Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

how to extract specific lines in nifi from log files

Labels:
avatar
author-rank Anurag007
New Contributor

Created ‎12-16-2020 10:51 AM

Hi all,

 

New in NiFi. Hence need guidance on achieving the desired result.

Scenario:

1. Multiple log files 

2. each log file contains many lines 

 

Requirement:

1. Read each log file and extract only ERROR line from log files.

2,153 Views
0 Kudos
2 REPLIES 2

avatar
author-rank stephane_davy
Contributor

Created ‎12-16-2020 11:36 PM

hello @Anurag007 

 

Your description is a little bit 'dry'. Anyway, you can probably do what you want with the following processors:

- getFile (or better, listFile + fetchFile) to get the content of your files

- routeOnContent, which allows you to define some routing rules based on file content using regexp

 

You will find easily many examples of how to use these processors, probably using the search feature of this site

2,123 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎12-23-2020 01:39 PM

@Anurag007 

 

You did not share how your logs are getting in to your NiFi.

But once ingested, you could use a PartitionRecord processor using one of the following readers to handle parsing your log files:
- GrokReader
- SyslogReader
- Syslog5424Reader

You can then use your choice of Record Writers to output your individual split log outputs.
You would then add one custom property that is used to group like log entries by the log_level
This custom property will become a new FlowFile attribute on the output FlowFiles.

You can then use a RouteOnAttribute processor to filter out only FlowFiles where the log_level is set to ERROR.


Here is a simple flow I created that tails NiFi's app log and partitions logs by log_level and and then routes log entries for WARN or ERROR.

Screen Shot 2020-12-23 at 4.25.26 PM.png

I use the GrokReader with the following GrokExpression

%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}

I then chose to use the JsonRecordSetWriter 
My dynamic i added  property in the

Property  = log_level
Value = /level


In my RouteOnAttribute processor, I can route based on that new "log_level" attribute that will exist on each partitioned FlowFile using two dynamic property which each become a new relationship:

property = ERROR
value = ${log_level:equals('ERROR')}

property = WARN
value = ${log_level:equals('WARN')}

 

Hope this helps,

Matt

2,094 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements