domain
Subcommands
| Subcommand | Description | Syntax |
|---|---|---|
domain | Extracts the domain component from a hostname based on the public suffix list | domain(<expr>) |
tld | Extracts the top level domain (TLD) component from a hostname based on the public suffix list | tld(<expr>) |
resolveip | Resolves a domain name to an IP address | resolveip(<expr>) |
resolveptr | Performs a reverse DNS lookup for an IP address | resolveptr(<expr>) |
resolve | Resolves a domain name to DNS records of a specified type | resolve(<expr>, <expr>) |
Examples
domain
For a field hostname containing www.example.com, this example sets domain to example.com:
| eval domain=domain(hostname)
tld
For a field hostname containing www.example.com, this example sets tld to com:
| eval tld=tld(hostname)
resolveip
For a field hostname containing example.com, this example sets ip to the resolved IP address (e.g., 93.184.216.34):
| eval ip=resolveip(hostname)
resolveptr
For an IP field ip containing 93.184.216.34, this example sets hostname to the PTR record (e.g., example.com):
| eval hostname=resolveptr(ip)
resolve
For a field hostname containing example.com, this example resolves A records and stores them in records:
| eval records=resolve(hostname, "A")