ExtractGrok

Description:

Evaluates one or more Grok Expressions against the content of a FlowFile, adding the results as attributes or replacing the content of the FlowFile with a JSON notation of the matched content

Tags:

grok, log, text, parse, delimit, extract

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.

NameDefault ValueAllowable ValuesDescription
Grok ExpressionGrok expression
Grok Pattern fileGrok Pattern file definition
Destinationflowfile-attribute
  • flowfile-attribute
  • flowfile-content
Control if Grok output value is written as a new flowfile attributes, in this case each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." or written in the flowfile content. Writing to flowfile content will overwrite any existing flowfile content.
Character SetUTF-8The Character Set in which the file is encoded
Maximum Buffer Size1 MBSpecifies the maximum amount of data to buffer (per file) in order to apply the Grok expressions. Files larger than the specified maximum will not be fully evaluated.

Relationships:

NameDescription
unmatchedFlowFiles are routed to this relationship when no provided Grok Expression matches the content of the FlowFile
matchedFlowFiles are routed to this relationship when the Grok Expression is successfully evaluated and the FlowFile is modified as a result

Reads Attributes:

None specified.

Writes Attributes:

NameDescription
grok.XXXWhen operating in flowfile-attribute mode, each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." For example,if the grok identifier "timestamp" is matched, then the value will be added to an attribute named "grok.timestamp"

State management:

This component does not store state.

Restricted:

This component is not restricted.