Case Study: National Energy Company reduces Splunk license costs and improves global log routing with Cribl Stream

How A National Energy Company Leverages Cribl Stream to Support Critical Infrastructure Around the Globe

National Energy Company, a national energy provider operating subsidiaries and critical infrastructure across the globe, needed a way to manage huge volumes of security and log data across multiple regions, low-bandwidth links, and an air-gapped data center. Working with Cribl and its Stream product, the team wanted to route data efficiently to regional Splunk instances, a central SOC, and an MSSP while keeping logs clean, correctly tagged, and compliant.

Cribl Stream provided the data pipeline to filter, normalize, enrich, compress, and route logs from global sources, with persistent queuing to prevent data loss during outages. The result was faster incident detection and response, resolved bandwidth issues, and immediate value, including reducing the company’s Splunk license from 1.5TB to 1TB—a 33% savings—while giving National Energy Company greater control over its data flow.