[
https://issues.apache.org/jira/browse/NIFI-13330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard resolved NIFI-13330.
-----------------------------------
Resolution: Feedback Received
Apache NiFi 1.x is no longer maintained and no new release is planned on the
1.x release line. Marking as resolved as part of a cleanup operation. Please
open a new one with an updated description if this is still relevant for NiFi
2.x.
> WindowsEventLogReader fails with NPE if data tag is empty
> ---------------------------------------------------------
>
> Key: NIFI-13330
> URL: https://issues.apache.org/jira/browse/NIFI-13330
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.24.0
> Environment: Docker
> Reporter: Stephen Jeffrey Hindmarch
> Priority: Major
>
> If a windows event contains an empty data tag then the WindowsEventLogReader
> will fail with a Null Pointer Exception instead of treating it as a null
> field. If the tag contains the word null then this gets treated as string.
> For example, parsing this
> {noformat}
> <Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event";>
> <System>
> <Provider Name="Service Control Manager"
> Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service
> Control Manager"/>
> <EventID Qualifiers="16384">7036</EventID>
> <Version>0</Version>
> <Level>4</Level>
> <Task>0</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8080000000000000</Keywords>
> <TimeCreated SystemTime="2016-06-10T22:28:53.905233700Z"/>
> <EventRecordID>34153</EventRecordID>
> <Correlation/>
> <Execution ProcessID="684" ThreadID="3504"/>
> <Channel>System</Channel>
> <Computer>WIN-O05CNUCF16M.hdf.local</Computer>
> <Security/>
> </System>
> <EventData>
> <Data Name="param1">Smart Card Device Enumeration Service</Data>
> <Data Name="CertIssuer"/>
> <Data Name="CertSignature"/>
> <Data Name="CertExpiryDate"/>
> </EventData>
> </Event>{noformat}
> Results in the error
> {noformat}
> ConvertRecord[id=7b99392f-2b54-139e-8791-349e930904cd] Failed to process
> FlowFile[filename=cdd10be3-9364-4458-bb89-69988b3e7a60]; will route to
> failure: java.lang.NullPointerException{noformat}
> And this (partial) stack trace.
> {noformat}
> 2024-05-31 12:55:15 2024-05-31 11:55:15,722 ERROR [Timer-Driven Process
> Thread-5] o.a.n.processors.standard.ConvertRecord
> ConvertRecord[id=7b99392f-2b54-139e-8791-349e930904cd] Failed to process
> StandardFlowFileRecord[uuid=cdd10be3-9364-4458-bb89-69988b3e7a60,claim=StandardContentClaim
> [resourceClaim=StandardResourceClaim[id=1717153302525-1, container=default,
> section=1], offset=6510,
> length=880],offset=0,name=cdd10be3-9364-4458-bb89-69988b3e7a60,size=880];
> will route to failure
> 2024-05-31 12:55:15 java.lang.NullPointerException: null
> 2024-05-31 12:55:15 at java.base/java.util.Objects.requireNonNull(Unknown
> Source)
> 2024-05-31 12:55:15 at
> org.apache.nifi.serialization.record.RecordField.<init>(RecordField.java:70)
> 2024-05-31 12:55:15 at
> org.apache.nifi.serialization.record.RecordField.<init>(RecordField.java:40)
> 2024-05-31 12:55:15 at
> org.apache.nifi.windowsevent.WindowsEventLogRecordReader.getDataFieldsFrom(WindowsEventLogRecordReader.java:292){noformat}
> What is expected is that the empty data fields should be parsed as null, for
> example
> {noformat}
> [ {
> "System" : {
> "Provider" : {
> "Guid" : "{555908d1-a6d7-4695-8e1e-26931d2012f4}",
> "Name" : "Service Control Manager"
> },
> "EventID" : 7036,
> "Version" : 0,
> "Level" : 4,
> "Task" : 0,
> "Opcode" : 0,
> "Keywords" : "0x8080000000000000",
> "TimeCreated" : {
> "SystemTime" : "2016-06-10T22:28:53.905233700Z"
> },
> "EventRecordID" : 34153,
> "Correlation" : null,
> "Execution" : {
> "ThreadID" : 3504,
> "ProcessID" : 684
> },
> "Channel" : "System",
> "Computer" : "WIN-O05CNUCF16M.hdf.local",
> "Security" : null
> },
> "EventData" : {
> "param1" : "Smart Card Device Enumeration Service",
> "CertIssuer" : null,
> "CertSignature": null,
> "CertExpiryDate": null
> } ]{noformat}
> A workaround is to use ReplaceText to replace any empty tags and either
> delete them or insert a string value such as "null" or "-" which can be
> handled later on by JSON readers.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
