i'm using the active directory app and i'm trying to search on the fixed dns values.
it requires the dns request to run thru the fix-dnsname() macro.
eventtype=msad-dns-debuglog |fix-dnsname(questionname)
how can i then use those results.. ex:
eventtype=msad-dns-debuglog |fix-dnsname(questionname)
| questionname=cnn.com
is there a better way?
eventtype=msad-dns-debuglog | `fix-dnsname(questionname)` | search questionname=cnn.com
eventtype=msad-dns-debuglog | `fix-dnsname(questionname)` | search questionname=cnn.com