Support Questions

robnew666 · ‎11-23-2020

I have Zeek logs being ingested and being sent to Splunk via a Splunk Forwarder. I want to be able to catch this also in NiFi to be able to do some extra stuff to it, but I cannot see it using the usual processors as I think it is because of it monitoring the zeek logs constantly, and pushing them across, so it might seem to NiFi that there is no end of the file. There are delimiters within the Zeek logs - { }, but I am wondering if anyone else has tried this before with any success, as it seems I am the only one wanting to be able to do this. Whether it is because of the logs being sent across via the Splunk Forwarder, or because of the way the Zeek(bro) logs being monitored.

stephane_davy · ‎11-30-2020

hello,

Have you tried with a syslog listener on Nifi side?

Cloudera Community

Support Questions

What processor for Zeek logs via Splunk Forwarder

Re: Log Forwarding & Ingestion Patterns using MiNi...

Nifi Splunk syslog integration

Nifi 0.7 putsplunk processor to send log files to ...

Deep dive into YARN Log Aggregation / Deep dive in...

Jolt quick reference for Nifi Jolt Processors

Hue Query Processor - Change Log Location

How to set a processor to DEBUG when on Cloudera D...

Build Custom Nifi Processor

Syslog Forwarding to NiFi on your Mac

Setting up the Port Forwardings on HDP 2.5 Sandbox