Sets the autonomous system (AS) number and organization associated with a given IP address.
By default, uses the ip field as the input. If an AS organization associated with the IP address, then two new fields matching the input field name are created with the AS number and organization. For example, using the default, the new fields would be ip.asn and ip.org.
LogScale includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com. By default, the database is updated automatically if the cluster is running with a valid LogScale license.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
as | string | optional[a] | _asn | The name prefix of fields added by this function. Defaults to input field. |
field[b] | string | optional[a] | ip | The field with an IP address for which to get the AS number. |
[a] Optional parameters use their default value unless explicitly set. | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
fieldcan be omitted; the following forms of this function are equivalent:logscaleasn("field")and:
logscaleasn(field="field")These examples show basic structure only.
The autonomous system number will be written as ip.asn, and organization name as ip.org.
asn() Examples
It's possible to execute this query function without giving any parameters. It will assume the default values: ip for input parameter; and _asn for the name of the resulting field.
asn()The result will be that the fields ip.asn and ip.org are added to the selected events.
Based on the field address, the fields address.asn and address.org are added to the event.
asn(field=address)Based on the field ip, the fields address.asn and address.org are added to the event.
asn(as=address)