From 6aa2d550a12d0eee5313f31960407821089fe077 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Thu, 12 Sep 2019 17:31:39 +0200
Subject: [PATCH] doc/dotprefix: fix example rules

---
 doc/userguide/rules/transforms.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/userguide/rules/transforms.rst b/doc/userguide/rules/transforms.rst
index 204aaef60e..593e52853c 100644
--- a/doc/userguide/rules/transforms.rst
+++ b/doc/userguide/rules/transforms.rst
@@ -30,7 +30,7 @@ adding the dot allows ``google.com`` to match against ``content:".google.com"``
 
 Example::
 
-    alert http any any -> any any (dns.query; dotprefix; \
+    alert dns any any -> any any (dns.query; dotprefix; \
         content:".microsoft.com"; sid:1;)
 
 This example will match on ``windows.update.microsoft.com`` and
@@ -38,7 +38,7 @@ This example will match on ``windows.update.microsoft.com`` and
 
 This rule can be used to match on the domain only; example::
 
-    alert http any any -> any any (dns.query; dotprefix; \
+    alert dns any any -> any any (dns.query; dotprefix; \
         content:".microsoft.com"; endswith; sid:1;)
 
 This example will match on ``windows.update.microsoft.com`` but not
@@ -46,7 +46,7 @@ This example will match on ``windows.update.microsoft.com`` but not
 
 Finally, this rule can be used to match on the TLD only; example::
 
-    alert http any any -> any any (dns.query; dotprefix; \
+    alert dns any any -> any any (dns.query; dotprefix; \
         content:".co.uk"; endswith; sid:1;)
 
 This example will match on ``maps.google.co.uk`` but not