Determine Autonomous System (AS) Number and IP address/Organization Associated - Example 2 | LogScale Query Examples

Determine Autonomous System (AS) Number and IP address/Organization Associated - Example 2

Determine the autonomous system (AS) number and organization associated with a given IP address

Query

logscale

asn(field=ipaddr,as=address)

Introduction

The asn() function assumes the default values ip for input parameter and outputs to new fields based on this field name. This can be modified by using the as parameter.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0[\Add Field/] result{{Result Set}} repo --> 0 0 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
asn(field=ipaddr,as=address)
```
Adds the fields address.asn and address.org (based on the field ipaddr) to the event.
Event Result set.

Summary and Results

The query is used to automatically add an AS number to its associated IP address (and organization with that IP adress associated). Knowing the Autonomos System Number of the associated IP addresses is useful to identify registered owner/organizations of an IP range. When using the ASN search to query a list of IP addresses, it is possible to mix IPv4 and IPv6 addresses within the one query.

Examples Library