@SandyClouds  The rest-api output does nit match with your other image's authorizations.  I am going to guess that the rest-api call you made did not include a certificate?  Your bucket image shared shows that the bucket "my_bucket" was created as a "public" bucket meaning that anyone can view that bucket and the flows stored within that bucket (Rest-Api call returned "canRead: true" and canWrite: false", i'd expect both of these to return true if you passed a certificate for localhost or new_admin as your other image shows read, write, and deleted authorized for those users on "my_bucket".  In order to see a bucket in NiFi when starting version control on a process group, The authenticated user in NiFi must be authorized "write" on the bucket.    The permission required are: 1. NiFi node certificate must have "clientAuth and serverAuth extendedKeyUsage" and that clientAuth certificate needs to be authorized for Read,Write, Delete on "Can Manage Bucket" and "Can Proxy User Requests".  NO other authorizations are needed for the NiFi node certificate. 2.  The Authenticated User in NiFi which is being proxied via the NiFi node certificate needs to be authorized for the following on any bucket that users wants to use:    2a:  READ - ability to import a version controlled flow from the NiFi-Registry bucket.    2b:  WRITE - ability to start version control or commit new version of a flow to NiFi-Registry    2c:  DELETE - ability to delete a flow from a bucket via the NiFi-Registry UI. So I would start by getting a verbose listing of the keystore used in nifi.properties file to make sure that the PrivateKeyEntry has clientAuth as an ExtendedKeyUsage (EKU). Then I would uncheck the "make publicly visible" box for your "my_bucket" and make your rest-api call again to see what permissions your NiFi node certificate (localhost) and new_admin have.  Remember that what is returned by that call dictates what will show in the various UIs within NiFi.   If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt   ... View more

@sarithe  The NiFi components (Processors, input ports. output ports, funnels, etc) will request a thread from the configured "Max timer Driven thread" pool in NiFi each time the processor is scheduled to execute.  Adding more components will NOT increase the size of the thread pool (which is only set to 10 default out of the box).  Generally speaking, The recommended starting size for your "Max Timer Driven Thread" should be 2 - 4 times the number of cores you have on yoru NiFi server (Example - 16 cores would have thread pool set between 32 and 64).  After adjusting your thread pool, you should monitor CPU utilization on your server while your dataflows are being executed within NiFi.  You may find that your NiFi components execute very fast threads (milliseconds) and cpu load average remains low meaning you could set the thread pool even larger.  Or you find your core load average remains very high meaning you should reduce your thread pool size.    The configuration for the "Max Timer Driven Thread" can be found from NiFi UI --> Global menu (upper right corner) --> Controller Settings Note: There is also an "Event Driven Thread Pool" which you should NOT edit.  It is used by processors that have been configured to use the "Event Driven" scheduling strategy (No processors use this by default).  This strategy was experimental and has been deprecated. It willl be removed completely in next major Apache NiFi release. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more

@c3turner7  What version of Java are you suing with your Apache NiFi 1.22? ... View more

@scheeri    FIFO is the default priority of a connection queue; however, if you have more then one concurrent task on a processor, multiple FlowFiles from the source connection can be executed about concurrently.  This means that one of those concurrent execution may complete before the other leading to FlowFile no longer being in same order in follow-on connections.   If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more

@shilpa_nifi  Would be very helpful if you could provider more detail around what you are seeing and what you want to see.  The more detail you can provide, the better answer you'll get.   Thanks, Matt ... View more

@RalphA @udayAle  I encourage you to raise your question as a new question in Cloudera Community rather then asking your question as a comment on an existing article.  You can certainly. reference this article in your new community question.  You'll get better visibility that way to you query. Thank you, Matt ... View more

@agrayush  Once you secure NiFi and/or NiFi-Registry (configured for HTTPS), MutualTLS based authentication will always be supported.  When you access the HTTPS URL for either service, in the TLS exchange the service (NiFi or NiFi-Registry will "WANT" a client auth certificate).  When a client certificate is NOT provided, the services will attempt to authenticate the user/client via another configured Authentication method.   My guess here is that when you originally secured your NiFi and NiFi-Registry services, you used the TLS toolkit to create your user/client certificate which you then loaded into your browser.  When you accessed the service, the browser presented that client certificate (depending on browser you may have even been prompted by the browser to confirm using the certificate).  At this point the browser retains your certificate. preference for the target URL(s).  Now that you have configured another authentication method, the browser is still going to present that certificate and the service us going to take it.  You can not disable client certificate authentication as it is the only supported auth method for connecting between nodes in a NiFi cluster and NiFi authentication with NiFi-Registry. I suggest you remove the sys_admin certificate from your browser, clear all cookies/site data from your browser, and and then restart the service again. If you found that the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more