Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Flow Analysis Rules (enforcing Best Practices in Flow Design)

Labels (1)
Labels:
avatar
author-rank mburgess author-rank
Master Guru

Created on ‎10-29-2025 12:27 PM

One of the most exciting and valuable features (in my opinion) of Cloudera Flow Management 4 (powered by Apache NiFi 2) is the Flow Analysis Rules engine and the various rule implementations you can bring to bear.

The Flow Analysis Rules Engine is a built-in capability to Apache NiFi 2 whose mission is to help Flow Administrators enforce Best Practices in flow design. This includes limiting how many resources (threads, memory, disk, etc.) a component can leverage. For example, a Flow Admin may want to restrict all processors to use a maximum of 10 concurrent tasks. One reason for this (especially in large flows) is to prevent a Flow Designer from "hogging" the threads away from other components / teams, or to maximize parallelization across physical CPU cores rather than concurrency (which can be viewed as "apparently parallel" but not truly parallel). The same goes for disk usage that can be enforced by limiting the size of a connection's backpressure settings to prevent too much data from amassing on disk without being able to be processed by the flow.

I start by showing a Flow Analysis rule and how to configure and enable for reporting warnings or violations. To create a Flow Analysis rule (which is a "management controller service"), go to the hamburger menu and select Controller Services. There is a tab for Flow Analysis Rules. Selecting that then the + icon on the right brings up the creation dialog:

mburgess_0-1761763809735.png

To start, we create a DisallowComponentType rule, then edit the configuration:

mburgess_1-1761763869223.png

Before we get into the properties for this particular, note the Enforcement Policy on the right. The current choices are Warn and Enforce:

mburgess_2-1761763938029.png

If a rule is set to Warn, a component that violates the rule can still be started and run, but the warning will show up on the Rules Violations report which I will show later. If a rule is set to Enforce, even if a component is configured correctly, it will be marked as Invalid and is unable to be started/run. This violation also shows up on the report. In this case I will set it to Enforce and move on to the rule-specific properties:

mburgess_3-1761764134274.png

There is a single property for this rule, namely the type of component that should be disallowed. I have chosen ExecuteScript to prevent any Flow Designer from using ExecuteScript as the script author can perform tasks that may be harmful to the larger CFM/NiFi instance.

I apply this change and return to the canvas, where I create an ExecuteScript processor and configure it so it would normally be ready to run:

mburgess_4-1761764337590.png

Going back to the rule, I will click on the sideways-ellipsis icon on the right and Enable the rule:

mburgess_5-1761764376809.png

Returning to the canvas again, I click on the "first-aid kit" icon on the top-right of the UI. With a Warning violation, the icon will turn orange and with a Enforced violation the icon will be red. Clicking on it brings up the Rules Analysis Report:

mburgess_6-1761764481407.png

Here you can see ExecuteScript has been marked invalid and the violation shows up under Enforced violations. Also, since the Rules Analysis Report is available on the global NiFi canvas, a violation might belong to a component deeply nested in the flow. Clicking on the sideways-ellipsis allows you to navigate in the canvas to the component in violation:

mburgess_7-1761764685926.png

This helps you quickly get to the offending component and take appropriate action.

Here's a list of Flow Analysis Rules available in Apache NiFi 2.6.0:

  • DisallowComponentType
  • RestrictBackpressureSettings
  • RequireServerSSLContextService
  • RestrictFlowFileExpiration

The following is the list of Flow Analysis Rules available in Cloudera Flow Management 4.11:

  • DisallowComponentType
  • RestrictBackpressureSettings
  • RequireServerSSLContextService
  • RestrictFlowFileExpiration
  • RestrictYieldDurationForConsumeKafkaProcessors
  • DisallowDeadEnd
  • RecommendRecordProcessor
  • RequireHandleHttpResponseAfterHandleHttpRequest
  • RestrictComponentNaming
  • RestrictConcurrentTasksVsThreadPoolSizeInProcessors
  • RequireMergeBeforePutIceberg
  • DisallowDeprecatedProcessor
  • DisallowConsecutiveConnectionsWithRoundRobinLB
  • DisallowExtractTextForFullContent
  • RestrictSchedulingForListProcessors
  • RestrictThreadPoolSize
  • RestrictProcessorConcurrency

With more on the way (both in Apache NiFi and Cloudera Flow Management) as more Best Practices are identified and the associated rules are implemented.

In this post I described the Flow Analysis Rules engine and its features and capabilities. Please put any questions or comments (and especially ideas for new rules!) in the comments.

255 Views
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
Community Announcements
September 2025 Community Highlights
What's New @ Cloudera
Upgrade Your Spark Experience: Introducing CDS 3.5 for Cloud...
View More Announcements
Version history
Last update:
‎10-29-2025 12:27 PM
Updated by:
Master Guru Master Guru
Contributors