{
  "_index": "logstash-dns-2024.09.10",
  "_type": "_doc",
  "_id": "SWz625EBA1-pGhI2ti1d",
  "_version": 1,
  "_score": 1,
  "_source": {
    "geoip": {
      "country": {
        "name": "United States",
        "geoname_id": 6252001,
        "iso_code": "US"
      },
      "ip": "208.67.222.222",
      "location": {
        "lon": -73.8448,
        "lat": 40.6593
      },
      "postal": {
        "code": "11414"
      },
      "continent": {
        "code": "NA",
        "geoname_id": 6255149,
        "name": "North America"
      },
      "longitude": -73.8448,
      "country_code2": "US",
      "city_name": "Howard Beach",
      "coordinate": [
        -73.8448,
        40.6593
      ],
      "registered_country": {
        "name": "United States",
        "geoname_id": 6252001,
        "iso_code": "US"
      },
      "latitude": 40.6593,
      "country_name": "United States",
      "timezone": "America/New_York",
      "provider": {
        "autonomous_system_number": 36692,
        "autonomous_system_organization": "OpenDNS, LLC"
      },
      "subdivisions": [
        {
          "name": "New York",
          "geoname_id": 5128638,
          "iso_code": "NY"
        }
      ],
      "country_code3": "US",
      "continent_code": "NA",
      "city": {
        "name": "Howard Beach",
        "geoname_id": 5121407
      }
    },
    "tenant": 9,
    "dns": {
      "flags": "8183",
      "ra": true,
      "id": 56685,
      "rd": true,
      "rcode": "NXDOMAIN",
      "type": "answer",
      "rrname": "97.6.66.173.z.mailspike.net",
      "version": 2,
      "qr": true,
      "opcode": 0,
      "rrtype": "ANY"
    },
    "app_proto": "dns",
    "type": "json-log",
    "src_ip": "10.11.6.101",
    "net_info": {
      "src": [
        "Private class A",
        "Internet"
      ],
      "src_agg": "private-class-a.internet",
      "dest_agg": "internet",
      "dest": [
        "Internet"
      ]
    },
    "input": {
      "type": "log"
    },
    "event_type": "dns",
    "dest_ip": "208.67.222.222",
    "see_name": "STS-500-QALAB-SSP",
    "in_iface": "tppdummy0",
    "@timestamp": "2024-09-10T12:48:23.609Z",
    "see_id": "6c2b59a0d0f2",
    "hostname_info": {
      "domain_without_tld": "mailspike",
      "tld": "net",
      "host": "97.6.66.173.z.mailspike.net",
      "subdomain": "97.6.66.173.z",
      "url": "97.6.66.173.z.mailspike.net",
      "domain": "mailspike.net"
    },
    "dest_port": 53,
    "ether": {
      "src_mac": "00:08:02:1c:47:ae",
      "dest_mac": "20:e5:2a:b6:93:f1"
    },
    "logger": "logstash-manager",
    "log": {
      "offset": 1410491992,
      "file": {
        "path": "/var/log/suricata/eve-0.json"
      }
    },
    "tags": [
      "beats_input_codec_json_applied"
    ],
    "host": "discord-probe",
    "agent": {
      "name": "discord-probe",
      "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
      "version": "7.17.22",
      "type": "filebeat",
      "ephemeral_id": "70867d1b-8b43-4e4f-bcfe-e82abf60b3ae",
      "hostname": "discord-probe"
    },
    "timestamp": "2024-09-10T12:48:23.609899+0000",
    "proto": "TCP",
    "src_port": 50148,
    "@version": "1",
    "flow_id": 401557243514472
  }
}