Hi all,
i am total newbie (new user) of ElasticSearch, I wanted to test DNS tunneling detection with ES ( https://github.com/elastic/examples/tree/master/packetbeat_dns_tunnel_detection ) based on https://www.elastic.co/blog/detecting_dns_tunnels_with_packetbeat_and_watcher , however i came to this error when i run $ curl -XPUT http://localhost:9200/_watcher/watch/_execute?pretty -d@unique_hostnames_watch.json :
"reason" : "SearchPhaseExecutionException[all shards failed]; nested: RemoteTransportException[[YFTCeY1][127.0.0.1:9300][indices:data/read/search[phase/query]]]; nested: IllegalArgumentException[Fielddata is disabled on text fields by default. Set fielddata=true on [dns.question.etld_plus_one] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory.]; ",
I am unable to change fielddata=true on dns.question.etld_plus_one, simply because I don't know how.
Thanks for any suggestions.
Martin