@Derek Calderon Just to add to the best recommend option made by @Wynner above, the PersistentProvenance implementation is old and known to be slow when dealing with high volumes of events. The WriteAheadProvenance implementation if the much faster replacement. Are you positive current configuration is using WriteAhead? Was NiFi restarted after making the change? If so, consider increasing these provenance configuration property: nifi.provenance.repository.concurrent.merge.threads You may also want to look into if disk I/O is an issue. Have you configured the NiFi provenance, content, and flowfile repositories to each have their own dedicated disks? The VolatileProvenance implementation is held in the NiFi JVM's heap memory space. Setting the number of retained events too high can lead to OOM issues in NiFi. In addition, since it is held in heap, all events are list anytime the NiFi JVM restarts. ... View more

@3nomis MergeContent should be using Defragment. There is no default value for Max Bin Age, so not sure what you set there. If left blank, processor will wait for ever to merge a bin unless you run out of bins. Also make sure you adjust the object and size thresholds on the connections feeding the MergeContent processors so that they are large enough to accommodate the number of splits that need to be merged. Considering the size of the FlowFiles being merged, it may take time to merge all of them. as far as bins, try setting 21 of them. Thanks, Matt ... View more

@Mahadevan Ganesan Could possibilities come to mind here: 1. Based on your screenshot provided, you have configured a Max Bin Age of 2 minutes. The timer on a Bin starts when the first FlowFile has been allocated to that bin. It is possible that your bin is being merged at 2 minutes when it still has fewer than the desired 100 FlowFiles allocated to it yet. Try setting Max Bin Age to a higher value and see what the results are. 2. You have 10 allocated bins, but have possibly 10 or more unique schemas being used by your JsonTreeReader. Since only FlowFiles with like schemas will be allocated to the same bin. If when allocating a new FlowFile to a bin and that new FlowFile does match any existing bin, it will be allocated to a new bin. if no free bins exist, the oldest bin will get merged to free a bin. Verify all 100 source FlowFiles use exact same schema. Thanks, Matt ... View more

@3nomis How many unique sourced FlowFiles (very start of flow before first split) are you working with? Is it possible you do not have enough bins configured on your MergeContent? What is the Max Bin Age set to on your mergeContent processor? If you remove or set it to a much higher value do you then see merging happening correctly? ... View more

@3nomis I just ran a small test flow to double check that a triple split and triple merge worked. I attached template of above test flow for your reference: Multi-stage-Split-Then-Merge.xml Hope this helps. Thanks, Matt ... View more

@3nomis I suggest inspecting your FlowFiles in the connection before the final mergeContent to see what values have been assigned to these three attributes (fragment.identifier, fragment.count, and fragment.index) since the error you are seeing says the fragement.index does not contain an integer value. ... View more

@Josh Nicholson When using the kerberos-provider via the login-identity-providers.xml file. The user's full kerberos principal is going to be used every time. You can ignore the "default realm" property in the kerberos-provider provider (NiFi's code does not actually use it right now --> https://jira.apache.org/jira/browse/NIFI-6224 ) So when a user enters a username that does not include the "@<realm>" portion, the default realm as configured in the krb5.conf file configured in the nifi.properties file is used. That full DN is then passed through your configured identity.mapping.patterns. This means you need to have a pattern that matches on: ^(.*?)@(.*?)$ And a resulting value of: $1 so that only the username portion is then passed on to your configured authorizer. In the case of some user coming in with just username and other with full principal names... Those user coming in with just usernames must not being authenticated using the login provider. Even with a login provider configured the default TLS/SSL authentication is attempted first. So if these users have a trusted client certificate loaded in their browser it will be presented for authentication to your NiFi and those user will never see the login window. From a user certificate the full DN will be used to identify the user. That full DN is likely matching on your existing mapping pattern resulting in just the username you are seeing. So it is important that you not remove this existing mapping pattern, but instead add a second. nifi.security.identity.mapping.pattern.<any string> nifi.security.identity.mapping.value.<any string> Patterns are searched in a alpha-numeric order. First matching regex will be applied. Thank you, Matt ... View more

@Lester Martin Thank you for bringing this to my attention. I have updated the above article to include a link to a great blog written by a friend of mine about the new load-balanced connection capability introduced in Apache NiFi 1.8. ... View more

@Voruganti Vishwanath *** Community Forum Tip: Try to avoid starting a new answer in response to an existing answer. Instead use comments to respond to existing answers. There is no guaranteed order to different answer which can make it hard following a discussion. Without the verbose output for for your client/user certificate and the NiFi truststore.jks file, it is a little difficult to help troubleshoot this issue. Running the following command with help me understand what the secured NIFi is presenting in the Server Hello portion of the TLS/SSL handshake: openssl s_client -connect 192.168.1.145:8087 Within the output of the above you will find a section "Acceptable client certificate CA names" which will be a list of trusted authorities. You need to make sure that the complete trust chain for your client/user certificate is included in the list of authorities. Did you try loading your certificate in another browser like Firefox? Did you try clearing your cache in Chrome? Thank you, Matt ... View more

@Voruganti Vishwanath By default when NiFi is secured it requires that user authenticate themselves via client/user certificate. If an alternate authentication method has been enabled and the user has not presented a client certificate in the TLS/SSL handshake, then NiFi will redirect to that alternate authentication method. NiFi can be configured to support these additional authentication methods (keep in mind that TLS/SSL authentication is always enabled and checked first): Spnego LDAP (Login based provider) Kerberos (Login based provider) OpenID connect (Login based provider) Knox SSO (Login based provider) The ERROR you are seeing displayed in your browser indicates that your browser did not present a user/client certificate to your secured NiFi instance. There are a couple reasons this can happen:> You do not have a client/user certificate loaded in to your browser. The client/user certificate you have loaded in your browser was not presented to NiFi because it is not trusted by your NiFi. The truststore.jks you setup for NiFi when you secured it contains all the certificate authorities that your NiFi is capable of trusting. That means there must be a trustedCertEntry in your NiFi truststore.jks that matches the issuer of your client/user private certificate. If you have a login-provider like "ldap-provider" configured in your NiFi authorizers.xml file, make sure you have configured NiFi to use that login provider in the nifi.properties file. NiFi does not provide a method to create locally managed users for login based authentication. Locally defined users/groups only exist to handle the authorizations of already authenticated user identities. I hope this get you going in the direction needed to get secured access to your secured NiFi working for you. Thank you, Matt If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link. ... View more

@BVS REDDY NiFi does not produce the alert message you are showing above. Where did you see this alert displayed? All NiFi's logging is controlled by the logback.xml file found in NiFi's conf directory. There are three default logs that NiFi creates and writes log entries. nifi-bootstrap.log <-- Should be relatively small by default and log info related to NiFi bootstrap process. nifi-user.log <-- Only used when NiFi has been secured. This log contains logging about user/client authentication and authorizations requests. nifi-app.log . <-- These logs can become very large depending on a couple factors. The number of components (processors, controller services, reporting tasks, etc.) added to NiFi canvas. The volume of FlowFiles passing through components. By default the log level is set to "INFO" in older NiFi releases which results in above mention potentially large output. The newest version of added a new logger to the logback to set processor specific logging to "WARN" log level. NiFi I would suggest editing your default NiFi logback.xml as follows: Within the "appender" for the nifi-app.log add a ".gz" to the ned of the "fileNamePattern" line so that rolled logs are compressed to reduce disk usage. Check for existence of this logger "<logger name="org.apache.nifi.processors" level="WARN"/>" If it exists, make sure it is still set to "WARN" If it does not exist, add it. Tail your nifi-app.log file (tail -F <path to NiFi logs>/logs/nifi-app.log) and see if your NiFi flows are producing a lot of WARN or ERROR level log outputs. If so, address those ERRORs and WARNs to reduce amount of logging that is occurring. Thank you, Matt If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link. ... View more

@Victor L Please share your ExtractText processor configuration and the java regular expression you are using. I just tested using your json example above and was able to extract complete content without issue. I used ^\[(.*)\]$ and also used ^\[(.*?}),(.*?)\]$. Both worked with latter creating a different attribute for each user json. Thanks, Matt ... View more

@Lester Martin With the latest version of NiFi it is no longer necessary to use a Remote Process Group (RPG) to redistribute FlowFiles within the same NiFi cluster. A new FlowFile load balancer capability has been added to connections between processors. This new capability allows you to redistribute FlowFile when they land on a connection without needing to send them through a RPG. It also provides multiple strategies for load balancing. Thank you, Matt ... View more

@Mauro Beltrame It is not necessary to run a Listen based processor on Primary node only. The Listen based processor bind to a port and listens for incoming connections. Your SMTP server would be configured to send emails to the a specific hostname for your ListenSMTP processor. Since this would result in all emails going to just one of your NiFi nodes, this may not be very desired. Typically users would setup an external Load Balancer (LB) in front of their NiFi cluster for the purposes of distributing emails to all NiFi node's ListenSMTP processors. Thank you, Matt If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link. ... View more

@3nomis The Wait and Notify processor have nothing to do with the merging of FlowFiles. The Wait processor prevents FlowFiles from passing through it until a release signal for the FlowFile is found in the configured cache service. The Wait processor would be configured to read some attribute's value from an incoming FlowFile. That value should be unique and shared by only the corresponding FlowFile that will go to the Notify processor. The wait processor then check the configured cache service for the existence of a cache key that matches that value. The Notify processor would be configured to read some attribute's value from an incoming FlowFile. That value should be unique to that FlowFile and to the corresponding FlowFile currently waiting at the Wait processor. The Notify processor will create the cache key entry if it does not exist in the configured cache service. JSON content similar to the following will be generated and assign to the that cache key: {"counts":{"counter":1},"attributes":{},"releasableCount":0} If another FlowFile will same cache key value comes to the Notify processor, the "counter" is incremented. When the Wait processor finally sees that the cache key for a waiting FlowFile contains this JSON, it will decrement the count value by the configured signal count and move resulting number from counter to "releasableCount". If releasableCount equates to 0, the cache key is deleted; otherwise, the decremented value is set to the positive new decremented value. Additional FlowFiles looking at this same cache key will be able to pass through Wait until counter and releasableCount are both zero. Remember that Notify will increment these counts by one for each FlowFile that "notifies" using same cache key value. The design intent here is to hold processing on some source file until some side processing is complete. In your use case I do not believe this is what you are trying to do. You are just looking for a way to merge all your splits back in to the same original zipped FlowFile post flattening the json in each split. In this case, you may want to add and updateAttribute processor between your two split based processors. Following the split of a FlowFile each produced split FlowFiles has these three FlowFile Attributes assigned: fragment.identifier All split FlowFiles produced from the same parent FlowFile will have the same randomly generated UUID added for this attribute fragment.index A one-up number that indicates the ordering of the split FlowFiles that were created from a single parent FlowFile fragment.count The number of split FlowFiles generated from the parent FlowFile Using the UpdateAttribute Processor, you can create a new set of attributes to save these values so they do not get lost when you split again. for example: fragment.identifier.first.split = ${fragment.identifier} fragment.index.first.split = ${fragment.index} fragment.count.first.split = ${fragment.count} Then pass the first set of splits to next split processor. Each produced FlowFile will get new fragment values but retain the above first.split properties. Then perform your processing to flatten each of your resulting FlowFile's json content. Then we are on to the Merge process where we merge twice. First merge based on the fragment.identifier, fragement.index, and fragment.count assigned by second split. Following the merge use an UpdateAttribute processor to move the *.first.spit fragment values back to original the corresponding fragment.identifier, fragement.index, and fragment.count. Now you can merge these FlowFiles back to original FlowFile. Thank you, Matt If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link. ... View more

@Victor L In addition to what @Matt Burgess mention above about using ExtractText processor instead of ReplaceText processor to pull FlowFile content out into a FlowFile attribute, I want to caution you about extracting large amounts of content to attributes on a FlowFile. FlowFile attributes are held in the NiFi JVM heap memory. Extracting large amounts of content into attributes can lead to Out of Memory (OOM) conditions with your JVM. I noticed you are looking to use .* to extract the entire content to an attribute. Thank you, Matt ... View more

@Rohit Bhattacharya I am not clear on when you say " but data is not streaming in the output file". Processors in NiFi perform a task against a FlowFile. The replaceText performs a replaceText task against the content of a single FlowFile from an inbound connection queue. It might be helpful here if you provide an example input FlowFile's content and what you want the output FlowFile's content to then look like. Thank you, Matt ... View more

@Jake As newer version of Apache NiFi are released, many components (processors, controller services, reporting tasks) get bug fixes and enhancements/new features added to them. What you are seeing here is that the version of Apache NiFi where this dataflow template was originally generated was an older version which did not have these three new properties. These properties are not custom properties but rather new standard properties. When you upload a template build on Apache NiFi 1.5 for example to Apache NiFi 1.7 all the components in that template will use get upgraded to the Apache NiFi 1.7 versions. At times this may render some processors invalid (when new required properties (in bold) are added and do not have default values) and at other times the default values assigned to new properties may cause issues (as you are experiencing here). The three new properties associated to lines you shared above are: You will need to set these properties to values needed for your SQL needs. The documentation imbedded in each release of NiFi will be specific to that installed version. That documentation can be found by clicking on the global menu icon in the upper right corner of the NiFi UI and the clicking on "Help" in the presented menu. Thank you, Matt If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link. ... View more

@Sebastian Carroll There are other things that also exist in heap memory space within the NiFi JVM: Component Status History: NiFi will store status history data points for all processors on the NiFi canvas (including those that are stopped). You can see this stored status history by right clicking on a component and selecting "view status history". Each component has numerous stats for which these data points are retained. All these component status points are stored in heap memory. The number of points per each stat that is held in heap is controlled in the nifi.properties file: nifi.components.status.repository.buffer.size --> Specifies the buffer size for the Component Status Repository. The default value is 1440. nifi.components.status.snapshot.frequency --> This value indicates how often to present a snapshot of the components' status history. The default value is 1 min. so on every restart of NiFi these stats are gone since they are in heap only. Then over the course of default 24 hours (1440 minutes in 24 hours) the heap usage grows. You can reduce the heap usage by this status history by adjusting the above properties. (take snapshots less frequently, perhaps every 5 minutes. Reduce number of data points retained from 1440 to 380 or lower.) Templates: All uploaded templates (whether they are instantiated to canvas or not) are held in heap memory. you can reduce heap memory usage by deleting uploaded templates you will no longer be instantiating to canvas. Dataflow: Your entire flow is held in heap memory. The more components you have on the canvas the large heap footprint. Queued FlowFiles: Even if no processors are running, the FlowFile attributes for FlowFiles loaded in to each connection between processors are held in heap memory. (There is a swap threshold configurable in nifi.properties file which triggers a connection to start swapping to disk if number fo queued FlowFiles exceeds the configured swap threshold) Thank you, Matt ... View more

@satish v - Screenshot may help us understand the questions you are asking better. 1. What file are you trying to save as an .xml? How are you performing this action? Are you using a NiFi dataflow you created on the canvas within the NiFi UI? NiFi does not have a "file".. "menu/tool" bar. 2. NiFi was not designed to be a job tool. Processor components are generally started and left that way. A "running" processor will execute its code based on the configured "scheduling". Option exist in the scheduling tab of a processor to execute based on a timer or a cron. There is a third event driven strategy option which should never be used (experimental). 3. What video tutorial are you referring to? link? 4. When you say "processing", what does that mean? What is your use case? 5. NiFi has over 300 unique components (processor controller service, reporting tasks, etc...) which allow user of NiFi to do many things. These components come from many different contributors to this open source software. There isn't going to be tutorials for every component. It is best to provide a detailed use case for which you are looking for help with. Highly recommend you create a new question in he forum for each unique use case. different community members will have input on different use cases and you are less likely to get the assistance you need if everything is lumped in to one forum question. - Keep in mind that Apache NIFi provides rather robust component documentation embedded right inside the application. It can be found by clicking on the global menu icon in the upper right corner (looks like three horizontal lines) and then selecting "help". You can also go directly to a specific processors documentation by right clicking on a processor and select "view usage" from the context menu that appears. - Welcome to the Apache NiFi. - Thank you, Matt ... View more

@Raj Negi The Process Group variables are not dynamic. Anytime the variable is changed it requires a restart of any component that references it. That is because those components read in that variable value when they are started in a lot of cases. - Your first dataflow is responsible executing an InvokeHTTP processor to retrieve the token needed for all the different dataflows within the same Process Group. You may consider adding a PutDistributedMapCache processor in that flow to write that retrieved token out to a cache server. In each of your other dataflows you could have a FetchDistributedMapCache processor that pulls that token from the cache server so it is is added to every FlowFile. - Thank you, Matt - If you found this answer addressed your question, please take a moment to login in and click the "ACCEPT" link. ... View more