Support Questions

accsmtpsetup · ‎04-26-2018

p.p1 {margin: 0.0px 0.0px 10.0px 0.0px; line-height: 18.0px; font: 15.0px Arial; color: #404041; -webkit-text-stroke: #404041} span.s1 {font-kerning: none}

I am trying to route all lines of the Web access logs that have HTTP Status Code that is not equal to 200 to Splunk. While all the original logs are written to HDFS as is. Using this pipeline GetFile->RouteText->PutSplunk on one side of GetFile and another branch with GetFile->PutHDFS. Everything is working fine except that the filter in RouteText is passing all the logs files instead of only passing the log lines that have HTTP Status code that is not 200. Here is the Regex I am using ${line:getDelimitedField(8,' '):trim():equals(200):not()}

accsmtpsetup · ‎04-26-2018

${line:getDelimitedField(7, ' '):trim():toNumber():gt(200)}

This regex worked for me.

View solution in original post

accsmtpsetup · ‎04-26-2018

I have added some screen shots of the pipeline and the RouteText processors config

accsmtpsetup · ‎04-26-2018

Any help is greatly appreciated.

accsmtpsetup · ‎04-26-2018

${line:getDelimitedField(7, ' '):trim():toNumber():gt(200)}

This regex worked for me.

Cloudera Community

Support Questions

Nifi RouteText Regex issue