This filter query function sets the autonomous system (AS) number and organization associated with a given IP address.

If an AS number associated with an IP address is found, it is added as <as>.asn, where <as> is the value of the as parameter. If an AS organization associated with the IP address is found for the AS number it is added as <as>.org.

Humio includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com. By default, the database is updated automatically if the cluster is running with a valid Humio license.

ParameterTypeRequiredDefaultDescription
asstringfalse_asnThe name prefix of fields added by this function. Defaults to input field.
fieldstringfalseipThe field with an IP address for which to get the AS number. [a]

[a] When you provide only one parameter, the implied parameter is field

The autonomous system number will be written as <as>.asn, and organization name as <as>.org.

Examples

It's possible to execute this query function without giving any parameters. It will assume the default values: ip for input parameter; and _asn for the name of the resulting field.

humio
asn()

The result will be that ip.asn and ip.org are added to the selected events.

Based on the field address, the fields address.asn and address.org are added to the event.

humio
asn(field=address)

Based on the field ip, the fields address.asn and address.org are added to the event.

humio
asn(as=address)