Forum Discussion
fred_efr
Microsoft
Microsoftkusto to convert an IP in a network name.
Hi Team
In the long list of data that we can gather with log analytics (MAP, .. ) we frequently have the IP address of the machine (source, destination, etc).
I would like to find a way to displa...
fred_efrMicrosoft
MicrosoftHi Clive
As expected it works very well.
I had in mind to use it in a query. Such as :
Heartbeat
|project Computer, ComputerIP, fe_countryfromip(ComputerIP)
but I get : Tabular expression is not expected in the current context
Coud you guide me to tweek the query ?
Thanks again !
fred
As expected it works very well.
I had in mind to use it in a query. Such as :
Heartbeat
|project Computer, ComputerIP, fe_countryfromip(ComputerIP)
but I get : Tabular expression is not expected in the current context
Coud you guide me to tweek the query ?
Thanks again !
fred
Thats easier outside of a function - but not quite as neat:
let IP_Data = external_data(network:string,geoname_id:long,continent_code:string,continent_name:string ,country_iso_code:string,country_name:string,is_anonymous_proxy:bool,is_satellite_provider:bool)
['https://raw.githubusercontent.com/datasets/geoip2-ipv4/master/data/geoip2-ipv4.csv']
with (ignoreFirstRecord=true, format="csv");
Heartbeat
| evaluate ipv4_lookup(IP_Data, ComputerIP,network)
| project Computer, ComputerIP, network, country_name