diff --git a/custom_documentation/doc/endpoint/network/linux/linux_network_dns_lookup_result.md b/custom_documentation/doc/endpoint/network/linux/linux_network_dns_lookup_result.md
index 443d467d1..011fdf55d 100644
--- a/custom_documentation/doc/endpoint/network/linux/linux_network_dns_lookup_result.md
+++ b/custom_documentation/doc/endpoint/network/linux/linux_network_dns_lookup_result.md
@@ -2,7 +2,7 @@
 
 - OS: Linux
 - Data Stream: `logs-endpoint.events.network-*`
-- KQL: `event.action : "lookup_result" and event.dataset : "endpoint.events.network" and event.module : "endpoint" and host.os.type : "linux"`
+- KQL: `event.action : ("lookup_result" or "lookup_requested") and event.dataset : "endpoint.events.network" and event.module : "endpoint" and host.os.type : "linux"`
 
 This event is generated when results are returned for a DNS lookup request.
 
diff --git a/custom_documentation/src/endpoint/data_stream/network/linux/linux_network_dns_lookup_result.yaml b/custom_documentation/src/endpoint/data_stream/network/linux/linux_network_dns_lookup_result.yaml
index b4732ee4f..3be3feed3 100644
--- a/custom_documentation/src/endpoint/data_stream/network/linux/linux_network_dns_lookup_result.yaml
+++ b/custom_documentation/src/endpoint/data_stream/network/linux/linux_network_dns_lookup_result.yaml
@@ -4,7 +4,9 @@ overview:
     request.
 identification:
   filter:
-    event.action: lookup_result
+    event.action:
+    - lookup_result
+    - lookup_requested
     event.dataset: endpoint.events.network
     event.module: endpoint
     host.os.type: linux