Skip to main content
Sumo Logic

ASN Lookup

availability_all_except_free.png

Sumo Logic can lookup an Autonomous System Number (ASN) and organization name by an IP address. Any IP addresses that don't have an ASN will return null values. 

Syntax

The ASN Lookup operator uses lookup with a specific path, asn://default, to provide the ASN and associated organization.

  • lookup [asn, organization] from asn://default on ip=<ip_address>
Optional lookup fields Description
asn Autonomous System Number
organization Autonomous System Organization Name

Example

The following query references a data stream with IPv4 addresses, parses those IPv4 addresses, and then uses ASN Lookup to retrieve their autonomous system information. 

_sourceCategory=stream "remote_ip="
| parse regex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
| lookup organization, asn from asn://default on ip = ip