merged hostname with domain to handle host split

Cargill · Dec 13, 2023 · e51f73e · e51f73e
1 parent a0ecf1b
commit e51f73e
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/config/enrichments/17_dns.conf b/config/enrichments/17_dns.conf
@@ -212,9 +212,18 @@ filter {
       }
     }
     if [host][hostname] and ![host][hostname][0] and ![host][ip] {
-      mutate {
-        add_field => {
-          "[host][ip]" => "%{[host][hostname]}"
+      if "." not in [host][hostname] and [host][domain] {
+        mutate {
+          add_field => {
+            "[host][ip]" => "%{[host][hostname]}.%{[host][domain]}"
+          }
+        }
+      }
+      else {
+        mutate {
+          add_field => {
+            "[host][ip]" => "%{[host][hostname]}"
+          }
         }
       }
       dns {