| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></meta><title>ParseEvtx</title><link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css"></link></head><script type="text/javascript">window.onload = function(){if(self==top) { document.getElementById('nameHeader').style.display = "inherit"; } }</script><body><h1 id="nameHeader" style="display: none;">ParseEvtx</h1><h2>Description: </h2><p>Parses the contents of a Windows Event Log file (evtx) and writes the resulting XML to the FlowFile</p><p><a href="additionalDetails.html">Additional Details...</a></p><h3>Tags: </h3><p>logs, windows, event, evtx, message, file</p><h3>Properties: </h3><p>In the list below, the names of required properties appear in <strong>bold</strong>. Any other properties (not in bold) are considered optional. The table also indicates any default values.</p><table id="properties"><tr><th>Display Name</th><th>API Name</th><th>Default Value</th><th>Allowable Values</th><th>Description</th></tr><tr><td id="name"><strong>Granularity</strong></td><td>granularity</td><td id="default-value">Chunk</td><td id="allowable-values"><ul><li>Record</li><li>Chunk</li><li>File</li></ul></td><td id="description">Output flow file for each Record, Chunk, or File encountered in the event log</td></tr></table><h3>Relationships: </h3><table id="relationships"><tr><th>Name</th><th>Description</th></tr><tr><td>success</td><td>Any FlowFile that was successfully converted from evtx to XML</td></tr><tr><td>failure</td><td>Any FlowFile that encountered an exception during conversion will be transferred to this relationship with as much parsing as possible done</td></tr><tr><td>original</td><td>The unmodified input FlowFile will be transferred to this relationship</td></tr><tr><td>bad chunk</td><td>Any bad chunks of records will be transferred to this relationship in their original binary form</td></tr></table><h3>Reads Attributes: </h3><table id="reads-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>filename</td><td>The filename of the evtx file</td></tr></table><h3>Writes Attributes: </h3><table id="writes-attributes"><tr><th>Name</th><th>Description</th></tr><tr><td>filename</td><td>The output filename</td></tr><tr><td>mime.type</td><td>The output filetype (application/xml for success and failure relationships, original value for bad chunk and original relationships)</td></tr></table><h3>State management: </h3>This component does not store state.<h3>Restricted: </h3>This component is not restricted.<h3>Input requirement: </h3>This component requires an incoming relationship.<h3>System Resource Considerations:</h3>None specified.</body></html> |