Evaluates one or more Grok Expressions against the content of a FlowFile, adding the results as attributes or replacing the content of the FlowFile with a JSON notation of the matched content
grok, log, text, parse, delimit, extract
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.
| Name | Default Value | Allowable Values | Description |
|---|---|---|---|
| Grok Expression | Grok expression. If other Grok expressions are referenced in this expression, they must be provided in the Grok Pattern File if set or exist in the default Grok patterns | ||
| Grok Pattern file | Grok Pattern file definition. This file will be loaded after the default Grok patterns file. If not set, then only the Grok Expression and the default Grok patterns will be used. This property requires exactly one file to be provided.. | ||
| Destination | flowfile-attribute |
| Control if Grok output value is written as a new flowfile attributes, in this case each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." or written in the flowfile content. Writing to flowfile content will overwrite any existing flowfile content. |
| Character Set | UTF-8 | The Character Set in which the file is encoded | |
| Maximum Buffer Size | 1 MB | Specifies the maximum amount of data to buffer (per file) in order to apply the Grok expressions. Files larger than the specified maximum will not be fully evaluated. | |
| Named captures only | false |
| Only store named captures from grok |
| Keep Empty Captures | true |
| If true, then empty capture values will be included in the returned capture map. |
| Name | Description |
|---|---|
| unmatched | FlowFiles are routed to this relationship when no provided Grok Expression matches the content of the FlowFile |
| matched | FlowFiles are routed to this relationship when the Grok Expression is successfully evaluated and the FlowFile is modified as a result |
| Name | Description |
|---|---|
| grok.XXX | When operating in flowfile-attribute mode, each of the Grok identifier that is matched in the flowfile will be added as an attribute, prefixed with "grok." For example,if the grok identifier "timestamp" is matched, then the value will be added to an attribute named "grok.timestamp" |