DNS
Fields describing DNS queries and answers.
Fields
Field Summary
| Field | Type | Level | Description |
|---|---|---|---|
dns.answers | object | Extended | Array of DNS answers. |
dns.answers.class | keyword | Extended | The class of DNS data contained in this resource record. |
dns.answers.data | keyword | Extended | The data describing the resource. |
dns.answers.name | keyword | Extended | The domain name to which this resource record pertains. |
dns.answers.ttl | long | Extended | The time interval in seconds that this resource record may be cached before it should be discarded. |
dns.answers.type | keyword | Extended | The type of data contained in this resource record. |
dns.header_flags | keyword | Extended | Array of DNS header flags. |
dns.id | keyword | Extended | The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. |
dns.op_code | keyword | Extended | The DNS operation code that specifies the kind of query in the message. |
dns.question.class | keyword | Extended | The class of records being queried. |
dns.question.name | keyword | Extended | The name being queried. |
dns.question.registered_domain | keyword | Extended | The highest registered domain, stripped of the subdomain. |
dns.question.subdomain | keyword | Extended | The subdomain of the domain. |
dns.question.top_level_domain | keyword | Extended | The effective top level domain (com, org, net, co.uk). |
dns.question.type | keyword | Extended | The type of record being queried. |
dns.resolved_ip | ip | Extended | Array containing all IPs seen in answers.data |
dns.response_code | keyword | Extended | The DNS response code. |
dns.type | keyword | Extended | The type of DNS event captured, query or answer. |
Field Details
dns.answers
Type: object
Level: Extended
Description: Array of DNS answers.
Normalization: array
Indexed: true
dns.answers.class
Type: keyword
Level: Extended
Description: The class of DNS data contained in this resource record.
Example: IN
Indexed: true
dns.answers.data
Type: keyword
Level: Extended
Description: The data describing the resource.
Example: 10.10.10.10
Indexed: true
dns.answers.name
Type: keyword
Level: Extended
Description: The domain name to which this resource record pertains.
Example: www.example.com
Indexed: true
dns.answers.ttl
Type: long
Level: Extended
Description: The time interval in seconds that this resource record may be cached before it should be discarded.
Example: 180
Indexed: true
dns.answers.type
Type: keyword
Level: Extended
Description: The type of data contained in this resource record.
Example: CNAME
Indexed: true
dns.header_flags
Type: keyword
Level: Extended
Description: Array of DNS header flags.
Example: ["RD", "RA"]
Normalization: array
Indexed: true
dns.id
Type: keyword
Level: Extended
Description: The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.
Example: 62111
Indexed: true
dns.op_code
Type: keyword
Level: Extended
Description: The DNS operation code that specifies the kind of query in the message.
Example: QUERY
Indexed: true
dns.question.class
Type: keyword
Level: Extended
Description: The class of records being queried.
Example: IN
Indexed: true
dns.question.name
Type: keyword
Level: Extended
Description: The name being queried.
Example: www.example.com
Indexed: true
dns.question.registered_domain
Type: keyword
Level: Extended
Description: The highest registered domain, stripped of the subdomain.
Example: example.com
Indexed: true
dns.question.subdomain
Type: keyword
Level: Extended
Description: The subdomain of the domain.
Example: www
Indexed: true
dns.question.top_level_domain
Type: keyword
Level: Extended
Description: The effective top level domain (com, org, net, co.uk).
Example: co.uk
Indexed: true
dns.question.type
Type: keyword
Level: Extended
Description: The type of record being queried.
Example: AAAA
Indexed: true
dns.resolved_ip
Type: ip
Level: Extended
Description: Array containing all IPs seen in answers.data
Example: ["10.10.10.10", "10.10.10.11"]
Normalization: array
Indexed: true
dns.response_code
Type: keyword
Level: Extended
Description: The DNS response code.
Example: NOERROR
Indexed: true
dns.type
Type: keyword
Level: Extended
Description: The type of DNS event captured, query or answer.
Example: answer
Indexed: true