Skip to content

Instantly share code, notes, and snippets.

@jvwing

jvwing/CloudTrail_Event_Processing_Starter_Kit.xml

Created January 17, 2017 21:22
Show Gist options
  • Save jvwing/77df27dbd8fd32f7da3c6e7da3449088 to your computer and use it in GitHub Desktop.
Save jvwing/77df27dbd8fd32f7da3c6e7da3449088 to your computer and use it in GitHub Desktop.
Download ZIP
Apache NiFi flow template for processing events from Amazon CloudTrail. See https://www.batchiq.com/process-cloudtrail-events-with-nifi.html for details.
Raw
CloudTrail_Event_Processing_Starter_Kit.xml
<?xml version="1.0" ?>
<template encoding-version="1.0">
<description>Template for processing events from Amazon CloudTrail.
See https://www.batchiq.com/process-cloudtrail-events-with-nifi.html</description>
<groupId>f46d6392-0158-1000-73ba-16e80594f898</groupId>
<name>CloudTrail_Event_Processing_Starter_Kit</name>
<snippet>
<processGroups>
<id>363e44cf-ed77-17f2-0000-000000000000</id>
<parentGroupId>f46d6392-0158-1000-0000-000000000000</parentGroupId>
<position>
<x>0.0</x>
<y>0.0</y>
</position>
<comments></comments>
<contents>
<connections>
<id>363e4520-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44ec-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d2-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4521-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e44fe-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44e5-ed77-17f2-0000-000000000000</groupId>
<id>363e44e7-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4522-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e44fe-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e450f-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4523-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d1-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e44ff-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<processGroups>
<id>363e44d0-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>942.0639589923894</x>
<y>289.308786972772</y>
</position>
<comments></comments>
<contents>
<connections>
<id>363e44e1-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d2-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d6-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44e2-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d5-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>matched</selectedRelationships>
<selectedRelationships>unmatched</selectedRelationships>
<source>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d3-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44e3-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d3-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d1-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44e4-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>931.3882878579238</x>
<y>118.73973374440789</y>
</bends>
<bends>
<x>963.9349975585938</x>
<y>171.3463897705078</y>
</bends>
<destination>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d3-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44d0-ed77-17f2-0000-000000000000</groupId>
<id>363e44d3-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<inputPorts>
<id>363e44d1-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>530.2340130259844</x>
<y>-91.78433722255176</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>Raw CloudTrail Event JSON</name>
<state>STOPPED</state>
<type>INPUT_PORT</type>
</inputPorts>
<outputPorts>
<id>363e44d2-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>533.8798260142656</x>
<y>648.9790242314582</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>Enriched CloudTrail Event JSON</name>
<state>STOPPED</state>
<type>OUTPUT_PORT</type>
</outputPorts>
<processGroups>
<id>363e44d4-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>462.267589291753</x>
<y>337.87463878238447</y>
</position>
<comments></comments>
<contents>
<connections>
<id>363e44da-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d6-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>not found</selectedRelationships>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d8-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44db-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d8-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>has_ip_address</selectedRelationships>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d7-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44dc-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d6-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d9-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44dd-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d9-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>found</selectedRelationships>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d8-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44de-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d7-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d5-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44df-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d6-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>unmatched</selectedRelationships>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d7-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44e0-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>1772.1090671928564</x>
<y>950.8526354228757</y>
</bends>
<bends>
<x>1800.6433715820312</x>
<y>998.8775939941406</y>
</bends>
<destination>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d9-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44d4-ed77-17f2-0000-000000000000</groupId>
<id>363e44d9-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<inputPorts>
<id>363e44d5-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>733.8448036575357</x>
<y>415.3040157878439</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>Raw CloudTrail Event JSON</name>
<state>STOPPED</state>
<type>INPUT_PORT</type>
</inputPorts>
<outputPorts>
<id>363e44d6-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>734.597550239567</x>
<y>954.8962451541464</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>Enriched CloudTrail Event JSON</name>
<state>STOPPED</state>
<type>OUTPUT_PORT</type>
</outputPorts>
<processors>
<id>363e44d7-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>679.5884441783281</x>
<y>600.3334553838021</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Routing Strategy</key>
<value>
<name>Routing Strategy</name>
</value>
</entry>
<entry>
<key>has_ip_address</key>
<value>
<name>has_ip_address</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Routing Strategy</key>
<value>Route to Property name</value>
</entry>
<entry>
<key>has_ip_address</key>
<value>${cloudtrail.sourceIPAddress:matches('\d+\.\d+\.\d+\.\d+')}</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Route IP Addresses for Geolocation</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>has_ip_address</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>unmatched</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.RouteOnAttribute</type>
</processors>
<processors>
<id>363e44d8-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>1315.2273601939532</x>
<y>601.442342102552</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Geo Database File</key>
<value>
<name>Geo Database File</name>
</value>
</entry>
<entry>
<key>IP Address Attribute</key>
<value>
<name>IP Address Attribute</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Geo Database File</key>
<value>/var/nifi/geoip/GeoLite2-City.mmdb</value>
</entry>
<entry>
<key>IP Address Attribute</key>
<value>cloudtrail.sourceIPAddress</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>GeoEnrichIP</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>found</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>not found</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.GeoEnrichIP</type>
</processors>
<processors>
<id>363e44d9-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d4-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>1317.1090671928564</x>
<y>910.8526354228757</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Script Engine</key>
<value>
<name>Script Engine</name>
</value>
</entry>
<entry>
<key>Script File</key>
<value>
<name>Script File</name>
</value>
</entry>
<entry>
<key>Script Body</key>
<value>
<name>Script Body</name>
</value>
</entry>
<entry>
<key>Module Directory</key>
<value>
<name>Module Directory</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Script Engine</key>
<value>ECMAScript</value>
</entry>
<entry>
<key>Script File</key>
</entry>
<entry>
<key>Script Body</key>
<value>var flowFile = session.get();
if (flowFile !== null) {
var StreamCallback = Java.type("org.apache.nifi.processor.io.StreamCallback");
var IOUtils = Java.type("org.apache.commons.io.IOUtils");
var StandardCharsets = Java.type("java.nio.charset.StandardCharsets");
flowFile = session.write(flowFile, new StreamCallback(function(inputStream, outputStream) {
var inputJSON = IOUtils.toString(inputStream, StandardCharsets.UTF_8);
var event = JSON.parse(inputJSON);
var geoIpAttribute = "cloudtrail.sourceIPAddress";
event.geo = {
"latitude": flowFile.getAttribute(geoIpAttribute + ".geo.latitude"),
"longitude": flowFile.getAttribute(geoIpAttribute + ".geo.longitude"),
"city": flowFile.getAttribute(geoIpAttribute + ".geo.city"),
"subdivision_isocode": flowFile.getAttribute(geoIpAttribute + ".geo.subdivision.isocode.0"),
"country": flowFile.getAttribute(geoIpAttribute + ".geo.country"),
"country_isocode": flowFile.getAttribute(geoIpAttribute + ".geo.country.isocode")
};
outputStream.write(JSON.stringify(event).getBytes(StandardCharsets.UTF_8));
}));
session.transfer(flowFile, REL_SUCCESS);
}</value>
</entry>
<entry>
<key>Module Directory</key>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Add Geo to Event JSON</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.script.ExecuteScript</type>
</processors>
</contents>
<name>Geo Enrichment</name>
</processGroups>
<processors>
<id>363e44d3-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44d0-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>476.38828785792384</x>
<y>78.73973374440789</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Destination</key>
<value>
<name>Destination</name>
</value>
</entry>
<entry>
<key>Return Type</key>
<value>
<name>Return Type</name>
</value>
</entry>
<entry>
<key>Path Not Found Behavior</key>
<value>
<name>Path Not Found Behavior</name>
</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>
<name>Null Value Representation</name>
</value>
</entry>
<entry>
<key>cloudtrail.eventName</key>
<value>
<name>cloudtrail.eventName</name>
</value>
</entry>
<entry>
<key>cloudtrail.eventSource</key>
<value>
<name>cloudtrail.eventSource</name>
</value>
</entry>
<entry>
<key>cloudtrail.eventTime</key>
<value>
<name>cloudtrail.eventTime</name>
</value>
</entry>
<entry>
<key>cloudtrail.eventType</key>
<value>
<name>cloudtrail.eventType</name>
</value>
</entry>
<entry>
<key>cloudtrail.sourceIPAddress</key>
<value>
<name>cloudtrail.sourceIPAddress</name>
</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.accessKeyId</key>
<value>
<name>cloudtrail.userIdentity.accessKeyId</name>
</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.accountId</key>
<value>
<name>cloudtrail.userIdentity.accountId</name>
</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.arn</key>
<value>
<name>cloudtrail.userIdentity.arn</name>
</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.principalId</key>
<value>
<name>cloudtrail.userIdentity.principalId</name>
</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.type</key>
<value>
<name>cloudtrail.userIdentity.type</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Destination</key>
<value>flowfile-attribute</value>
</entry>
<entry>
<key>Return Type</key>
<value>auto-detect</value>
</entry>
<entry>
<key>Path Not Found Behavior</key>
<value>ignore</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>empty string</value>
</entry>
<entry>
<key>cloudtrail.eventName</key>
<value>$.eventName</value>
</entry>
<entry>
<key>cloudtrail.eventSource</key>
<value>$.eventSource</value>
</entry>
<entry>
<key>cloudtrail.eventTime</key>
<value>$.eventTime</value>
</entry>
<entry>
<key>cloudtrail.eventType</key>
<value>$.eventType</value>
</entry>
<entry>
<key>cloudtrail.sourceIPAddress</key>
<value>$.sourceIPAddress</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.accessKeyId</key>
<value>$.userIdentity.accessKeyId</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.accountId</key>
<value>$.userIdentity.accountId</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.arn</key>
<value>$.userIdentity.arn</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.principalId</key>
<value>$.userIdentity.principalId</value>
</entry>
<entry>
<key>cloudtrail.userIdentity.type</key>
<value>$.userIdentity.type</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Extract CloudTrail Attributes</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>matched</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>unmatched</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.EvaluateJsonPath</type>
</processors>
</contents>
<name>Enrich Event Info</name>
</processGroups>
<processGroups>
<id>363e44e5-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>-322.59790343263955</x>
<y>71.90979890839179</y>
</position>
<comments></comments>
<contents>
<connections>
<id>363e44e9-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44e5-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44e5-ed77-17f2-0000-000000000000</groupId>
<id>363e44e7-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44e5-ed77-17f2-0000-000000000000</groupId>
<id>363e44e8-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<controllerServices>
<id>363e44e6-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44e5-ed77-17f2-0000-000000000000</parentGroupId>
<comments></comments>
<descriptors>
<entry>
<key>default-credentials</key>
<value>
<name>default-credentials</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>profile-name</key>
<value>
<name>profile-name</name>
</value>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>
<name>anonymous-credentials</name>
</value>
</entry>
<entry>
<key>Assume Role ARN</key>
<value>
<name>Assume Role ARN</name>
</value>
</entry>
<entry>
<key>Assume Role Session Name</key>
<value>
<name>Assume Role Session Name</name>
</value>
</entry>
<entry>
<key>Session Time</key>
<value>
<name>Session Time</name>
</value>
</entry>
<entry>
<key>assume-role-external-id</key>
<value>
<name>assume-role-external-id</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-host</key>
<value>
<name>assume-role-proxy-host</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-port</key>
<value>
<name>assume-role-proxy-port</name>
</value>
</entry>
</descriptors>
<name>AWS Creds - Sample</name>
<properties>
<entry>
<key>default-credentials</key>
<value>true</value>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>profile-name</key>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>false</value>
</entry>
<entry>
<key>Assume Role ARN</key>
</entry>
<entry>
<key>Assume Role Session Name</key>
</entry>
<entry>
<key>Session Time</key>
<value>3600</value>
</entry>
<entry>
<key>assume-role-external-id</key>
</entry>
<entry>
<key>assume-role-proxy-host</key>
</entry>
<entry>
<key>assume-role-proxy-port</key>
</entry>
</properties>
<state>DISABLED</state>
<type>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService</type>
</controllerServices>
<outputPorts>
<id>363e44e7-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44e5-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>335.2908835248754</x>
<y>270.5544629317385</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>S3 Log File References</name>
<state>STOPPED</state>
<type>OUTPUT_PORT</type>
</outputPorts>
<processors>
<id>363e44e8-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44e5-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>278.9999989472486</x>
<y>-12.000009340805377</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Bucket</key>
<value>
<name>Bucket</name>
</value>
</entry>
<entry>
<key>Region</key>
<value>
<name>Region</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>
<identifiesControllerService>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService</identifiesControllerService>
<name>AWS Credentials Provider service</name>
</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>
<name>Communications Timeout</name>
</value>
</entry>
<entry>
<key>SSL Context Service</key>
<value>
<identifiesControllerService>org.apache.nifi.ssl.SSLContextService</identifiesControllerService>
<name>SSL Context Service</name>
</value>
</entry>
<entry>
<key>Endpoint Override URL</key>
<value>
<name>Endpoint Override URL</name>
</value>
</entry>
<entry>
<key>Signer Override</key>
<value>
<name>Signer Override</name>
</value>
</entry>
<entry>
<key>Proxy Host</key>
<value>
<name>Proxy Host</name>
</value>
</entry>
<entry>
<key>Proxy Host Port</key>
<value>
<name>Proxy Host Port</name>
</value>
</entry>
<entry>
<key>delimiter</key>
<value>
<name>delimiter</name>
</value>
</entry>
<entry>
<key>prefix</key>
<value>
<name>prefix</name>
</value>
</entry>
<entry>
<key>use-versions</key>
<value>
<name>use-versions</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Bucket</key>
<value>my-cloudtrail-log-bucket</value>
</entry>
<entry>
<key>Region</key>
<value>us-east-1</value>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>363e44e6-ed77-17f2-0000-000000000000</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>30 secs</value>
</entry>
<entry>
<key>SSL Context Service</key>
</entry>
<entry>
<key>Endpoint Override URL</key>
</entry>
<entry>
<key>Signer Override</key>
<value>Default Signature</value>
</entry>
<entry>
<key>Proxy Host</key>
</entry>
<entry>
<key>Proxy Host Port</key>
</entry>
<entry>
<key>delimiter</key>
</entry>
<entry>
<key>prefix</key>
<value>CloudTrail-General/AWSLogs/167566334345/CloudTrail/us-east-1/2015/09/</value>
</entry>
<entry>
<key>use-versions</key>
<value>false</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>10 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>ListS3 Event Files</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.aws.s3.ListS3</type>
</processors>
</contents>
<name>Enumerate S3 Event Log Files</name>
</processGroups>
<processGroups>
<id>363e44ea-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>944.9050709542614</x>
<y>610.7087073332818</y>
</position>
<comments></comments>
<contents>
<connections>
<id>363e44f3-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f2-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44ef-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44f4-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f1-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>merged</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f0-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44f5-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44ef-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f1-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44f6-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>905.0000048559281</x>
<y>518.0000077111247</y>
</bends>
<bends>
<x>942.2825927734375</x>
<y>572.1982421875</y>
</bends>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f1-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f1-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44f7-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44ee-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f2-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44f8-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f0-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44ed-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44f9-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>905.6804858129593</x>
<y>1029.0000077111247</y>
</bends>
<bends>
<x>935.68505859375</x>
<y>1077.56982421875</y>
</bends>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f2-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f2-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44fa-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>903.0000048559281</x>
<y>258.0000077111247</y>
</bends>
<bends>
<x>934.0</x>
<y>307.0</y>
</bends>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f0-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44f0-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e44fb-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44ed-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44ea-ed77-17f2-0000-000000000000</groupId>
<id>363e44ec-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<controllerServices>
<id>363e44eb-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<comments></comments>
<descriptors>
<entry>
<key>default-credentials</key>
<value>
<name>default-credentials</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>profile-name</key>
<value>
<name>profile-name</name>
</value>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>
<name>anonymous-credentials</name>
</value>
</entry>
<entry>
<key>Assume Role ARN</key>
<value>
<name>Assume Role ARN</name>
</value>
</entry>
<entry>
<key>Assume Role Session Name</key>
<value>
<name>Assume Role Session Name</name>
</value>
</entry>
<entry>
<key>Session Time</key>
<value>
<name>Session Time</name>
</value>
</entry>
<entry>
<key>assume-role-external-id</key>
<value>
<name>assume-role-external-id</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-host</key>
<value>
<name>assume-role-proxy-host</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-port</key>
<value>
<name>assume-role-proxy-port</name>
</value>
</entry>
</descriptors>
<name>AWS Creds - Sample</name>
<properties>
<entry>
<key>default-credentials</key>
<value>true</value>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>profile-name</key>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>false</value>
</entry>
<entry>
<key>Assume Role ARN</key>
</entry>
<entry>
<key>Assume Role Session Name</key>
</entry>
<entry>
<key>Session Time</key>
<value>3600</value>
</entry>
<entry>
<key>assume-role-external-id</key>
</entry>
<entry>
<key>assume-role-proxy-host</key>
</entry>
<entry>
<key>assume-role-proxy-port</key>
</entry>
</properties>
<state>DISABLED</state>
<type>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService</type>
</controllerServices>
<inputPorts>
<id>363e44ec-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>501.44543942624057</x>
<y>-221.60643378667805</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>Event JSON</name>
<state>STOPPED</state>
<type>INPUT_PORT</type>
</inputPorts>
<processors>
<id>363e44ed-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>446.84452754546965</x>
<y>-50.956764511879754</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Delete Attributes Expression</key>
<value>
<name>Delete Attributes Expression</name>
</value>
</entry>
<entry>
<key>datetimegroup</key>
<value>
<name>datetimegroup</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Delete Attributes Expression</key>
</entry>
<entry>
<key>datetimegroup</key>
<value>${cloudtrail.eventTime:toDate("yyyy-MM-dd'T'HH:mm:ss'Z'"):format("yyyy-MM-dd")}</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Extract Bundle DateTime</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.attributes.UpdateAttribute</type>
</processors>
<processors>
<id>363e44ee-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>449.9534855947479</x>
<y>1251.7389759399207</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Log Level</key>
<value>
<name>Log Level</name>
</value>
</entry>
<entry>
<key>Log Payload</key>
<value>
<name>Log Payload</name>
</value>
</entry>
<entry>
<key>Attributes to Log</key>
<value>
<name>Attributes to Log</name>
</value>
</entry>
<entry>
<key>Attributes to Ignore</key>
<value>
<name>Attributes to Ignore</name>
</value>
</entry>
<entry>
<key>Log prefix</key>
<value>
<name>Log prefix</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Log Level</key>
<value>info</value>
</entry>
<entry>
<key>Log Payload</key>
<value>false</value>
</entry>
<entry>
<key>Attributes to Log</key>
<value>path,filename,datetimegroup,merge.count</value>
</entry>
<entry>
<key>Attributes to Ignore</key>
</entry>
<entry>
<key>Log prefix</key>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Log CloudTrail Event Bundle</name>
<relationships>
<autoTerminate>true</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.LogAttribute</type>
</processors>
<processors>
<id>363e44ef-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>450.00000485592807</x>
<y>729.6804886681559</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Delete Attributes Expression</key>
<value>
<name>Delete Attributes Expression</name>
</value>
</entry>
<entry>
<key>alt_filename</key>
<value>
<name>alt_filename</name>
</value>
</entry>
<entry>
<key>filename</key>
<value>
<name>filename</name>
</value>
</entry>
<entry>
<key>path</key>
<value>
<name>path</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Delete Attributes Expression</key>
</entry>
<entry>
<key>alt_filename</key>
<value>cloudtrail-${merge.count}-events-${now():format("yyyy-MM-dd'T'HH-mm-ss")}.json.gz</value>
</entry>
<entry>
<key>filename</key>
<value>cloudtrail-${merge.count}-events-${datetimegroup}.json.gz</value>
</entry>
<entry>
<key>path</key>
<value>athena-security/events/${datetimegroup:replace("-", "/")}</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Update Path and Filename</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.attributes.UpdateAttribute</type>
</processors>
<processors>
<id>363e44f0-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>448.00000485592807</x>
<y>218.00000771112468</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Merge Strategy</key>
<value>
<name>Merge Strategy</name>
</value>
</entry>
<entry>
<key>Merge Format</key>
<value>
<name>Merge Format</name>
</value>
</entry>
<entry>
<key>Attribute Strategy</key>
<value>
<name>Attribute Strategy</name>
</value>
</entry>
<entry>
<key>Correlation Attribute Name</key>
<value>
<name>Correlation Attribute Name</name>
</value>
</entry>
<entry>
<key>Minimum Number of Entries</key>
<value>
<name>Minimum Number of Entries</name>
</value>
</entry>
<entry>
<key>Maximum Number of Entries</key>
<value>
<name>Maximum Number of Entries</name>
</value>
</entry>
<entry>
<key>Minimum Group Size</key>
<value>
<name>Minimum Group Size</name>
</value>
</entry>
<entry>
<key>Maximum Group Size</key>
<value>
<name>Maximum Group Size</name>
</value>
</entry>
<entry>
<key>Max Bin Age</key>
<value>
<name>Max Bin Age</name>
</value>
</entry>
<entry>
<key>Maximum number of Bins</key>
<value>
<name>Maximum number of Bins</name>
</value>
</entry>
<entry>
<key>Delimiter Strategy</key>
<value>
<name>Delimiter Strategy</name>
</value>
</entry>
<entry>
<key>Header File</key>
<value>
<name>Header File</name>
</value>
</entry>
<entry>
<key>Footer File</key>
<value>
<name>Footer File</name>
</value>
</entry>
<entry>
<key>Demarcator File</key>
<value>
<name>Demarcator File</name>
</value>
</entry>
<entry>
<key>Compression Level</key>
<value>
<name>Compression Level</name>
</value>
</entry>
<entry>
<key>Keep Path</key>
<value>
<name>Keep Path</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Merge Strategy</key>
<value>Bin-Packing Algorithm</value>
</entry>
<entry>
<key>Merge Format</key>
<value>Binary Concatenation</value>
</entry>
<entry>
<key>Attribute Strategy</key>
<value>Keep Only Common Attributes</value>
</entry>
<entry>
<key>Correlation Attribute Name</key>
<value>datetimegroup</value>
</entry>
<entry>
<key>Minimum Number of Entries</key>
<value>10000</value>
</entry>
<entry>
<key>Maximum Number of Entries</key>
<value>10000</value>
</entry>
<entry>
<key>Minimum Group Size</key>
<value>0 B</value>
</entry>
<entry>
<key>Maximum Group Size</key>
</entry>
<entry>
<key>Max Bin Age</key>
<value>5 min</value>
</entry>
<entry>
<key>Maximum number of Bins</key>
<value>100</value>
</entry>
<entry>
<key>Delimiter Strategy</key>
<value>Text</value>
</entry>
<entry>
<key>Header File</key>
</entry>
<entry>
<key>Footer File</key>
</entry>
<entry>
<key>Demarcator File</key>
<value>
</value>
</entry>
<entry>
<key>Compression Level</key>
<value>1</value>
</entry>
<entry>
<key>Keep Path</key>
<value>false</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Bundle Events</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>merged</name>
</relationships>
<relationships>
<autoTerminate>true</autoTerminate>
<name>original</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.MergeContent</type>
</processors>
<processors>
<id>363e44f1-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>450.00000485592807</x>
<y>478.0000077111247</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Mode</key>
<value>
<name>Mode</name>
</value>
</entry>
<entry>
<key>Compression Format</key>
<value>
<name>Compression Format</name>
</value>
</entry>
<entry>
<key>Compression Level</key>
<value>
<name>Compression Level</name>
</value>
</entry>
<entry>
<key>Update Filename</key>
<value>
<name>Update Filename</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Mode</key>
<value>compress</value>
</entry>
<entry>
<key>Compression Format</key>
<value>gzip</value>
</entry>
<entry>
<key>Compression Level</key>
<value>1</value>
</entry>
<entry>
<key>Update Filename</key>
<value>false</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Gzip Bundles</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.CompressContent</type>
</processors>
<processors>
<id>363e44f2-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44ea-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>450.6804858129593</x>
<y>989.0000077111247</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Object Key</key>
<value>
<name>Object Key</name>
</value>
</entry>
<entry>
<key>Bucket</key>
<value>
<name>Bucket</name>
</value>
</entry>
<entry>
<key>Content Type</key>
<value>
<name>Content Type</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>
<identifiesControllerService>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService</identifiesControllerService>
<name>AWS Credentials Provider service</name>
</value>
</entry>
<entry>
<key>Storage Class</key>
<value>
<name>Storage Class</name>
</value>
</entry>
<entry>
<key>Region</key>
<value>
<name>Region</name>
</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>
<name>Communications Timeout</name>
</value>
</entry>
<entry>
<key>Expiration Time Rule</key>
<value>
<name>Expiration Time Rule</name>
</value>
</entry>
<entry>
<key>FullControl User List</key>
<value>
<name>FullControl User List</name>
</value>
</entry>
<entry>
<key>Read Permission User List</key>
<value>
<name>Read Permission User List</name>
</value>
</entry>
<entry>
<key>Write Permission User List</key>
<value>
<name>Write Permission User List</name>
</value>
</entry>
<entry>
<key>Read ACL User List</key>
<value>
<name>Read ACL User List</name>
</value>
</entry>
<entry>
<key>Write ACL User List</key>
<value>
<name>Write ACL User List</name>
</value>
</entry>
<entry>
<key>Owner</key>
<value>
<name>Owner</name>
</value>
</entry>
<entry>
<key>canned-acl</key>
<value>
<name>canned-acl</name>
</value>
</entry>
<entry>
<key>SSL Context Service</key>
<value>
<identifiesControllerService>org.apache.nifi.ssl.SSLContextService</identifiesControllerService>
<name>SSL Context Service</name>
</value>
</entry>
<entry>
<key>Endpoint Override URL</key>
<value>
<name>Endpoint Override URL</name>
</value>
</entry>
<entry>
<key>Signer Override</key>
<value>
<name>Signer Override</name>
</value>
</entry>
<entry>
<key>Multipart Threshold</key>
<value>
<name>Multipart Threshold</name>
</value>
</entry>
<entry>
<key>Multipart Part Size</key>
<value>
<name>Multipart Part Size</name>
</value>
</entry>
<entry>
<key>Multipart Upload AgeOff Interval</key>
<value>
<name>Multipart Upload AgeOff Interval</name>
</value>
</entry>
<entry>
<key>Multipart Upload Max Age Threshold</key>
<value>
<name>Multipart Upload Max Age Threshold</name>
</value>
</entry>
<entry>
<key>server-side-encryption</key>
<value>
<name>server-side-encryption</name>
</value>
</entry>
<entry>
<key>Proxy Host</key>
<value>
<name>Proxy Host</name>
</value>
</entry>
<entry>
<key>Proxy Host Port</key>
<value>
<name>Proxy Host Port</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Object Key</key>
<value>${path}/${filename}</value>
</entry>
<entry>
<key>Bucket</key>
<value>my-cloudtrail-log-bucket</value>
</entry>
<entry>
<key>Content Type</key>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>363e44eb-ed77-17f2-0000-000000000000</value>
</entry>
<entry>
<key>Storage Class</key>
<value>Standard</value>
</entry>
<entry>
<key>Region</key>
<value>us-west-2</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>30 secs</value>
</entry>
<entry>
<key>Expiration Time Rule</key>
</entry>
<entry>
<key>FullControl User List</key>
<value>${s3.permissions.full.users}</value>
</entry>
<entry>
<key>Read Permission User List</key>
<value>${s3.permissions.read.users}</value>
</entry>
<entry>
<key>Write Permission User List</key>
<value>${s3.permissions.write.users}</value>
</entry>
<entry>
<key>Read ACL User List</key>
<value>${s3.permissions.readacl.users}</value>
</entry>
<entry>
<key>Write ACL User List</key>
<value>${s3.permissions.writeacl.users}</value>
</entry>
<entry>
<key>Owner</key>
<value>${s3.owner}</value>
</entry>
<entry>
<key>canned-acl</key>
<value>${s3.permissions.cannedacl}</value>
</entry>
<entry>
<key>SSL Context Service</key>
</entry>
<entry>
<key>Endpoint Override URL</key>
</entry>
<entry>
<key>Signer Override</key>
<value>Default Signature</value>
</entry>
<entry>
<key>Multipart Threshold</key>
<value>5 GB</value>
</entry>
<entry>
<key>Multipart Part Size</key>
<value>5 GB</value>
</entry>
<entry>
<key>Multipart Upload AgeOff Interval</key>
<value>60 min</value>
</entry>
<entry>
<key>Multipart Upload Max Age Threshold</key>
<value>7 days</value>
</entry>
<entry>
<key>server-side-encryption</key>
<value>None</value>
</entry>
<entry>
<key>Proxy Host</key>
</entry>
<entry>
<key>Proxy Host Port</key>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Save Bundles to S3</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.aws.s3.PutS3Object</type>
</processors>
</contents>
<name>Write Events to S3 for Athena</name>
</processGroups>
<processGroups>
<id>363e44fc-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>312.302580734358</x>
<y>290.0382902197415</y>
</position>
<comments></comments>
<contents>
<connections>
<id>363e4504-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e44ff-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>split</selectedRelationships>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4501-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4505-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>735.2564076386549</x>
<y>974.6539861731108</y>
</bends>
<bends>
<x>763.2564086914062</x>
<y>1025.6539916992188</y>
</bends>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4501-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4501-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4506-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4501-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4503-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4507-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4500-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4502-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4508-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4502-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e44fe-ed77-17f2-0000-000000000000</id>
<type>INPUT_PORT</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4509-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>733.2563771210768</x>
<y>505.50005550904814</y>
</bends>
<bends>
<x>762.2563781738281</x>
<y>554.5000610351562</y>
</bends>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4500-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4500-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e450a-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>734.9999989472486</x>
<y>266.30770321412626</y>
</bends>
<bends>
<x>767.0</x>
<y>321.3077087402344</y>
</bends>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4502-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4502-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e450b-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4503-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e44fc-ed77-17f2-0000-000000000000</groupId>
<id>363e4500-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<controllerServices>
<id>363e44fd-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<comments></comments>
<descriptors>
<entry>
<key>default-credentials</key>
<value>
<name>default-credentials</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>profile-name</key>
<value>
<name>profile-name</name>
</value>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>
<name>anonymous-credentials</name>
</value>
</entry>
<entry>
<key>Assume Role ARN</key>
<value>
<name>Assume Role ARN</name>
</value>
</entry>
<entry>
<key>Assume Role Session Name</key>
<value>
<name>Assume Role Session Name</name>
</value>
</entry>
<entry>
<key>Session Time</key>
<value>
<name>Session Time</name>
</value>
</entry>
<entry>
<key>assume-role-external-id</key>
<value>
<name>assume-role-external-id</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-host</key>
<value>
<name>assume-role-proxy-host</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-port</key>
<value>
<name>assume-role-proxy-port</name>
</value>
</entry>
</descriptors>
<name>AWS Creds - Sample</name>
<properties>
<entry>
<key>default-credentials</key>
<value>true</value>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>profile-name</key>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>false</value>
</entry>
<entry>
<key>Assume Role ARN</key>
</entry>
<entry>
<key>Assume Role Session Name</key>
</entry>
<entry>
<key>Session Time</key>
<value>3600</value>
</entry>
<entry>
<key>assume-role-external-id</key>
</entry>
<entry>
<key>assume-role-proxy-host</key>
</entry>
<entry>
<key>assume-role-proxy-port</key>
</entry>
</properties>
<state>DISABLED</state>
<type>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService</type>
</controllerServices>
<inputPorts>
<id>363e44fe-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>334.8657394650087</x>
<y>84.29000520586493</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>S3 Log File References</name>
<state>STOPPED</state>
<type>INPUT_PORT</type>
</inputPorts>
<outputPorts>
<id>363e44ff-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>336.3823752240942</x>
<y>1180.6017346602541</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>CloudTrail Events - JSON</name>
<state>STOPPED</state>
<type>OUTPUT_PORT</type>
</outputPorts>
<processors>
<id>363e4500-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>278.25637712107675</x>
<y>465.50005550904814</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Mode</key>
<value>
<name>Mode</name>
</value>
</entry>
<entry>
<key>Compression Format</key>
<value>
<name>Compression Format</name>
</value>
</entry>
<entry>
<key>Compression Level</key>
<value>
<name>Compression Level</name>
</value>
</entry>
<entry>
<key>Update Filename</key>
<value>
<name>Update Filename</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Mode</key>
<value>decompress</value>
</entry>
<entry>
<key>Compression Format</key>
<value>gzip</value>
</entry>
<entry>
<key>Compression Level</key>
<value>1</value>
</entry>
<entry>
<key>Update Filename</key>
<value>false</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Un-Gzip</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.CompressContent</type>
</processors>
<processors>
<id>363e4501-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>280.2564076386549</x>
<y>934.6539861731108</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>JsonPath Expression</key>
<value>
<name>JsonPath Expression</name>
</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>
<name>Null Value Representation</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>JsonPath Expression</key>
<value>$.Records</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>empty string</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Split Event Records</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>true</autoTerminate>
<name>original</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>split</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.SplitJson</type>
</processors>
<processors>
<id>363e4502-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>279.9999989472486</x>
<y>226.30770321412626</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Bucket</key>
<value>
<name>Bucket</name>
</value>
</entry>
<entry>
<key>Object Key</key>
<value>
<name>Object Key</name>
</value>
</entry>
<entry>
<key>Region</key>
<value>
<name>Region</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>
<identifiesControllerService>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService</identifiesControllerService>
<name>AWS Credentials Provider service</name>
</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>
<name>Communications Timeout</name>
</value>
</entry>
<entry>
<key>Version</key>
<value>
<name>Version</name>
</value>
</entry>
<entry>
<key>SSL Context Service</key>
<value>
<identifiesControllerService>org.apache.nifi.ssl.SSLContextService</identifiesControllerService>
<name>SSL Context Service</name>
</value>
</entry>
<entry>
<key>Endpoint Override URL</key>
<value>
<name>Endpoint Override URL</name>
</value>
</entry>
<entry>
<key>Signer Override</key>
<value>
<name>Signer Override</name>
</value>
</entry>
<entry>
<key>Proxy Host</key>
<value>
<name>Proxy Host</name>
</value>
</entry>
<entry>
<key>Proxy Host Port</key>
<value>
<name>Proxy Host Port</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Bucket</key>
<value>${s3.bucket}</value>
</entry>
<entry>
<key>Object Key</key>
<value>${filename}</value>
</entry>
<entry>
<key>Region</key>
<value>us-east-1</value>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>363e44fd-ed77-17f2-0000-000000000000</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>30 secs</value>
</entry>
<entry>
<key>Version</key>
</entry>
<entry>
<key>SSL Context Service</key>
</entry>
<entry>
<key>Endpoint Override URL</key>
</entry>
<entry>
<key>Signer Override</key>
<value>Default Signature</value>
</entry>
<entry>
<key>Proxy Host</key>
</entry>
<entry>
<key>Proxy Host Port</key>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Load CloudTrail Record Bundles</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.aws.s3.FetchS3Object</type>
</processors>
<processors>
<id>363e4503-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44fc-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>278.5128163300611</x>
<y>693.9744207434231</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Delete Attributes Expression</key>
<value>
<name>Delete Attributes Expression</name>
</value>
</entry>
<entry>
<key>mime.type</key>
<value>
<name>mime.type</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Delete Attributes Expression</key>
</entry>
<entry>
<key>mime.type</key>
<value>application/json</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Set Mime Type</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.attributes.UpdateAttribute</type>
</processors>
</contents>
<name>Read Events from S3 Log Files</name>
</processGroups>
<processGroups>
<id>363e450c-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e44cf-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>-321.2069536801404</x>
<y>486.0034664729759</y>
</position>
<comments></comments>
<contents>
<connections>
<id>363e4515-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e450f-ed77-17f2-0000-000000000000</id>
<type>OUTPUT_PORT</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>matched</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4513-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4516-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4511-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>matched</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4514-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4517-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>985.6536865234375</x>
<y>255.91697692871094</y>
</bends>
<bends>
<x>1005.4462890625</x>
<y>300.78025817871094</y>
</bends>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4514-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>unmatched</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4514-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4518-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>963.8997947315254</x>
<y>475.4498861281352</y>
</bends>
<bends>
<x>983.7833251953125</x>
<y>530.1110229492188</y>
</bends>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4511-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4511-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e4519-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4514-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>matched</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4512-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e451a-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>968.6327072294935</x>
<y>718.4134784437022</y>
</bends>
<bends>
<x>993.2493896484375</x>
<y>773.0746459960938</y>
</bends>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4513-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>unmatched</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4513-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e451b-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>970.3359375</x>
<y>-16.302917957305908</y>
</bends>
<bends>
<x>1013.8796997070312</x>
<y>-62.48569345474243</y>
</bends>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4512-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4512-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e451c-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>967.6969604492188</x>
<y>3.489701747894287</y>
</bends>
<bends>
<x>1011.24072265625</x>
<y>41.75542974472046</y>
</bends>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4512-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>unmatched</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4512-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e451d-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4512-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>success</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4510-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e451e-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4513-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>split</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4511-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<connections>
<id>363e451f-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<backPressureDataSizeThreshold>1 GB</backPressureDataSizeThreshold>
<backPressureObjectThreshold>10000</backPressureObjectThreshold>
<bends>
<x>989.6121826171875</x>
<y>229.5268096923828</y>
</bends>
<bends>
<x>1008.0853271484375</x>
<y>188.6220703125</y>
</bends>
<destination>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4514-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</destination>
<flowFileExpiration>0 sec</flowFileExpiration>
<labelIndex>1</labelIndex>
<name></name>
<selectedRelationships>failure</selectedRelationships>
<source>
<groupId>363e450c-ed77-17f2-0000-000000000000</groupId>
<id>363e4514-ed77-17f2-0000-000000000000</id>
<type>PROCESSOR</type>
</source>
<zIndex>0</zIndex>
</connections>
<controllerServices>
<id>363e450d-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<comments></comments>
<descriptors>
<entry>
<key>default-credentials</key>
<value>
<name>default-credentials</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>profile-name</key>
<value>
<name>profile-name</name>
</value>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>
<name>anonymous-credentials</name>
</value>
</entry>
<entry>
<key>Assume Role ARN</key>
<value>
<name>Assume Role ARN</name>
</value>
</entry>
<entry>
<key>Assume Role Session Name</key>
<value>
<name>Assume Role Session Name</name>
</value>
</entry>
<entry>
<key>Session Time</key>
<value>
<name>Session Time</name>
</value>
</entry>
<entry>
<key>assume-role-external-id</key>
<value>
<name>assume-role-external-id</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-host</key>
<value>
<name>assume-role-proxy-host</name>
</value>
</entry>
<entry>
<key>assume-role-proxy-port</key>
<value>
<name>assume-role-proxy-port</name>
</value>
</entry>
</descriptors>
<name>AWS Creds - Sample</name>
<properties>
<entry>
<key>default-credentials</key>
<value>true</value>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>profile-name</key>
</entry>
<entry>
<key>anonymous-credentials</key>
<value>false</value>
</entry>
<entry>
<key>Assume Role ARN</key>
</entry>
<entry>
<key>Assume Role Session Name</key>
</entry>
<entry>
<key>Session Time</key>
<value>3600</value>
</entry>
<entry>
<key>assume-role-external-id</key>
</entry>
<entry>
<key>assume-role-proxy-host</key>
</entry>
<entry>
<key>assume-role-proxy-port</key>
</entry>
</properties>
<state>DISABLED</state>
<type>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderControllerService</type>
</controllerServices>
<labels>
<id>363e450e-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>469.11364010804334</x>
<y>-395.6712958363953</y>
</position>
<height>75.31494140625</height>
<label>This flow requires the following configuration:
1.) Your CloudTrail Trail must be configured to post SNS notifications to a topic.
2.) You must create an SQS queue and subscribe to the topic to receive and store the CloudTrail notifications.</label>
<style>
<entry>
<key>font-size</key>
<value>12px</value>
</entry>
</style>
<width>628.5372924804688</width>
</labels>
<outputPorts>
<id>363e450f-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>569.3269903359238</x>
<y>921.2057799039735</y>
</position>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<name>S3 Log File References</name>
<state>STOPPED</state>
<type>OUTPUT_PORT</type>
</outputPorts>
<processors>
<id>363e4510-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>514.3025797283913</x>
<y>-292.96907075239994</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Queue URL</key>
<value>
<name>Queue URL</name>
</value>
</entry>
<entry>
<key>Auto Delete Messages</key>
<value>
<name>Auto Delete Messages</name>
</value>
</entry>
<entry>
<key>Access Key</key>
<value>
<name>Access Key</name>
</value>
</entry>
<entry>
<key>Secret Key</key>
<value>
<name>Secret Key</name>
</value>
</entry>
<entry>
<key>Credentials File</key>
<value>
<name>Credentials File</name>
</value>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>
<identifiesControllerService>org.apache.nifi.processors.aws.credentials.provider.service.AWSCredentialsProviderService</identifiesControllerService>
<name>AWS Credentials Provider service</name>
</value>
</entry>
<entry>
<key>Region</key>
<value>
<name>Region</name>
</value>
</entry>
<entry>
<key>Batch Size</key>
<value>
<name>Batch Size</name>
</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>
<name>Communications Timeout</name>
</value>
</entry>
<entry>
<key>Character Set</key>
<value>
<name>Character Set</name>
</value>
</entry>
<entry>
<key>Visibility Timeout</key>
<value>
<name>Visibility Timeout</name>
</value>
</entry>
<entry>
<key>Receive Message Wait Time</key>
<value>
<name>Receive Message Wait Time</name>
</value>
</entry>
<entry>
<key>Proxy Host</key>
<value>
<name>Proxy Host</name>
</value>
</entry>
<entry>
<key>Proxy Host Port</key>
<value>
<name>Proxy Host Port</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Queue URL</key>
<value>https://sqs.us-east-1.amazonaws.com/123456789012/cloudtrail-file-notifications-queue</value>
</entry>
<entry>
<key>Auto Delete Messages</key>
<value>true</value>
</entry>
<entry>
<key>Access Key</key>
</entry>
<entry>
<key>Secret Key</key>
</entry>
<entry>
<key>Credentials File</key>
</entry>
<entry>
<key>AWS Credentials Provider service</key>
<value>363e450d-ed77-17f2-0000-000000000000</value>
</entry>
<entry>
<key>Region</key>
<value>us-east-1</value>
</entry>
<entry>
<key>Batch Size</key>
<value>10</value>
</entry>
<entry>
<key>Communications Timeout</key>
<value>30 secs</value>
</entry>
<entry>
<key>Character Set</key>
<value>UTF-8</value>
</entry>
<entry>
<key>Visibility Timeout</key>
<value>15 mins</value>
</entry>
<entry>
<key>Receive Message Wait Time</key>
<value>0 sec</value>
</entry>
<entry>
<key>Proxy Host</key>
</entry>
<entry>
<key>Proxy Host Port</key>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>10 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Receive Notification from SQS</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>success</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.aws.sqs.GetSQS</type>
</processors>
<processors>
<id>363e4511-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>508.8997947315254</x>
<y>435.4498861281352</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>JsonPath Expression</key>
<value>
<name>JsonPath Expression</name>
</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>
<name>Null Value Representation</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>JsonPath Expression</key>
<value>$.s3ObjectKey</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>empty string</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Split S3 Keys</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>true</autoTerminate>
<name>original</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>split</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.SplitJson</type>
</processors>
<processors>
<id>363e4512-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>512.4666702515824</x>
<y>-49.290611968761425</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Destination</key>
<value>
<name>Destination</name>
</value>
</entry>
<entry>
<key>Return Type</key>
<value>
<name>Return Type</name>
</value>
</entry>
<entry>
<key>Path Not Found Behavior</key>
<value>
<name>Path Not Found Behavior</name>
</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>
<name>Null Value Representation</name>
</value>
</entry>
<entry>
<key>sns.Message</key>
<value>
<name>sns.Message</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Destination</key>
<value>flowfile-content</value>
</entry>
<entry>
<key>Return Type</key>
<value>auto-detect</value>
</entry>
<entry>
<key>Path Not Found Behavior</key>
<value>ignore</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>empty string</value>
</entry>
<entry>
<key>sns.Message</key>
<value>$.Message</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Extract Notification Message</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>matched</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>unmatched</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.EvaluateJsonPath</type>
</processors>
<processors>
<id>363e4513-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>513.6327072294935</x>
<y>678.4134784437022</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Character Set</key>
<value>
<name>Character Set</name>
</value>
</entry>
<entry>
<key>Maximum Buffer Size</key>
<value>
<name>Maximum Buffer Size</name>
</value>
</entry>
<entry>
<key>Maximum Capture Group Length</key>
<value>
<name>Maximum Capture Group Length</name>
</value>
</entry>
<entry>
<key>Enable Canonical Equivalence</key>
<value>
<name>Enable Canonical Equivalence</name>
</value>
</entry>
<entry>
<key>Enable Case-insensitive Matching</key>
<value>
<name>Enable Case-insensitive Matching</name>
</value>
</entry>
<entry>
<key>Permit Whitespace and Comments in Pattern</key>
<value>
<name>Permit Whitespace and Comments in Pattern</name>
</value>
</entry>
<entry>
<key>Enable DOTALL Mode</key>
<value>
<name>Enable DOTALL Mode</name>
</value>
</entry>
<entry>
<key>Enable Literal Parsing of the Pattern</key>
<value>
<name>Enable Literal Parsing of the Pattern</name>
</value>
</entry>
<entry>
<key>Enable Multiline Mode</key>
<value>
<name>Enable Multiline Mode</name>
</value>
</entry>
<entry>
<key>Enable Unicode-aware Case Folding</key>
<value>
<name>Enable Unicode-aware Case Folding</name>
</value>
</entry>
<entry>
<key>Enable Unicode Predefined Character Classes</key>
<value>
<name>Enable Unicode Predefined Character Classes</name>
</value>
</entry>
<entry>
<key>Enable Unix Lines Mode</key>
<value>
<name>Enable Unix Lines Mode</name>
</value>
</entry>
<entry>
<key>Include Capture Group 0</key>
<value>
<name>Include Capture Group 0</name>
</value>
</entry>
<entry>
<key>extract-text-enable-repeating-capture-group</key>
<value>
<name>extract-text-enable-repeating-capture-group</name>
</value>
</entry>
<entry>
<key>filename</key>
<value>
<name>filename</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Character Set</key>
<value>UTF-8</value>
</entry>
<entry>
<key>Maximum Buffer Size</key>
<value>1 MB</value>
</entry>
<entry>
<key>Maximum Capture Group Length</key>
<value>1024</value>
</entry>
<entry>
<key>Enable Canonical Equivalence</key>
<value>false</value>
</entry>
<entry>
<key>Enable Case-insensitive Matching</key>
<value>false</value>
</entry>
<entry>
<key>Permit Whitespace and Comments in Pattern</key>
<value>false</value>
</entry>
<entry>
<key>Enable DOTALL Mode</key>
<value>false</value>
</entry>
<entry>
<key>Enable Literal Parsing of the Pattern</key>
<value>false</value>
</entry>
<entry>
<key>Enable Multiline Mode</key>
<value>false</value>
</entry>
<entry>
<key>Enable Unicode-aware Case Folding</key>
<value>false</value>
</entry>
<entry>
<key>Enable Unicode Predefined Character Classes</key>
<value>false</value>
</entry>
<entry>
<key>Enable Unix Lines Mode</key>
<value>false</value>
</entry>
<entry>
<key>Include Capture Group 0</key>
<value>false</value>
</entry>
<entry>
<key>extract-text-enable-repeating-capture-group</key>
<value>false</value>
</entry>
<entry>
<key>filename</key>
<value>(.*)</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Extract S3 Object Key</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>matched</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>unmatched</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.ExtractText</type>
</processors>
<processors>
<id>363e4514-ed77-17f2-0000-000000000000</id>
<parentGroupId>363e450c-ed77-17f2-0000-000000000000</parentGroupId>
<position>
<x>510.63077037004064</x>
<y>193.90010931577064</y>
</position>
<config>
<bulletinLevel>WARN</bulletinLevel>
<comments></comments>
<concurrentlySchedulableTaskCount>1</concurrentlySchedulableTaskCount>
<descriptors>
<entry>
<key>Destination</key>
<value>
<name>Destination</name>
</value>
</entry>
<entry>
<key>Return Type</key>
<value>
<name>Return Type</name>
</value>
</entry>
<entry>
<key>Path Not Found Behavior</key>
<value>
<name>Path Not Found Behavior</name>
</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>
<name>Null Value Representation</name>
</value>
</entry>
<entry>
<key>s3.bucket</key>
<value>
<name>s3.bucket</name>
</value>
</entry>
</descriptors>
<executionNode>ALL</executionNode>
<lossTolerant>false</lossTolerant>
<penaltyDuration>30 sec</penaltyDuration>
<properties>
<entry>
<key>Destination</key>
<value>flowfile-attribute</value>
</entry>
<entry>
<key>Return Type</key>
<value>auto-detect</value>
</entry>
<entry>
<key>Path Not Found Behavior</key>
<value>ignore</value>
</entry>
<entry>
<key>Null Value Representation</key>
<value>empty string</value>
</entry>
<entry>
<key>s3.bucket</key>
<value>$.s3Bucket</value>
</entry>
</properties>
<runDurationMillis>0</runDurationMillis>
<schedulingPeriod>0 sec</schedulingPeriod>
<schedulingStrategy>TIMER_DRIVEN</schedulingStrategy>
<yieldDuration>1 sec</yieldDuration>
</config>
<name>Extract S3 Bucket</name>
<relationships>
<autoTerminate>false</autoTerminate>
<name>failure</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>matched</name>
</relationships>
<relationships>
<autoTerminate>false</autoTerminate>
<name>unmatched</name>
</relationships>
<style></style>
<type>org.apache.nifi.processors.standard.EvaluateJsonPath</type>
</processors>
</contents>
<name>Receive Log File Notifications</name>
</processGroups>
</contents>
<name>CloudTrail Event Processing Starter Kit</name>
</processGroups>
</snippet>
<timestamp>01/17/2017 21:18:25 UTC</timestamp>
</template>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment