TLD logstash filter removes other subfields

I have noticed some odd behavior with the "TLD filter"

I have the following filter
if [dns][query] !~ /$/ {
tld {
source => "[dns][query]"
target => "[dns]"

When the above runs it will populate all the TLD fields but it removes any other "[dns][something]" fields, like the [dns][query] field is missing
Anyone else seen this behavior?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.