what triggers event.types to be dns, tls , flow etc other than alerts?
does types like dns, tls etc come under a sub event type category of alert event type?
Suricata provides several event types besides alerts. You can even run Suricata without alerts and get a lot of metadata with all the different protocol parsers. In addition to that the protocol specific event types provide more data related to that type of event and will show all the traffic events (unless configured otherwise).
I would recommend to read our official docs: Suricata User Guide — Suricata 8.0.0-dev documentation
i wanted dns logs to come with data.event.type=alert with all necessary fields that would come if data.event.type=dns
That is not possible, the alert event contains the most important parts but the full details are added to the protocol events.
You can use the flow_id and correlate the two events with each other.