Sets the autonomous system (AS) number and organization associated with a given IP address.

If an AS number associated with an IP address is found, it is added as <as>.asn, where <as> is the value of the as parameter. If an AS organization associated with the IP address is found for the AS number it is added as <as>.org.

LogScale includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com. By default, the database is updated automatically if the cluster is running with a valid LogScale license.

Note

Updates to the MaxMind database are checked every 5 minutes.

ParameterTypeRequiredDefaultDescription
asstringoptional[a]_asn The name prefix of fields added by this function. Defaults to input field.
field[b]stringoptional[a]ip The field with an IP address for which to get the AS number.

[a] Optional parameters use their default value unless explicitly set

[b] The argument name field can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

The autonomous system number will be written as <as>.asn, and organization name as <as>.org.

asn() Examples

It's possible to execute this query function without giving any parameters. It will assume the default values: ip for input parameter; and _asn for the name of the resulting field.

logscale
asn()

The result will be that the fields ip.asn and ip.org are added to the selected events.

Based on the field address, the fields address.asn and address.org are added to the event.

logscale
asn(field=address)

Based on the field ip, the fields address.asn and address.org are added to the event.

logscale
asn(as=address)