asn( ) Query Function

Determines the autonomous system (AS) number and AS organization associated with a given IP address.

If an AS number associated with an IP address is found it is added as <as>.asn and if an associated AS organization is found for the AS number it is added as <as>.org where <as> is the value of the as() parameter.

Humio includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com - by default the database is automatically updated if the cluster is running with a valid Humio license. See MaxMind documentation for more information.

Parameters

Name Type Required Default Description
field string No ip The field with an IP address for which to get the AS number.
as string No _avg Name prefix of fields added by this function. Defaults to the input field. The AS number will be written as <as>.asn and the organization name will be written as <as>.org.

field is the unnamed parameter.

Examples

Based on the field ip, the fields ip.asn and ip.org are added to the event.

asn()

Based on the field address, the fields address.asn and address.org are added to the event.

asn(field=address)

Based on the field ip, the fields address.asn and address.org are added to the event.

asn(as=address)