The dns datamodel is not populating because out of the box neither ES or the Windows Infrastructure app have the tag constraints defined. The datamodel is looking for the following three tags "tag=network tag=dns tag=resolution" for windows debug dns requests these tags are not defined anywhere.
Is there another app that is required to create these tags? or are there eventtypes that exist that can be mapped for example to the resolution tag?
↧