on Oct 15, 2020The NetWitness Export Connector is an input plugin for Logstash, used to export NetWitness Platform events and routes the data where you want, all in continuous, streaming fashion. Giving you the flexibility to unlock a variety of downstream use cases.
This plugin is installed on Logstash and integrates with NetWitness Platform Decoders and Log Decoders. This plugin aggregates meta data and raw logs from the Decoder or Log Decoder and converts it to Logstash JSON object, which can easily integrate with numerous consumers such as Kafka, AWS S3, TCP, Elastic and others.
Install NetWitness Export Connector on the Logstash service. To activate the connector, restart the Logstash service.
Work Flow of NetWitness Export Connector
Following diagram shows how NetWitness Export Connector works.
There are of three plugins available that helps with export.
- Input plugin
- Filter plugin (optional)
- Output plugin
- The Input plugin collects the events from the event sources. You must install the NetWitness Export Connector to collect events from Decoder or Log Decoder. The NetWitness Export Connector uses NetWitness API that collects the following data and forwards it as Logstash messages.
Meta data and raw log data from the Decoder
Meta data from Log Decoder
The data is then forwarded to the Filter plugin.
-
(Optional) The Filter plugin adds, removes, or modifies the received data and forwards it to the Output plugin. You can use the standard Logstash filter plugins to add, remove, or modify the data.
- The Output plugin sends the processed event data to the data warehouse destinations. You can use the standard Logstash output plugins to send the data.
