Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Logstash:DataFlow

Document created by RSA Information Design and Development Employee on Sep 9, 2020
Version 1Show Document
  • View in full screen mode
 

The following flowchart describes the steps customers take to integrate Logstash with NetWitness Platform, depending on their prior familiarity with and use of Logstash.

Logstash integration flow chart

The following sequence describes the data flow from an event until it becomes NetWitness meta in a Log Decoder.

  1. An event source generates events.
  2. The collection plugin (for example a Beats plugin) collects events from the event source.
  3. Logstash processes the data from the events.
  4. A NetWitness codec encodes the Logstash-processed data into a format that can be consumed by NetWitness Platform.
  5. An output plugin sends the processed event data to the NetWitness Platform.
  6. A JSON parser populates meta from the processed event data.

Logstash Deployment Architecture

Previous Topic:Overview
Next Topic:Install Logstash
You are here
Table of Contents > Dataflow

Attachments

    Outcomes