Determine Autonomous System (AS) Number and IP address/Organization Associated - Example 1 | LogScale Query Examples

Determine Autonomous System (AS) Number and IP address/Organization Associated - Example 1

Determine the autonomous system (AS) number and organization associated with a given IP address

Query

logscale

asn(field=address)

Introduction

The asn() function provides the Autonomous System Number (ASN) of a given IP address, providing information on the owner. By default, asn() uses the ip field as the input parameter.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
asn(field=address)
```
Adds the ASN to a given event (based on the field address) in the fields address.asn and address.org are added to the event.
Event Result set.

Summary and Results

The query is used to automatically add an AS number to its associated IP address (and organization with that IP adress associated). Knowing the Autonomos System Number of the associated IP addresses is useful to identify registered owners/organizations of an IP range. When using the ASN search to query a list of IP addresses, it is possible to mix IPv4 and IPv6 addresses within the one query.

Examples Library