[
https://issues.apache.org/jira/browse/NIFI-1502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15314576#comment-15314576
]
ASF GitHub Bot commented on NIFI-1502:
--------------------------------------
Github user brosander commented on a diff in the pull request:
https://github.com/apache/nifi/pull/492#discussion_r65756258
--- Diff:
nifi-nar-bundles/nifi-evtx-bundle/nifi-evtx-processors/src/main/java/org/apache/nifi/processors/evtx/ParseEvtx.java
---
@@ -0,0 +1,352 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.evtx;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.net.MediaType;
+import com.google.common.primitives.UnsignedLong;
+import org.apache.nifi.annotation.behavior.EventDriven;
+import org.apache.nifi.annotation.behavior.InputRequirement;
+import org.apache.nifi.annotation.behavior.InputRequirement.Requirement;
+import org.apache.nifi.annotation.behavior.SideEffectFree;
+import org.apache.nifi.annotation.behavior.SupportsBatching;
+import org.apache.nifi.annotation.documentation.CapabilityDescription;
+import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.flowfile.FlowFile;
+import org.apache.nifi.flowfile.attributes.CoreAttributes;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.processor.AbstractProcessor;
+import org.apache.nifi.processor.ProcessContext;
+import org.apache.nifi.processor.ProcessSession;
+import org.apache.nifi.processor.Relationship;
+import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.processors.evtx.parser.ChunkHeader;
+import org.apache.nifi.processors.evtx.parser.FileHeader;
+import org.apache.nifi.processors.evtx.parser.FileHeaderFactory;
+import org.apache.nifi.processors.evtx.parser.MalformedChunkException;
+import org.apache.nifi.processors.evtx.parser.Record;
+import org.apache.nifi.processors.evtx.parser.XmlBxmlNodeVisitor;
+import org.apache.nifi.processors.evtx.parser.bxml.RootNode;
+
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicReference;
+
+/**
+ * Created by brosander on 5/24/16.
+ */
+@SideEffectFree
+@EventDriven
+@SupportsBatching
+@InputRequirement(Requirement.INPUT_REQUIRED)
+@Tags({"logs", "windows", "event", "evtx", "message", "file"})
+@CapabilityDescription("Parses the contents of a Windows Event Log file
(evtx) and writes the resulting xml to the FlowFile")
+public class ParseEvtx extends AbstractProcessor {
+ public static final String RECORD = "Record";
+ public static final String CHUNK = "Chunk";
+ public static final String FILE = "File";
+ public static final String EVENTS = "Events";
+ public static final XMLOutputFactory XML_OUTPUT_FACTORY =
XMLOutputFactory.newFactory();
+ public static final String EVTX_EXTENSION = ".evtx";
+ public static final String UNABLE_TO_PROCESS_DUE_TO = "Unable to
process {} due to {}";
+ public static final String XML_EXTENSION = ".xml";
+
+ @VisibleForTesting
+ static final Relationship REL_SUCCESS = new Relationship.Builder()
+ .name("success")
+ .description("Any FlowFile that was successfully converted
from evtx to xml")
+ .build();
+
+ @VisibleForTesting
+ static final Relationship REL_FAILURE = new Relationship.Builder()
+ .name("failure")
+ .description("Any FlowFile that encountered an exception
during conversion will be transferred to this relationship with as much parsing
as possible done")
+ .build();
+
+ @VisibleForTesting
+ static final Relationship REL_BAD_CHUNK = new Relationship.Builder()
+ .name("bad chunk")
+ .description("Any bad chunks of records will be transferred to
this relationship in their original binary form")
+ .build();
+
+ @VisibleForTesting
+ static final Relationship REL_ORIGINAL = new Relationship.Builder()
+ .name("original")
+ .description("The unmodified input FlowFile will be
transferred to this relationship")
+ .build();
+
+ @VisibleForTesting
+ static final Set<Relationship> RELATIONSHIPS =
Collections.unmodifiableSet(new HashSet<>(Arrays.asList(REL_SUCCESS,
REL_FAILURE, REL_ORIGINAL, REL_BAD_CHUNK)));
+
+ @VisibleForTesting
+ static final PropertyDescriptor GRANULARITY = new
PropertyDescriptor.Builder().required(true)
+ .name("Granularity")
--- End diff --
Thanks! Reading up on that now.
> FetchEventViewer - NiFi should be able to consume Even Viewer (Windows Logs)
> ----------------------------------------------------------------------------
>
> Key: NIFI-1502
> URL: https://issues.apache.org/jira/browse/NIFI-1502
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Andre
>
> While a lot of the use cases using NiFi orbit the IoT, Unix Cloud type
> workloads, I suspect NiFi would be a great fit for data collections of
> business critical platforms running Windows.
> A good example of this type of workload would be ATMs running Windows 7 and
> even run Windows XP, or collection of Event Log error events on Windows
> platforms (including Azure).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
