Updated pipeline

bluecat_edge/assets/logs/bluecat-edge.yaml

@@ -3,9 +3,14 @@ metric_id: bluecat-edge
 backend_only: false
 facets:
   - groups:
-      - Web Access
-    name: Client IP
-    path: network.client.ip
+      - DNS
+    name: Response Code
+    path: dns.flags.rcode
+    source: log
+  - groups:
+      - DNS
+    name: DNS ID
+    path: dns.id
     source: log
   - groups:
       - DNS
@@ -17,11 +22,6 @@ facets:
     name: Question Type
     path: dns.question.type
     source: log
-  - groups:
-      - DNS
-    name: Response Code
-    path: dns.flags.rcode
-    source: log
   - facetType: range
     groups:
       - Measure
@@ -33,9 +33,44 @@ facets:
       family: time
       name: nanosecond
   - groups:
-      - DNS
-    name: DNS ID
-    path: dns.id
+      - Geoip
+    name: City Name
+    path: network.client.geoip.city.name
+    source: log
+  - groups:
+      - Geoip
+    name: Continent Code
+    path: network.client.geoip.continent.code
+    source: log
+  - groups:
+      - Geoip
+    name: Continent Name
+    path: network.client.geoip.continent.name
+    source: log
+  - groups:
+      - Geoip
+    name: Country ISO Code
+    path: network.client.geoip.country.iso_code
+    source: log
+  - groups:
+      - Geoip
+    name: Country Name
+    path: network.client.geoip.country.name
+    source: log
+  - groups:
+      - Geoip
+    name: Subdivision ISO Code
+    path: network.client.geoip.subdivision.iso_code
+    source: log
+  - groups:
+      - Geoip
+    name: Subdivision Name
+    path: network.client.geoip.subdivision.name
+    source: log
+  - groups:
+      - Web Access
+    name: Client IP
+    path: network.client.ip
     source: log
   - groups:
       - User

bluecat_edge/assets/logs/bluecat-edge_tests.yaml

@@ -51,14 +51,24 @@ tests:
     }
   result:
     custom:
+      dns:
+        flags:
+          rcode: "NXDOMAIN"
+        id: 1
+        question:
+          name: "10.13.40.10.in-addr.arpa."
+          type: "PTR"
+      duration: 12
+      network:
+        client:
+          geoip: {}
+          ip: "10.41.13.131"
       query_log:
         actionTaken: "query-response"
         drsId: "87a16e58-11d3-4d45-a574-af92520d3b90"
         id: "17685619430971F61B04D4186D474A54EBAF987E153D9"
         identity:
           identityId: "identity_id_example"
-          userId: "[email protected]"
-        latency: 12
         queriedNamespaces:
          -
           latency: 11
@@ -76,18 +86,15 @@ tests:
             time: 1768561943109
           id: "97e3ecb9-f066-11f0-96fb-06915da638a8"
           cycle: 0
-        query: "10.13.40.10.in-addr.arpa."
         queryClassId: 1
-        queryId: 1
         queryProtocol: "UDP"
-        queryType: "PTR"
-        response: "NXDOMAIN"
         siteId: "955ff30b-93a9-4f13-9de1-aeaa25190f49"
-        source: "10.41.13.131"
         time: 1770033982000
       site_details:
         id: "a56e996d-cd54-45c5-8bed-5de015612e0b"
         name: "Site Testing"
+      usr:
+        id: "[email protected]"
       vendor:
         endpoint: "dns-query-logs"
     message: |-
@@ -140,3 +147,4 @@ tests:
       }
     tags:
      - "source:LOGS_SOURCE"
+    timestamp: 1770033982000