| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>QueryWhois</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">QueryWhois</h1><h2>Description: </h2><p>A powerful whois query processor primary designed to enrich DataFlows with whois based APIs (e.g. ShadowServer's ASN lookup) but that can be also used to perform regular whois lookups.</p><h3>Tags: </h3><p>whois, enrich, ip</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the <a href="../../../../../html/expression-language-guide.html">NiFi Expression Language</a>.</p><table id="properties"><tr><th>Display Name</th><th>API Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Lookup value</strong></td><td>QUERY_INPUT</td><td></td><td id="allowable-values"></td><td id="description">The value that should be used to populate the query<br/><strong>Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)</strong></td></tr><tr><td id="name">Whois Query Type</td><td>WHOIS_QUERY_TYPE</td><td></td><td id="allowable-values"></td><td id="description">The Whois query type to be used by the processor (if used)</td></tr><tr><td id="name"><strong>Whois Server</strong></td><td>WHOIS_SERVER</td><td></td><td id="allowable-values"></td><td id="description">The Whois server to be used</td></tr><tr><td id="name"><strong>Whois Server Port</strong></td><td>WHOIS_SERVER_PORT</td><td id="default-value">43</td><td id="allowable-values"></td><td id="description">The TCP port of the remote Whois server</td></tr><tr><td id="name"><strong>Whois Query Timeout</strong></td><td>WHOIS_TIMEOUT</td><td id="default-value">1500 ms</td><td id="allowable-values"></td><td id="description">The amount of time to wait until considering a query as failed</td></tr><tr><td id="name"><strong>Batch Size</strong></td><td>BATCH_SIZE</td><td id="default-value">25</td><td id="allowable-values"></td><td id="description">The number of incoming FlowFiles to process in a single execution of this processor. </td></tr><tr><td id="name"><strong>Bulk Protocol</strong></td><td>BULK_PROTOCOL</td><td id="default-value">None</td><td id="allowable-values"><ul><li>Begin/End <img src="../../../../../html/images/iconInfo.png" alt="The evaluated input of each flowfile is enclosed within begin and end tags. Each row contains a delimited set of fields" title="The evaluated input of each flowfile is enclosed within begin and end tags. Each row contains a delimited set of fields"></img></li><li>None <img src="../../../../../html/images/iconInfo.png" alt="Queries are made without any particular dialect" title="Queries are made without any particular dialect"></img></li></ul></td><td id="description">The protocol used to perform the bulk query. </td></tr><tr><td id="name"><strong>Results Parser</strong></td><td>QUERY_PARSER</td><td id="default-value">None</td><td id="allowable-values"><ul><li>Split <img src="../../../../../html/images/iconInfo.png" alt="Use a delimiter character or RegEx to split the results into attributes" title="Use a delimiter character or RegEx to split the results into attributes"></img></li><li>RegEx <img src="../../../../../html/images/iconInfo.png" alt="Use a regular expression to split the results into attributes " title="Use a regular expression to split the results into attributes "></img></li><li>None <img src="../../../../../html/images/iconInfo.png" alt="Do not split results" title="Do not split results"></img></li></ul></td><td id="description">The method used to slice the results into attribute groups</td></tr><tr><td id="name">Parser RegEx</td><td>QUERY_PARSER_INPUT</td><td></td><td id="allowable-values"></td><td id="description">Choice between a splitter and regex matcher used to parse the results of the query into attribute groups. |
| NOTE: This is a multiline regular expression, therefore, the DFM should decide how to handle trailing new line characters.</td></tr><tr><td id="name">Key lookup group (multiline / batch)</td><td>KEY_GROUP</td><td></td><td id="allowable-values"></td><td id="description">When performing a batched lookup, the following RegEx numbered capture group or Column number will be used to match the whois server response with the lookup field</td></tr></table><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>not found</td><td>Where to route flow files if data enrichment query rendered no results</td></tr><tr><td>found</td><td>Where to route flow files after successfully enriching attributes with data</td></tr></table><h3>Reads Attributes: </h3>None specified.<h3>Writes Attributes: </h3><table id="writes-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>enrich.dns.record*.group*</td><td>The captured fields of the Whois query response for each of the records received</td></tr></table><h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component requires an incoming relationship.<h3>System Resource Considerations:</h3>None specified.</body></html> |
