TLD logstash filter removes other subfields

(panaman) #1

I have noticed some odd behavior with the "TLD filter"

I have the following filter
if [dns][query] !~ /$/ {
tld {
source => "[dns][query]"
target => "[dns]"

When the above runs it will populate all the TLD fields but it removes any other "[dns][something]" fields, like the [dns][query] field is missing
Anyone else seen this behavior?

(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.