Hi Farrukh,
You can try using the Grok Parser and search for regular _expression_ pattern for your log. You can customize the regex to meet your needs.
Look at Step-5 on how to create a regex for grok parser. Grok parser also allows to validate the fields.
Good luck !
Thanks
Srikanth
On July 20, 2018 at 4:23 AM Farrukh Naveed Anjum <anjum.farr...@gmail.com> wrote:
Hi,I am trying to index the Syslog using CEF Parser with Nifi.It does not give any error though, transport data to kafa without indexing it. It keepg giving FAILED in Spout.I believe indexing Syslog are most basic usecase for all. But metron fails to do it with each in standard format.I tried bro for it. But even it keeps giving PARSER Error.Any help ? Fast will be apperciated.--With Regards
Farrukh Naveed Anjum
______________________
Srikanth Nagarajan
Principal
Gandiva Networks Inc
732.690.1884 Mobile
Please consider the environment before printing this. NOTICE: The information contained in this e-mail message is intended for addressee(s) only. If you have received this message in error please notify the sender.
