NetWitness Platform Online Documentation

Browse the official NetWitness Platform Online documentation for helpful tutorials, step-by-step instructions, and other valuable resources.

Options

Subscribe to RSS Feed

Bookmark

Subscribe

Printer Friendly Page

Report Inappropriate Content

Versions

Collections

All Downloads

Configure Logstash Filter Plugin (optional)Configure Logstash Filter Plugin (optional)

You can configure the Logstash Filter plugin to add, remove, or modify the specific input events from the Log Decoder or Decoder. To configure the Filter plugin, add the Filter plugin parameter settings in the second section of the Logstash configuration file (netwitness-<decoder-ip>-input.conf). This plugin modifies the events based on the parameter settings. You can use the existing standard Logstash filter plugins for adding the parameter settings to the configuration file. For more information on existing Logstash standard filter plugins, see Filter Plugin Documentation.

The configuration of the plugin must consist of the plugin name followed by a block of parameter settings for that plugin. The following is an example of Logstash mutate filter plugin configuration parameters that remove specific meta keys.

filter
{
mutate {
remove_field => ["ip_dst", "ip_addr"]
}
}

NetWitness Community

Table of Contents

Product Resources

Configure Logstash Filter Plugin (optional)Configure Logstash Filter Plugin (optional)

On this page