jasonish · October 14, 2016 15:51
diff --git a/dns-split.json b/dns-split.json
 {
  "timestamp": "2016-10-14T09:40:21.889830-0600",
  "flow_id": 1233527431861222,
  "pcap_cnt": 1,
  "event_type": "dns",
  "src_ip": "10.16.1.11",
  "src_port": 40697,
  "dest_ip": "10.16.1.1",
  "dest_port": 53,
  "proto": "UDP",
  "dns": {
    "type": "query",
    "id": 25266,
    "query": {
      "rrname": "d98cf633-97be-406f-9e39-bd8fc0cbdea4.com",
      "rrtype": "A"
    },
    "tx_id": 0
  }
 }
 {
  "timestamp": "2016-10-14T09:40:21.971664-0600",
  "flow_id": 1233527431861222,
  "pcap_cnt": 2,
  "event_type": "dns",
  "src_ip": "10.16.1.11",
  "src_port": 40697,
  "dest_ip": "10.16.1.1",
  "dest_port": 53,
  "proto": "UDP",
  "dns": {
    "type": "answer",
    "id": 25266,
    "rcode": "NXDOMAIN",
    "answer": [
      {
        "rrname": "com",
        "rrtype": "SOA",
        "ttl": 900
      }
    ],
    "tx_id": 0
  }
 }
	{
	"timestamp": "2016-10-14T09:40:21.889830-0600",
	"flow_id": 1233527431861222,
	"pcap_cnt": 1,
	"event_type": "dns",
	"src_ip": "10.16.1.11",
	"src_port": 40697,
	"dest_ip": "10.16.1.1",
	"dest_port": 53,
	"proto": "UDP",
	"dns": {
	"type": "query",
	"id": 25266,
	"query": {
	"rrname": "d98cf633-97be-406f-9e39-bd8fc0cbdea4.com",
	"rrtype": "A"
	},
	"tx_id": 0
	}
	}
	{
	"timestamp": "2016-10-14T09:40:21.971664-0600",
	"flow_id": 1233527431861222,
	"pcap_cnt": 2,
	"event_type": "dns",
	"src_ip": "10.16.1.11",
	"src_port": 40697,
	"dest_ip": "10.16.1.1",
	"dest_port": 53,
	"proto": "UDP",
	"dns": {
	"type": "answer",
	"id": 25266,
	"rcode": "NXDOMAIN",
	"answer": [
	{
	"rrname": "com",
	"rrtype": "SOA",
	"ttl": 900
	}
	],
	"tx_id": 0
	}
	}
No results found