From e0246d03e7605aa4d21ef4eed8e4fd2624ee3d5e Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Fri, 30 Aug 2019 15:00:40 -0400
Subject: [PATCH] Add dns.type to Packetbeat (#13427) (#13453)

Set `dns.type` to `answer` when a response packet is present and to `query` when there's only a request packet.

Relates #13320

(cherry picked from commit ba7185999a22c9f51f7efa7dd6f7df123a444649)
---
 packetbeat/protos/dns/dns.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/packetbeat/protos/dns/dns.go b/packetbeat/protos/dns/dns.go
index 5233b3120f2..3633847b0fb 100644
--- a/packetbeat/protos/dns/dns.go
+++ b/packetbeat/protos/dns/dns.go
@@ -385,6 +385,7 @@ func (dns *dnsPlugin) publishTransaction(t *dnsTransaction) {
 		pbf.Event.Start = t.request.ts
 		pbf.Event.End = t.response.ts
 
+		dnsEvent["type"] = "answer"
 		fields["method"] = dnsOpCodeToString(t.request.data.Opcode)
 		if len(t.request.data.Question) > 0 {
 			fields["query"] = dnsQuestionToString(t.request.data.Question[0])
@@ -407,6 +408,7 @@ func (dns *dnsPlugin) publishTransaction(t *dnsTransaction) {
 		pbf.Source.Bytes = int64(t.request.length)
 		pbf.Event.Start = t.request.ts
 
+		dnsEvent["type"] = "query"
 		fields["method"] = dnsOpCodeToString(t.request.data.Opcode)
 		if len(t.request.data.Question) > 0 {
 			fields["query"] = dnsQuestionToString(t.request.data.Question[0])
@@ -422,6 +424,7 @@ func (dns *dnsPlugin) publishTransaction(t *dnsTransaction) {
 		pbf.Destination.Bytes = int64(t.response.length)
 		pbf.Event.End = t.response.ts
 
+		dnsEvent["type"] = "answer"
 		fields["method"] = dnsOpCodeToString(t.response.data.Opcode)
 		if len(t.response.data.Question) > 0 {
 			fields["query"] = dnsQuestionToString(t.response.data.Question[0])