@DivyaKaki    Once you configure NiFi to operate securely over https, TLS based authentication is required fro all NiFi node communications.  This requires that each node in your NiFi cluster has its own keystore.jks that meets the following criteria: 1. NiFi keystore can only contain ONE PrivateKeyEntry. 2. The keystore password must match the PriavteKeyEntry (Key password) or have no password on the key. 3. The PrivateKeyEntry can not use wildcards. 4. The PrivateKeyEntry must support both clientAuth and serverAuth ExtendedKeyUsage (EKU). 5. The PrivateKeyEntry must contain at least one Subject Alternative Name (SAN) that matches the hostname of the server on which the keystore is being used. The NiFi truststore will contain one or more TrustedCertEntries.  These are public keys used to verify trust of any presented client certificate during a TLS handshake.  You typically build one truststore which you then install on every NiFi server.  With self signed certificates, the public cert for every one of those must exist as an TrustedCertEntry in the common truststore.  Any self-signed user certificate must exist as a trustedCertEntry in the truststore as well.  If your PrivateKeyEntry was signed (issuer) by some certificate authority, then the complete certificate trust chain for that signed certificate should exist as TrustedCertEntries in your truststore.   NiFi nodes will use mutual TLS handshake when communicating with one another.  This means a NiFi nodes will be the clients at times and as servers at other times in the TLS handshake which is why the need for clientAuth and serverAuth EKUs. When it comes to user authentication in to NiFi, the default method is also TLS, thus requiring that you have a user certificate which can be trusted by the NiFi servers truststores.  NiFi can also be configured to support other methods for user authentication to include things like kerberos, LDAP, and OpenID connect. Details on how to use the NiFi TLS toolkit can be found here: https://nifi.apache.org/docs/nifi-docs/html/toolkit-guide.html#tls_toolkit Keep in mind that if you use this in standalone mode to create a keystore and trusttore for each node in your NiFi cluster, you will need to merge all the truststores created in to one truststore you will use on all hosts.  Plus you will need to import your user certificate public cert as well in to this truststore, so your user can authenticate. Hope this helps, Matt ... View more

@VijaySankar    What version of NiFi are your running? It is extremely likely you have encountered following bug: https://issues.apache.org/jira/browse/NIFI-6210 So if you are not running Apache NiFi 1.10 or newer, you are exposed to this bug specifically affecting the Hive 3 NiFi components.   Hope this helps, Matt ... View more

@JamesE  The ExtractText processor is used to extract text from the content of the FlowFie using a Java Regular Expression and insert that extracted text in to FlowFile attributes.   So using your FlowFile content example here: srcip=10.10.10.10 timestamp=152532431 action="denied" What is your desired end result? Three separate FlowFileAttributes? One for each "word" (srcip, timestamp, and action).  Assuming above, you would add three new properties to the ExtractText processor (one for each extracted value) as follows: For each dynamic property added via the "+" icon, The property name becomes the FlowFile attribute name and the resulting string from capture group within the Java regular expression becomes the value assigned to that new FlowFile attribute.   Hope this helps, Matt ... View more

@justenji    That bug was actually introduced through a change that went in to NiFi 1.8 that pushed included the enabled/disabled state to registry. But NiFi registry shipping at that time had not yet been updated to store this new parameter.   Do you still see the issue even after upgrading to NiFi-Registry 0.5? ... View more