- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would like to convert my hexadecimal code to a bit value based on this calculation.
Hex code - 0002
Seperate 2 bytes each 00/02
2 Byte bitmask
Byte 0: HEX = 00 - 0000 0000
Byte 1: HEX = 02 - 0000 0010
Byte 1 Byte0 - 0000 0010 0000 0000
calculate the non zero th position values from right side
Byte combination - 0000 0010 0000 0000
Position - 9 8765 4321
At position 10, we got 1 while counting from right side. so the bit value is 9.
I need to calculate this in splunk, where the HEX_Code is the value from the lookup.
Thanks in Advance!
Happy Splunking!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@yuanliu 01100011 was _not_ hex. It was binary for 0x63. That's why I'm completely confused by
@PickleRick Lol you wouldn't believe how much time I spent trying to decipher the OP's intent from the various posted replies to everybody's attempt to help. After hours of scrolling up and down, back and forth, I distilled the instructions into the following algorithm given an even numbered HEX string, e.g., aabbcc
- Break the string into 2-HEX chunks. (OP used the term 2-bytes - I realize that is actually 4-bytes)
- Convert each chunk into binary.
- Reverse the order of the binary chunks.
- Count the positions of nonzero bits of the full reversed binary string from the right.
(As I said, I can't think of a practical purpose of this exercise. By the way, to anyone who is going to ask a question here, even though I strongly encourage describing problem without SPL first, please make the description as algorithmic as possible.) As a weird game, this applies to any even-length HEX string. Here's a sequence of up to 16 HEX characters.
| hex | padded_binary | nonzero_bits |
| 01 | 00000001 | 0 |
| 0002 | 00000010 00000000 | 9 |
| 000003 | 00000011 00000000 00000000 | 16 17 |
| 00000004 | 00000100 00000000 00000000 00000000 | 26 |
| 0000000005 | 00000101 00000000 00000000 00000000 00000000 | 32 34 |
| 000000000006 | 00000110 00000000 00000000 00000000 00000000 00000000 | 41 42 |
| 00000000000007 | 00000111 00000000 00000000 00000000 00000000 00000000 00000000 | 48 49 50 |
| 0000000000000008 | 00001000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 | 59 |
| 90000000000000 | 00000000 00000000 00000000 00000000 00000000 00000000 10010000 | 4 7 |
| a00000000000 | 00000000 00000000 00000000 00000000 00000000 10100000 | 5 7 |
| b000000000 | 00000000 00000000 00000000 00000000 10110000 | 4 5 7 |
| c0000000 | 00000000 00000000 00000000 11000000 | 6 7 |
| d00000 | 00000000 00000000 11010000 | 4 6 7 |
| e000 | 00000000 11100000 | 5 6 7 |
| f0 | 11110000 | 4 5 6 7 |
Another thing I realize is that I must handle 2-HEX (single-chunk) specially. Here is the emulation code
| makeresults format=csv data="hex
01
0002
000003
00000004
0000000005
000000000006
00000000000007
0000000000000008
90000000000000
a00000000000
b000000000
c0000000
d00000
e000
f0"
``` data emulation above ```
| eval idx = mvrange(0, len(hex) / 2)
| eval reverse2hex = mvreverse(mvmap(idx, substr(hex, idx*2 + 1, 2)))
| eval ASbinary=if(idx < 1, tostring(tonumber(reverse2hex,16),"binary"), mvmap(reverse2hex, tostring(tonumber(reverse2hex,16),"binary")))
| eval padded_binary = if(idx < 1, printf("%08d", ASbinary), mvmap(ASbinary, printf("%08d", ASbinary)))
| eval reverse_bits = mvreverse(mvmap(padded_binary, split(padded_binary, ""))), position = -1
| foreach reverse_bits mode=multivalue
[eval position = position + 1, nonzero_bits = if(<<ITEM>> == 0, nonzero_bits, mvappend(nonzero_bits, position))]
| fields hex padded_binary nonzero_bits
(Technically this works for odd number of HEX characters, too, if OP can define where to split.)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| makeresults format=csv data="bit1,bit2
0000,0002
000f,0088
00af,00de
00bd,003c"
| fields bit1 bit2
| eval bit1ASnumber=tonumber(bit1,16), bit2ASnumber=tonumber(bit2,16)
| eval bit1ASbinary=tostring(bit1ASnumber,"binary"), bit2ASbinary=tostring(bit2ASnumber,"binary")
| table bit1 bit2 bit*ASnum* bit*ASbin*
| bit1 | bit2 | bit1ASnumber | bit2ASnumber | bit1ASbinary | bit2ASbinary |
| 0000 | 0002 | 0 | 2 | 0 | 10 |
| 000f | 0088 | 15 | 136 | 1111 | 10001000 |
| 00af | 00de | 175 | 222 | 10101111 | 11011110 |
| 00bd | 003c | 189 | 60 | 10111101 | 111100 |
Ok I can get you as far as converting to binary but the results of the binary do not include leading 0's to always make an 8 character string/number. Since your example had 4 characters for the hex code those values are treated as string so first convert to a number before converting to binary as attempting to go straight will fail when your source as a mix of alphanumeric characters.
Obviously without the leading zeros when you concatenate the two values as strings you will lose some positions you need to count. Also I didn't bother with sorting out the count how many zero's right of the last occurring 1 but essentially that's what comes after inserting your leading zero's
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @dural_yyz ,
Thanks for your reply!
please look at this example as well, also we are having hex_code as a single field value, from that field we are seperating bit 1 and bit 2,
bit position of the least significant bit
Another example
Hex code - 00200100
Seperate 2 bytes each 00/20/01/00
4 Byte bitmask
Byte 0: HEX = 00 - 0000 0000
Byte 1: HEX = 20 - 0010 0000
Byte 2: HEX = 01 - 0000 0001
Byte 3: HEX = 00 - 0000 0000
Byte 3 Byte 2 Byte1 Byte 0 - 0000 0000 0000 0001 0010 0000 0000 0000
calculate the non zero th position values from right side
Byte combination - 0000 0000 0000 0001 0010 0000 0000 0000
Position - 16 13 ...9 8765 4321
At position 14 and 17, we got 1 while counting from right side. so the bit value is 13 and 16.
thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is not clear exactly what you are trying to do - is the hex code to be treated as if it is least significant byte first (left-most) and most significant byte second, but the bits in the byte are to be treated as most significant bit first (left-mode). Is that right?
Do you just want to know the bit position of the least significant bit?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ITWhisperer ,
Thanks for your time!
Here is an another example
Another example
Hex code - 00200100
Seperate 2 bytes each 00/20/01/00
4 Byte bitmask
Byte 0: HEX = 00 - 0000 0000
Byte 1: HEX = 20 - 0010 0000
Byte 2: HEX = 01 - 0000 0001
Byte 3: HEX = 00 - 0000 0000
Byte 3 Byte 2 Byte1 Byte 0 - 0000 0000 0000 0001 0010 0000 0000 0000
calculate the non zero th position values from right side
Byte combination - 0000 0000 0000 0001 0010 0000 0000 0000
Position - 16 13 ...9 8765 4321
At position 14 and 17, we got 1 while counting from right side. so the bit value is 13 and 16.
yes, bit position of the least significant bit is needed..,
Thanks in Advance!
