TLD logstash filter removes other subfields


(panaman) #1

I have noticed some odd behavior with the "TLD filter"

I have the following filter
if [dns][query] !~ /in-addr.arpa$/ {
tld {
source => "[dns][query]"
target => "[dns]"
}
}

When the above runs it will populate all the TLD fields but it removes any other "[dns][something]" fields, like the [dns][query] field is missing
Anyone else seen this behavior?


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.