Merge pull request #535 from splunk/fix/use-host-not-fqdn-in-dns

Update fix_dns.conf
CSVD · Jun 17, 2020 · b44a72e · b44a72e
2 parents e68fd7e + 222feba
commit b44a72e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/package/etc/conf.d/conflib/_splunk/fix_dns.conf b/package/etc/conf.d/conflib/_splunk/fix_dns.conf
@@ -22,7 +22,8 @@ class FixHostResolver(object):
 
             resolved = socket.gethostbyaddr(ipaddr)
             hostname = resolved[0]
-            log_message['HOST'] = hostname
+            name, ext = hostname.split('.')[-2:]
+            log_message['HOST'] = name
         except:
             pass
 

diff --git a/tests/test_common.py b/tests/test_common.py
@@ -144,7 +144,7 @@ def test_fix_dns(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} host=dns.google index=osnix \"[{{ pid }}]\" {{ host }} sourcetype=\"nix:syslog\"")
+    st = env.from_string("search _time={{ epoch }} host=dns index=osnix \"[{{ pid }}]\" {{ host }} sourcetype=\"nix:syslog\"")
     search = st.render(epoch=epoch, pid=pid, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)