Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to convert unix timestamp to datetime in Apache NiFi?

Labels:
avatar
author-rank wojciech_leszcz
Explorer

Created ‎04-20-2018 01:31 PM

Hi everyone!
In my FlowFile, using components, I listen to logs from Squid in the form of txt. Then I add columns and separate the log elements. The output file is csv, because in the future it will be added to the Hive database.
The problem occurs when I want to change the type of the "datetime" variable from unix timestamp to the usual date time.

Based on this solution: https://community.hortonworks.com/articles/131320/using-partitionrecord-grokreaderjsonwriter-to-pars...

This is how the log sent by Squid looks like using a proxy:

1518442283.483 161 127.0.0.1 TCP_MISS/200 103701 GET http://www.cnn.com/ matt DIRECT/199.27.79.73 text/html

This is Grok Expression (in GrokReader😞
%{NUMBER:timestamp}\s+%{NUMBER:duration}\s%{IP:client_address}\s%{WORD:cache_result}/%{POSINT:status_code}\s%{NUMBER:bytes}\s%{WORD:request_method}\s%{NOTSPACE:url}\s(%{NOTSPACE:user}|-)\s%{WORD:hierarchy_code}/%{IPORHOST:server}\s%{NOTSPACE:content_type}

The following links include:
→ General appearance of components: https://imgur.com/a/fn2Q03N
→ Settings for the UpdateRecord component: https://imgur.com/a/E8gfMj8
→ Settings for the UpdateRecord/GrokReader(nifi_mid): https://imgur.com/a/l8He75D
→ Settings for the UpdateRecord/CSVRecordSetWriter: https://imgur.com/a/aqiZ98M

My problem is described on stackoverflow: https://stackoverflow.com/questions/48885675/conversion-unix-timestamp-attribute-to-normal-date

26,263 Views
0 Kudos
0
13 REPLIES 13

avatar
author-rank arald
Super Collaborator

Created ‎04-20-2018 03:25 PM

did you just left out the timestamp from the log entry, or is a log line exactly as you provided? In your example you only have 1 number preceding the IP address, but you try to read two numbers (timestamp and duration)?

21,614 Views
0 Kudos

avatar
author-rank wojciech_leszcz
Explorer

Created ‎04-23-2018 09:28 AM

I'm sorry, I did not paste the value for unix timestamp by mistake. My value for timestamp is 1518442283.483, and the next is:
duration: 161,
client_address: 127.0.0.1,
cache_result: TCP_MISS,
status_code: 200,
bytes: 103701,
request_method: GET,
url: http://www.cnn.com/,
user: matt,
hierarchy_code: DIRECT,
server: 199.27.79.73,
content_type: text/html.

21,614 Views
0 Kudos

avatar
author-rank isoardi
Expert Contributor

Created ‎04-23-2018 10:42 AM

Hi @Wojtek,

I believe the problem is that the format() function works only with numbers. Your timestamp has a '.' (dot) which makes it interpret as a string.

To solve the problem I have adopted the following EL un a updateAttribute processor:

${ts:substringBefore('.'):append(${ts:substringAfter('.')})
	:toNumber():format('MM/dd/yyyy HH:mm:ss.SSS')
}

ts attribute contains this value 1518442283.483
the result is 02/12/2018 13:31:23.483
I hope I have been of help
21,614 Views

avatar
author-rank wojciech_leszcz
Explorer

Created on ‎04-23-2018 01:29 PM - edited ‎08-17-2019 06:41 PM

Hello @Davide Isoardi,

thank you for your answer!
Is this how it should look like adding this method to the UpdateAttribute component?

71389-updateattribute.png
Unfortunately, but nothing has changed.

21,614 Views
0 Kudos

avatar
author-rank isoardi
Expert Contributor

Created ‎04-23-2018 01:58 PM

you must change the attribute on which to perform the transformation. I never used the GrokReader, but I believe you have to change ts to in timestamp in the EL string

21,614 Views
0 Kudos

avatar
author-rank wojciech_leszcz
Explorer

Created on ‎04-23-2018 02:40 PM - edited ‎08-17-2019 06:41 PM

I noticed, however, that the problem lies elsewhere. For example, I wanted to check if I change the value of the user attribute using the toUpper () function. Unfortunately, but at the exit the user's name was still written in lowercase.

71390-updateattribute.png

Result is:
datetime,duration,client_address,cache_result,status_code,bytes,request_method,url,user,hierarchy_code,server,content_type 1518442283.483,161,127.0.0.1,TCP_MISS,200,103701,GET,http://www.cnn.com/,matt,DIRECT,199.27.79.73,text/html

21,614 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎04-23-2018 02:47 PM

@Davide Isoardi

-

The UpdateAttribute processor does not read the content of a FlowFile. In order for the above Expression Language statements to work, the incoming FlowFile's must have FlowFile attributes "user" and "datetime" created on them.
-
Stop the UpdateAttribute processor and allow a few FlowFiles to queue. Then list that queue and verify what attributes currently exist on those listed FlowFiles.

-

Thanks,

Matt

21,614 Views

avatar
author-rank wojciech_leszcz
Explorer

Created on ‎04-24-2018 10:45 AM - edited ‎08-17-2019 06:40 PM

@Matt Clarke, thank you for your answer!
I turned off the UpdateAttribute component and turned on the entire flow again. Below are screenshots:

71430-off-updateattribute.png

71431-listqueue.png

71432-dataprovenance.png

71436-attributes.png

When I re-enabled the UpdateAttribute to component, the information about the attributes is such that @Matt Clarke is right ↓

71437-datetimeuser.png

21,614 Views
0 Kudos

avatar
author-rank isoardi
Expert Contributor

Created ‎04-23-2018 03:00 PM

sorry for the mistake, obviously the operation is performed on the attribute, not on the FlowFile. So you must first set the values you need in the attributes and then transform them.

Thanks @Matt Clarke

21,614 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements