Configuration Process

The following flowchart describes the steps customers take to integrate Logstash with NetWitness Platform, depending on their prior familiarity with and use of Logstash.

Logstash integration flow chart

The following sequence describes the data flow from an event until it becomes NetWitness meta in a Log Decoder.

  1. An event source generates events.
  2. The collection plugin (for example a Beats plugin) collects events from the event source.
  3. Logstash processes the data from the events.
  4. A NetWitness codec encodes the Logstash-processed data into a format that can be consumed by NetWitness Platform.
  5. An output plugin sends the processed event data to the NetWitness Platform.
  6. A JSON parser populates meta from the processed event data.

Logstash Deployment Architecture