Last active
July 9, 2019 06:23
-
-
Save dvas0004/3fd0e7c24c6d06f5095471e7b72b329b to your computer and use it in GitHub Desktop.
Apache NiFi template for elasticsearch alerting : https://blog.davidvassallo.me/2019/04/11/is-it-elastalert-no-it-is-nifi/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> | |
<template encoding-version="1.2"> | |
<description></description> | |
<groupId>d562c994-016b-1000-4d13-1985463f364a</groupId> | |
<name>Alerting</name> | |
<snippet> | |
<connections> | |
<id>2afde8dc-2bf8-33e4-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold> | |
<backPressureObjectThreshold>10000</backPressureObjectThreshold> | |
<destination> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>657e33f5-2d83-37d8-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</destination> | |
<flowFileExpiration>0 sec</flowFileExpiration> | |
<labelIndex>1</labelIndex> | |
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression> | |
<loadBalanceStatus>LOAD_BALANCE_NOT_CONFIGURED</loadBalanceStatus> | |
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy> | |
<name></name> | |
<selectedRelationships>matched</selectedRelationships> | |
<source> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>90352099-9a2b-37ad-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</source> | |
<zIndex>0</zIndex> | |
</connections> | |
<connections> | |
<id>7357079f-0c2c-39e0-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold> | |
<backPressureObjectThreshold>10000</backPressureObjectThreshold> | |
<destination> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>778ed3fd-8ebe-3393-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</destination> | |
<flowFileExpiration>0 sec</flowFileExpiration> | |
<labelIndex>1</labelIndex> | |
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression> | |
<loadBalanceStatus>LOAD_BALANCE_NOT_CONFIGURED</loadBalanceStatus> | |
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy> | |
<name></name> | |
<selectedRelationships>matched</selectedRelationships> | |
<source> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>657e33f5-2d83-37d8-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</source> | |
<zIndex>0</zIndex> | |
</connections> | |
<connections> | |
<id>a156504e-7897-3020-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold> | |
<backPressureObjectThreshold>10000</backPressureObjectThreshold> | |
<destination> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>3cf542d0-aaac-3bae-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</destination> | |
<flowFileExpiration>0 sec</flowFileExpiration> | |
<labelIndex>1</labelIndex> | |
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression> | |
<loadBalancePartitionAttribute></loadBalancePartitionAttribute> | |
<loadBalanceStatus>LOAD_BALANCE_NOT_CONFIGURED</loadBalanceStatus> | |
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy> | |
<name></name> | |
<selectedRelationships>success</selectedRelationships> | |
<source> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>0f2c6809-92cd-3055-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</source> | |
<zIndex>0</zIndex> | |
</connections> | |
<connections> | |
<id>ae8dbe6b-7d05-3fb7-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold> | |
<backPressureObjectThreshold>10000</backPressureObjectThreshold> | |
<destination> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>11234735-f030-3afe-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</destination> | |
<flowFileExpiration>0 sec</flowFileExpiration> | |
<labelIndex>1</labelIndex> | |
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression> | |
<loadBalanceStatus>LOAD_BALANCE_NOT_CONFIGURED</loadBalanceStatus> | |
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy> | |
<name></name> | |
<selectedRelationships>matched</selectedRelationships> | |
<source> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>657e33f5-2d83-37d8-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</source> | |
<zIndex>0</zIndex> | |
</connections> | |
<connections> | |
<id>c35a0c56-980c-3c50-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold> | |
<backPressureObjectThreshold>10000</backPressureObjectThreshold> | |
<destination> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>90352099-9a2b-37ad-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</destination> | |
<flowFileExpiration>0 sec</flowFileExpiration> | |
<labelIndex>1</labelIndex> | |
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression> | |
<loadBalanceStatus>LOAD_BALANCE_NOT_CONFIGURED</loadBalanceStatus> | |
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy> | |
<name></name> | |
<selectedRelationships>aggregations</selectedRelationships> | |
<source> | |
<groupId>308545b5-bdca-3d2b-0000-000000000000</groupId> | |
<id>d0a5f829-f316-3fbb-0000-000000000000</id> | |
<type>PROCESSOR</type> | |
</source> | |
<zIndex>0</zIndex> | |
</connections> | |
<controllerServices> | |
<id>7b43a0f0-ecea-3747-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<bundle> | |
<artifact>nifi-elasticsearch-client-service-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<comments></comments> | |
<descriptors> | |
<entry> | |
<key>el-cs-http-hosts</key> | |
<value> | |
<name>el-cs-http-hosts</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-cs-username</key> | |
<value> | |
<name>el-cs-username</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-cs-password</key> | |
<value> | |
<name>el-cs-password</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-cs-ssl-context-service</key> | |
<value> | |
<identifiesControllerService>org.apache.nifi.ssl.SSLContextService</identifiesControllerService> | |
<name>el-cs-ssl-context-service</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-cs-connect-timeout</key> | |
<value> | |
<name>el-cs-connect-timeout</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-cs-socket-timeout</key> | |
<value> | |
<name>el-cs-socket-timeout</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-cs-retry-timeout</key> | |
<value> | |
<name>el-cs-retry-timeout</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-cs-charset</key> | |
<value> | |
<name>el-cs-charset</name> | |
</value> | |
</entry> | |
</descriptors> | |
<name>ElasticSearchClientServiceImpl</name> | |
<persistsState>false</persistsState> | |
<properties> | |
<entry> | |
<key>el-cs-http-hosts</key> | |
<value>http://localhost:9200</value> | |
</entry> | |
<entry> | |
<key>el-cs-username</key> | |
</entry> | |
<entry> | |
<key>el-cs-password</key> | |
</entry> | |
<entry> | |
<key>el-cs-ssl-context-service</key> | |
</entry> | |
<entry> | |
<key>el-cs-connect-timeout</key> | |
</entry> | |
<entry> | |
<key>el-cs-socket-timeout</key> | |
</entry> | |
<entry> | |
<key>el-cs-retry-timeout</key> | |
</entry> | |
<entry> | |
<key>el-cs-charset</key> | |
</entry> | |
</properties> | |
<state>DISABLED</state> | |
<type>org.apache.nifi.elasticsearch.ElasticSearchClientServiceImpl</type> | |
</controllerServices> | |
<labels> | |
<id>1140d5b3-e304-3180-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>18.78833616501612</x> | |
<y>295.96606586747487</y> | |
</position> | |
<height>172.60104370117188</height> | |
<label>Query Elasticsearch using JSON</label> | |
<style> | |
<entry> | |
<key>font-size</key> | |
<value>12px</value> | |
</entry> | |
</style> | |
<width>436.27984619140625</width> | |
</labels> | |
<labels> | |
<id>2f6908e2-b5d2-375e-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>807.3354095292738</x> | |
<y>600.2052321272406</y> | |
</position> | |
<height>185.5159149169922</height> | |
<label>Matched alerts logged to file and sent via email</label> | |
<style> | |
<entry> | |
<key>font-size</key> | |
<value>12px</value> | |
</entry> | |
</style> | |
<width>920.5878295898438</width> | |
</labels> | |
<labels> | |
<id>31ff5362-3b18-34d9-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>1200.9927581620864</x> | |
<y>305.0690016584905</y> | |
</position> | |
<height>172.60104370117188</height> | |
<label>Used as our conditional, defined via NiFi expression language</label> | |
<style> | |
<entry> | |
<key>font-size</key> | |
<value>12px</value> | |
</entry> | |
</style> | |
<width>436.27984619140625</width> | |
</labels> | |
<labels> | |
<id>504875a0-bb73-3e50-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>0.0</x> | |
<y>240.66749616035602</y> | |
</position> | |
<height>593.4108581542969</height> | |
<label>Alert on Aggregation</label> | |
<style> | |
<entry> | |
<key>background-color</key> | |
<value>#7ce2fc</value> | |
</entry> | |
<entry> | |
<key>font-size</key> | |
<value>14px</value> | |
</entry> | |
</style> | |
<width>1738.5302124023438</width> | |
</labels> | |
<labels> | |
<id>a4776276-3172-3d2a-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>581.9083465409925</x> | |
<y>302.67004535966237</y> | |
</position> | |
<height>172.60104370117188</height> | |
<label>Filter result to pick out the value we'll alert on</label> | |
<style> | |
<entry> | |
<key>font-size</key> | |
<value>12px</value> | |
</entry> | |
</style> | |
<width>436.27984619140625</width> | |
</labels> | |
<labels> | |
<id>d232778c-f4e8-3f78-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>500.9439947298107</x> | |
<y>0.0</y> | |
</position> | |
<height>225.33682250976562</height> | |
<label>Email Alert Example</label> | |
<style> | |
<entry> | |
<key>font-size</key> | |
<value>14px</value> | |
</entry> | |
</style> | |
<width>1121.8448791503906</width> | |
</labels> | |
<processors> | |
<id>0f2c6809-92cd-3055-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>556.8934936378545</x> | |
<y>60.00931072448307</y> | |
</position> | |
<bundle> | |
<artifact>nifi-elasticsearch-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<config> | |
<bulletinLevel>WARN</bulletinLevel> | |
<comments></comments> | |
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount> | |
<descriptors> | |
<entry> | |
<key>elasticsearch-http-url</key> | |
<value> | |
<name>elasticsearch-http-url</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SSL Context Service</key> | |
<value> | |
<identifiesControllerService>org.apache.nifi.ssl.SSLContextService</identifiesControllerService> | |
<name>SSL Context Service</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Username</key> | |
<value> | |
<name>Username</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Password</key> | |
<value> | |
<name>Password</name> | |
</value> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-connect-timeout</key> | |
<value> | |
<name>elasticsearch-http-connect-timeout</name> | |
</value> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-response-timeout</key> | |
<value> | |
<name>elasticsearch-http-response-timeout</name> | |
</value> | |
</entry> | |
<entry> | |
<key>proxy-configuration-service</key> | |
<value> | |
<identifiesControllerService>org.apache.nifi.proxy.ProxyConfigurationService</identifiesControllerService> | |
<name>proxy-configuration-service</name> | |
</value> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-proxy-host</key> | |
<value> | |
<name>elasticsearch-http-proxy-host</name> | |
</value> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-proxy-port</key> | |
<value> | |
<name>elasticsearch-http-proxy-port</name> | |
</value> | |
</entry> | |
<entry> | |
<key>proxy-username</key> | |
<value> | |
<name>proxy-username</name> | |
</value> | |
</entry> | |
<entry> | |
<key>proxy-password</key> | |
<value> | |
<name>proxy-password</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-query</key> | |
<value> | |
<name>query-es-query</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-size</key> | |
<value> | |
<name>query-es-size</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-index</key> | |
<value> | |
<name>query-es-index</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-type</key> | |
<value> | |
<name>query-es-type</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-fields</key> | |
<value> | |
<name>query-es-fields</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-sort</key> | |
<value> | |
<name>query-es-sort</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-limit</key> | |
<value> | |
<name>query-es-limit</name> | |
</value> | |
</entry> | |
<entry> | |
<key>query-es-target</key> | |
<value> | |
<name>query-es-target</name> | |
</value> | |
</entry> | |
<entry> | |
<key>routing-query-info-strategy</key> | |
<value> | |
<name>routing-query-info-strategy</name> | |
</value> | |
</entry> | |
</descriptors> | |
<executionNode>ALL</executionNode> | |
<lossTolerant>false</lossTolerant> | |
<penaltyDuration>30 sec</penaltyDuration> | |
<properties> | |
<entry> | |
<key>elasticsearch-http-url</key> | |
<value>http://localhost:9200</value> | |
</entry> | |
<entry> | |
<key>SSL Context Service</key> | |
</entry> | |
<entry> | |
<key>Username</key> | |
</entry> | |
<entry> | |
<key>Password</key> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-connect-timeout</key> | |
<value>5 secs</value> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-response-timeout</key> | |
<value>15 secs</value> | |
</entry> | |
<entry> | |
<key>proxy-configuration-service</key> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-proxy-host</key> | |
</entry> | |
<entry> | |
<key>elasticsearch-http-proxy-port</key> | |
</entry> | |
<entry> | |
<key>proxy-username</key> | |
</entry> | |
<entry> | |
<key>proxy-password</key> | |
</entry> | |
<entry> | |
<key>query-es-query</key> | |
<value>DestinationAddress:104.20.177.69 AND @timestamp:[now-70s TO now]</value> | |
</entry> | |
<entry> | |
<key>query-es-size</key> | |
<value>20</value> | |
</entry> | |
<entry> | |
<key>query-es-index</key> | |
<value>${now():format('yyyy.MM.dd'):prepend('filebeat-')}</value> | |
</entry> | |
<entry> | |
<key>query-es-type</key> | |
</entry> | |
<entry> | |
<key>query-es-fields</key> | |
</entry> | |
<entry> | |
<key>query-es-sort</key> | |
</entry> | |
<entry> | |
<key>query-es-limit</key> | |
</entry> | |
<entry> | |
<key>query-es-target</key> | |
<value>Flow file content</value> | |
</entry> | |
<entry> | |
<key>routing-query-info-strategy</key> | |
<value>NEVER</value> | |
</entry> | |
</properties> | |
<runDurationMillis>0</runDurationMillis> | |
<schedulingPeriod>60 sec</schedulingPeriod> | |
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy> | |
<yieldDuration>1 sec</yieldDuration> | |
</config> | |
<executionNodeRestricted>false</executionNodeRestricted> | |
<name>QueryElasticsearchHttp</name> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>failure</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>retry</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>false</autoTerminate> | |
<name>success</name> | |
</relationships> | |
<state>STOPPED</state> | |
<style/> | |
<type>org.apache.nifi.processors.elasticsearch.QueryElasticsearchHttp</type> | |
</processors> | |
<processors> | |
<id>11234735-f030-3afe-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>1352.2911030481146</x> | |
<y>622.2569162039365</y> | |
</position> | |
<bundle> | |
<artifact>nifi-standard-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<config> | |
<bulletinLevel>WARN</bulletinLevel> | |
<comments></comments> | |
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount> | |
<descriptors> | |
<entry> | |
<key>SMTP Hostname</key> | |
<value> | |
<name>SMTP Hostname</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Port</key> | |
<value> | |
<name>SMTP Port</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Username</key> | |
<value> | |
<name>SMTP Username</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Password</key> | |
<value> | |
<name>SMTP Password</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Auth</key> | |
<value> | |
<name>SMTP Auth</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP TLS</key> | |
<value> | |
<name>SMTP TLS</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Socket Factory</key> | |
<value> | |
<name>SMTP Socket Factory</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP X-Mailer Header</key> | |
<value> | |
<name>SMTP X-Mailer Header</name> | |
</value> | |
</entry> | |
<entry> | |
<key>attribute-name-regex</key> | |
<value> | |
<name>attribute-name-regex</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Content Type</key> | |
<value> | |
<name>Content Type</name> | |
</value> | |
</entry> | |
<entry> | |
<key>From</key> | |
<value> | |
<name>From</name> | |
</value> | |
</entry> | |
<entry> | |
<key>To</key> | |
<value> | |
<name>To</name> | |
</value> | |
</entry> | |
<entry> | |
<key>CC</key> | |
<value> | |
<name>CC</name> | |
</value> | |
</entry> | |
<entry> | |
<key>BCC</key> | |
<value> | |
<name>BCC</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Subject</key> | |
<value> | |
<name>Subject</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Message</key> | |
<value> | |
<name>Message</name> | |
</value> | |
</entry> | |
<entry> | |
<key>email-ff-content-as-message</key> | |
<value> | |
<name>email-ff-content-as-message</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Attach File</key> | |
<value> | |
<name>Attach File</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Include All Attributes In Message</key> | |
<value> | |
<name>Include All Attributes In Message</name> | |
</value> | |
</entry> | |
</descriptors> | |
<executionNode>ALL</executionNode> | |
<lossTolerant>false</lossTolerant> | |
<penaltyDuration>30 sec</penaltyDuration> | |
<properties> | |
<entry> | |
<key>SMTP Hostname</key> | |
<value>smtp.gmail.com</value> | |
</entry> | |
<entry> | |
<key>SMTP Port</key> | |
<value>465</value> | |
</entry> | |
<entry> | |
<key>SMTP Username</key> | |
<value>example@gmail.com</value> | |
</entry> | |
<entry> | |
<key>SMTP Password</key> | |
</entry> | |
<entry> | |
<key>SMTP Auth</key> | |
<value>true</value> | |
</entry> | |
<entry> | |
<key>SMTP TLS</key> | |
<value>false</value> | |
</entry> | |
<entry> | |
<key>SMTP Socket Factory</key> | |
<value>javax.net.ssl.SSLSocketFactory</value> | |
</entry> | |
<entry> | |
<key>SMTP X-Mailer Header</key> | |
<value>NiFi</value> | |
</entry> | |
<entry> | |
<key>attribute-name-regex</key> | |
</entry> | |
<entry> | |
<key>Content Type</key> | |
<value>text/plain</value> | |
</entry> | |
<entry> | |
<key>From</key> | |
<value>nifi@cybersift.io</value> | |
</entry> | |
<entry> | |
<key>To</key> | |
<value>example@gmail.com</value> | |
</entry> | |
<entry> | |
<key>CC</key> | |
</entry> | |
<entry> | |
<key>BCC</key> | |
</entry> | |
<entry> | |
<key>Subject</key> | |
<value>Alert!!!</value> | |
</entry> | |
<entry> | |
<key>Message</key> | |
</entry> | |
<entry> | |
<key>email-ff-content-as-message</key> | |
<value>true</value> | |
</entry> | |
<entry> | |
<key>Attach File</key> | |
<value>false</value> | |
</entry> | |
<entry> | |
<key>Include All Attributes In Message</key> | |
<value>false</value> | |
</entry> | |
</properties> | |
<runDurationMillis>0</runDurationMillis> | |
<schedulingPeriod>0 sec</schedulingPeriod> | |
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy> | |
<yieldDuration>1 sec</yieldDuration> | |
</config> | |
<executionNodeRestricted>false</executionNodeRestricted> | |
<name>PutEmail</name> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>failure</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>success</name> | |
</relationships> | |
<state>STOPPED</state> | |
<style/> | |
<type>org.apache.nifi.processors.standard.PutEmail</type> | |
</processors> | |
<processors> | |
<id>3cf542d0-aaac-3bae-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>1247.6495014856146</x> | |
<y>62.365528264483345</y> | |
</position> | |
<bundle> | |
<artifact>nifi-standard-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<config> | |
<bulletinLevel>WARN</bulletinLevel> | |
<comments></comments> | |
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount> | |
<descriptors> | |
<entry> | |
<key>SMTP Hostname</key> | |
<value> | |
<name>SMTP Hostname</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Port</key> | |
<value> | |
<name>SMTP Port</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Username</key> | |
<value> | |
<name>SMTP Username</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Password</key> | |
<value> | |
<name>SMTP Password</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Auth</key> | |
<value> | |
<name>SMTP Auth</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP TLS</key> | |
<value> | |
<name>SMTP TLS</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP Socket Factory</key> | |
<value> | |
<name>SMTP Socket Factory</name> | |
</value> | |
</entry> | |
<entry> | |
<key>SMTP X-Mailer Header</key> | |
<value> | |
<name>SMTP X-Mailer Header</name> | |
</value> | |
</entry> | |
<entry> | |
<key>attribute-name-regex</key> | |
<value> | |
<name>attribute-name-regex</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Content Type</key> | |
<value> | |
<name>Content Type</name> | |
</value> | |
</entry> | |
<entry> | |
<key>From</key> | |
<value> | |
<name>From</name> | |
</value> | |
</entry> | |
<entry> | |
<key>To</key> | |
<value> | |
<name>To</name> | |
</value> | |
</entry> | |
<entry> | |
<key>CC</key> | |
<value> | |
<name>CC</name> | |
</value> | |
</entry> | |
<entry> | |
<key>BCC</key> | |
<value> | |
<name>BCC</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Subject</key> | |
<value> | |
<name>Subject</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Message</key> | |
<value> | |
<name>Message</name> | |
</value> | |
</entry> | |
<entry> | |
<key>email-ff-content-as-message</key> | |
<value> | |
<name>email-ff-content-as-message</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Attach File</key> | |
<value> | |
<name>Attach File</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Include All Attributes In Message</key> | |
<value> | |
<name>Include All Attributes In Message</name> | |
</value> | |
</entry> | |
</descriptors> | |
<executionNode>ALL</executionNode> | |
<lossTolerant>false</lossTolerant> | |
<penaltyDuration>30 sec</penaltyDuration> | |
<properties> | |
<entry> | |
<key>SMTP Hostname</key> | |
<value>smtp.gmail.com</value> | |
</entry> | |
<entry> | |
<key>SMTP Port</key> | |
<value>465</value> | |
</entry> | |
<entry> | |
<key>SMTP Username</key> | |
<value>example@gmail.com</value> | |
</entry> | |
<entry> | |
<key>SMTP Password</key> | |
</entry> | |
<entry> | |
<key>SMTP Auth</key> | |
<value>true</value> | |
</entry> | |
<entry> | |
<key>SMTP TLS</key> | |
<value>false</value> | |
</entry> | |
<entry> | |
<key>SMTP Socket Factory</key> | |
<value>javax.net.ssl.SSLSocketFactory</value> | |
</entry> | |
<entry> | |
<key>SMTP X-Mailer Header</key> | |
<value>NiFi</value> | |
</entry> | |
<entry> | |
<key>attribute-name-regex</key> | |
</entry> | |
<entry> | |
<key>Content Type</key> | |
<value>text/plain</value> | |
</entry> | |
<entry> | |
<key>From</key> | |
<value>nifi@cybersift.io</value> | |
</entry> | |
<entry> | |
<key>To</key> | |
</entry> | |
<entry> | |
<key>CC</key> | |
</entry> | |
<entry> | |
<key>BCC</key> | |
</entry> | |
<entry> | |
<key>Subject</key> | |
<value>Alert!!!</value> | |
</entry> | |
<entry> | |
<key>Message</key> | |
</entry> | |
<entry> | |
<key>email-ff-content-as-message</key> | |
<value>true</value> | |
</entry> | |
<entry> | |
<key>Attach File</key> | |
<value>false</value> | |
</entry> | |
<entry> | |
<key>Include All Attributes In Message</key> | |
<value>false</value> | |
</entry> | |
</properties> | |
<runDurationMillis>0</runDurationMillis> | |
<schedulingPeriod>0 sec</schedulingPeriod> | |
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy> | |
<yieldDuration>1 sec</yieldDuration> | |
</config> | |
<executionNodeRestricted>false</executionNodeRestricted> | |
<name>PutEmail</name> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>failure</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>success</name> | |
</relationships> | |
<state>STOPPED</state> | |
<style/> | |
<type>org.apache.nifi.processors.standard.PutEmail</type> | |
</processors> | |
<processors> | |
<id>657e33f5-2d83-37d8-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>1232.7872708610962</x> | |
<y>331.48188266500017</y> | |
</position> | |
<bundle> | |
<artifact>nifi-standard-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<config> | |
<bulletinLevel>WARN</bulletinLevel> | |
<comments></comments> | |
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount> | |
<descriptors> | |
<entry> | |
<key>Routing Strategy</key> | |
<value> | |
<name>Routing Strategy</name> | |
</value> | |
</entry> | |
<entry> | |
<key>matched</key> | |
<value> | |
<name>matched</name> | |
</value> | |
</entry> | |
</descriptors> | |
<executionNode>ALL</executionNode> | |
<lossTolerant>false</lossTolerant> | |
<penaltyDuration>30 sec</penaltyDuration> | |
<properties> | |
<entry> | |
<key>Routing Strategy</key> | |
<value>Route to Property name</value> | |
</entry> | |
<entry> | |
<key>matched</key> | |
<value>${avg:gt(100)}</value> | |
</entry> | |
</properties> | |
<runDurationMillis>0</runDurationMillis> | |
<schedulingPeriod>0 sec</schedulingPeriod> | |
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy> | |
<yieldDuration>1 sec</yieldDuration> | |
</config> | |
<executionNodeRestricted>false</executionNodeRestricted> | |
<name>RouteOnAttribute</name> | |
<relationships> | |
<autoTerminate>false</autoTerminate> | |
<name>matched</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>unmatched</name> | |
</relationships> | |
<state>STOPPED</state> | |
<style/> | |
<type>org.apache.nifi.processors.standard.RouteOnAttribute</type> | |
</processors> | |
<processors> | |
<id>778ed3fd-8ebe-3393-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>839.187465352802</x> | |
<y>624.4746133474912</y> | |
</position> | |
<bundle> | |
<artifact>nifi-standard-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<config> | |
<bulletinLevel>WARN</bulletinLevel> | |
<comments></comments> | |
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount> | |
<descriptors> | |
<entry> | |
<key>Directory</key> | |
<value> | |
<name>Directory</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Conflict Resolution Strategy</key> | |
<value> | |
<name>Conflict Resolution Strategy</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Create Missing Directories</key> | |
<value> | |
<name>Create Missing Directories</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Maximum File Count</key> | |
<value> | |
<name>Maximum File Count</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Last Modified Time</key> | |
<value> | |
<name>Last Modified Time</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Permissions</key> | |
<value> | |
<name>Permissions</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Owner</key> | |
<value> | |
<name>Owner</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Group</key> | |
<value> | |
<name>Group</name> | |
</value> | |
</entry> | |
</descriptors> | |
<executionNode>ALL</executionNode> | |
<lossTolerant>false</lossTolerant> | |
<penaltyDuration>30 sec</penaltyDuration> | |
<properties> | |
<entry> | |
<key>Directory</key> | |
<value>/tmp</value> | |
</entry> | |
<entry> | |
<key>Conflict Resolution Strategy</key> | |
<value>fail</value> | |
</entry> | |
<entry> | |
<key>Create Missing Directories</key> | |
<value>true</value> | |
</entry> | |
<entry> | |
<key>Maximum File Count</key> | |
</entry> | |
<entry> | |
<key>Last Modified Time</key> | |
</entry> | |
<entry> | |
<key>Permissions</key> | |
</entry> | |
<entry> | |
<key>Owner</key> | |
</entry> | |
<entry> | |
<key>Group</key> | |
</entry> | |
</properties> | |
<runDurationMillis>0</runDurationMillis> | |
<schedulingPeriod>0 sec</schedulingPeriod> | |
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy> | |
<yieldDuration>1 sec</yieldDuration> | |
</config> | |
<executionNodeRestricted>false</executionNodeRestricted> | |
<name>PutFile</name> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>failure</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>success</name> | |
</relationships> | |
<state>STOPPED</state> | |
<style/> | |
<type>org.apache.nifi.processors.standard.PutFile</type> | |
</processors> | |
<processors> | |
<id>90352099-9a2b-37ad-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>615.0254351699863</x> | |
<y>331.4819725586667</y> | |
</position> | |
<bundle> | |
<artifact>nifi-standard-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<config> | |
<bulletinLevel>WARN</bulletinLevel> | |
<comments></comments> | |
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount> | |
<descriptors> | |
<entry> | |
<key>Destination</key> | |
<value> | |
<name>Destination</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Return Type</key> | |
<value> | |
<name>Return Type</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Path Not Found Behavior</key> | |
<value> | |
<name>Path Not Found Behavior</name> | |
</value> | |
</entry> | |
<entry> | |
<key>Null Value Representation</key> | |
<value> | |
<name>Null Value Representation</name> | |
</value> | |
</entry> | |
<entry> | |
<key>avg</key> | |
<value> | |
<name>avg</name> | |
</value> | |
</entry> | |
</descriptors> | |
<executionNode>ALL</executionNode> | |
<lossTolerant>false</lossTolerant> | |
<penaltyDuration>30 sec</penaltyDuration> | |
<properties> | |
<entry> | |
<key>Destination</key> | |
<value>flowfile-attribute</value> | |
</entry> | |
<entry> | |
<key>Return Type</key> | |
<value>auto-detect</value> | |
</entry> | |
<entry> | |
<key>Path Not Found Behavior</key> | |
<value>ignore</value> | |
</entry> | |
<entry> | |
<key>Null Value Representation</key> | |
<value>empty string</value> | |
</entry> | |
<entry> | |
<key>avg</key> | |
<value>$.2.buckets[0].1.value</value> | |
</entry> | |
</properties> | |
<runDurationMillis>0</runDurationMillis> | |
<schedulingPeriod>0 sec</schedulingPeriod> | |
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy> | |
<yieldDuration>1 sec</yieldDuration> | |
</config> | |
<executionNodeRestricted>false</executionNodeRestricted> | |
<name>EvaluateJsonPath</name> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>failure</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>false</autoTerminate> | |
<name>matched</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>unmatched</name> | |
</relationships> | |
<state>STOPPED</state> | |
<style/> | |
<type>org.apache.nifi.processors.standard.EvaluateJsonPath</type> | |
</processors> | |
<processors> | |
<id>d0a5f829-f316-3fbb-0000-000000000000</id> | |
<parentGroupId>308545b5-bdca-3d2b-0000-000000000000</parentGroupId> | |
<position> | |
<x>37.084568223370695</x> | |
<y>323.94829060446796</y> | |
</position> | |
<bundle> | |
<artifact>nifi-elasticsearch-restapi-nar</artifact> | |
<group>org.apache.nifi</group> | |
<version>1.9.2</version> | |
</bundle> | |
<config> | |
<bulletinLevel>WARN</bulletinLevel> | |
<comments></comments> | |
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount> | |
<descriptors> | |
<entry> | |
<key>el-rest-query</key> | |
<value> | |
<name>el-rest-query</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-query-attribute</key> | |
<value> | |
<name>el-query-attribute</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-rest-fetch-index</key> | |
<value> | |
<name>el-rest-fetch-index</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-rest-type</key> | |
<value> | |
<name>el-rest-type</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-rest-client-service</key> | |
<value> | |
<identifiesControllerService>org.apache.nifi.elasticsearch.ElasticSearchClientService</identifiesControllerService> | |
<name>el-rest-client-service</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-rest-split-up-hits</key> | |
<value> | |
<name>el-rest-split-up-hits</name> | |
</value> | |
</entry> | |
<entry> | |
<key>el-rest-split-up-aggregations</key> | |
<value> | |
<name>el-rest-split-up-aggregations</name> | |
</value> | |
</entry> | |
</descriptors> | |
<executionNode>ALL</executionNode> | |
<lossTolerant>false</lossTolerant> | |
<penaltyDuration>30 sec</penaltyDuration> | |
<properties> | |
<entry> | |
<key>el-rest-query</key> | |
<value>{ | |
"size": 0, | |
"_source": { | |
"excludes": [] | |
}, | |
"aggs": { | |
"2": { | |
"terms": { | |
"field": "SourceAddress", | |
"size": 20, | |
"order": { | |
"_term": "desc" | |
} | |
}, | |
"aggs": { | |
"1": { | |
"avg": { | |
"field": "Bytes" | |
} | |
} | |
} | |
} | |
}, | |
"stored_fields": [ | |
"*" | |
], | |
"script_fields": {}, | |
"docvalue_fields": [ | |
"@timestamp", | |
"GenerateTime", | |
"ReceiveTime", | |
"StartTime", | |
"TimeLogged" | |
], | |
"query": { | |
"bool": { | |
"must": [ | |
{ | |
"query_string": { | |
"query": "_exists_:Bytes AND SourceAddress:78.133.112.106", | |
"analyze_wildcard": true, | |
"default_field": "*" | |
} | |
}, | |
{ | |
"range": { | |
"@timestamp": { | |
"gte": 1554930000000, | |
"lte": 1555016399999, | |
"format": "epoch_millis" | |
} | |
} | |
} | |
], | |
"filter": [], | |
"should": [], | |
"must_not": [] | |
} | |
} | |
}</value> | |
</entry> | |
<entry> | |
<key>el-query-attribute</key> | |
<value>agg_result</value> | |
</entry> | |
<entry> | |
<key>el-rest-fetch-index</key> | |
<value>${now():format('yyyy.MM.dd'):prepend('filebeat-')}</value> | |
</entry> | |
<entry> | |
<key>el-rest-type</key> | |
</entry> | |
<entry> | |
<key>el-rest-client-service</key> | |
<value>7b43a0f0-ecea-3747-0000-000000000000</value> | |
</entry> | |
<entry> | |
<key>el-rest-split-up-hits</key> | |
<value>splitUp-no</value> | |
</entry> | |
<entry> | |
<key>el-rest-split-up-aggregations</key> | |
<value>splitUp-no</value> | |
</entry> | |
</properties> | |
<runDurationMillis>0</runDurationMillis> | |
<schedulingPeriod>60 sec</schedulingPeriod> | |
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy> | |
<yieldDuration>1 sec</yieldDuration> | |
</config> | |
<executionNodeRestricted>false</executionNodeRestricted> | |
<name>JsonQueryElasticsearch</name> | |
<relationships> | |
<autoTerminate>false</autoTerminate> | |
<name>aggregations</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>failure</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>hits</name> | |
</relationships> | |
<relationships> | |
<autoTerminate>true</autoTerminate> | |
<name>original</name> | |
</relationships> | |
<state>STOPPED</state> | |
<style/> | |
<type>org.apache.nifi.processors.elasticsearch.JsonQueryElasticsearch</type> | |
</processors> | |
</snippet> | |
<timestamp>07/09/2019 09:22:44 EEST</timestamp> | |
</template> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment