Member since
07-30-2019
3471
Posts
1642
Kudos Received
1020
Solutions
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 186 | 06-03-2026 06:06 PM | |
| 471 | 05-06-2026 09:16 AM | |
| 905 | 05-04-2026 05:20 AM | |
| 518 | 05-01-2026 10:15 AM | |
| 641 | 03-23-2026 05:44 AM |
07-28-2021
10:53 AM
1 Kudo
@midee @janis-ax is correct that this is not possible. "ONLY" sensitive attributes can be encrypted/masked. Only component properties coded to as a sensitive property field would be able to decrypt an encrypted/masked value. If setting policies to block specific users from being able to view the data on these components, you may want to look at other options for performing these endpoint authentication/authorization actions. For example, with the NiFi endpoints you could use mutual TLS via certificates instead of token based authentication for accessing the endpoints. This does not mean you need to stop using or un-configure the token based authentication methods for access to your secured NiFi. If the endpoint you are trying to reach is not NiFi, you may want to see what other options it may offer for authentication that are not token based. Hope this helped, Matt
... View more
07-28-2021
10:40 AM
@midee You are using an InvokeHTTP processor to hit the rest-api endpoint of some authentication service to obtain a JWT Token, correct? The invokeHTTP processor gives you only two options for handling the response from the endpoint. Placed it in the content of the FlowFile or in to an attribute of the FlowFile. This means that any user who has been granted authorization to view the data of any component that this FlowFile will traverse can see the attributes and content of this FlowFile. There is no capability for the invokeHTTP to encrypt/mask the endpoint response in either options. Even if there was, this now masked/encrypted data would no longer be usable by downstream components. I suspect your plan is to then use this token to make additional requests to other endpoints later in your flow? Also keep in mind that a token generally has a limited lifespan. You should also have the ability to invalidate the token via another endpoint when you are done with it. So your options here are: 1. Limit user's access so they can not view the data in the dataflows that utilize this token so that they can't see the token in the content or attributes. If you are building the flow, then you know how to get the token so does not matter that you can see the token via the attributes or content. 2. Invalidate the token once done with it. Token can't be used anymore even if a user gained access to it later via looking at the content or attributes of a FlowFile. So you may consider building yoru flow to get a token --> use that token for other actions --> invalidate token (Using NiFi login authentication as a JWT token example, you hit the logout endpoint to invalidate the token on the server side. This means the client token will no longer work even if you have it still). Of course this means you flow needs to obtain a new token every time it runs. Issue here is if your flow utilizes same token for multiple FlowFiles. First FlowFile that hist logout will invalidate token other FlowFiles may try to still use. Note that the default life of a token issued by NiFi is 12 hours. After that the client token can't be used anymore and a new token would need to be obtained anyway (of course this age can be adjusted via the NiFi login provider configuration) If you found this answered your query, please take a moment to login and click "Accept" on the solutions that assisted you. Thank you, Matt
... View more
07-28-2021
10:18 AM
1 Kudo
@pritster5 The screenshot shared does tell us some the following: We can see on the AzureBlobStorage "0(2)" displayed in the upper right corner. This tells us that this processor still has two active threads that have been "terminated" manually by a user (Meaning user tried to stop processor but it failed to stop so the user selected terminate). Terminating threads simply tells NiFi to release the FlowFile associated to that thread back to the inbound connection queue it belongs to and set processor to send anything returned by those still running threads that are marked as terminated to null. So since we can tell you still have running threads, the question becomes... "What are these threads doing?" "Are these thread hung?" "Are thee threads just very long running?" I would suggest using executing following several times (1 - 3 minutes apart) to get a series o thread dumps: ./nifi.sh dump <filename fo dump> Then you should inspect those threads to see perhaps what they are waiting on or if they are making any progress (stack changes) between each thread dump. This will answer your questions above. Maybe connection to AzureBlob Storage is very slow? Maybe Host resources are high and your threads are waiting on CPU? etc... If you found this assisted with your query, please take a moment to login and click "Accept" on solutions that helped you. Thank you, Matt
... View more
07-28-2021
10:07 AM
2 Kudos
@robnew In addition to what @janis-ax suggested about setting bulletin level to none on the processor to stop WARN and ERROR level log output from that processor from being sent to the bulletin board, you could also suppress the logging of this processor class via the NiFi logback.xml file. Changing the bulletin level on a processor does not disable logging being produced by your processor code. That logging will still find it way in to the NiFi logs via the logback.xml even with bulletin level set to known. So though processor you can stop the bulletins and through NiFi's logback.xml you have additional options to send logging produced by your processor class to its own appender or one of the existing appenders already defined in that file. If you found the feedback provided to your query helped, please take a moment to login and click "Accept" on all solutions that helped. Thank you, Matt
... View more
07-13-2021
12:58 PM
@midee The invokeHTTP processor will not execute against multiple FlowFiles collectively. You need to have one FlowFile that contains both your token in a FlowFile attribute and the desired content you are trying to post in the content. The dataflow that obtains the token could be merged with the other dataflow that has yoru content. If you have multiple FlowFiles that will need to use the same token, yo could have to separate dataflows. One that gets the token and rights it to a distributed Map Cache via the PutDistributeMapCache processor. Second dataflwo the gets your content file and fetches the token via the FetchDistributedMapCache processor. Then you have one FlowFile with the token you need in an attribute and the content on the FlowFile to be transferred via InvokeHTTP. If you found this assisted with yoru query, please take a moment to login and click "Accept" on this solution. Thank you, Matt
... View more
07-13-2021
12:38 PM
@Ash1 Not clear from yoru query how files are getting into or out of your NiFi. Assuming you have already received a set fo FlowFiles for the day in to your NiFi dataflow, the best approach may be to notify if any fails to be written out /transferred at the end of your dataflow. In this manor not only would you know that not all Files transferred, but would know exact what file failed to transfer. There are numerous processors that handle writing out FlowFile content (transfer) to another source or local file system. Those processing components typically have relationships for handling various types of failures. These relationships could be sent through a retry loop via the RetryFlowFile [1] processor back to the same transfer processor that failed. You define in the RetryFlowFile processor how many times you want a FlowFile to traverse this loop. After X number of loop it would get routed out of the loop to your PutEmail [2] processor where you could dynamically set the email content to include attributes from that FlowFile like filename, hostname of NiFi that failed to transfer it, etc... From the PutEmail processor you could send that FlowFile to somewhere else for holding until manual intervention was taken in response to that email. [`1] https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.13.2/org.apache.nifi.processors.standard.RetryFlowFile/index.html [2] https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-standard-nar/1.13.2/org.apache.nifi.processors.standard.PutEmail/index.html If you found any of the response given here assisted with your query, please take a moment to login and click "Accept" on each of those solutions. Thank you, Matt
... View more
07-12-2021
01:27 PM
@LucasMorgado I don't see any ERROR? Was your old NiFi secured? Is the new NiFi secured? Along with your flow.xml.gz, did you also copy over your users.xml and authorizations.xml files to your new installation? Your screenshot indicates that your user is not authorized to see any of the components (Processors, Process groups, labels, etc), so they are all ghost implementations. Make sure your authorizers.xml is setup just like your old NiFi and that the above mentioned files were also copied over to your new install. NIFi only reads these files on startup. If you found this addressed yoru question, please take a moment to login and click "Accept" on this solution. Thank you, Matt
... View more
06-24-2021
05:34 AM
@midee I just ran the test myself with your sample as a one line formatted json and it still worked. {"expand": "renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations","id": "1155391","key": "DPGAUT-2","fields": {"customfield_10001": null,"customfield_10002": null,"customfield_10003": null,"customfield_10004": null,"customfield_10005": null,"customfield_10006": null,"resolution": null,"customfield_10101": "","customfield_10007": null,"customfield_10008": null,"customfield_10009": "This is required value","customfield_10010": null,"customfield_10011": null,"customfield_10012": null,"customfield_10013": null,}} Make sure your RouteOnContent processor dynamic property value does not have a line return in it. You'll notice it only shows "1" line above. If you see a "2" line then you have a line return in your Value field which would cause the issue you are seeing. Hope this helped, Matt
... View more
06-24-2021
05:22 AM
@Mahi123 Just to make sure i understand your use case correctly, you want to change the content only of your NiFi FlowFile? You have a NiFi FlowFile with following json content: {
"name": "Jon",
"title": "king of the nights watch"
} and you want to modify it to: {
"name": "Jon_<current date>",
"title": "king of the nights watch"
} I read your statement "I want to change the name of the file" as wanting to edit the filename and not the content of the file itself. Which is something totally different than above. Assuming you are looking to modify content and not the filename itself, you can do this using the ReplaceText processor after your EvaluateJsonPath processor. Search Value = ("name": "${name}") Replacement Value = "name": "${name}_${now():format('yyyy-MM-dd-HH-mm-ss')}" Replacement Strategy = Regex Replace Evaluation Mode = Line-by-Line NiFi typically has more than one way to satisfy the use case and there may be better option than the above using the various available record based processors. You may want to explore those as well. If you found this addressed your query, please take a moment to login and click "Accept" on this solution. Thank you, Matt
... View more
06-18-2021
09:15 AM
@techNerd Questions for you: 1. Is Computer B consuming all the files LocalFolder and from every sub-directory within c:\users\LocalFolder? If yes, then your SFTP processor should be configured to Search Recursively. 2. Once consumed by computer B, are the original file being left on Computer A? If yes, you do NOT want to use the GetSFTP processor as it will refetch the same files over and over again each time it executes since they are not being removed from Computer A. A typical dataflow here would look like this: The ListSFTP processor would be configured to use as follows: The "Tracking Entities" listing strategy will help when source files may have older timestamps than files previously listed from a different directory. Using this listing strategy requires you to set a "Entity Tracking State Cache". There are multiple cache services to choose from. I simply used the "DistirbutedMapCacheClientService" controller service which gets configured to point at a "DistributedMapCacheServer"controller service I also setup within the same NiFi. The "Remote Path" is set to the top most folder you want to start listing files from ( C:\User\LocalFolder\ ). The "Search Recursively" property is set to "True" so that any random new sub folders added are also searched. The "Success" relationship is then routed via a connection from the ListSFTP to the FetchSFTP processor. The FlowFiles produced by the ListSFTP processor will have numerous FlowFile Attributes set on them that will be used later to persist your directory structure and to fetch the content via the FetchSFTP processor. You can list the flowfiles on a queue and click the "view details" icon next to nay listed FlowFile to see the attributes currently assigned to that FlowFile. For example: filename = testfile-32.txt
path = /tmp/LocalFolder
sftp.remote.host = <SFTP server hostname>
sftp.remote.port = 22 Then if you look at attributes for file from an added SubFolder: filename = testfile-31.txt
path = /tmp/LocalFolder/SubFolder
sftp.remote.host = <SFTP server hostname>
sftp.remote.port = 22 The FetchSFTP processor then uses these attributes set on each FlowFile to fetch the actual content from the source SFTP server: Downstream in your dataflow after you have fetched the content, you can still use the Attributes on each FlowFile when working with yoru FlowFiles. For example using the "path" attribute to dynamically control where a FlowFile will be written on a target system (might be the local NiFi via PutFile processor, another SFTP server somewhere else, etc.). If you found this addressed your query, please take a moment to login and click "Accept" on all provided solutions that helped. Thank you, Matt
... View more