Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to check a particular bit in a field that returns a hex value?

CYamaguchi
Engager
‎05-16-2015 08:08 AM

I have a field that returns a hex value. The value returned can be anything from 0 to FF.

We'll call this field CRAYON. If bit position 0 is a 1 (or turned on), the crayon is BLUE. If bit position 1 is on, crayon is GREEN. If bit position 2 is on, crayon is PURPLE. This goes on for each of the 8 bits with each bit representing a different color of crayon.

The program that sets CRAYON only changes a single bit at a time. When CRAYON is set to BLUE, only the bit for that position is changed. The other 7 bits can be any combination of on/off. Which is why something simple like CRAYON = 1 would not identify all blue crayons. I would only find that color when all other bits were turned off, which does not happen often. Usually, 3 or 4 bits are turned on at a time.

I need to check for each color individually based on its bit position. How can I determine the color of CRAYON when I'm given a hex value between 0 and FF? Any help is much appreciated!

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-16-2015 10:53 AM

With a bit of limboing around the lack of bitwise operations, sure.

| stats count as number | eval number = mvrange(0,256) | mvexpand number | eval n = mvrange(0,8) | mvexpand n
| eval hex = tostring(number, "hex") | eval dec = tonumber(hex, 16)
| eval nth_bit = floor(number / pow(2, n)) % 2

The first line sets up a 100% test coverage data set: 256 numbers and one row for each bit to test.
The second line shows how you can convert between hexadecimal and decimal.
The last line does the actual testing, nth_bit will be 1 iff the nth bit of number is set.

From a bitwise perspective, this is basically (number >> n) & 1

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-16-2015 10:53 AM

With a bit of limboing around the lack of bitwise operations, sure.

| stats count as number | eval number = mvrange(0,256) | mvexpand number | eval n = mvrange(0,8) | mvexpand n
| eval hex = tostring(number, "hex") | eval dec = tonumber(hex, 16)
| eval nth_bit = floor(number / pow(2, n)) % 2

The first line sets up a 100% test coverage data set: 256 numbers and one row for each bit to test.
The second line shows how you can convert between hexadecimal and decimal.
The last line does the actual testing, nth_bit will be 1 iff the nth bit of number is set.

From a bitwise perspective, this is basically (number >> n) & 1

Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...