Network and Location Query Functions
LogScale's network functions can be used to identify or filter networks, IP and network addresses.
Table: Network Query Functions
| Function | Default Argument | Availability | Description |
|---|---|---|---|
asn([as], [field]) | field | Â | Determines autonomous system number and organization associated. |
cidr([column], field, [file], [negate], [subnet]) | field | Â | Filters events using CIDR subnets. |
communityId([as], destinationip, [destinationport], [icmpcode], [icmptype], proto, [seed], sourceip, [sourceport]) | Â | Â | Computes the Community ID, a standard for hashing network flows. |
ipLocation([as], [field]) | field | Â | Determines country, city, longitude, and latitude for given IP address. |
rdns([as], field, [limit], [server]) | field | Â | Events using RDNS lookup. |
shannonEntropy([as], field) | field | Â | Calculates a entropy measure from a string of characters. |
subnet([as], bits, field) | field | Â | Computes a subnet from a IPV4 field. |
urlDecode([as], field) | field | Â | URL-decodes the contents of a string field. |
urlEncode([as], field, [type]) | field | Â | URL encodes the contents of a string field. |