From f2c6556b8258f04eb222f8cf987114b6c9da931e Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Fri, 30 Aug 2019 10:57:31 -0400 Subject: [PATCH] Add dns.type to Packetbeat (#13427) Set `dns.type` to `answer` when a response packet is present and to `query` when there's only a request packet. Relates #13320 --- packetbeat/protos/dns/dns.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packetbeat/protos/dns/dns.go b/packetbeat/protos/dns/dns.go index 5233b3120f2..3633847b0fb 100644 --- a/packetbeat/protos/dns/dns.go +++ b/packetbeat/protos/dns/dns.go @@ -385,6 +385,7 @@ func (dns *dnsPlugin) publishTransaction(t *dnsTransaction) { pbf.Event.Start = t.request.ts pbf.Event.End = t.response.ts + dnsEvent["type"] = "answer" fields["method"] = dnsOpCodeToString(t.request.data.Opcode) if len(t.request.data.Question) > 0 { fields["query"] = dnsQuestionToString(t.request.data.Question[0]) @@ -407,6 +408,7 @@ func (dns *dnsPlugin) publishTransaction(t *dnsTransaction) { pbf.Source.Bytes = int64(t.request.length) pbf.Event.Start = t.request.ts + dnsEvent["type"] = "query" fields["method"] = dnsOpCodeToString(t.request.data.Opcode) if len(t.request.data.Question) > 0 { fields["query"] = dnsQuestionToString(t.request.data.Question[0]) @@ -422,6 +424,7 @@ func (dns *dnsPlugin) publishTransaction(t *dnsTransaction) { pbf.Destination.Bytes = int64(t.response.length) pbf.Event.End = t.response.ts + dnsEvent["type"] = "answer" fields["method"] = dnsOpCodeToString(t.response.data.Opcode) if len(t.response.data.Question) > 0 { fields["query"] = dnsQuestionToString(t.response.data.Question[0])