In Security Solution > Network > DNS tab. dns.question.registered_domain the DNS histogram is looking for is not provided by Elastic Defend (dataset endpoint.events.network) by default. Users have to manually create an ingest pipeline to add the field from dns.question.name to visualise the chart successfully. We haven't got any guidance on the page to let users know how to generate this field.
Therefore would like to create a doc to document this solution and add its link to Security Solution's network page. Please find the issue referred below.
~Suggested option 1: Update the query here to use dns.question.name~
Suggested option 2: Add a link and doc to guide user how to add the dns.question.register_domain field.
In Security Solution > Network > DNS tab.
dns.question.registered_domain
the DNS histogram is looking for is not provided by Elastic Defend (dataset endpoint.events.network) by default. Users have to manually create aningest pipeline
to add the field fromdns.question.name
to visualise the chart successfully. We haven't got any guidance on the page to let users know how to generate this field. Therefore would like to create a doc to document this solution and add its link to Security Solution's network page. Please find the issue referred below.query:
Required ingest pipeline:
~Suggested option 1: Update the query here to use
dns.question.name
~ Suggested option 2: Add a link and doc to guide user how to add thedns.question.register_domain
field.