Hello,
I am trying to run the job "windows_rare_user_type10_remote_login" in my cluster and It process no data, and I am getting ML Datafeed lookback retrieved no data
Knowing that I already installed winlogbeat in some windows machines and I am receiving data from those machines.
Could you tell me what's wrong please !
Thanks for your help
May I suggest you clone the job, run it over your historical data, then see how much of the historical data this new cloned job sees. Let us know.
Thanks for your answer @richcollier, I tried to do what you asked, and here is what I got (sorry if there are some mistakes as I just begin workign with ELK stack)
When I click on clone I get:
And then I continue by doing this conflagration:
and when I click Next to go to the validation section, I get this error :
@TheHunter1 could you let us know the version of the stack you are running? I was unable to reproduce those errors you saw on cloning your job in my setup here, but we have fixed a few issues around clone over recent releases.
Did you make any edits to the supplied configuration when cloning the job - I couldn't spot anything obvious from the screenshots you posted, but I may have missed something.
thanks for your answer @Peter_Harverson, so maybe I understand the reason of that issue, maybe cause I am trying the version 8.0.0 and I didn't run git pull since a while. I will prepare my machine to make the necessary updates and keep you updated if that error persist.
Thanks again 
If after updating to the latest 8.0.0 you still find you are hitting issues with clone, please could you let us have the JSON job config of the job you are cloning - go to the JSON tab of the job in the Anomaly detection jobs list:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
