that only Dilbert can relate to, even at the expense of destroying a long term professional relationship over trivial matters. They are more than happy to kill a deal over a 5% disagreement rather than understand the needs of a Fortune 500 customer and negotiate.

They are mad because Cribl is good at transforming data before it ingested by Splunk, so as to reduce the amount of data that is indexed. Period.

Splunk ONLY RECENTLY released “Ingest Actions” to filter data post-ingest (to avoid indexing) for their SaaS product — something that has always been a mainstay of their on-premise “Enterprise” product. Their ONLY suggestion to filter data that we didn’t care to index in early 2021? Cribl. There’s literally no other reason for us to use Cribl.

I’ve been paying for Splunk since 2008 and can’t wait to get away from them. Their sales teams have decayed into unethical slimebags and I am trying everything in my power to not renew our contracts with them. This just sealed the deal.

Source: I cut checks to Splunk for $x,xxx,xxx yearly

teraflop

On the one hand, taking code from your employer and posting it to GitHub with the copyright notices removed is about as clear-cut a case of copyright infringement as you can get -- if they have evidence. Should be easy to confirm or deny by looking at version control history.

(This seems to be the repository in question, but it's been taken down: https://web.archive.org/web/20210104032001/https://github.co...)

On the other hand, the patent claims referenced in the lawsuit seem to me like great examples of software patents that ought to be struck down for being uselessly over-broad. For example, I would love to hear an argument as to how the "'433 Patent" wouldn't be infringed by running Wireshark in a Kubernetes pod. That meets every single one of the claimed elements that Splunk is claiming Cribl is infringing.

doorsopen

From the lawsuit looks like the most clear cut evidence they have is:

- Founder publishing a private protocol definition to help in building for it

- Sales staff sending account and prospect info to their new cribl email addresses before leaving Splunk

- Engineers leaving Splunk with technical specifications, such as their newer S2S protocol versions

The patent stuff is kind of whatever, but all three of those items would be enough to establish some very clear damages. Cribls an exciting new player but they can't take shortcuts like this, if the allegations are founded.

badrabbit

Splunk is the best at what it does with no close competition.

I've been looking into Cribl and it seems their product has surpassed their competition as well but not in search, more in data summarization and log reduction, possibly before you ship it off to a more proper place like Splunk.

Splunk's cost makes it inaccessible to most people or companies. I mean, I work in infosec and I highly caution against Splunk because it is so amazing you will hate anything else but in security you need tons of otherwise rubbish data collected centrally sometimes and it will force you into a corner where you will say you can't afford to store that log you really should be storing. Better a crappy tool that can be used to find the logs you need than a nice tool that can only retain so much.

Cribl is supposed to help people reduce what they put i Splunk so they can keep using Splunk, it would have been nice if they partnered instead.

Graylog is another nice tool I like that is somewhat but only slightly similar to Cribl that was founded by a former Splunker out of frustration.

throwawanginee2

Splunk is a great tool but expensive. I like splunk's aggregation feature very much. If it is server logs, it can aggregate and tell me how many http 500 errors I have, how many requests resulted in 404 etc. It can tell me top IP addresses where I am getting requests from, etc.

I want to take a CSV file and provide same functionality. Eg. Give user information on how many times each field occurs. For example, if it is a CSV file with cities, countries, continents, I want to aggregate and tell how many cities are in each country and how many countries are in each continent.

Is there an open source version of splunk I can modify? I tried logstash but it is not straight forward to work with. It still needs me to define schema everytime.

Thx!

rmdoss

Hope Splunk loses. Trying to kill a good player that makes Splunk less expensive.

danielodievich

Dang! Back in early days of AppDynamics, the founder who started AppDynamics after working at CA got hit by CA lawsuit, which lasted for a while but eventually got settled. Similar allegations. it was highly unpleasant and detrimental to the IPO preps. Some of my colleagues from there went to Cribl and sure hope they aren't going to be impacted, but they likely will will.

smallerfish

Our alerting solution, "OpterVics", was bought by Splunk. Since then it's been a shitshow - the service is running, but it's almost impossible to get a response from support.

They sent us an invoice for renewal in early August. I replied back (5 separate times) asking for the original contract (our ops department is tightening up on vendor management, didn't have it on file already); and we've heard nothing. Our service has continued to work despite not having paid (or signed a renewal), but we're switching to opsgenie.

blarneyrocks

After reading the full lawsuit, I think Cribl has a real threat on their hands. They've been playing fast and loose with the rules for a long time. Exports of leads from departing Splunkers, using licenses they're not entitled to use, and yes, using proprietary code that was gathered through less than fully kosher means. While this doesn't look great for Splunk, they wouldn't have filed the suit if they thought they would lose.

wdb

Pretty happy with opentelemetry collector that allows to receive traces/metrics/logs etc in different formats and then cleanup the data and push it to aggregators like Splunk or Datadog. Makes it easy to switch when the tool I am using now gets a bit expensive for tracing

glonq

Splunk is/was a damn fine tool, but I had to stop using it 5+ years ago because they priced themselves out of the stratosphere.

PanosJee

Another funny tidbit:

> On March 24, 2017, a few months after his initial copying of Splunk’s source code, Mr. Sharp resigned from Splunk to co-found Cribl with Dritan Bitincka and Ledion Bitincka— both former software architects at Splunk.

Except that they didn't because initially the had created a company called diag.io that was focused on troubleshooting fault configurations.

sn0w_crash

PMs leave and start competing products. This stuff happens all the time.

Unless splunk has a smoking gun it’s hard to really take their side here.

PanosJee

Splunk now an IP bully?

Go Clint & Ledio!

kenm47

I’m currently working with a company in this space (axiom.co) and this shit scares me because it’s splunk scared. Maybe cribl did this? But the press release reads like a self-Pat on the back.

debacle

Splunk is great software.

With no details, hard to read this suit. Would need to know what evidence Splunk has that Clint Sharp stole source code. All the rest seems superfluous.

pharmakom

can anyone explain to a developer what splunk does?

_fat_santa

I would love to use splunk on some of my side projects. Does anyone know of a decent alternative for non-enterprise customers?

npalli

You can't start Cribl without some Crib.