Clarify what the domain attribute entails

[pagbabian-splunk]

The URL object now includes a domain attribute in addition to the already present subdomain attribute. The examples for domain and subdomain are correct, but not sufficient to determine how a multi-part / multi-level domain is segmented. My assumption is that for a N level domain name, the left-most segment is the subdomain the right-most segment is the TLD (top level domain), and the domain attribute would include the TLD but not the subdomain.

Note that the suffix is not spelled out, and can be as simple as the TLD, but can also be multi-part, as within LDAP directories. We haven't attempted to separate the suffix.

In short, the current descriptions for subdomain and domain need to be generalized.

--- Post Network Call 6/5/24 domain likely should be a "See Specific Usage" attribute rather than have an absolute definition. It can be captured as an internal domain name, an AD Domain, an external DNS domain, and lacking a specific attribute, a FQDN. It's use in URL is how the discussion started, and its usage there is as a segment of the URL, as we have hostname subdomain path and scheme (protocol). Likely we would want a TLD (per another issue) and possibly a suffix (which can capture the right-most segments of a URL, or can be an LDAP suffix which can be similar but different). e.g. co.uk can be a suffix or in an LDAP directory sub1.example.co.uk can be a suffix, used for partitioning the directory.