Evaluates one or more Grok Expressions against the content of a FlowFile, adding the results as attributes or replacing the content of the FlowFile with a JSON notation of the matched content
grok, log, text, parse, delimit, extract
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Grok Expression | Grok Expression | Grok expression. If other Grok expressions are referenced in this expression, they must be provided in the Grok Pattern File if set or exist in the default Grok patterns | ||
| Grok Patterns | Grok Pattern file | Custom Grok pattern definitions. These definitions will be loaded after the default Grok patterns. The Grok Parser will use the default Grok patterns when this property is not configured. This property requires exactly one resource to be provided. That resource may be any of the following types: text, URL, file. | ||
| Destination | Destination | flowfile-attribute |
| Control if Grok output value is written as a new flowfile attributes, in this case each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." or written in the flowfile content. Writing to flowfile content will overwrite any existing flowfile content. |
| Character Set | Character Set | UTF-8 | The Character Set in which the file is encoded | |
| Maximum Buffer Size | Maximum Buffer Size | 1 MB | Specifies the maximum amount of data to buffer (per file) in order to apply the Grok expressions. Files larger than the specified maximum will not be fully evaluated. | |
| Named captures only | Named captures only | false |
| Only store named captures from grok |
| Keep Empty Captures | Keep Empty Captures | true |
| If true, then empty capture values will be included in the returned capture map. |
| Name | Description |
|---|---|
| unmatched | FlowFiles are routed to this relationship when no provided Grok Expression matches the content of the FlowFile |
| matched | FlowFiles are routed to this relationship when the Grok Expression is successfully evaluated and the FlowFile is modified as a result |
| Name | Description |
|---|---|
| grok.XXX | When operating in flowfile-attribute mode, each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." For example,if the grok identifier "timestamp" is matched, then the value will be added to an attribute named "grok.timestamp" |
| Required Permission | Explanation |
|---|---|
| reference remote resources | Patterns can reference resources over HTTP |