Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.


Document created by RSA Information Design and Development Employee on Sep 9, 2020
Version 1Show Document
  • View in full screen mode

This document is intended to provide a general overview of Logstash and NetWitness Platform integration. The intention is to provide enough implementation detail that users can have comfort using and troubleshooting these integrations on their own.

To describe Logstash, here is some introductory text from Logstash reference documentation:

Logstash is an open source data collection engine with real-time pipelining capabilities. Logstash can dynamically unify data from disparate sources and normalize the data into destinations of your choice…

From a NetWitness Platform standpoint, there are two basic use cases:

  • For customers that have an event source for which RSA NetWitness Platform does not already provide an integration, or if you want a customized integration that is different from the one provided by RSA.
  • For customers that already have an existing Logstash configuration, you can use Logstash to integrate as many of your event sources as you like. Integrating your event sources should be a matter of updating the destination for where you currently send the log information: either adding NetWitness Platform as a destination, or changing your current output destination to NetWitness.

The following diagram displays a view of how Logstash integrates with the NetWitness Platform.

Logstash integration with NetWitness diagram

Next Topic:Dataflow
You are here
Table of Contents > Overview