Find a better solution for address/ip/domain #37
Description
We have all three fields for client and server. ECS says, .address has to be set. If there's an IP address in that field, copy it into .ip and if it's a FQDN, copy it into .domain.
The problem we have is that sometimes one is set but the other is not. Or both are set. Or one is set to a dummy value like unkown or while the other has a valid value. The current implementation tries to always use the most meaningful information for .address but this ends up different values in address depending on what log event it is.
We could work around it in Kibana by never using .address but I'm not sure if that's feasible. I'm opening this issue to search for a better solution to this problem.