Hi, I will test your idea to use RouteOnContent with a length check before the ParseCEF processor. Since all message needs to be parsed, even if the msg field exceed 1023 character, I will probably have to save the content of the msg field temporarily, truncate the msg field in the message, parse the message and then reassign the original content to the msg field in the parsed message. Not sure that it is possible but that would probably be a suitable workaround. Regards, Lj På tor, jan. 2019 klockan 22:58, Andy LoPresto<alopre...@apache.org> skrev: You may be able to do some light detection by using a regex in RouteOnContent (not RouteText, which evaluates lines individually) to capture the group and perform a length check before trying to parse the CEF format. However, if the spec states that the field cannot contain more than 1023 characters, there isn’t anything NiFi can do to change that though.
Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 On Jan 3, 2019, at 12:13 PM, Felix McPherson <ljungpip...@yahoo.se> wrote: Hi, I'm using the ParseCEF processor to parse CEF message to Json format. Unfortunately the ParseCEF processor fails for message/events that holds a string in the Msg field that has more than 1023 character. According to the CEF standard the Msg field in an event shall not exceed 1023 character. The PARSECEF fails with: "Error ParseCEF[id=...] Failed to parse... ...as a CEF message; it does not conform to the CEF standard; routing to failure. Any ideas on a workaround for this problem? I would prefer not having to remove character in the Msg field string. Regards,lj
