allamiro/siem_pipeline_1.md

## siem_pipeline_1.md

      
    Raw
  

              siem_pipeline_1.md
            
          
Component
Description


Sources (Windowsdevices, Syslog, Linux , network devices, apps
Various data sources such as network devices, servers, applications, etc., send log data.


Logstash (1st Instance)
Collects and processes the raw log data from various sources and outputs it to Redis for buffering.


Redis
Acts as a buffering layer to handle high-throughput log data efficiently and ensure data persistence in case of Logstash or Elasticsearch downtimes.


Logstash (2nd Instance)
Pulls data from Redis, performs any additional processing or enrichment, and forwards the data to Elasticsearch.


Elasticsearch
Stores the processed log data and provides powerful search and analysis capabilities.


Kibana
Front-end visualization tool for Elasticsearch, allowing users to interact with and analyze the data.
Component	Description
Sources (Windowsdevices, Syslog, Linux , network devices, apps	Various data sources such as network devices, servers, applications, etc., send log data.
Logstash (1st Instance)	Collects and processes the raw log data from various sources and outputs it to Redis for buffering.
Redis	Acts as a buffering layer to handle high-throughput log data efficiently and ensure data persistence in case of Logstash or Elasticsearch downtimes.
Logstash (2nd Instance)	Pulls data from Redis, performs any additional processing or enrichment, and forwards the data to Elasticsearch.
Elasticsearch	Stores the processed log data and provides powerful search and analysis capabilities.
Kibana	Front-end visualization tool for Elasticsearch, allowing users to interact with and analyze the data.