ParseEvtx
Description
Parses the contents of a Windows Event Log file (evtx) and writes the resulting XML to the FlowFile
Tags
event, evtx, file, logs, message, windows
Properties
In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Granularity * | granularity | Chunk |
| Output flow file for each Record, Chunk, or File encountered in the event log |
Dynamic Properties
This component does not support dynamic properties.
Relationships
| Name | Description |
|---|---|
| bad chunk | Any bad chunks of records will be transferred to this relationship in their original binary form |
| failure | Any FlowFile that encountered an exception during conversion will be transferred to this relationship with as much parsing as possible done |
| original | The unmodified input FlowFile will be transferred to this relationship |
| success | Any FlowFile that was successfully converted from evtx to XML |
Reads Attributes
| Name | Description |
|---|---|
| filename | The filename of the evtx file |
Writes Attributes
| Name | Description |
|---|---|
| filename | The output filename |
| mime.type | The output filetype (application/xml for success and failure relationships, original value for bad chunk and original relationships) |
State Management
This component does not store state.
Restricted
This component is not restricted.
Input Requirement
This component requires an incoming relationship.
System Resource Considerations
This component does not specify system resource considerations.