Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Clarify use of hostname, subdomain, domain in source/destination

See original GitHub issue

It’s not clear to me how to populate the hostname, subdomain, and domain fields of source / destination. More detailed descriptions of each field are needed with examples.

It would probably be helpful to establish some terminology that could be used in clarifying the descriptions.

Terms:

FQDN: fully qualified domain name
TLD: top level domain (e.g. .com, .net, .bmw, .us) [list of TLDs]
eTLD: effective top level domain (e.g. .com, .co.uk and pvt.k12.wy.us) [these get determined with the help of the public suffix list]
eTLD+1: effective top level domain plus one level (e.g. example.com, example.co.uk)
SLD: second level domain (e.g. co is the SLD of www.example.co.uk)

Examples showing the mappings of these FQDNs to ECS would probably be sufficient to clarify the topic for me.

example.com
www.example.com
www.example.co.uk

Logstash has a TLD filter that uses similar field names, possibly(?) with different meanings.

Issue Analytics

State:
Created 5 years ago
Comments:33 (33 by maintainers)

Top GitHub Comments

2reactions

ruflincommented, Oct 31, 2018

I’m more thinking DNS related stuff should go into it’s own prefix: https://github.com/elastic/ecs/issues/10

0reactions

webmatcommented, Aug 26, 2019

@mbudge Thanks for the input! By the way this is a very old issue. We didn’t end up going with hostname to describe domains in ECS.

parent_domain sounds like a good option. I think there can be multiple levels of parent domains, however, correct? For example the parent domain of sub2.sub1.example.com would be sub1.example.com, correct?

With registered_domain, we’re going for the very top parent, before getting to the TLD. It’s not a perfect name, but it’s the one that fit the best we found. It’s already in the DNS field set, and will be added soon to other places that have domains in ECS.