Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

NiFi - Geo Enrich logs that are currently NOT in JSON format

NiFi - Geo Enrich logs that are currently NOT in JSON format

Explorer

Is it possible to geo enrich bro/zeek logs that are currently in this format? :

 

timestamp | uid | orig_ip | orig_p | resp_ip | resp_p | protocol | service | duration

 

If yes, then what is the easiest way to approach this?

 

If not, am I supposed to convert each entry into a JSON object, and then use GeoEnrichIP?

 

I was trying to do use the LookUpRecord processor as per the instructions here: https://community.cloudera.com/t5/Community-Articles/Geo-Enrich-NiFi-Provenance-Event-Data-using-Loo...

 

But I don't have a JSON object coming into it, so I don't know how to handle this. Could someone please help me out?

 

Don't have an account?
Coming from Hortonworks? Activate your account here