ParseEvtx

Description:

Parses the contents of a Windows Event Log file (evtx) and writes the resulting XML to the FlowFile

Additional Details...

Tags:

logs, windows, event, evtx, message, file

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.

Display NameAPI NameDefault ValueAllowable ValuesDescription
GranularitygranularityChunk
  • Record
  • Chunk
  • File
Output flow file for each Record, Chunk, or File encountered in the event log

Relationships:

NameDescription
successAny FlowFile that was successfully converted from evtx to XML
failureAny FlowFile that encountered an exception during conversion will be transferred to this relationship with as much parsing as possible done
originalThe unmodified input FlowFile will be transferred to this relationship
bad chunkAny bad chunks of records will be transferred to this relationship in their original binary form

Reads Attributes:

NameDescription
filenameThe filename of the evtx file

Writes Attributes:

NameDescription
filenameThe output filename
mime.typeThe output filetype (application/xml for success and failure relationships, original value for bad chunk and original relationships)

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

None specified.