Sets the autonomous system (AS) number and organization
associated with a given IP address.
By default, uses the ip
field as the input. If an AS organization associated with the IP
address, then two new fields matching the input field name are
created with the AS number and organization. For example, using
the default, the new fields would be
ip.asn and
ip.org.
LogScale includes GeoLite2 data created by MaxMind,
available from
https://www.maxmind.com.
By default, the database is updated automatically if the cluster
is running with a valid LogScale license.
Click + next to an example below to get the full details.
Determine Autonomous System (AS) Number and IP address/Organization Associated - Example 1
Determine the autonomous system (AS) number and organization associated with a given IP address
Query
logscale
asn(field=address)
Introduction
The asn() function provides the Autonomous
System Number (ASN) of a given IP address, providing information
on the owner. By default, asn() uses the
ip field as the input
parameter.
Step-by-Step
Starting with the source repository events.
logscale
asn(field=address)
Adds the ASN to a given event (based on the field
address) in the fields
address.asn and
address.org are added to the
event.
Event Result set.
Summary and Results
The query is used to automatically add an AS number to its associated IP
address (and organization with that IP adress associated). Knowing the
Autonomos System Number of the associated IP addresses is useful to
identify registered owners/organizations of an IP range. When using the
ASN search to query a list of IP addresses, it is possible to mix IPv4
and IPv6 addresses within the one query.
Determine Autonomous System (AS) Number and IP address/Organization Associated - Example 2
Determine the autonomous system (AS) number and organization associated with a given IP address
Query
logscale
asn(field=ipaddr,as=address)
Introduction
The asn() function assumes the default values
ip for input parameter and
outputs to new fields based on this field name. This can be
modified by using the as
parameter.
Step-by-Step
Starting with the source repository events.
logscale
asn(field=ipaddr,as=address)
Adds the fields address.asn and
address.org (based on the field
ipaddr) to the event.
Event Result set.
Summary and Results
The query is used to automatically add an AS number to its associated IP
address (and organization with that IP adress associated). Knowing the
Autonomos System Number of the associated IP addresses is useful to
identify registered owner/organizations of an IP range. When using the
ASN search to query a list of IP addresses, it is possible to mix IPv4
and IPv6 addresses within the one query.
