Description:
Parses the contents of a Windows Event Log file (evtx) and writes the resulting XML to the FlowFile
Additional Details...
Tags:
logs, windows, event, evtx, message, file
Properties:
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|
| Granularity | granularity | Chunk | | Output flow file for each Record, Chunk, or File encountered in the event log |
Relationships:
| Name | Description |
|---|
| success | Any FlowFile that was successfully converted from evtx to XML |
| failure | Any FlowFile that encountered an exception during conversion will be transferred to this relationship with as much parsing as possible done |
| original | The unmodified input FlowFile will be transferred to this relationship |
| bad chunk | Any bad chunks of records will be transferred to this relationship in their original binary form |
Reads Attributes:
| Name | Description |
|---|
| filename | The filename of the evtx file |
Writes Attributes:
| Name | Description |
|---|
| filename | The output filename |
| mime.type | The output filetype (application/xml for success and failure relationships, original value for bad chunk and original relationships) |
State management:
This component does not store state.Restricted:
This component is not restricted.Input requirement:
This component requires an incoming relationship.System Resource Considerations:
None specified.