Registered Domain

edit

The registered_domain processor reads a field containing a hostname and then writes the "registered domain" contained in the hostname to the target field. For example, given www.google.co.uk the processor would output google.co.uk. In other words the "registered domain" is the effective top-level domain (co.uk) plus one level (google).

This processor uses the Mozilla Public Suffix list to determine the value.

processors:
- registered_domain:
    field: dns.question.name
    target_field: dns.question.registered_domain
    ignore_missing: true
    ignore_failure: true

The registered_domain processor has the following configuration settings:

Table 1. Registered Domain options

Name Required Default Description

field

yes

Source field containing a fully qualified domain name (FQDN).

target_field

yes

Target field for the registered domain value.

ignore_missing

no

false

Ignore errors when the source field is missing.

ignore_failure

no

false

Ignore all errors produced by the processor.

id

no

An identifier for this processor instance. Useful for debugging.