DNS Tunneling job failing to start

csmith · August 27, 2024, 4:56pm

I have a similar issue to this thread (Anomaly detection - Elastic Jobs failing to start).

When I try to start the job packetbeat_dns_tunneling, I get the error [datafeed-packetbeat_dns_tunneling] cannot retrieve field [dns.question.etld_plus_one] because it has no mappings

I ran this command

GET _ml/datafeeds/datafeed-packetbeat_dns_tunneling

and under indices, got the output

"indices": [
"packetbeat-",
"logs-"
],

Is this what the job is supposed to map to, or is it supposed to map to something else? packetbeat and logs are where we are getting our logs from.

system · September 24, 2024, 4:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Anomaly detection - Elastic Jobs failing to start SIEM elastic-stack-machine-learning	3	788	March 20, 2020
Datafeed [datafeed-packetbeat_dns_tunneling] cannot retrieve data because no index matches datafeed's indices [packetbeat-*] Kibana elastic-stack-machine-learning	16	499	July 10, 2023
Elastic SIEM SIEM	6	767	November 11, 2020
6.2.2 cannot run job: datafeed [XXX] cannot retrieve field [@timestamp] because it has no mappings Elasticsearch elastic-stack-machine-learning	3	1269	October 30, 2018
Detect DNS tunneling Beats packetbeat	15	2988	July 5, 2017

DNS Tunneling job failing to start

Related Topics