asn() Query Function

Determines the autonomous system (AS) number and AS organization associated with a given IP address.

If an AS number associated with an IP address is found, it is added as <as>.asn and if an associated AS organization is found for the AS number it is added as <as>.org where <as> is the value of the as() parameter.

Humio includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com—by default the database is automatically updated if the cluster is running with a valid Humio license.

Parameters

Below are the syntax parameters for the asn() function:

Name

Type

Required

Default

Description

field

string

No

ip

The field with an IP address for which to get the AS number.

as

string

No

_avg

Name prefix of fields added by this function. Defaults to input field. The AS number will be written as <as>.asn, and organization name as <as>.org.

The implied parameter is field.

Examples

Based on the field ip, the fields ip.asn and ip.org are added to the event.

humio
asn()

Based on the field address, the fields address.asn and address.org are added to the event.

humio
asn(field=address)

Based on the field ip, the fields address.asn and address.org are added to the event.

humio
asn(as=address)