Microsoft DNS Server integration - remove dot at domainn name's end

stephenb · July 26, 2025, 3:15pm

Hi @Zer0-cyber-web Welcome to the community.

What version of the Elastic Stack

What version of the integration

Can you turn on the preserve original event in the integration and see if that is part of the origin event?

Can you share one of the final JSON documents that show this behavior...

Please share

May or may not be a bug. Even if it is we can probably do a work around

It looks like this is part of the expected data

github.com/elastic/integrations

packages/microsoft_dnsserver/data_stream/analytical/_dev/test/pipeline/test-events.json

ecb85b24a


      
          "provider_guid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
          "session": "Elastic-DNSServer-Analytical",
          "channel": "16",
          "flags": "576",
          "event_data": {
              "AA": "0",
              "TCP": "0",
              "AdditionalInfo": "VirtualizationInstance:.",
              "Destination": "216.160.83.56",
              "AD": "0",
              "QNAME": "google.es.",
              "Zone": "..Cache",
              "Port": "59560",
              "GUID": "{BF629903-4288-435F-9182-470BEDF5C0A4}",
              "ElapsedTime": "9",
              "Flags": "33152",
              "BufferSize": "55",
              "XID": "7",
              "DNSSEC": "0",
              "Scope": "Default",
              "QTYPE": "28",

I asked internally as well.

Topic		Replies	Views
How do I get the dns.request.registerd_name field? Elastic Security	6	720	November 14, 2021
Grok query domain from DNS server log Logstash	5	1407	August 9, 2017
Missing DNS requests on Windows machine Endpoint Security	5	1582	November 5, 2021
Gork fpr the DNS qureu log Logstash	3	380	August 29, 2019
DNS Integration stopped working Elastic Agent integrations	1	68	March 24, 2025

Microsoft DNS Server integration - remove dot at domainn name's end

Related topics