@Shashwat Gaur The overall throughput of NiFi is not being limited in any way at the NiFi software level. In most cases throughput is limited by CPU, Disk I/O, Memory, and/or network performance. I would check if any of the above are saturated. It is important that installation best practices are followed to maximize your throughput. At a minimum having the following located on separate physical disks (disks should be setup as RAIDs to protect your data) will help: - Content repository(s) - FlowFile repository - Provenance repository(s) - NiFI logging directory. When it comes to controlling throughput in your dataflow, look for bottleneck in your dataflow and check that you have optimized your processor components for concurrent tasks and run schedules. If your CPU is not saturated, consider increasing the number of configured threads you are allowing NiFi to hand out to its processor components in the "controller settings" (found under hamburger menu in upper right corner of NiFi UI). Change the value for "Max Timer Driven Thread Count". Good starting place is 2 - 4 times number of cores on a single NiFi instance (all settings are per node in a cluster). There is also a setting for "Max Event Driven Thread Count" which should be left unchanged. These event driven threads are experimental and not used by any NiFi components by default. If you find a lot of Garbage Collection is going on or you are hitting OutOfMemory(heap) exceptions, you may need to increase your heap allocation in the nifi bootstrap.conf file. You may also need to make dataflow design changes to reduce the heap footprint of your flow. Thank you, Matt ... View more

@Jan This error is telling you the hostname in the URL header does not match the owner or any Subject Alternative Names (SAN) in the server certificate being presented by the target server. For example: You configure an RPG with a target NiFi URL of "https://nifiserver:9443/nifi". During the TLS handshake the server identifies itself based on the contents of its keystore as "nifiserver01.corp.com". The above error is thrown because it appears some other server is trying to pretend to be intended destination server "nifiserver". NiFi's Site-to-SIte (S2S) capability uses the keystore and truststore configured in the nifi.properties file of both NiFi instances (Client side running RPG and server side running input/output ports) for the TLS handshake. You will want to perform a verbose listing of the keystore file on your target Nifi and make sure the following are true: 1. The keystore contains only a single PrivateKeyEntry 2. The owner of that single PrivateKeyEntry has a CN value or a SAN entry that matches the hostname of that server. Then make sure that you are using either the owner CN or one of the SAN entries in the URL used in your client side RPG. Thanks, Matt ... View more

@Andrew Twigg Make sure that your keystore and certs meet the following: - The keystore file used on each server contains only a single PrivateKeyEntry. - The certificate in the keystore has an extended key usage that includes both client auth and server auth Thank you, Matt ... View more

@dhieru singh When you say "all processors" are being overwhelmed, are you saying connection between every single processor is filling and triggering back pressure in your dataflow? Have you looked that the resource of your hardware running your NiFi instance? Is CPU becoming, memory, and/or disk I/O becoming saturated during these spikes? If so, there is not much with in the configuration of NiFi that can help much here. In a case like this it would require that you expand your NiFi into a cluster. You then have two options for your ListenTCP feed. 1. Run the ListenTCP processor on all nodes and place an external load-balancer to distribute the TCP traffic to every node. 2. Have the ListenTCP processor receive data on only one node, but immediately feed the success relationship form that ListenTCP processor to a Remote Process Group (RPG) that can be used to redistribute the received FlowFiles to all nodes in your cluster to spread out the work being done by the rest of the processors in your dataflow(s) If your resources are not saturated, make sure you have allocated enough "Max Timer Driven Threads" to your NiFi instance so that all processors are fully utilizing those server CPU resources. Defaults for NiFi are only 10. The Max Timer Driven Thread count can be adjusted in the "Controller settings" UI found within the hamburger menu in the upper right corner. Note: do not adjust defaults for Event Driven Thread Count. This just increase a thread pool that i not used by default. If disk I/O is high, following best practices to make sure the NiFi logs, Provenance repository(s), Content repository(s), and FlowFile repository are all located on their own physical disks would help here. Thank you, Matt ... View more