This filter query function sets the autonomous system (AS) number and organization associated with a given IP address.
If an AS number associated with an IP address is found, it is added as
<as>.asn, where
<as> is the value of the
as parameter. If an AS organization associated with
the IP address is found for the AS number it is added as
<as>.org.
LogScale includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com. By default, the database is updated automatically if the cluster is running with a valid LogScale license.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
as | string | false | _asn | The name prefix of fields added by this function. Defaults to input field. |
field | string | false | ip | The field with an IP address for which to get the AS number. [a] |
The autonomous system number will be written as <as>.asn, and organization name as <as>.org.
asn() Examples
It's possible to execute this query function without giving any parameters. It will assume the default values: ip for input parameter; and _asn for the name of the resulting field.
asn()The result will be that the fields ip.asn and ip.org are added to the selected events.
Based on the field address, the fields address.asn and address.org are added to the event.
asn(field=address)Based on the field ip, the fields address.asn and address.org are added to the event.
asn(as=address)