Parses the contents of a Windows Event Log file (evtx) and writes the resulting XML to the FlowFile
logs, windows, event, evtx, message, file
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values.
|Name||Default Value||Allowable Values||Description|
|Granularity||Chunk||*Record *Chunk *File||Output flow file for each Record, Chunk, or File encountered in the event log|
|success||Any FlowFile that was successfully converted from evtx to XML|
|failure||Any FlowFile that encountered an exception during conversion will be transferred to this relationship with as much parsing as possible done|
|bad chunk||Any bad chunks of records will be transferred to this relationship in their original binary form|
|original||The unmodified input FlowFile will be transferred to this relationship|
|filename||The filename of the evtx file|
|filename||The output filename|
|mime.type||The output file type (application/xml for success and failure relationships, original value for bad chunk and original relationships)|
This component does not store state.
This component is not restricted.
This processor is used to parse Windows event logs in the binary evtx format. The input flow files’ content should be evtx files. The processor has 4 outputs:
The original unmodified FlowFile
The XML resulting from parsing at the configured granularity
Failed parsing with partial output
Malformed chunk in binary form
Output XML Example: