From e51f73e70e2f5c40d8cbcb0bab1fe5263a4ba817 Mon Sep 17 00:00:00 2001
From: Kritika Kritika <Kritika_Kritika@cargill.com>
Date: Wed, 13 Dec 2023 16:25:43 +0530
Subject: [PATCH] merged hostname with domain to handle host split

---
 config/enrichments/17_dns.conf | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/config/enrichments/17_dns.conf b/config/enrichments/17_dns.conf
index 993b7513..b50ce6cb 100644
--- a/config/enrichments/17_dns.conf
+++ b/config/enrichments/17_dns.conf
@@ -212,9 +212,18 @@ filter {
       }
     }
     if [host][hostname] and ![host][hostname][0] and ![host][ip] {
-      mutate {
-        add_field => {
-          "[host][ip]" => "%{[host][hostname]}"
+      if "." not in [host][hostname] and [host][domain] {
+        mutate {
+          add_field => {
+            "[host][ip]" => "%{[host][hostname]}.%{[host][domain]}"
+          }
+        }
+      }
+      else {
+        mutate {
+          add_field => {
+            "[host][ip]" => "%{[host][hostname]}"
+          }
         }
       }
       dns {