Netscout AEM host extration issue

[Mosstrow]

Hello Team,

The HOSTNAME extraction based on the deviceHostName field is not working for Netscout AEM sourcetype "netscout:aed".

Netscout AEM is the manager of Netscout AED (Already onboarded by SC4S)

Here is a sample where deviceHostName is "HOSTADDOS-01": <29>1 2025-05-09T09:30:34.437+02:00 HOSTAEMDDOS Arbor-Enterprise-Manager 87780 AEM CEF:0|NETSCOUT|Arbor Enterprise Manager|7.3.0.0|ATLAS Threat Categories|Blocked Host|7|rt=1746775830000 deviceHostName=HOSTADDOS-01 src=8.8.8.8 spt=39728 dst=1.1.1.1 dpt=3500 proto=TCP deviceDirection=0 cn1=16752893630 cn1Label=Element ID cs1=8.8.8.8 cs1Label=IOC Pattern cn2=272 cn2Label=Protection Group ID cs2=GROUP_WEB cs2Label=Protection Group Name cs3=ip cs3Label=Match Type cs6=DDoS Botnets cs6Label=Threat Name cs7=DDoS Reputation cs7Label=Threat Category cs8=TA0040-Impact cs8Label=Mitre ATT&CK Tactics cs9=T1498-Network Denial of Service cs9Label=Mitre ATT&CK Techniques

Currently, the hostname extraction with SC4S is: 87780

Thanks