ExtractGrok
Description
Evaluates one or more Grok Expressions against the content of a FlowFile, adding the results as attributes or replacing the content of the FlowFile with a JSON notation of the matched content
Tags
delimit, extract, grok, log, parse, text
Properties
In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Grok Expression * | Grok Expression | Grok expression. If other Grok expressions are referenced in this expression, they must be provided in the Grok Pattern File if set or exist in the default Grok patterns | ||
| Grok Patterns | Grok Pattern file | Custom Grok pattern definitions. These definitions will be loaded after the default Grok patterns. The Grok Parser will use the default Grok patterns when this property is not configured. | ||
| Destination * | Destination | flowfile-attribute |
| Control if Grok output value is written as a new flowfile attributes, in this case each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." or written in the flowfile content. Writing to flowfile content will overwrite any existing flowfile content. |
| Character Set * | Character Set | UTF-8 | The Character Set in which the file is encoded | |
| Maximum Buffer Size * | Maximum Buffer Size | 1 MB | Specifies the maximum amount of data to buffer (per file) in order to apply the Grok expressions. Files larger than the specified maximum will not be fully evaluated. | |
| Named captures only * | Named captures only | false |
| Only store named captures from grok |
| Keep Empty Captures * | Keep Empty Captures | true |
| If true, then empty capture values will be included in the returned capture map. |
Dynamic Properties
This component does not support dynamic properties.
Relationships
| Name | Description |
|---|---|
| matched | FlowFiles are routed to this relationship when the Grok Expression is successfully evaluated and the FlowFile is modified as a result |
| unmatched | FlowFiles are routed to this relationship when no provided Grok Expression matches the content of the FlowFile |
Reads Attributes
This processor does not read attributes.
Writes Attributes
| Name | Description |
|---|---|
| grok.XXX | When operating in flowfile-attribute mode, each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." For example,if the grok identifier "timestamp" is matched, then the value will be added to an attribute named "grok.timestamp" |
State Management
This component does not store state.
Restricted
| Required Permission | Explanation |
|---|---|
| reference remote resources | Patterns can reference resources over HTTP |
Input Requirement
This component requires an incoming relationship.
System Resource Considerations
This component does not specify system resource considerations.