For Agents
Inspect and configure a Cribl Cloud workspace from outside the UI: list Workers and Edge Nodes, register destinations, browse search jobs, and read git and version metadata. Use it to automate observability pipeline operations.
Get started with Cribl API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"list cribl worker nodes"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Cribl API API.
Read the organisation-level git settings that govern Cribl-as-code commits
Register a new destination on Cribl Stream by posting to the system outputs endpoint
List every Worker and Edge Node attached to the workspace's Master node
Pull host metadata for a specific edge node to confirm its environment
GET STARTED
Use for: List all Worker and Edge Nodes connected to my Cribl workspace, Create a new Splunk destination in Cribl Stream, Get the running Cribl version and commit history, Retrieve git settings for the organization
Not supported: Does not handle pipeline rule editing, packs management, or full Cribl-as-code commits — use for workspace inventory and basic destination provisioning only.
Jentic publishes the only available OpenAPI document for Cribl API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for Cribl API, keeping it validated and agent-ready. Cribl is an observability data platform that includes Stream for routing telemetry, Edge for collection at the source, and Search for federated query across stores. The API gives programmatic access to organisation-level git settings, destinations on Stream, the inventory of Worker and Edge Nodes, edge host metadata, and search jobs, with a version endpoint that surfaces the running build for change-management workflows.
List recent search jobs across the workspace for audit and operational triage
Read the running Cribl version and commit history to confirm what is deployed
Patterns agents use Cribl API API for, with concrete tasks.
★ Pipeline destination provisioning
Add a new destination to Cribl Stream without clicking through the UI by posting the destination configuration to /system/outputs. Useful when a platform team is provisioning a fresh downstream sink such as Splunk, S3, or Elasticsearch as part of an infrastructure change ticket.
Call POST /system/outputs with the destination type, id, and target configuration to register a new Cribl Stream output.
Worker and Edge fleet audit
Audit which Worker and Edge Nodes are reporting in by listing them with GET /master/workers, then enriching individual edge entries with GET /edge/metadata for host detail. This supports change-management checks before pushing a new commit to the Cribl-as-code repository.
Call GET /master/workers, then for each suspect node call GET /edge/metadata and flag any whose host or environment fields disagree with the deployment manifest.
Search-job operations dashboard
Build a lightweight operations dashboard that lists recent Cribl Search jobs through GET /search/jobs alongside the deployed version from GET /version. The dashboard helps the on-call engineer spot stuck jobs and confirm the current build before opening a runbook ticket.
Call GET /search/jobs and GET /version, then render a table of recent jobs with their state alongside the running version and last commit.
Agent-driven Cribl operations through Jentic
Let an SRE agent answer 'is the new prod-2 worker registered?' by calling GET /master/workers via Jentic, without the SRE pasting tokens into the chat. Jentic searches for the worker-list operation, loads its schema, and executes it with the bearer key from the vault.
Through Jentic, run search('list cribl worker nodes'), load GET /master/workers, and execute it to return the list of attached Worker and Edge Nodes.
6 endpoints — jentic publishes the only available openapi specification for cribl api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/master/workers
List all Worker and Edge Nodes
/system/outputs
Create a destination on Cribl Stream
/system/settings/git-settings
Retrieve organisation git settings
/edge/metadata
Get host metadata for an edge node
/search/jobs
List search jobs
/version
Get running version and commit history
/master/workers
List all Worker and Edge Nodes
/system/outputs
Create a destination on Cribl Stream
/system/settings/git-settings
Retrieve organisation git settings
/edge/metadata
Get host metadata for an edge node
/search/jobs
List search jobs
Three things that make agents converge on Jentic-routed access.
Credential isolation
Cribl Cloud bearer tokens are stored encrypted in the Jentic vault. Jentic injects the Authorization header at request time, so the workspace token never appears in agent prompts, traces, or generated code.
Intent-based discovery
Agents search Jentic with intents like 'list cribl workers' or 'create a cribl destination' and Jentic returns the matching GET /master/workers or POST /system/outputs operation along with its schema.
Time to first call
Direct integration: half a day to wire workspace URL templating, bearer auth, and error handling. Through Jentic: under 30 minutes to discover the right operation and execute the first call.
Alternatives and complements available in the Jentic catalogue.
Splunk
Common destination for Cribl Stream output, often paired for ingest cost control.
Use Splunk alongside Cribl when the workflow is 'route a subset of telemetry into Splunk', registered as an output via POST /system/outputs.
New Relic
Full-stack observability platform that overlaps with Cribl Search for telemetry queries.
Pick New Relic when teams want a single hosted backend for metrics, traces, and logs; use Cribl when they need a routing and reduction layer in front of multiple sinks.
Elastic Kibana
Common destination and search front end paired with Cribl-routed log data.
Use Elastic with Cribl when teams keep Elastic as a search backend and want Cribl to control which events make it into the index.
Specific to using Cribl API API through Jentic.
Why is there no official OpenAPI spec for Cribl API?
Cribl documents its API in the cribl-as-code section of its docs but does not distribute a maintained OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call Cribl API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the Cribl API use?
The API uses HTTP bearer authentication. Generate a Cribl Cloud token from your workspace and pass it as 'Bearer <token>' in the Authorization header. Through Jentic, the token is stored encrypted in the vault and applied at execution so it never enters the agent's prompt.
Can I create a Cribl Stream destination through the API?
Yes. POST /system/outputs creates a destination in Cribl Stream. Provide the output type and its connection details in the request body and the response includes the registered output's identifier.
How do I list Worker and Edge Nodes in my Cribl workspace?
Call GET /master/workers from your workspace's base URL. The response includes every Worker and Edge Node connected to the Master, which is the right entry point for fleet inventory or change-management checks.
What are the rate limits for the Cribl API?
The published OpenAPI spec does not declare numeric rate limits. Cribl Cloud applies workspace-level fair-use limits, so check the response headers and your plan in Cribl Cloud. Build retries with backoff around HTTP 429 responses, particularly on POST /system/outputs.
How do I check my Cribl deployed version through Jentic?
Install Jentic with pip install jentic, then async-search for 'get cribl version'. Jentic returns GET /version; load and execute it, and Jentic injects the bearer token from the vault. The response contains the running version and recent commit history.
/version
Get running version and commit history