Versions Compared

Old Version 5

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Source port → 13003

  • Target tag → dns.windows

  • Check the Stop processing and Sent without syslog tag checkboxes.

Table structure

These are the fields displayed in this table:

dns.windows

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

hostname

str

Code Block
ifthenelse(isnotnull(dnsserverfilebeat), dnsserverfilebeat, vhost)

dnsserverfilebeat

vhost

myserverday

str

 

 

myservertime

str

 

 

myserverampm

str

 

 

serverdate

timestamp

Code Block
parsedate(myserverdate, "MM/DD/YYYY hh:mm:ss A", "UTC")

myserverdate

thread_id

str

 

 

context

str

Code Block
trim(mycontext)

mycontext

int_packed_id

str

Code Block
trim(myintpacketid)

myintpacketid

protocol

str

Code Block
trim(myprotocol)

myprotocol

send_receive

str

Code Block
trim(mysendreceive)

mysendreceive

remote_ip

ip4

 

 

x_id

str

Code Block
trim(myxid)

myxid

query_response

str

Code Block
(myqueryresponse -> '  ') ? ' ' : 'R'

myqueryresponse

query_response_def

str

Code Block
(myqueryresponse -> '  ') ? 'query' : 'response'

myqueryresponse

op_code

str

Code Block
trim(myopcode)

myopcode

flags_hex

str

Code Block
trim(myflagshex)

myflagshex

flags_char_codes

str

Code Block
trim(myflagscharcodes)

myflagscharcodes

response_code

str

Code Block
trim(myresponsecode)

myresponsecode

question_type

str

Code Block
trim(myquestiontype)

myquestiontype

question_name

str

 

 

question_dot

str

Code Block
join(question_tokens, ".")

question_tokens

hostchain

str

 

 

tag

str

 

 

rawMessage

str