elastic · qcorporation · Apr 9, 2026 · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.36.5"
+  changes:
+    - description: Populate `url.full` when URL parts are available and `url.full` is missing.
+      type: bugfix
+      link: https://github.com/elastic/integrations/issues/18185
 - version: "1.36.4"
   changes:
     - description: Improve escaped quote handling in painless script.

@@ -1774,6 +1774,7 @@
             "url": {
                 "domain": "172.16.200.55",
                 "extension": "com",
+                "full": "http://172.16.200.55/virus/eicar.com",
                 "path": "/virus/eicar.com",
                 "scheme": "http"
             },
@@ -2009,7 +2010,9 @@
             ],
             "url": {
                 "domain": "morrishittu.ddns.net",
-                "path": "/"
+                "full": "http://morrishittu.ddns.net/",
+                "path": "/",
+                "scheme": "http"
             }
         },
         {
@@ -2541,7 +2544,9 @@
             },
             "url": {
                 "domain": "www.dailymotion.com",
-                "path": "/"
+                "full": "https://www.dailymotion.com/",
+                "path": "/",
+                "scheme": "https"
             }
         },
         {
@@ -2639,7 +2644,9 @@
             ],
             "url": {
                 "domain": "www.dailymotion.com",
-                "path": "/"
+                "full": "https://www.dailymotion.com/",
+                "path": "/",
+                "scheme": "https"
             }
         },
         {
@@ -2737,7 +2744,9 @@
             ],
             "url": {
                 "domain": "www.dailymotion.com",
-                "path": "/"
+                "full": "https://www.dailymotion.com/",
+                "path": "/",
+                "scheme": "https"
             }
         },
         {
@@ -2945,7 +2954,9 @@
             "url": {
                 "domain": "172.16.200.55",
                 "extension": "pdf",
-                "path": "/ips/sig1.pdf"
+                "full": "http://172.16.200.55/ips/sig1.pdf",
+                "path": "/ips/sig1.pdf",
+                "scheme": "http"
             }
         },
         {
@@ -3234,7 +3245,9 @@
             "url": {
                 "domain": "fortinetweb.s3.amazonaws.com",
                 "extension": "pdf",
-                "path": "/docs.fortinet.com/v2/attachments/be3d0e3d-4b62-11e9-94bf-00505692583a/FortiOS_6.2.0_Log_Reference.pdf"
+                "full": "https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/be3d0e3d-4b62-11e9-94bf-00505692583a/FortiOS_6.2.0_Log_Reference.pdf",
+                "path": "/docs.fortinet.com/v2/attachments/be3d0e3d-4b62-11e9-94bf-00505692583a/FortiOS_6.2.0_Log_Reference.pdf",
+                "scheme": "https"
             },
             "user_agent": {
                 "original": "Wget/1.17.1"

@@ -213,7 +213,8 @@
             ],
             "url": {
                 "domain": "region1.google-analytics.com",
-                "original": "/g/collect?v=2&tid=G-DP2X732JSX&gtm=45je4a90v884263385z8847342615za200zb847342615&_p=1728980993237&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101686685&cid=552957508.1728975404&ul=en-us&sr=1920x1080&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B129.0.6668.100%7CNot%2"
+                "original": "/g/collect?v=2&tid=G-DP2X732JSX&gtm=45je4a90v884263385z8847342615za200zb847342615&_p=1728980993237&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101686685&cid=552957508.1728975404&ul=en-us&sr=1920x1080&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B129.0.6668.100%7CNot%2",
+                "scheme": "https"
             },
             "user_agent": {
                 "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
@@ -324,7 +325,8 @@
             ],
             "url": {
                 "domain": "www.google.com",
-                "original": "/gen_204?atyp=i&ei=QiMOZ6bjONSK9u8Pqf3q4QY&^&cad=fireinit.async.cfg.{}&zx=1728979780280&opi=89978449"
+                "original": "/gen_204?atyp=i&ei=QiMOZ6bjONSK9u8Pqf3q4QY&^&cad=fireinit.async.cfg.{}&zx=1728979780280&opi=89978449",
+                "scheme": "https"
             },
             "user_agent": {
                 "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
@@ -435,7 +437,8 @@
             ],
             "url": {
                 "domain": "host1.example.com",
-                "original": "/vevent?an_audit=0&referrer=https%3A%2F%2Fntp.example.com%2Fedge%2Fdhp&k=18384798517388757551728977262407568332827128208&s=eb42c53d21704e47792ac941412aaab97323f9f2&t=1728977262&sd=()&type=pv&vd=ct~0|rr~5&d0=1&d25=1&d50=1"
+                "original": "/vevent?an_audit=0&referrer=https%3A%2F%2Fntp.example.com%2Fedge%2Fdhp&k=18384798517388757551728977262407568332827128208&s=eb42c53d21704e47792ac941412aaab97323f9f2&t=1728977262&sd=()&type=pv&vd=ct~0|rr~5&d0=1&d25=1&d50=1",
+                "scheme": "https"
             },
             "user_agent": {
                 "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0"
@@ -546,7 +549,8 @@
             ],
             "url": {
                 "domain": "www.example.com",
-                "original": "/waroot/small/MABS474_WB[MABS474_WB-ALL].jpg"
+                "original": "/waroot/small/MABS474_WB[MABS474_WB-ALL].jpg",
+                "scheme": "https"
             },
             "user_agent": {
                 "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
@@ -657,7 +661,8 @@
             ],
             "url": {
                 "domain": "host2.example.com",
-                "original": "/dt?anId=930089&asId=b2974e88-e35d-4405-eb19-d94113606545&tv=%7Bc:bhf9dH,pingTime:15,time:46446,type:p,clog:%5B%7Bpiv:30,vs:o,r:l,w:300,h:250,t:43%7D,%7Bpiv:0,t:400%7D,%7Br:l.f,t:1712%7D,%7Br:l,t:19403%7D,%7Bpiv:8,t:20244%7D,%7Bpiv:53,vs:pp,r:,t:20347%7D,%"
+                "original": "/dt?anId=930089&asId=b2974e88-e35d-4405-eb19-d94113606545&tv=%7Bc:bhf9dH,pingTime:15,time:46446,type:p,clog:%5B%7Bpiv:30,vs:o,r:l,w:300,h:250,t:43%7D,%7Bpiv:0,t:400%7D,%7Br:l.f,t:1712%7D,%7Br:l,t:19403%7D,%7Bpiv:8,t:20244%7D,%7Bpiv:53,vs:pp,r:,t:20347%7D,%",
+                "scheme": "https"
             },
             "user_agent": {
                 "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
@@ -768,7 +773,8 @@
             ],
             "url": {
                 "domain": "host2.example.com",
-                "original": "/dt?anId=930089&asId=e46b0160-9f9f-c13f-3020-028635f8514d&tv=%7Bc:bhh0wZ,pingTime:-1,time:35638,type:u,clog:%5B%7Bpiv:100,vs:i,r:,w:120,h:600,t:56%7D%5D,ndt:15,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:35638,o:0,n:0,pp:0,pm:0%"
+                "original": "/dt?anId=930089&asId=e46b0160-9f9f-c13f-3020-028635f8514d&tv=%7Bc:bhh0wZ,pingTime:-1,time:35638,type:u,clog:%5B%7Bpiv:100,vs:i,r:,w:120,h:600,t:56%7D%5D,ndt:15,es:0,sc:1,ha:1,fgad:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:35638,o:0,n:0,pp:0,pm:0%",
+                "scheme": "https"
             },
             "user_agent": {
                 "original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"

@@ -75,3 +75,5 @@ date=2021-06-17 time=16:55:26 eventtime=1623974126411127210 tz="-0700" logid="17
 date=2019-05-13 time=11:20:54 logid="0100032001" type="event" subtype="system" level="information" vd="vdom1" eventtime=1557771654587081441 logdesc="Admin login successful" sn="1557771654" user="admin" ui="jsconsole" method="jsconsole" srcip=172.16.200.254 dstip=172.16.200.2 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from jsconsole"
 date=2021-06-17 time=16:55:26 eventtime=1623974126411127210 tz="-0700" logid="0101037100" type="event" subtype="vpn" level="notice" vd="vdom" logdesc="IPsec tunnel statistics" msg="IPsec tunnel statistics" action="tunnel-stats" remip=192.168.10.1 locip=192.168.10.1 remport=4500 locport=4500 outintf="internet" srccountry="Reserved" cookies="" user="2" group="N/A" useralt="N/A" xauthuser="user1" xauthgroup="group1" assignip=10.10.10.1 vpntunnel="VPNTUNNEL" tunnelip=10.10.10.1 tunnelid=123456789 tunneltype="ipsec" duration=919 sentbyte=1641284 rcvdbyte=33245 nextstat=600 fctuid="52C66FE08F724FE0B116DAD5062C9600" advpnsc=0
 <190>date=2025-11-11 time=09:03:29 devname="MYDEV" devid="MYDEVID" eventtime=1746018712493245679 tz="+0200" logid="1059021234" type="event" subtype="vpn" level="notice" vd="vdom" logdesc="IPsec tunnel statistics" sn="1557771654" user="ABC-EFG-Admin04" ui="jsconsole" method="jsconsole" srcip=172.16.200.254 dstip=172.16.200.2 action="login" status="success" reason="none" profile="super_admin" msg="Administrator ABC-EFG-Admin04 logged in successfully from jsconsole"
+date=2019-05-15 time=18:04:12 logid="1059028704" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="information" vd="root" eventtime=1557968652 appid=40568 srcip=10.1.100.22 dstip=89.160.20.128 srcport=50812 dstport=443 srcintf="port10" srcintfrole="lan" dstintf="port9" dstintfrole="wan" proto=6 service="HTTPS" direction="outgoing" policyid=1 sessionid=4420 applist="block-social.media" appcat="Web.Client" app="HTTPS.BROWSER" action="pass" hostname="www.example.com" incidentserialno=1962906690 url="/search?q=test&lang=en" httpmethod="GET" referralurl="https://www.example.com/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="www.example.com" scertissuer="DigiCert SHA2 High Assurance Server CA"
+date=2019-05-15 time=18:04:18 logid="1059028704" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="information" vd="root" eventtime=1557968658 appid=40568 srcip=10.1.100.22 dstip=89.160.20.128 srcport=50820 dstport=443 srcintf="port10" srcintfrole="lan" dstintf="port9" dstintfrole="wan" proto=6 service="HTTPS" direction="outgoing" policyid=1 sessionid=4422 applist="block-social.media" appcat="Web.Client" app="HTTPS.BROWSER" action="pass" hostname="cdn.example.net" incidentserialno=1962906695 url="/" msg="Web.Client: HTTPS.BROWSER," apprisk="medium" scertcname="cdn.example.net" scertissuer="DigiCert SHA2 High Assurance Server CA"