-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathLogstash.html
More file actions
12 lines (12 loc) · 1.48 KB
/
Logstash.html
File metadata and controls
12 lines (12 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
<!doctype html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Logstash</title>
<meta name="generator" content="CherryTree">
<link rel="stylesheet" href="res/styles3.css" type="text/css" />
</head>
<body>
<div class='page'><h1 class='title'>Logstash</h1><br/><h1>Logstash<br /></h1><br /><h2>• Logstash is a utility that can ingest logs from various sources, including winlogbeat and filebeat then do additional parsing, filtering, and output the data<br />• Instead of sending output from Filebeat and Winlogbeat directly to Humio, it could also have been sent to Logstash and Logstash could have sent it to Humio<br />• Logstash has the concept of input, filter, and output<br /> ◇ Input is all the different ways it can ingest data<br /> ◇ Filter can work with the data to parse it, do lookups on the data, perform manipulation such as drop an event or change fields, and etc...<br /> ◇ Output part can output the data to various ways</h2><br /><h2>• It is possible to use logstash to enrich data such as network traffic data with Geoip information<br /> ◇ in addition to that, it's possible to lookup ingest data against an IOC list or asset list</h2><br /><h2>• Logstash can always output the data to other log management software such as Elasticsearch, Graylog, and etc... if a change is required</h2><br /><br />More information: <a href="https://www.elastic.co/logstash">https://www.elastic.co/logstash</a></div>
</body>
</html>