Network & Location Query Functions
LogScale's network functions can be used to identify or filter networks, IP and network addresses.
Table: Network Query Functions
| Function | Default Argument | Availability | Description |
|---|---|---|---|
asn([as], [field]) | field | Determines autonomous system number and organization associated. | |
cidr([column], field, [file], [negate], [subnet]) | field | Filters events using CIDR subnets. | |
communityId([as], destinationip, [destinationport], [icmpcode], [icmptype], proto, [seed], sourceip, [sourceport]) | Computes the Community ID, a standard for hashing network flows. | ||
ipLocation([as], [field]) | field | Determines country, city, longitude, and latitude for given IP address. | |
rdns([as], field, [limit], [server]) | field | Events using RDNS lookup. | |
shannonEntropy([as], field) | field | Calculates a entropy measure from a string of characters. | |
subnet([as], bits, field) | field | Computes a subnet from a IPV4 field. | |
urlDecode([as], field) | field | URL-decodes the contents of a string field. | |
urlEncode([as], field, [type]) | field | URL-encodes the contents of a string field. |