I am trying implement POC with usecase as below I have windows log data being loaded to Indexing topic. I want to define a profiler which checks for failed logons in 15 minutes time frame and generate alerts in metron UI when failed logons count goes beyond threshold level. For that I just started trying to define logon failed count profiler as below { "profiles": [ { "profile": "demo_iplogon_failed", "foreach": "ip_address", "onlyif": "source.type == 'demo_windowsnxlog' and event_id == 4625", "init": { "count": "0" }, "update": { "count": "count + 1" }, "result": { "triage": { "logon_failed_count": "count" } } } ] } But when I try to run the profiler, it is giving me an exception as below [!] Assignment expression failed java.lang.IllegalArgumentException: Assignment expression failed at org.apache.metron.stellar.common.shell.StellarResult.error(StellarResult.java:115) at org.apache.metron.stellar.common.shell.specials.AssignmentCommand.execute(AssignmentCommand.java:82) at org.apache.metron.stellar.common.shell.DefaultStellarShellExecutor.execute(DefaultStellarShellExecutor.java:252) at org.apache.metron.stellar.common.shell.cli.StellarShell.execute(StellarShell.java:357) at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Can someone help me to figure out what is the problem in above profiler configuration? Also, is there any other better way to implement my usecase with metron? ... View more

I am trying to replace the content in the flowfile using replaceText processor. If the attribute is "myattr" and I replace the content of the flowfile using replaceText processor with ${myattr}. I am seeing the below results if myattr is "$$this is test$$", then the content of flowfile is replaced as "\$this is test\$" if myttr is "\$$$this is test$$", then the content of flowfile is replaced as "\$\$this is test\$" May I know how can I overcome the issue of '\' ... View more

I have requirement where I need to append and prepend the attribute with "$$$". how ever, Nifi expression language is appending or prepending with "\$" For example: if attribute named "myattr" value is "This is Test" when I do ${myattr:prepend('$$$'):append('$$$')} I am expecting "$$$This is Test$$$" but the output is "\$This is Test\$" Is there any way to append or prepend the attribute with "$$$" ... View more