Add CEF input format to druid and index it.

[harshmanyase]

Hi team, I am working on a poc, where i need to ingest CEF logs from file, and data is in CEF format.(Common Event Format (CEF) is a Logging and Auditing file format from ArcSight and is an extensible, text-based format designed to support multiple device types by offering the most relevant information. Message syntaxes are reduced to work with ESM normalization.) .

I wanted to parse it and ingest into druid.

So please tell me any approach. So i can make a solution of it.

I convert CEF data to json using NIFI processor. But data comes in nested json format. So could you please suggest me some link or sample code.

thanks in advance.

[stale[bot]]

This issue has been marked as stale due to 280 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@druid.apache.org list. Thank you for your contributions.

[github-actions[bot]]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.