Member since
07-30-2019
3368
Posts
1615
Kudos Received
996
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
36 | 10-08-2025 10:52 AM | |
28 | 10-08-2025 10:36 AM | |
93 | 10-03-2025 06:04 AM | |
97 | 10-02-2025 07:44 AM | |
262 | 09-23-2025 10:09 AM |
10-08-2025
10:52 AM
@Frank168 Glad I was able to identify your issue for you. Can you accept the post that solved your issue. I see you accepted your response. Thank you, Matt
... View more
10-08-2025
10:51 AM
@Kiranq If your CPU load average is low relative to the number of cores you have on your Server running NiFi, you could increase the Max timer thread pool. A typical starting point is 2 to 4 times the number of cores. Also suggest running diagnostics (./nifi.sh diagnostics) and inspecting that output. Also check if you have any processors configured with a higher concurrent tasks value. Thanks, Matt
... View more
10-08-2025
10:44 AM
@Rashad_K What does NiFI provenance show for the duplicate inserts? Do you see the same NiFi FlowFile (by FlowFile UUID) being successfully inserted? Does the issue persist if your change the run duration from 25ms to 0ms? Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
10-08-2025
10:39 AM
@nifirequest This appears to be a duplicate to the following community question: https://community.cloudera.com/t5/Support-Questions/How-we-ignore-hostname-verification-certificate-for-minifi/td-p/412577 Did the response in that thread not help you? Thank you, Matt
... View more
10-08-2025
10:36 AM
@garb There is an existing Apache NiFi jira reporting this issue here: https://issues.apache.org/jira/browse/NIFI-14729 It aligns with your observations above. Thanks, Matt
... View more
10-08-2025
10:30 AM
@Kiranq How large is your Max Timer Driven Thread pool set to? I don't know how many components you have on yoru canvas or how many concurrent tasks you have set on your processors, but if the pool is very small and your CPU load average is not high, you could increase the pool size to see if that helps. This helps if you have a lot of processors trying to share the tread pool or you have some processors with long running threads holding up threads from the pool. From the shared screenshot we can see your ExecuteSQL processor has not executed in the previous 5 minutes. Once "stuck", does the FlowFile ever get processed or is it stuck forever until some manual action is preformed by a user? Do you see any Out of Memory (OOM) or other ERROR level messages in your nifi-app.log? Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
10-03-2025
09:27 AM
@nifirequest Welcome to the community! The Apache NiFi community decided to remove the trusted hostname property from InvokeHTTP back in the 1.10 release. By having this property the processor allowed for an insecure connection because user could simply add the unverified hostname in this property and the InvokeHTTP processor would then allow the connection to be successful. Thus allowing user to perhaps unknowingly be exposing themselves to unsecure connections. This option was removed in https://issues.apache.org/jira/browse/NIFI-6019 The purpose of hostname verification is to prevent man in the middle style attacks where client expects to connect to host ABC; however, the server that responded was not known as server ABC. All the possible hostnames a server is known as need to be included as SubjectAlternativeName (SAN) entries in the server certificate. The ERROR you received in your InvokeHTTP about "Hostname ABC not verified" should have also included the list of SubjectAltNames that came from the server's certificate. You should be using one of those SAN entries in the URL you have configured in the InvokeHTTP processor or you should address the certificate being used by the listenHTTP to include the additional SAN (IPs or hostnames) also used to access the MiNiFi listener. For one-way TLS connection the server side (ListenHTTP) must have a keystore and truststore. The client side (InvokeHTTP) must have a truststore configured. For MutualTLS both the server side and client side need to have both a keystore and truststore. You can't create a secured TLS enabled server without a serverAuth certificate. Hostname verification happens on the client side and not the server side. Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
10-03-2025
06:04 AM
@Frank168 It would be difficult to say what the issue is without being able to see your authorizers.xml file and nifi-registry.properties file. One common mistake I see individuals make is copying from their NiFi's authorizers.xml. While they structurally are the same, NiFi-Registry has different class names for each provider in the authorizers.xml. The next suggestion i often make is start by reading your authorizers.xml from the bottom up starting with the authorizer (I expect that will be the "managed-authorizer" for you). That managed-authorizer will reference another provider and that referenced provider will reference another provider and so on. What you are making sure is that there is a referenced path from the managed-authorizer to your ldap-user-group-provider and likely your user-group-provider as well. I have seen scenarios where the individual providers were all configured correctly; however, the authorizer was not actually using them because there was not referenced path to them. Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
10-02-2025
07:44 AM
@blackboks All actions performed against secured NiFi require proper authentication and authorization. It appears you have successful authentication via. mutualTLS exchange, but you are missing the proper authorization needed for the rest-api endpoint you are trying to access. The shared nifi-user.log entry tells you which authorization policy is missing for the user that is needed for the request endpoint /nifi-api/flow/metrics/prometheus: "view the user interface" which authorizes a user to /flow NiFI resource. I don't know how your NIFi has been configured to for authorization, but the most common setup uses the managed-authorizer. From the NiFi UI you can access the global policies from the NIFi global menu in the upper right corner of UI. "Policies" will open a new UI, where you can select "view the user interface" fomr the drop down selection: Then you can click on the person icon to the right to authorize additional user identities. Your list of user will be different. What is important to note is NiFi user and group identities are case sensitive and must match exactly. So the exact user identity shown in the nifi-user.log is the one that needs to be added to the "view the user interface" policy. If this user is not in the list, you must first add that user identity and then you will be able to authorize it. This can be done if you are using the managed-authorizer with the file-user-group-provider. If so, you can access "Users" from the NiFi global menu to open the NiFi Users UI: From there you can use the "+" icon to the right to add a new user identity. Remember that user identity string must match exactly case sensitive with what is shown in nifi-user.log; otherwise, it will be treated asa different user. Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
10-02-2025
05:10 AM
@Zainers Unfortunately I don't think there is enough information shared to make any suggestion here yet. Could you share your exact NiFi version and more details around what you are trying to accomplish? Can you share the jython script you are using to restart NiFi? When you say it does not work using the NiFi executor, What executor are you talking about? What NiFi processors are you using? How are they configured? Thank you, Matt
... View more