Archive

How to convert Decimal IP address to dotted quad IPv4 using SPL ?

Path Finder

Hello Guys,

I'm working on Data which is exported by telecom devices and IPs is exported in Decimal format as 170468155

can you help to convert this to normal dotted quad IP format xxx.xxx.xxx.xxx ?

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

I tested this app, it works. It's in splunkbase
IP Format Conversion Scripted Lookup

0 Karma

Super Champion
0 Karma

Path Finder

I saw that answer before asking my question.. it's a different case

0 Karma

Super Champion

Hi @Muwafi,
If your decimal value is present in IP field then try this:

| eval ip=if(IP<1,IP+2147483648,IP) | eval aaa=floor(ip/16777216) | eval     bbb=floor((ip-aaa*16777216)/65536) | eval ccc=floor((ip-(aaa*16777216+bbb*65536))/256)| eval ddd=ip-(aaa*16777216+bbb*65536+ccc*256) | eval ipv4=tostring(aaa)+"."+tostring(bbb)+"."+tostring(ccc)+"."+tostring(ddd)

Try this run anywhere search:

|makeresults|eval IP="170468155"| eval ip=if(IP<1,IP+2147483648,IP) | eval aaa=floor(ip/16777216) | eval     bbb=floor((ip-aaa*16777216)/65536) | eval ccc=floor((ip-(aaa*16777216+bbb*65536))/256)| eval ddd=ip-(aaa*16777216+bbb*65536+ccc*256) | eval ipv4=tostring(aaa)+"."+tostring(bbb)+"."+tostring(ccc)+"."+tostring(ddd)

so for decimal val of IP="170468155" it will output as "10.41.35.59"

0 Karma

Champion

Hi,

Have you tried this?
| eval ips=tostring(ip)| eval newip=substr(ips,1,3)+"."+substr(ips,4,6)+"."+substr(ips,7,9)
Assuming your 170468155 is a field value for a field named ip

0 Karma

Path Finder

That didn't work!

0 Karma

Champion

didnt work? care to explain? can you post your event log containing your ip field?
What you are asking is very simple. I suspect we are not understanding your question completely

0 Karma

Path Finder

it's giving a wrong result

if you used this website https://www.ipaddressguide.com/ip to convert between decimal IP and dotted quad IP the result of converting 170468155 is 10.41.35.59 while your eval result is 170.468155.155

The issue is not adding the "." , it needs calculations!

0 Karma

Champion

hang on a second...this is not strictly a splunk question, what you need is the logic to convert the decimal to ip (in general mathematical terms) and then implement the same in splunk.
Do you have the maths / formula behind the conversion?
We can then try to implement the same in splunk

0 Karma

Path Finder

I don't have the formula 😞

0 Karma