Detector field "beat.hostname" is not an aggregatable field

Following the instructions for the DETECT DNS DATA EXFILTRATION lab, I hit this wall, any ideas?

Cheers,

Mark

Hi @Mark3,

Thanks for trying out our machine learning anomaly detection jobs for DNS.

Please try using field host.name instead of beat.hostname.

beat.hostname was used prior to the introduction of Elastic Common Schema, and may no longer be available in your packetbeat data.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.