TLD logstash filter removes other subfields

panaman · September 11, 2018, 1:31pm

I have noticed some odd behavior with the "TLD filter"

I have the following filter
if [dns][query] !~ /in-addr.arpa$/ {
tld {
source => "[dns][query]"
target => "[dns]"
}
}

When the above runs it will populate all the TLD fields but it removes any other "[dns][something]" fields, like the [dns][query] field is missing
Anyone else seen this behavior?

system · October 9, 2018, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DNS plugin and new field Logstash	3	641	June 30, 2020
Remove field value in logstash Logstash	2	608	July 6, 2017
Having issue with DNS filter Logstash	8	2441	February 14, 2018
Split field in elastic Logstash	7	284	July 15, 2021
Logstash DNS Filter Issue Logstash	1	421	April 10, 2018

TLD logstash filter removes other subfields

Related topics