https://community.splunk.com/t5/Splunk-Search/How-to-convert-IPV6-to-ipv4/m-p/598328#M208351 <P>&nbsp;</P><BLOCKQUOTE><HR /><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/87518">@FrankVl</a>&nbsp;wrote:<BR /><P>IPv6 is a completely different addressing scheme than IPv4. You can't translate IPv6 addresses to IPv4 addresses.</P><HR /></BLOCKQUOTE><P>In this instance im 99.999% sure he's talking about IPv4 in IPv6 and converting it back to IPv4. So Yes. But no. We're dealing with this right now (we're are borg, you will be assimilated). IPv6 is not IPv4 but IPv6 can encapsulate (thats the word i chose, deal with it <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span> ) IPv4. Salesforce does this. You get something like ...</P><P><EM>0000:0000:0000:0000:0000:ffff:<STRONG>abcd:ef01</STRONG></EM></P><P>in this example&nbsp;<STRONG>ab</STRONG> is first octet,&nbsp;<STRONG>cd</STRONG> is second,&nbsp;<STRONG>ef</STRONG> is third,&nbsp;and&nbsp;<STRONG>01</STRONG> is fourth.&nbsp;you have a couple of options for dealing with this but all of them <EM><STRONG>start with an extract of the octets</STRONG></EM>&nbsp; and then involve an&nbsp;<STRONG>EVAL-</STRONG> that puts them back together. The only difference is that instead of doing a&nbsp;<EM>tonumber()</EM> repeatedly, you could add the option of using a lookup table instead which may save some processing power for LISPY (or not given all the extra steps; i have no idea).</P><P>The easiest option after&nbsp;<STRONG>EXTRACT</STRONG>ing out the octets is...</P><PRE>EVAL-ipaddr = tonumber(hex_value, oct1)+"."+tonumber(hex_value, oct2)+"."+tonumber(hex_value, oct3)+"."tonumber(hex_value, oct4)</PRE><P>If someone has a better way, i'd love to hear it. If not please accept this answer so i get coolness points.&nbsp;</P> Wed, 18 May 2022 15:22:48 GMT jamesjarrett 2022-05-18T15:22:48Z https://community.splunk.com/t5/Splunk-Search/How-to-convert-IPV6-to-ipv4/m-p/480483#M193012 <P>Among the data stored in splunk is in ipv6 format. I want to know how to convert the ipv6 format to the ipv4 format. In addition, ipv6 format to ipv4 format would like to know how to convert when reading know file.</P> Wed, 18 May 2022 16:24:24 GMT https://community.splunk.com/t5/Splunk-Search/How-to-convert-IPV6-to-ipv4/m-p/480483#M193012 khyoung7410 2022-05-18T16:24:24Z https://community.splunk.com/t5/Splunk-Search/How-to-convert-IPV6-to-ipv4/m-p/480484#M193013 <P>IPv6 is a completely different addressing scheme than IPv4. You can't translate IPv6 addresses to IPv4 addresses.</P> <P>The only thing I can think of is that you have IPv4 addresses in this notation: <CODE>::ffff:10.0.0.1</CODE>. If that is the case, you can simply strip off the <CODE>::ffff:</CODE> bit with whatever approach suits you.</P> <P>Maybe I'm missing something, but then please explain a bit further what issue you have and what you want to achieve. Some sample data is always helpful for improving our understanding of your question.</P> Mon, 11 Nov 2019 09:37:20 GMT https://community.splunk.com/t5/Splunk-Search/How-to-convert-IPV6-to-ipv4/m-p/480484#M193013 FrankVl 2019-11-11T09:37:20Z https://community.splunk.com/t5/Splunk-Search/How-to-convert-IPV6-to-ipv4/m-p/598328#M208351 <P>&nbsp;</P><BLOCKQUOTE><HR /><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/87518">@FrankVl</a>&nbsp;wrote:<BR /><P>IPv6 is a completely different addressing scheme than IPv4. You can't translate IPv6 addresses to IPv4 addresses.</P><HR /></BLOCKQUOTE><P>In this instance im 99.999% sure he's talking about IPv4 in IPv6 and converting it back to IPv4. So Yes. But no. We're dealing with this right now (we're are borg, you will be assimilated). IPv6 is not IPv4 but IPv6 can encapsulate (thats the word i chose, deal with it <span class="lia-unicode-emoji" title=":grinning_face_with_smiling_eyes:">😄</span> ) IPv4. Salesforce does this. You get something like ...</P><P><EM>0000:0000:0000:0000:0000:ffff:<STRONG>abcd:ef01</STRONG></EM></P><P>in this example&nbsp;<STRONG>ab</STRONG> is first octet,&nbsp;<STRONG>cd</STRONG> is second,&nbsp;<STRONG>ef</STRONG> is third,&nbsp;and&nbsp;<STRONG>01</STRONG> is fourth.&nbsp;you have a couple of options for dealing with this but all of them <EM><STRONG>start with an extract of the octets</STRONG></EM>&nbsp; and then involve an&nbsp;<STRONG>EVAL-</STRONG> that puts them back together. The only difference is that instead of doing a&nbsp;<EM>tonumber()</EM> repeatedly, you could add the option of using a lookup table instead which may save some processing power for LISPY (or not given all the extra steps; i have no idea).</P><P>The easiest option after&nbsp;<STRONG>EXTRACT</STRONG>ing out the octets is...</P><PRE>EVAL-ipaddr = tonumber(hex_value, oct1)+"."+tonumber(hex_value, oct2)+"."+tonumber(hex_value, oct3)+"."tonumber(hex_value, oct4)</PRE><P>If someone has a better way, i'd love to hear it. If not please accept this answer so i get coolness points.&nbsp;</P> Wed, 18 May 2022 15:22:48 GMT https://community.splunk.com/t5/Splunk-Search/How-to-convert-IPV6-to-ipv4/m-p/598328#M208351 jamesjarrett 2022-05-18T15:22:48Z