Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Nifi RouteText Regex issue

avatar

p.p1 {margin: 0.0px 0.0px 10.0px 0.0px; line-height: 18.0px; font: 15.0px Arial; color: #404041; -webkit-text-stroke: #404041} span.s1 {font-kerning: none}

I am trying to route all lines of the Web access logs that have HTTP Status Code that is not equal to 200 to Splunk. While all the original logs are written to HDFS as is. Using this pipeline GetFile->RouteText->PutSplunk on one side of GetFile and another branch with GetFile->PutHDFS. Everything is working fine except that the filter in RouteText is passing all the logs files instead of only passing the log lines that have HTTP Status code that is not 200. Here is the Regex I am using ${line:getDelimitedField(8,' '):trim():equals(200):not()}

1 ACCEPTED SOLUTION

avatar

${line:getDelimitedField(7, ' '):trim():toNumber():gt(200)}

This regex worked for me.

View solution in original post

3 REPLIES 3

avatar

I have added some screen shots of the pipeline and the RouteText processors config

72479-screenshot-2018-04-26-100030.png

72480-screenshot-2018-04-26-100000.png

avatar

Any help is greatly appreciated.

avatar

${line:getDelimitedField(7, ' '):trim():toNumber():gt(200)}

This regex worked for me.