From 63ccd9927f58cb4ca7a48f97d9b584bbd8083901 Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Wed, 17 Jun 2020 15:16:19 -0400
Subject: [PATCH 1/2] Update fix_dns.conf

---
 package/etc/conf.d/conflib/_splunk/fix_dns.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/etc/conf.d/conflib/_splunk/fix_dns.conf b/package/etc/conf.d/conflib/_splunk/fix_dns.conf
index 5dd0a94..753da04 100644
--- a/package/etc/conf.d/conflib/_splunk/fix_dns.conf
+++ b/package/etc/conf.d/conflib/_splunk/fix_dns.conf
@@ -22,7 +22,8 @@ class FixHostResolver(object):
 
             resolved = socket.gethostbyaddr(ipaddr)
             hostname = resolved[0]
-            log_message['HOST'] = hostname
+            name, ext = hostname.split('.')[-2:]
+            log_message['HOST'] = name
         except:
             pass
 

From 222febaf480ffe1d354499c8086ba2c57509125d Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Wed, 17 Jun 2020 15:59:42 -0400
Subject: [PATCH 2/2] Update test_common.py

---
 tests/test_common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test_common.py b/tests/test_common.py
index 625d374..b0b65b1 100644
--- a/tests/test_common.py
+++ b/tests/test_common.py
@@ -144,7 +144,7 @@ def test_fix_dns(record_property, setup_wordlist, setup_splunk, setup_sc4s):
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} host=dns.google index=osnix \"[{{ pid }}]\" {{ host }} sourcetype=\"nix:syslog\"")
+    st = env.from_string("search _time={{ epoch }} host=dns index=osnix \"[{{ pid }}]\" {{ host }} sourcetype=\"nix:syslog\"")
     search = st.render(epoch=epoch, pid=pid, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)