PutElasticsearch currently requires you have the id for the document
in a flowfile attribute. It does not yet support auto-increment, but
you can emulate that with an UpdateAttribute processor before
PutElasticsearch, set something like "es.docid" to ${nextInt()}, then
in PutElasticsearch the Identifier Attribute would be es.docidRegards, Matt On Sat, Jun 25, 2016 at 12:55 AM, john lozada <[email protected]> wrote: > Bryan, > > thanks for the information. In the putelasticsearch processor, what > exactly do I put in > *Identifier Attribute ? * > > > > > > > > > Hello, > > For Syslog it is relatively straight forward if you have ListenSyslog set > to parse messages (or use the ParseSyslog processor). That will produce > attributes on each flow file which could easily be converted to JSON with > the AttributesToJson processor. > > This blog post shows how to do this: > https://blogs.apache.org/nifi/entry/storing_syslog_events_in_hbase > > In general, the best case is if the logs can be produced in json format at > the source, which is usually easy to do with applications that use log4j or > log back, but of course a lot of times the producer of the logs can't be > changed. > > -Bryan > > On Friday, June 24, 2016, john lozada <[email protected]> wrote: > >> helo, >> >> Is there a way to make syslogs/ or any application logs into .json format? >> I just started to use elasticsearch and from my understanding the logs > have >> to be in .json format. We are using logstash for the moment but, I would >> prefer to be able to replace it with nifi. >>
