Member since
07-30-2019
3421
Posts
1628
Kudos Received
1010
Solutions
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 95 | 01-13-2026 11:14 AM | |
| 223 | 01-09-2026 06:58 AM | |
| 523 | 12-17-2025 05:55 AM | |
| 584 | 12-15-2025 01:29 PM | |
| 564 | 12-15-2025 06:50 AM |
02-27-2025
11:14 AM
@AlokVenugopal Welcome to the community. What you are encountering is an authorization issue and not an authentication issue. NiFi is accepting your token issued through your application login, but then authorization does not exist for the user identity derived from you token. In NiFi, after successful authentication, the user identity is passed to the NiFi authorizer to determine what NiFi policies have been authorized for that user identity. When using yoru application's token, this result in no authorization found because neither the user Identity or any known groups that user identity belongs to are authorized for the required policy. identity[kLM-4Eld2dZnX_dD3iB0df2fTvXQxa1J2ffdLoK-ozas], groups[] Supporting the user "unique id" would require that NiFi's authorizer contained that unique id and it was authorized to the necessary NiFi policies. Authorizing users based in these unique id does not make much sense in NiFi as it would be error prone and difficult to manage authorization. An Admin would need to know what user these unique ID map to in order to setup authorization successfully. The first option would be modifying your app so that the returned token contain and ID that matches the user identity similar to what NiFi does. Assuming this "unique id" does not change and is always the same for the specific user, perhaps you can work around this creatively within NiFi through group based authorization. This would requiring using the file-user-group-provider within the NiFi authorizers.xml. This will allow you to manual add user identities and group identities. So you create a new group such as "username" via the NiFi UI. You then add your existing user (the one that successfully gets authorized when you authenticate through NiFi) to this new group. You then add a new user identity for that "unique id" and make that new user a member of that same group via the NiFi UI. Now authorize the group to whichever policies are necessary. Now no matter if your user authenticates via NiFi to get token or through your app to get a token, the user will successfully be authorized via the shared group membership. Please help our community grow and thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-26-2025
12:48 PM
2 Kudos
@jirungaray Welcome to the community. The DetectDuplicate processor does not store anything in NiFi state providers (local state directory or cluster state in zookeeper). The DetectDuplicate processor utilizes a DistributedMapCache Service to store cached items. Depending on the cache service used, those cache service may offer retention configurations for number of cache entries and cache entry persistence. Any NiFi component that retains state will indicate such in its documentation under the "State Management" section. The "Age Off Duration" configuration will age off cache entries that may still exist when that duration is reached, but it can not control the number of cache entries the end service will retain. So the cache service may still be evicting cache entries prior to that configured Age of Duration is reached. Since you mention that your Cache Entries are not being preserved on NiFi restart, I assume you have configured your DetectDuplicate to use the DistributedMapCacheClientService. The DistributedMapCacheClientService is dependent on the existence of a running DistributedMapCacheServer. This DistributedMapCacheServer does in fact hold cache entries within NiFi's Heap memory and unless you have configured a "Persistence Directory", will lose all cache entries on NiFi service stop. The DistributedMapCacheServer also has configuration thresholds for the max number of cache entries it will hod before evicting cache entires based on the eviction strategy configured. This configuration established an upper boundary. Keep in mind the higher the Max Cache Entries setting, the more NiFi heap memory is used which could lead to NiFi experiencing OutOfMemory (OOM) exceptions. Since it sounds like you want to retain a very large amount of cached entries, I'd recommend against using the NiFi internal DistributedMapCacheClientService considering the high heap memory usage it would require and the high likelihood that will impact your NiFi's stability and performance. NOTE: The DistributedMapCacheClientService and DistributedMapCacheServer do NOT offer any form of High Availability. The DistributeMapCacheClientService can only be configured with a single server hostname. While the DistributedMapCacheServer when started does create a running Cache server on all hosts within the NiFi cluster, the cached entries are not shared or replicated across all of them. ONLY the cache server hostname configured in the DistributedMapCacheClientService is used. For HA, you should be using a more robust external to NiFi cache service like Redis. Please help our community grow and thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-26-2025
06:09 AM
@Shrink I see your image is now showing in the original query. I see two connection "success" and one connection "Failure". I assume you are auto-terminating the "original" relationship on the ScriptedFilterRecord processor? I am confused by you would loop the "success" relationship in a connection back to the ScriptedFilterRecord processor. All this will do is create an endless loop of reprocessing the same "success" FlowFiles over and over again indefinitely. I see your two arrows pointing at the two queues with different counts, but based on your design with the looped "success" relationship. this would be expected. For every FlowFile ingested from the upstream "Original" connection, a new child FlowFile is created and sent to the "success" relationships. One of the two FlowFiles produced will be a clone of the other. With one copy going to each "success" connection. The looped "success" connection becomes another inbound connection to the ScriptedFilterRecord processor. So those already filtered FlowFiles are processed and once again a child and clone of that child is created. So you are exponentially replicating your FlowFiles as they are being sent to the QueryRecord processor, thus the much higher FlowFile count on that downstream connection. Eliminating the looped "success" connection (assuming it contains the success relationship) would stop the data cloning and constant reprocessing of the same content over and over again. Please help our community grow and thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-26-2025
05:52 AM
@dsender Apache NiFi is a data agnostic service. It can move any data format through a dataflow because the content is treated as just bytes inside a FlowFile. The only time the content needs to be read is if there is need to manipulate it, extract from it, etc. Then you would need to use a processor that understand the data format. While it does not appear that Cloudera Flow Management offers any SAS specific processor components. So some custom processor would need to be developed or perhaps you can use one of the available scripting processors? You would still need to write a custom script to ingest and/or process the SAS files. So this starts with the question of how would you pull these SAS files from command line outside of using NiFi? Then figure out how to turn that success into a custom script or processor that does the same thing. You could also reach out to your Cloudera Account owner and discuss possible professional service offering that maybe able to help you here with your custom needs. Please help our community grow and thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-26-2025
05:25 AM
1 Kudo
@fs_nifioneks Welcome to the community. The logic behind why the encrypt-config tools were removed in Apache NiFi 2.0 is well explained in the jira NIFI-13414 you mentioned. I am sure that the Apache community will eventually implement other more robust options for password security. That being said, Cloudera's Cloudera Flow Management 4.x product line is based off Apache NiFi 2.0, but will still include the encrypt-config utility in its code base to persist the existing password encryption option until more robust options replace it. In addition, Cloudera Flow Management also keeps many (not all) Apache NiFi components processors and controller services deprecated in the Apache NiFi 2.0 releases, as well as, includes additional components only available through Cloudera only for even more dataflow design capability and connection options. Cloudera Flow management 4.0 is available to our licensed users as a technical preview, but a full production ready release will be coming in the near future. You can view the Cloudera Flow Management documentation here for the Tech Preview release: https://docs.cloudera.com/cfm/4.0.0/index.html These Tech preview docs do not provide a component list, but the production ready release docs will. Please help our community grow and thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-25-2025
06:01 AM
@Shrink Welcome to the community. Unfortunately, your image attachment is not present for review and there is not enough detail to provide any detailed suggestions here. NiFi processors like ScriptedFilterRecord and QueryRecord execute against the content of the NiFi FlowFile from the upstream connection. The ScriptedFilterRecord processor has three possible downstream relationships (Success, Failure, and Original). I guess my first question would be how are you routing these three relationships? Assuming your downstream connection does not contain both the original and success relationships in it, have you inspected the content on the connection FlowFiles prior to starting the QueryRecord processor to make sure it is what you expect? Please help our community grow and thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-25-2025
05:49 AM
@dan_lucas From the exception, this appears to be a configuration issue most likely. You'll want to verify the NiFi Expression Language statement used in the putFTP processor's "Remote Path" property. I assume you have something configured there like ${absolute.path}/${airlinename} in that property? If you manually connect to the FTP server can you successfully navigate the path? Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-25-2025
05:35 AM
1 Kudo
@David07 Welcome to the community. NiFi-Registry would allow you to version control NiFi Process Group dataflows. You can then connect multiple NiFi instances/cluster to the same NiFi Registry which would allow those other NiFi's access to these version controlled flow definitions (if authorized correctly). From within NiFi, you can also download process groups as flow definition json files. You can use these to create offline catalog of these flow definitions for ease of reuse in other NiFi instances/clusters. You can easily import a flow definitions to the canvas of a NiFi instance. For more details here, read the "Building a Dataflow" section of the NiFi User Guide. Importing and downloading flow definitions is covered in the "Process Group" section. Tip: Building your dataflows using parameter contexts for properties that may have unique values per environments (URL, passwords, usernames, etc.) makes the process of sharing or moving flow definitions between NiFi deployments. Each environment may have different values assigned to the parameter contexts referenced in NiFi processors. Cloudera offers a unique option for rapid multiple NiFi instance deployments through Cloudera Edge Flow Manager. This option requires a license with Cloudera to download this product. This tool allows you to construct a dataflows just how you would in NiFi and then deploy that dataflow to one or more agents (MiNiFi instances). This provides you with a central management location for managing multiple unique dataflow deployments to unique agents. Please help our community grow and trhive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-24-2025
06:26 AM
@ajay32 Welcome to the Community! Unfortunately, I don't think you have provided enough detail to answer your questions. NiFi is typically is used to build dataflows that are always running, so a clear well defined use case for you dataflow may help the community to provide you with responses. "Display all the configured integrations available to users" <-- not clear on yoru ask here. What do you mean by "configured integrations"? Is an integration an End-to-End NiFi Dataflow build on the NiFi canvas? Show execution details: Start Time - Assuming NiFi dataflow, how are your processor components being scheduled? (Cron driven?, Timer Driven?) End Time - Downstream processors are not typically scheduled using cron, but rather always running using timer driven to ensure they can process NiFi Flow Files as they are received. There is no communication between one processor and another. NiFi processors simply execute against a NiFi FlowFile and that FlowFile is passed to the next downstream processor. That downstream processor is going to be unaware of how many FlowFiles to expect from the upstream processor. Duration - The execution of your first Processor in a dataflow will produce a NiFi FlowFile with a timestamp. You could compare that timestamp with current time at end of your complete dataflow execution to calculate how long it took for that FlowFile to process through all NiFi processor components. Status - What constitutes a "success" and "failure" in your dataflow / use case? Sub-items - What is a "sub-item" in your dataflow? Track all integrations: You can build each unique dataflow in a NiFi process group and enable per process group logging by configuring a unique "Log File Suffix" within the process group configuration. NiFi provenance is also an option. If you are dealing with multiple unique dataflows, modifying processor names so that those in one complete dataflow share the prefix ("flow1_<processor name>") would make it easier to correlate all events related to a single datflow. There are a few Provenance NiFi reporting tasks that can be used. Please help our community grow and thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
02-21-2025
08:57 AM
@Emery No argument with you there. A rest-api call fetches a json of all counters which you then need to parse to extract the specific counter value you are looking for. The NiFi counters where never intended to be used for anything more then simple counts during flow development testing. Matt
... View more