Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

I have Zeek logs being ingested and being sent to Splunk via a Splunk Forwarder. I want to be able to catch this also in NiFi to be able to do some extra stuff to it, but I cannot see it using the usual processors as I think it is because of it monitoring the zeek logs constantly, and pushing them across, so it might seem to NiFi that there is no end of the file. There are delimiters within the Zeek logs - { }, but I am wondering if anyone else has tried this before with any success, as it seems I am the only one wanting to be able to do this. Whether it is because of the logs being sent across via the Splunk Forwarder, or because of the way the Zeek(bro) logs being monitored.

1 REPLY 1

avatar
Contributor

hello,

 

Have you tried with a syslog listener on Nifi side?