Attempts to parses the contents of a Syslog message in accordance to RFC5424 and RFC3164. In the case of RFC5424 formatted messages, structured data is not supported, and will be returned as part of the message.

Note:RFC3164 is informational and a wide range of different implementations are present in the wild.


syslog, logs, logfiles, parse, text, record, reader


In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the Expression Language Guide.


Default Value

Allowable Values


Character Set

UTF-8 Specifies which character set of the Syslog messages

State management:

This component does not store state.


This component is not restricted.

System Resource Considerations:

None specified.


The SyslogReader Controller Service provides a means to parse the contents of a Syslog message in accordance to RFC5424 and RFC3164 formats. This reader produces records with a set schema to match the common set of fields between the specifications.The Required Property of this service is named Character Set and specifies the Character Set of the incoming text.


When a record is parsed from incoming data, it is parsed into the Generic Syslog Schema.

The Generic Syslog Schema

{ "type" : "record", "name" : "nifiRecord", "namespace" : "org.apache.nifi", "fields" : [ { "name" : "priority", "type" : [ "null", "string" ] }, { "name" : "severity", "type" : [ "null", "string" ] }, { "name" : "facility", "type" : [ "null", "string" ] }, { "name" : "version", "type" : [ "null", "string" ] }, { "name" : "timestamp", "type" : [ "null", "string" ] }, { "name" : "hostname", "type" : [ "null", "string" ] }, { "name" : "body", "type" : [ "null", "string" ] } ] }