diff --git a/inventories/filebeat b/inventories/filebeat
index cf6fb49060191fecf1d22704c367c9499929dd53..30a1ab8d308d19e8993247cee67de5528d70037d 100644
--- a/inventories/filebeat
+++ b/inventories/filebeat
@@ -7,7 +7,7 @@ soctools-misp ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-php72/l
#soctools-odfe-2 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsearch/logs/soctools-cluster_server.json","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="odfe2" FILEBEAT_LOG_FORMAT="text"
soctools-kibana ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/kibana_stdout.log"]' FILEBEAT_LOG_TYPE="kibana" FILEBEAT_LOG_FORMAT="json"
soctools-keycloak ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="keycloak" FILEBEAT_LOG_FORMAT="json"
-soctools-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
+soctools-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log","/var/opt/rh/rh-mariadb103/lib/mysql/server_audit.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
soctools-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy" FILEBEAT_LOG_FORMAT="text"
soctools-zookeeper ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="zookeeper" FILEBEAT_LOG_FORMAT="text"
soctools-cortex ansible_connection=docker FILEBEAT_FILES='["/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="cortex" FILEBEAT_LOG_FORMAT="text"
diff --git a/roles/mysql/templates/mysql_secure.sql.j2 b/roles/mysql/templates/mysql_secure.sql.j2
index c1f602d390f8e986c6b8cf73664a2bde3a87fbbb..65bf47105711378d6237ca873016b25eeb36e6e6 100644
--- a/roles/mysql/templates/mysql_secure.sql.j2
+++ b/roles/mysql/templates/mysql_secure.sql.j2
@@ -10,5 +10,10 @@ GRANT USAGE on *.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}' IDE
GRANT ALL PRIVILEGES on {{misp_dbname}}.* to '{{misp_dbuser}}'@'{{misp_host}}.{{soctools_netname}}';
{% endfor %}
+INSTALL SONAME 'server_audit';
+SET GLOBAL server_audit_logging=ON;
+SET GLOBAL server_audit_file_rotate_now = ON;
+SET GLOBAl server_audit_file_rotations = 2;
+SET GLOABL audit_log_format = JSON;
FLUSH PRIVILEGES;
diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2
index 86f3a35d81acd93dfa56891efbe9c5b791a7b79e..bf07d53b3d82890ffd245ebfe1d6a0f4234b4315 100644
--- a/roles/nifi/templates/flow.xml.j2
+++ b/roles/nifi/templates/flow.xml.j2
@@ -4205,16 +4205,16 @@
<flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
<flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<outputPort>
- <id>20b01ab3-3a8d-3573-b95d-a4a45494050f</id>
- <name>To enrichment</name>
- <position x="480.0" y="392.0" />
+ <id>21a9e277-2d80-359a-9c57-cb76d8962e6d</id>
+ <name>To data output</name>
+ <position x="-1120.0" y="592.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
<outputPort>
- <id>21a9e277-2d80-359a-9c57-cb76d8962e6d</id>
- <name>To data output</name>
- <position x="-1120.0" y="592.0" />
+ <id>20b01ab3-3a8d-3573-b95d-a4a45494050f</id>
+ <name>To enrichment</name>
+ <position x="480.0" y="392.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -4226,16 +4226,16 @@
<flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
<flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<outputPort>
- <id>27d5dab2-0172-1000-ffff-ffffab5c50be</id>
- <name>To data output</name>
- <position x="-632.0" y="328.0" />
+ <id>27d5761b-0172-1000-0000-000059275dad</id>
+ <name>To enrichment</name>
+ <position x="-312.0" y="328.0" />
<comments />
<scheduledState>STOPPED</scheduledState>
</outputPort>
<outputPort>
- <id>27d5761b-0172-1000-0000-000059275dad</id>
- <name>To enrichment</name>
- <position x="-312.0" y="328.0" />
+ <id>27d5dab2-0172-1000-ffff-ffffab5c50be</id>
+ <name>To data output</name>
+ <position x="-632.0" y="328.0" />
<comments />
<scheduledState>STOPPED</scheduledState>
</outputPort>
@@ -4289,6 +4289,10 @@
<name>haproxy</name>
<value>${log_type:equals("haproxy")}</value>
</property>
+ <property>
+ <name>mysql</name>
+ <value>${log_type:equals("mysql")}</value>
+ </property>
<property>
<name>zeek</name>
<value>${log_type:equals("zeek")}</value>
@@ -4299,16 +4303,16 @@
</property>
</processor>
<outputPort>
- <id>bcb879d5-0175-1000-0000-000070879ad0</id>
- <name>To data output</name>
- <position x="-2480.0" y="336.0" />
+ <id>349b32fe-a821-1197-0000-00003a0b6fe5</id>
+ <name>To enrichment</name>
+ <position x="632.0" y="776.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
<outputPort>
- <id>349b32fe-a821-1197-0000-00003a0b6fe5</id>
- <name>To enrichment</name>
- <position x="544.0" y="688.0" />
+ <id>bcb879d5-0175-1000-0000-000070879ad0</id>
+ <name>To data output</name>
+ <position x="-2480.0" y="336.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
@@ -4594,14 +4598,14 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>bc90d189-0175-1000-0000-0000037bc986</id>
- <position x="8.0" y="424.0" />
- </funnel>
<funnel>
<id>bc925474-0175-1000-0000-00004e78071f</id>
<position x="1882.9999517774115" y="327.9999931568573" />
</funnel>
+ <funnel>
+ <id>bc90d189-0175-1000-0000-0000037bc986</id>
+ <position x="8.0" y="424.0" />
+ </funnel>
<connection>
<id>bc90c7ac-0175-1000-ffff-fffffa80b534</id>
<name />
@@ -5108,14 +5112,14 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>895faa7a-0175-1000-0000-000014ef9dd3</id>
- <position x="278.84829417593915" y="332.4492766741185" />
- </funnel>
<funnel>
<id>895f7db3-0175-1000-ffff-ffff8229d688</id>
<position x="-1446.1517058240609" y="301.4492766741185" />
</funnel>
+ <funnel>
+ <id>895faa7a-0175-1000-0000-000014ef9dd3</id>
+ <position x="278.84829417593915" y="332.4492766741185" />
+ </funnel>
<connection>
<id>895fbf8f-0175-1000-ffff-ffffa5d2d01e</id>
<name />
@@ -6106,14 +6110,14 @@
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
- <funnel>
- <id>8d3298f0-0175-1000-ffff-ffffc9f211a7</id>
- <position x="56.0" y="280.0" />
- </funnel>
<funnel>
<id>8d399854-0175-1000-ffff-ffff8272837e</id>
<position x="1736.0" y="528.0" />
</funnel>
+ <funnel>
+ <id>8d3298f0-0175-1000-ffff-ffffc9f211a7</id>
+ <position x="56.0" y="280.0" />
+ </funnel>
<connection>
<id>8d3979b7-0175-1000-ffff-ffffe2efe898</id>
<name />
@@ -6581,14 +6585,114 @@
</connection>
</processGroup>
<processGroup>
- <id>5d04357e-423c-1ab5-a7a4-44565abfed7f</id>
- <name>Haproxy</name>
- <position x="-448.0" y="664.0" />
+ <id>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</id>
+ <name>Mysql</name>
+ <position x="-440.0" y="1272.0" />
<comment />
<flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
<flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
<processor>
- <id>c9763c4c-7186-1460-871a-b5fd00ca3241</id>
+ <id>14453e90-7646-1485-ffff-ffff81f3c683</id>
+ <name>Add header</name>
+ <position x="344.0" y="-8.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ReplaceText</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Regular Expression</name>
+ <value>(?s)(^.*$)</value>
+ </property>
+ <property>
+ <name>Replacement Value</name>
+ <value>timestamp,serverhost,username,host,connectionid,queryid,operation,database,object,retcode
+</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>Maximum Buffer Size</name>
+ <value>1 MB</value>
+ </property>
+ <property>
+ <name>Replacement Strategy</name>
+ <value>Prepend</value>
+ </property>
+ <property>
+ <name>Evaluation Mode</name>
+ <value>Entire text</value>
+ </property>
+ <property>
+ <name>Line-by-Line Evaluation Mode</name>
+ <value>All</value>
+ </property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
+ </processor>
+ <processor>
+ <id>e0bd3907-2d13-1407-b2dd-48591e65e59d</id>
+ <name>UpdateRecord</name>
+ <position x="-336.0" y="416.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/event_type</name>
+ <value>log</value>
+ </property>
+ <property>
+ <name>/labels/source_host</name>
+ <value>${source_host}</value>
+ </property>
+ <property>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('yyMMdd HH:mm:ss'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>50813f6b-a5f6-1a98-8ae4-115134714332</id>
<name>UpdateRecord</name>
<position x="352.0" y="472.0" />
<styles />
@@ -6621,19 +6725,54 @@
<name>replacement-value-strategy</name>
<value>literal-value</value>
</property>
+ <property>
+ <name>/event_type</name>
+ <value>audit</value>
+ </property>
<property>
<name>/labels/source_host</name>
<value>${source_host}</value>
</property>
<property>
<name>/timestamp</name>
- <value>${field.value:toDate('dd/MMM/yyyy:HH:mm:ss.SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ <value>${field.value:toDate('yyyyMMdd HH:mm:ss'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
</property>
</processor>
<processor>
- <id>e4c8356d-54ad-15b5-94fe-799d9465aa51</id>
+ <id>e4353681-23e9-15af-0000-000032ea35e3</id>
+ <name>RouteOnAttribute</name>
+ <position x="-352.0" y="0.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.RouteOnAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Routing Strategy</name>
+ <value>Route to Property name</value>
+ </property>
+ <property>
+ <name>audit</name>
+ <value>${source_file:contains("audit")}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>f92d3f77-958a-1344-bd3b-7c93457e5c12</id>
<name>Extract message</name>
- <position x="352.0" y="280.0" />
+ <position x="-360.0" y="-216.0" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.ConvertRecord</class>
@@ -6664,11 +6803,12 @@
<name>include-zero-record-flowfiles</name>
<value>true</value>
</property>
+ <autoTerminatedRelationship>failure</autoTerminatedRelationship>
</processor>
<processor>
- <id>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</id>
+ <id>92693a34-99da-1004-adfb-bdf4aa7e1c30</id>
<name>Convert to json</name>
- <position x="1064.0" y="272.0" />
+ <position x="352.0" y="240.0" />
<styles />
<comment />
<class>org.apache.nifi.processors.standard.ConvertRecord</class>
@@ -6689,7 +6829,7 @@
<runDurationNanos>0</runDurationNanos>
<property>
<name>record-reader</name>
- <value>56ebe0aa-0176-1000-ffff-ffffbd212f01</value>
+ <value>14453a95-7646-1485-0000-00002c675762</value>
</property>
<property>
<name>record-writer</name>
@@ -6701,9 +6841,9 @@
</property>
</processor>
<processor>
- <id>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</id>
+ <id>48723b8e-fae0-14e6-afdc-85c239646dc0</id>
<name>UpdateAttribute</name>
- <position x="1072.0" y="472.0" />
+ <position x="-320.0" y="648.0" />
<styles />
<comment />
<class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
@@ -6738,66 +6878,101 @@
</property>
<property>
<name>data_index</name>
- <value>logs-haproxy</value>
+ <value>logs-mysql</value>
</property>
<property>
<name>enrich_ip1</name>
<value>/client.ip</value>
</property>
</processor>
+ <processor>
+ <id>14453a41-7646-1485-b398-28f819de4a45</id>
+ <name>Convert to json</name>
+ <position x="-336.0" y="200.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>70ea12d7-0176-1000-ffff-ffffee2ee306</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>false</value>
+ </property>
+ </processor>
<inputPort>
- <id>65a33e05-e157-1bfc-8741-adf11b3df720</id>
+ <id>7f683020-779c-1bc9-85da-5bad079d5d9d</id>
<name>Input</name>
- <position x="397.9999517774115" y="110.99999315685733" />
+ <position x="-312.0" y="-336.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</inputPort>
<outputPort>
- <id>328b35e2-eb52-1f47-b84d-52941eff8a07</id>
+ <id>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</id>
<name>Output</name>
- <position x="1120.0" y="808.0" />
+ <position x="-256.0" y="960.0" />
<comments />
<scheduledState>RUNNING</scheduledState>
</outputPort>
<funnel>
- <id>312d3490-461e-13ac-a3a2-603704c456e2</id>
- <position x="8.0" y="424.0" />
+ <id>7113dbce-0176-1000-ffff-ffffbbfa695f</id>
+ <position x="-673.331668377643" y="376.49854987272295" />
</funnel>
<funnel>
- <id>bb763b6c-302d-12a4-8eb2-b3b501d92244</id>
- <position x="1882.9999517774115" y="327.9999931568573" />
+ <id>f1b33d4c-1b10-18ad-ab4a-4a3a1e744f4b</id>
+ <position x="1112.0" y="376.0" />
</funnel>
<connection>
- <id>960f3ac9-95dc-103d-a70a-ca3b070851a4</id>
+ <id>631e37d8-ca81-1bfa-8f55-aac2a22873ad</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceId>50813f6b-a5f6-1a98-8ae4-115134714332</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>328b35e2-eb52-1f47-b84d-52941eff8a07</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>OUTPUT_PORT</destinationType>
- <relationship>success</relationship>
+ <destinationId>f1b33d4c-1b10-18ad-ab4a-4a3a1e744f4b</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
- <flowFileExpiration>0 sec</flowFileExpiration>
+ <flowFileExpiration>60 sec</flowFileExpiration>
<loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>0ecb3e12-768e-1896-a850-2a2bec52eb95</id>
+ <id>e43535a1-23e9-15af-9f98-2061dd6f97d6</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>c9763c4c-7186-1460-871a-b5fd00ca3241</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceId>92693a34-99da-1004-adfb-bdf4aa7e1c30</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationId>50813f6b-a5f6-1a98-8ae4-115134714332</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
<destinationType>PROCESSOR</destinationType>
<relationship>success</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
@@ -6808,18 +6983,486 @@
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
<connection>
- <id>9451307c-96df-1302-8189-8e556060bb80</id>
+ <id>70e77065-0176-1000-0000-00001479fdf4</id>
<name />
<bendPoints />
<labelIndex>1</labelIndex>
<zIndex>0</zIndex>
- <sourceId>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</sourceId>
- <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceId>e0bd3907-2d13-1407-b2dd-48591e65e59d</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
<sourceType>PROCESSOR</sourceType>
- <destinationId>bb763b6c-302d-12a4-8eb2-b3b501d92244</destinationId>
- <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
- <destinationType>FUNNEL</destinationType>
- <relationship>failure</relationship>
+ <destinationId>48723b8e-fae0-14e6-afdc-85c239646dc0</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>711609c1-0176-1000-0000-000013fdee3b</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e0bd3907-2d13-1407-b2dd-48591e65e59d</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7113dbce-0176-1000-ffff-ffffbbfa695f</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>60 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>14453fcf-7646-1485-ffff-ffff952df142</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e4353681-23e9-15af-0000-000032ea35e3</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>14453e90-7646-1485-ffff-ffff81f3c683</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>audit</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>7fe931b3-82b3-1699-b49a-d380dd14a5b8</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>48723b8e-fae0-14e6-afdc-85c239646dc0</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>a35e3744-5906-1ee9-abc4-205356ca01d1</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>f92d3f77-958a-1344-bd3b-7c93457e5c12</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>e4353681-23e9-15af-0000-000032ea35e3</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>70e8f3cb-0176-1000-0000-00006d2cdbf5</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>14453a41-7646-1485-b398-28f819de4a45</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>e0bd3907-2d13-1407-b2dd-48591e65e59d</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>14453eaa-7646-1485-0000-000070b97065</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>14453e90-7646-1485-ffff-ffff81f3c683</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>92693a34-99da-1004-adfb-bdf4aa7e1c30</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>cf95350a-de6c-1a4b-8183-8f9cfa11449a</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>7f683020-779c-1bc9-85da-5bad079d5d9d</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>INPUT_PORT</sourceType>
+ <destinationId>f92d3f77-958a-1344-bd3b-7c93457e5c12</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>3e21311d-dc5c-143f-b39e-d8fb8c9fd36d</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>50813f6b-a5f6-1a98-8ae4-115134714332</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>48723b8e-fae0-14e6-afdc-85c239646dc0</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>873a3c42-fe81-1ce1-8c70-7da1f2542c31</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>92693a34-99da-1004-adfb-bdf4aa7e1c30</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>f1b33d4c-1b10-18ad-ab4a-4a3a1e744f4b</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>60 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>14453a4b-7646-1485-ffff-fffffc8f5285</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>e4353681-23e9-15af-0000-000032ea35e3</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>14453a41-7646-1485-b398-28f819de4a45</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>unmatched</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>71140678-0176-1000-0000-000060437da4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>14453a41-7646-1485-b398-28f819de4a45</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7113dbce-0176-1000-ffff-ffffbbfa695f</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>60 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ </processGroup>
+ <processGroup>
+ <id>5d04357e-423c-1ab5-a7a4-44565abfed7f</id>
+ <name>Haproxy</name>
+ <position x="-448.0" y="664.0" />
+ <comment />
+ <flowfileConcurrency>UNBOUNDED</flowfileConcurrency>
+ <flowfileOutboundPolicy>STREAM_WHEN_AVAILABLE</flowfileOutboundPolicy>
+ <processor>
+ <id>c9763c4c-7186-1460-871a-b5fd00ca3241</id>
+ <name>UpdateRecord</name>
+ <position x="352.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.UpdateRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>replacement-value-strategy</name>
+ <value>literal-value</value>
+ </property>
+ <property>
+ <name>/labels/source_host</name>
+ <value>${source_host}</value>
+ </property>
+ <property>
+ <name>/timestamp</name>
+ <value>${field.value:toDate('dd/MMM/yyyy:HH:mm:ss.SSS'):format("yyyy-MM-dd'T'HH:mm:ss.SSSXXX")}</value>
+ </property>
+ </processor>
+ <processor>
+ <id>e4c8356d-54ad-15b5-94fe-799d9465aa51</id>
+ <name>Extract message</name>
+ <position x="352.0" y="280.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>179dd31f-89ed-3179-adb2-85a9c61869ce</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>bc8e5957-0175-1000-0000-00003346421d</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>true</value>
+ </property>
+ </processor>
+ <processor>
+ <id>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</id>
+ <name>Convert to json</name>
+ <position x="1064.0" y="272.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.standard.ConvertRecord</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-standard-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>record-reader</name>
+ <value>56ebe0aa-0176-1000-ffff-ffffbd212f01</value>
+ </property>
+ <property>
+ <name>record-writer</name>
+ <value>17b30955-5464-3709-8a32-69a459850cfa</value>
+ </property>
+ <property>
+ <name>include-zero-record-flowfiles</name>
+ <value>false</value>
+ </property>
+ </processor>
+ <processor>
+ <id>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</id>
+ <name>UpdateAttribute</name>
+ <position x="1072.0" y="472.0" />
+ <styles />
+ <comment />
+ <class>org.apache.nifi.processors.attributes.UpdateAttribute</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-update-attribute-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <maxConcurrentTasks>1</maxConcurrentTasks>
+ <schedulingPeriod>0 sec</schedulingPeriod>
+ <penalizationPeriod>30 sec</penalizationPeriod>
+ <yieldPeriod>1 sec</yieldPeriod>
+ <bulletinLevel>WARN</bulletinLevel>
+ <lossTolerant>false</lossTolerant>
+ <scheduledState>RUNNING</scheduledState>
+ <schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
+ <executionNode>ALL</executionNode>
+ <runDurationNanos>0</runDurationNanos>
+ <property>
+ <name>Delete Attributes Expression</name>
+ </property>
+ <property>
+ <name>Store State</name>
+ <value>Do not store state</value>
+ </property>
+ <property>
+ <name>Stateful Variables Initial Value</name>
+ </property>
+ <property>
+ <name>canonical-value-lookup-cache-size</name>
+ <value>100</value>
+ </property>
+ <property>
+ <name>data_index</name>
+ <value>logs-haproxy</value>
+ </property>
+ <property>
+ <name>enrich_ip1</name>
+ <value>/client.ip</value>
+ </property>
+ </processor>
+ <inputPort>
+ <id>65a33e05-e157-1bfc-8741-adf11b3df720</id>
+ <name>Input</name>
+ <position x="397.9999517774115" y="110.99999315685733" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </inputPort>
+ <outputPort>
+ <id>328b35e2-eb52-1f47-b84d-52941eff8a07</id>
+ <name>Output</name>
+ <position x="1120.0" y="808.0" />
+ <comments />
+ <scheduledState>RUNNING</scheduledState>
+ </outputPort>
+ <funnel>
+ <id>312d3490-461e-13ac-a3a2-603704c456e2</id>
+ <position x="8.0" y="424.0" />
+ </funnel>
+ <funnel>
+ <id>bb763b6c-302d-12a4-8eb2-b3b501d92244</id>
+ <position x="1882.9999517774115" y="327.9999931568573" />
+ </funnel>
+ <connection>
+ <id>960f3ac9-95dc-103d-a70a-ca3b070851a4</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>328b35e2-eb52-1f47-b84d-52941eff8a07</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>0ecb3e12-768e-1896-a850-2a2bec52eb95</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>c9763c4c-7186-1460-871a-b5fd00ca3241</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7fbd38e8-60a2-1503-8a6c-ffc6b156b3b0</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>PROCESSOR</destinationType>
+ <relationship>success</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
+ <connection>
+ <id>9451307c-96df-1302-8189-8e556060bb80</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>f6e63fd3-6150-1d72-a58a-46b43bc5d5c2</sourceId>
+ <sourceGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>bb763b6c-302d-12a4-8eb2-b3b501d92244</destinationId>
+ <destinationGroupId>5d04357e-423c-1ab5-a7a4-44565abfed7f</destinationGroupId>
+ <destinationType>FUNNEL</destinationType>
+ <relationship>failure</relationship>
<maxWorkQueueSize>10000</maxWorkQueueSize>
<maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
<flowFileExpiration>0 sec</flowFileExpiration>
@@ -7600,6 +8243,26 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>e43535d0-23e9-15af-ffff-ffffa44d6172</id>
+ <name />
+ <bendPoints />
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>bcbb33ba-112e-1f53-8982-d5ae9f0e701f</sourceId>
+ <sourceGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</sourceGroupId>
+ <sourceType>OUTPUT_PORT</sourceType>
+ <destinationId>349b32fe-a821-1197-0000-00003a0b6fe5</destinationId>
+ <destinationGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</destinationGroupId>
+ <destinationType>OUTPUT_PORT</destinationType>
+ <relationship />
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
<connection>
<id>349b339b-a821-1197-0000-00002e648df6</id>
<name />
@@ -7867,6 +8530,29 @@
<partitioningAttribute />
<loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
</connection>
+ <connection>
+ <id>e43535c9-23e9-15af-ffff-ffffcd7d888a</id>
+ <name />
+ <bendPoints>
+ <bendPoint x="-704.0" y="1256.0" />
+ <bendPoint x="-584.0" y="1368.0" />
+ </bendPoints>
+ <labelIndex>1</labelIndex>
+ <zIndex>0</zIndex>
+ <sourceId>8962ad5a-0175-1000-ffff-ffffde6db5a6</sourceId>
+ <sourceGroupId>0c790562-0175-1000-ffff-ffffeaaeafc3</sourceGroupId>
+ <sourceType>PROCESSOR</sourceType>
+ <destinationId>7f683020-779c-1bc9-85da-5bad079d5d9d</destinationId>
+ <destinationGroupId>48bc31b5-dbc5-116d-adbe-fe0f10314ac2</destinationGroupId>
+ <destinationType>INPUT_PORT</destinationType>
+ <relationship>mysql</relationship>
+ <maxWorkQueueSize>10000</maxWorkQueueSize>
+ <maxWorkQueueDataSize>1 GB</maxWorkQueueDataSize>
+ <flowFileExpiration>0 sec</flowFileExpiration>
+ <loadBalanceStrategy>DO_NOT_LOAD_BALANCE</loadBalanceStrategy>
+ <partitioningAttribute />
+ <loadBalanceCompression>DO_NOT_COMPRESS</loadBalanceCompression>
+ </connection>
</processGroup>
<processGroup>
<id>b3d57504-7c06-37a3-b59b-8723f60fa728</id>
@@ -8380,7 +9066,7 @@
</property>
<property>
<name>Password</name>
- <value>enc{7f706f76bc019ad8a3c7700ec14f6d65035b47cfa70fce4d0aade0809ded55af0afc391ccf1744443ffa082fc97204a6}</value>
+ <value>enc{1c4c58f74f95b67649d56061742c742acc78f69ccc57c9e9ef50d02d079f56126e9174e3f3651d3f58f0fd58976866f6}</value>
</property>
<property>
<name>elasticsearch-http-connect-timeout</name>
@@ -11031,8 +11717,245 @@
</processGroup>
</processGroup>
<controllerService>
- <id>bc97858d-0175-1000-0000-0000130a84f8</id>
- <name>Nifi logs GrokReader</name>
+ <id>349b34c7-a821-1197-ffff-ffff85d82877</id>
+ <name>Contry code to region</name>
+ <comment />
+ <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-lookup-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>csv-file</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/CountriesWithRegionalCodes.csv</value>
+ </property>
+ <property>
+ <name>CSV Format</name>
+ <value>default</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>lookup-key-column</name>
+ <value>alpha-2</value>
+ </property>
+ <property>
+ <name>ignore-duplicates</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Quote Mode</name>
+ <value>MINIMAL</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Trim Fields</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>lookup-value-column</name>
+ <value>region</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>bbd4d3a2-0175-1000-0000-00000b0fb8bd</id>
+ <name>Tor node CSV</name>
+ <comment />
+ <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-lookup-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>csv-file</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/tornodes.csv</value>
+ </property>
+ <property>
+ <name>CSV Format</name>
+ <value>default</value>
+ </property>
+ <property>
+ <name>Character Set</name>
+ <value>UTF-8</value>
+ </property>
+ <property>
+ <name>lookup-key-column</name>
+ <value>ip_addr</value>
+ </property>
+ <property>
+ <name>ignore-duplicates</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Quote Mode</name>
+ <value>MINIMAL</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Trim Fields</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>lookup-value-column</name>
+ <value>ip_addr</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>14453a95-7646-1485-0000-00002c675762</id>
+ <name>Mysql audit log</name>
+ <comment />
+ <class>org.apache.nifi.csv.CSVReader</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-record-serialization-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>schema-access-strategy</name>
+ <value>infer-schema</value>
+ </property>
+ <property>
+ <name>schema-registry</name>
+ </property>
+ <property>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
+ </property>
+ <property>
+ <name>schema-version</name>
+ </property>
+ <property>
+ <name>schema-branch</name>
+ </property>
+ <property>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
+ </property>
+ <property>
+ <name>csv-reader-csv-parser</name>
+ <value>commons-csv</value>
+ </property>
+ <property>
+ <name>Date Format</name>
+ </property>
+ <property>
+ <name>Time Format</name>
+ </property>
+ <property>
+ <name>Timestamp Format</name>
+ </property>
+ <property>
+ <name>CSV Format</name>
+ <value>custom</value>
+ </property>
+ <property>
+ <name>Value Separator</name>
+ <value>,</value>
+ </property>
+ <property>
+ <name>Record Separator</name>
+ <value>\n</value>
+ </property>
+ <property>
+ <name>Skip Header Line</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ignore-csv-header</name>
+ <value>false</value>
+ </property>
+ <property>
+ <name>Quote Character</name>
+ <value>"</value>
+ </property>
+ <property>
+ <name>Escape Character</name>
+ <value>\</value>
+ </property>
+ <property>
+ <name>Comment Marker</name>
+ </property>
+ <property>
+ <name>Null String</name>
+ </property>
+ <property>
+ <name>Trim Fields</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>csvutils-character-set</name>
+ <value>UTF-8</value>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>8b1dd8bb-0170-1000-0000-000007446e6a</id>
+ <name>Misp DistributedMapCacheServer</name>
+ <comment />
+ <class>org.apache.nifi.distributed.cache.server.map.DistributedMapCacheServer</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-distributed-cache-services-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>Port</name>
+ <value>4557</value>
+ </property>
+ <property>
+ <name>Maximum Cache Entries</name>
+ <value>10000</value>
+ </property>
+ <property>
+ <name>Eviction Strategy</name>
+ <value>Least Frequently Used</value>
+ </property>
+ <property>
+ <name>Persistence Directory</name>
+ <value>/opt/nifi/nifi-current/conf/</value>
+ </property>
+ <property>
+ <name>SSL Context Service</name>
+ </property>
+ </controllerService>
+ <controllerService>
+ <id>56ebe0aa-0176-1000-ffff-ffffbd212f01</id>
+ <name>Haproxy GrokReader</name>
<comment />
<class>org.apache.nifi.grok.GrokReader</class>
<bundle>
@@ -11064,10 +11987,11 @@
</property>
<property>
<name>Grok Pattern File</name>
+ <value>/opt/nifi/nifi-current/conf/enrich/haproxy.groklib</value>
</property>
<property>
<name>Grok Expression</name>
- <value>%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}</value>
+ <value>%{PROG:process.name}(?:\[%{POSINT:process.pid}\])?: %{HAPROXYHTTPBASE}</value>
</property>
<property>
<name>no-match-behavior</name>
@@ -11075,62 +11999,47 @@
</property>
</controllerService>
<controllerService>
- <id>349b34c7-a821-1197-ffff-ffff85d82877</id>
- <name>Contry code to region</name>
+ <id>bc97858d-0175-1000-0000-0000130a84f8</id>
+ <name>Nifi logs GrokReader</name>
<comment />
- <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
+ <class>org.apache.nifi.grok.GrokReader</class>
<bundle>
<group>org.apache.nifi</group>
- <artifact>nifi-lookup-services-nar</artifact>
+ <artifact>nifi-record-serialization-services-nar</artifact>
<version>1.12.1</version>
</bundle>
<enabled>true</enabled>
<property>
- <name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/enrich/CountriesWithRegionalCodes.csv</value>
- </property>
- <property>
- <name>CSV Format</name>
- <value>default</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>lookup-key-column</name>
- <value>alpha-2</value>
+ <name>schema-access-strategy</name>
+ <value>string-fields-from-grok-expression</value>
</property>
<property>
- <name>ignore-duplicates</name>
- <value>true</value>
+ <name>schema-registry</name>
</property>
<property>
- <name>Value Separator</name>
- <value>,</value>
+ <name>schema-name</name>
+ <value>${schema.name}</value>
</property>
<property>
- <name>Quote Character</name>
- <value>"</value>
+ <name>schema-version</name>
</property>
<property>
- <name>Quote Mode</name>
- <value>MINIMAL</value>
+ <name>schema-branch</name>
</property>
<property>
- <name>Comment Marker</name>
+ <name>schema-text</name>
+ <value>${avro.schema}</value>
</property>
<property>
- <name>Escape Character</name>
- <value>\</value>
+ <name>Grok Pattern File</name>
</property>
<property>
- <name>Trim Fields</name>
- <value>true</value>
+ <name>Grok Expression</name>
+ <value>%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} \[%{DATA:thread}\] %{DATA:class} %{GREEDYDATA:message}</value>
</property>
<property>
- <name>lookup-value-column</name>
- <value>region</value>
+ <name>no-match-behavior</name>
+ <value>append-to-previous-message</value>
</property>
</controllerService>
<controllerService>
@@ -11153,65 +12062,6 @@
<value>UTF-8</value>
</property>
</controllerService>
- <controllerService>
- <id>bbd4d3a2-0175-1000-0000-00000b0fb8bd</id>
- <name>Tor node CSV</name>
- <comment />
- <class>org.apache.nifi.lookup.SimpleCsvFileLookupService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-lookup-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>csv-file</name>
- <value>/opt/nifi/nifi-current/conf/enrich/tornodes.csv</value>
- </property>
- <property>
- <name>CSV Format</name>
- <value>default</value>
- </property>
- <property>
- <name>Character Set</name>
- <value>UTF-8</value>
- </property>
- <property>
- <name>lookup-key-column</name>
- <value>ip_addr</value>
- </property>
- <property>
- <name>ignore-duplicates</name>
- <value>true</value>
- </property>
- <property>
- <name>Value Separator</name>
- <value>,</value>
- </property>
- <property>
- <name>Quote Character</name>
- <value>"</value>
- </property>
- <property>
- <name>Quote Mode</name>
- <value>MINIMAL</value>
- </property>
- <property>
- <name>Comment Marker</name>
- </property>
- <property>
- <name>Escape Character</name>
- <value>\</value>
- </property>
- <property>
- <name>Trim Fields</name>
- <value>true</value>
- </property>
- <property>
- <name>lookup-value-column</name>
- <value>ip_addr</value>
- </property>
- </controllerService>
<controllerService>
<id>fa06ec39-7782-3ae3-8dfe-71d28c5240c3</id>
<name>Misp Lookup Service</name>
@@ -11259,6 +12109,46 @@
<value>30 secs</value>
</property>
</controllerService>
+ <controllerService>
+ <id>83443c00-b286-366a-b8e0-2f51527ab8e5</id>
+ <name>Common CA</name>
+ <comment />
+ <class>org.apache.nifi.ssl.StandardRestrictedSSLContextService</class>
+ <bundle>
+ <group>org.apache.nifi</group>
+ <artifact>nifi-ssl-context-service-nar</artifact>
+ <version>1.12.1</version>
+ </bundle>
+ <enabled>true</enabled>
+ <property>
+ <name>Keystore Filename</name>
+ </property>
+ <property>
+ <name>Keystore Password</name>
+ </property>
+ <property>
+ <name>key-password</name>
+ </property>
+ <property>
+ <name>Keystore Type</name>
+ </property>
+ <property>
+ <name>Truststore Filename</name>
+ <value>/opt/nifi/nifi-current/conf/cacerts.jks</value>
+ </property>
+ <property>
+ <name>Truststore Password</name>
+ <value>enc{9ca8dddd769be18fff9e22016c86d9f05a3a987f834c79a92609b7faa5e1e840}</value>
+ </property>
+ <property>
+ <name>Truststore Type</name>
+ <value>JKS</value>
+ </property>
+ <property>
+ <name>SSL Protocol</name>
+ <value>TLS</value>
+ </property>
+ </controllerService>
<controllerService>
<id>17b30955-5464-3709-8a32-69a459850cfa</id>
<name>Inferred JsonRecordSetWriter</name>
@@ -11333,79 +12223,8 @@
</property>
</controllerService>
<controllerService>
- <id>8b1dd8bb-0170-1000-0000-000007446e6a</id>
- <name>Misp DistributedMapCacheServer</name>
- <comment />
- <class>org.apache.nifi.distributed.cache.server.map.DistributedMapCacheServer</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-distributed-cache-services-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>Port</name>
- <value>4557</value>
- </property>
- <property>
- <name>Maximum Cache Entries</name>
- <value>10000</value>
- </property>
- <property>
- <name>Eviction Strategy</name>
- <value>Least Frequently Used</value>
- </property>
- <property>
- <name>Persistence Directory</name>
- <value>/opt/nifi/nifi-current/conf/</value>
- </property>
- <property>
- <name>SSL Context Service</name>
- </property>
- </controllerService>
- <controllerService>
- <id>83443c00-b286-366a-b8e0-2f51527ab8e5</id>
- <name>Common CA</name>
- <comment />
- <class>org.apache.nifi.ssl.StandardRestrictedSSLContextService</class>
- <bundle>
- <group>org.apache.nifi</group>
- <artifact>nifi-ssl-context-service-nar</artifact>
- <version>1.12.1</version>
- </bundle>
- <enabled>true</enabled>
- <property>
- <name>Keystore Filename</name>
- </property>
- <property>
- <name>Keystore Password</name>
- </property>
- <property>
- <name>key-password</name>
- </property>
- <property>
- <name>Keystore Type</name>
- </property>
- <property>
- <name>Truststore Filename</name>
- <value>/opt/nifi/nifi-current/conf/cacerts.jks</value>
- </property>
- <property>
- <name>Truststore Password</name>
- <value>enc{fb94647e0f686a70205e73bdc73eb6a28bdbcd74c3e169b4cd116dd6a7cc28f6}</value>
- </property>
- <property>
- <name>Truststore Type</name>
- <value>JKS</value>
- </property>
- <property>
- <name>SSL Protocol</name>
- <value>TLS</value>
- </property>
- </controllerService>
- <controllerService>
- <id>56ebe0aa-0176-1000-ffff-ffffbd212f01</id>
- <name>Haproxy GrokReader</name>
+ <id>70ea12d7-0176-1000-ffff-ffffee2ee306</id>
+ <name>Mysql log GrokReader</name>
<comment />
<class>org.apache.nifi.grok.GrokReader</class>
<bundle>
@@ -11437,11 +12256,10 @@
</property>
<property>
<name>Grok Pattern File</name>
- <value>/opt/nifi/nifi-current/conf/enrich/haproxy.groklib</value>
</property>
<property>
<name>Grok Expression</name>
- <value>%{PROG:process.name}(?:\[%{POSINT:process.pid}\])?: %{HAPROXYHTTPBASE}</value>
+ <value>%{GREEDYDATA:timestamp} %{DATA:process}: %{GREEDYDATA:message}</value>
</property>
<property>
<name>no-match-behavior</name>