Bryan, thanks for the information. In the putelasticsearch processor, what exactly do I put in *Identifier Attribute ? *
Hello, For Syslog it is relatively straight forward if you have ListenSyslog set to parse messages (or use the ParseSyslog processor). That will produce attributes on each flow file which could easily be converted to JSON with the AttributesToJson processor. This blog post shows how to do this: https://blogs.apache.org/nifi/entry/storing_syslog_events_in_hbase In general, the best case is if the logs can be produced in json format at the source, which is usually easy to do with applications that use log4j or log back, but of course a lot of times the producer of the logs can't be changed. -Bryan On Friday, June 24, 2016, john lozada <[email protected]> wrote: > helo, > > Is there a way to make syslogs/ or any application logs into .json format? > I just started to use elasticsearch and from my understanding the logs have > to be in .json format. We are using logstash for the moment but, I would > prefer to be able to replace it with nifi. >
