Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Populate dns.type in Zeek pipeline #13422

Merged
merged 2 commits into from
Aug 29, 2019
Merged

Conversation

webmat
Copy link
Contributor

@webmat webmat commented Aug 29, 2019

One field was missed, in converting the Zeek pipeline to ECS (#13324).

This PR sets dns.type to query or answer depending on the type of event. Note that most of the time, Zeek logs only the "answer" event.

Mathieu Martin added 2 commits August 29, 2019 12:42
One with just the query, and one with query & answer
@webmat webmat requested a review from a team as a code owner August 29, 2019 16:50
@webmat webmat self-assigned this Aug 29, 2019
@webmat webmat added bug ecs needs_backport PR is waiting to be backported to other branches. v7.4.0 Filebeat Filebeat Team:SIEM labels Aug 29, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem

@webmat webmat merged commit fe083ef into elastic:master Aug 29, 2019
webmat pushed a commit to webmat/beats that referenced this pull request Aug 30, 2019
webmat pushed a commit to webmat/beats that referenced this pull request Aug 30, 2019
webmat pushed a commit that referenced this pull request Aug 30, 2019
webmat pushed a commit that referenced this pull request Aug 30, 2019
@urso urso added the v7.5.0 label Oct 22, 2019
@andrewkroh andrewkroh removed the needs_backport PR is waiting to be backported to other branches. label Nov 22, 2019
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants