Hi Team, Please refer below link for my issue. https://issues.apache.org/jira/browse/SPOT-256
I am executing spot-ml alone for my exploration. Need help or few understanding in DNS table values. Here my queries/Issues: *(Issue 1) I need to know what fields need to be placed in ml_feedbck.csv. Please share some sample file for dns-feedback.csv.* From https://github.com/apache/incubator-spot/blob/master/spot-ml/src/main/scala/org/apache/spot/dns/model/DNSFeedback.scala I have found 18 parameters required in ml_feedbck.csv. Is it correct? What value need to put in dns_sev field/column? *(Issue 2) What fields can be empty in DNS table?* *(Issue 2.1) what will happen if I keep dns_a column value is empty? * When I was loading data in DNS table, sometime dns_a would be empty. If any null or empty values in this field, then my ML has been failed. So I have followed below t-shark command. tshark.exe -r traffic_spot_00000_20180123100402.pcap -E separator=, -E header=y -E occurrence=f -T fields -e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst -e dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e dns.a "(dns.flags.response==1) and (dns.a)" > traffic_spot_windows.csv Problem with above command is ‘it has been executed in windows’. Is it anyone give me equivalent Tshark command for Linux/cent-os? *(Issue 2.2) what is the expected value in frame_time column?* My actual value from pcap file is 23-Jan 2018 15:34:16.242978980 India Standard Time. While executing it has been failed. Then I have modified manually from 23-Jan 2018 15:34:16.242978980 India Standard Time to Jan 23 2018 15:34:16.242978980 IST. Then ML executed successful. Is it any bug? Thanks, weknowth
