Configuration ProcessConfiguration Process
The following flowchart describes the steps customers take to integrate Logstash with NetWitness, depending on their prior familiarity with and use of Logstash.
The following sequence describes the data flow from an event until it becomes NetWitness meta in a Log Decoder.
- An event source generates events.
- The collection plugin (for example a Beats plugin) collects events from the event source.
- Logstash processes the data from the events.
- A NetWitness codec encodes the Logstash-processed data into a format that can be consumed by NetWitness.
- An output plugin sends the processed event data to the NetWitness.
- A JSON parser populates meta from the processed event data.
