A powerful whois query processor primary designed to enrich DataFlows with whois based APIs (e.g. ShadowServer's ASN lookup) but that can be also used to perform regular whois lookups.
whois, enrich, ip
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
Display Name | API Name | Default Value | Allowable Values | Description |
---|---|---|---|---|
Lookup value | QUERY_INPUT | The value that should be used to populate the query Supports Expression Language: true (will be evaluated using flow file attributes and variable registry) | ||
Whois Query Type | WHOIS_QUERY_TYPE | The Whois query type to be used by the processor (if used) | ||
Whois Server | WHOIS_SERVER | The Whois server to be used | ||
Whois Server Port | WHOIS_SERVER_PORT | 43 | The TCP port of the remote Whois server | |
Whois Query Timeout | WHOIS_TIMEOUT | 1500 ms | The amount of time to wait until considering a query as failed | |
Batch Size | BATCH_SIZE | 25 | The number of incoming FlowFiles to process in a single execution of this processor. | |
Bulk Protocol | BULK_PROTOCOL | None |
| The protocol used to perform the bulk query. |
Results Parser | QUERY_PARSER | None |
| The method used to slice the results into attribute groups |
Parser RegEx | QUERY_PARSER_INPUT | Choice between a splitter and regex matcher used to parse the results of the query into attribute groups. NOTE: This is a multiline regular expression, therefore, the DFM should decide how to handle trailing new line characters. | ||
Key lookup group (multiline / batch) | KEY_GROUP | When performing a batched lookup, the following RegEx numbered capture group or Column number will be used to match the whois server response with the lookup field |
Name | Description |
---|---|
not found | Where to route flow files if data enrichment query rendered no results |
found | Where to route flow files after successfully enriching attributes with data |
Name | Description |
---|---|
enrich.dns.record*.group* | The captured fields of the Whois query response for each of the records received |