Support Questions

Find answers, ask questions, and share your expertise

Error with ParseEvtx processor

avatar
Explorer

 

 

I am ingesting an evtx files that I generated from my Windows 11 machine into the ParseEvtx processor, however, its returning the below error. 

Please advise. Thanks!

 

03:52:24 UTC ERROR

ParseEvx[id=19268a43-0189-1000-8d15-39df0b19faac] Processing failed:
org.apache.nifl,processor.exception.ProcessException: [OException thrown from
ParseEv[id=19268a43-0189-1000-8d15-39df0b19faac]: java.lo.I0Exception:
Invalid minor version. Expected 1 got 2.

 

4 REPLIES 4

avatar

@devanand007,

I recommend you to provide a better description of your flow, if you would like to receive an answer to your question.

 

It would really help to know the NiFi Version and your Flow's logic.

From where are you getting the data?

How does it look before reaching ParseEvtx?

What properties you have defined in ParseEvtx?
And so on.

avatar
Explorer

cludera.png

 

Here is the snapshot of the flow

Getting data from an s3 bucket

using ParseEvtx to parse it

and forwarding data to Splunk via Splunk's HEC protocol

 

There wasn't much to configure in ParseEvtx other than the granularity which is set to "Chunk"

 

I then attempted to add sample data from this link - https://github.com/apache/nifi/raw/rel/nifi-1.0.0/nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-proces... which is provided within this forum post https://community.cloudera.com/t5/Community-Articles/Parsing-evtx-files-with-Apache-NiFi/ta-p/247550 and that evtx file was successfully parsed by the processor.

avatar

Well in this case, if everything works with the sample data, it means that there might be a problem with your data. I suggest you to compare the structure of the files (yours and the sample one) and see what are the differences. Maybe your files contains some invalid characters which eventually get false parsed by NiFi. Or your files contain to many lines and so on.

avatar
Community Manager

@devanand007 Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.  Thanks.


Regards,

Diana Torres,
Community Moderator


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: