Skip to main content

Documentation Index

Fetch the complete documentation index at: https://jacobpevans-docs-automation-surface.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Where the Mac-side OS telemetry pack lives, how it gets onto the host, and which Splunk indexes it populates. Pack internals — Sources, predicates, override patterns, version-to-version changelogs — live in the repo’s own README.
This page is the homelab-integration view of cc-edge-the-mac-pack-io. It covers where the pack runs, what it sends, and how it slots into the wider observability stack. For the full Cribl-side reference — every Source, every input, anomaly-detection rules, override patterns, release notes — read the repo’s README.

Where it runs

The pack targets a native macOS Cribl Edge install, managed declaratively via the host’s Nix configuration. Three install constraints from this homelab’s posture:
  • The Edge install must be native to the Mac — exec inputs in the pack invoke macOS-only binaries (pmset, ioreg, powermetrics) and will not work from a Linux container.
  • The Mac runs Cribl Edge directly, not through OrbStack — the K8s cluster runs unrelated Cribl Edge instances for different workloads, and this pack does not target them.
  • A single Cribl Leader (the homelab one) controls the Edge fleet; pack updates propagate from the Leader, not from a developer laptop.

What it sends

Data lands in two Splunk indexes:
IndexContentUsed by
osmacOS unified logs (every Apple subsystem) and host-event signalsGeneral OS troubleshooting, security event search
mac_perfHost CPU/memory/disk/network/process metrics and per-process energyPerformance dashboards, capacity planning
Per-use-case filtering — security event extraction, performance triage, alerting rules — lives in Cribl Stream pipelines downstream of this Edge install, not in the pack itself.

Install

A new Mac joins the telemetry fleet by:
  1. Bringing up the Nix-managed Cribl Edge install (handled by the macOS host config — not Mintlify’s concern).
  2. The Leader pushes the pack on first heartbeat. No per-host install command.
For one-off testing on a Mac outside the managed fleet, the pack ships a .crbl artifact installable via Cribl’s REST API; see the repo README for that path. Production installs go through the Leader.

orbstack-kubernetes

The K8s cluster — runs unrelated Cribl Edge instances. This pack does not target that cluster.

Monitoring agents

Cross-stack view of every collector and where it runs.

Source on GitHub

The pack itself: every Source, every input, anomaly-detection rules, override patterns, release notes.