ML - Datafeed is encountering errors extracting data: all shards failed

Elastic Stack Elasticsearch
21

It's quite possible that the query being run by Kibana (the one that "works") looks more like the following, behind the scenes:

  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "bool": {
            "should": [
              {
                "match_phrase": {
                  "event.action": "EXECVE"
                }
              }
            ],
            "minimum_should_match": 1
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
1 Like
22

The motivation for using v7.11 is that many of the ML jobs are now directly enabled via the Security (SIEM) app

23

It perfectly worked! :slight_smile: Congratulations, you are a genius!! However, I have a question: if I run packetbeat during the day and during the night not, then in the next day when I create a ML job which uses the packetbeat data, it will also take into consideration the pause period which was during the night, or it will automatically calculate and take the data just when was packetbeat running?

24

I will consider upgrading to this version! Thanks for this information! :+1:

25

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.