This filter query function sets the autonomous system (AS) number and organization associated with a given IP address.
If an AS number associated with an IP address is found, it is added as
<as>.asn, where
<as> is the value of the
as parameter. If an AS organization associated with
the IP address is found for the AS number it is added as
<as>.org.
LogScale includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com. By default, the database is updated automatically if the cluster is running with a valid LogScale license.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
as | string | false | _asn | The name prefix of fields added by this function. Defaults to input field. |
field | string | false | ip | The field with an IP address for which to get the AS number. [a] |
The autonomous system number will be written as
<as>.asn, and organization
name as <as>.org.
Examples
It's possible to execute this query function without giving any
parameters. It will assume the default values:
ip for input parameter; and
_asn for the name of the resulting
field.
asn()
The result will be that ip.asn and
ip.org are added to the selected
events.
Based on the field address, the fields
address.asn and
address.org are added to the
event.
asn(field=address)
Based on the field ip, the fields
address.asn and
address.org are added to the
event.
asn(as=address)