Hello,
I'm trying to convert an hexadecimal field to base two (binary).
Let me show you an exemple :
field_hex=fffffffffffff83f
my need => 1111111111111111111111111111111111111111111111111111100000111111
Actually, I try tonumber(field_hex, 2).
I need to rex this output.
I have no idea how well this will work/scale or if it would be viable solution, but thought it worth at least throwing out there...
'| localop | stats count
| eval blah = upper("fffffffffffff83f")
| eval blah = split(blah,"")
| mvexpand blah
| eval blah=replace(blah,"1","0001")
| eval blah=replace(blah,"2","0010")
| eval blah=replace(blah,"3","0011")
| eval blah=replace(blah,"4","0100")
| eval blah=replace(blah,"5","0101")
| eval blah=replace(blah,"6","0110")
| eval blah=replace(blah,"7","0111")
| eval blah=replace(blah,"8","1000")
| eval blah=replace(blah,"9","1001")
| eval blah=replace(blah,"A","1010")
| eval blah=replace(blah,"B","1011")
| eval blah=replace(blah,"C","1100")
| eval blah=replace(blah,"D","1101")
| eval blah=replace(blah,"E","1110")
| eval blah=replace(blah,"F","1111")
| mvcombine blah
| eval blah = ltrim(mvjoin(blah,""),"0")'
Actually, I guess you don't need to do all of the mv stuff...just a bunch of replaces might work.
| localop | stats count
| eval blah = upper("fffffffffffff83f")
| eval blah=replace(blah,"1","0001")
| eval blah=replace(blah,"2","0010")
| eval blah=replace(blah,"3","0011")
| eval blah=replace(blah,"4","0100")
| eval blah=replace(blah,"5","0101")
| eval blah=replace(blah,"6","0110")
| eval blah=replace(blah,"7","0111")
| eval blah=replace(blah,"8","1000")
| eval blah=replace(blah,"9","1001")
| eval blah=replace(blah,"A","1010")
| eval blah=replace(blah,"B","1011")
| eval blah=replace(blah,"C","1100")
| eval blah=replace(blah,"D","1101")
| eval blah=replace(blah,"E","1110")
| eval blah=replace(blah,"F","1111")
| eval blah = ltrim(tostring(blah),"0")
The best approach might writing a custom lookup script, where you enter the HEX, and using a Python script returns the BIN as a string. If you look the example "external_lookup.py" inside $SPLUNK_HOME/etc/system/bin, you can see the main looping there, you could use the binascii Python library to easily convert.
Cheers
I do not fully understand what you are trying to do, but would still like to recommend https://regex101.com/ to you. You can try regular expressions pretty nicely there.
Hello,
In my log, I ve got :
09/02/15 00:00:00>1 00 00 21 00 fffffffffffff83f.
To fully stat or report this line I need to convert hex to binary :
09/02/15 00:00:00>1 00 00 21 00 1111111111111111111111111111111111111111111111111111100000111111
What I can do actually :
eval n=tonumber("3f", 16) | eval nn=tonumber("63", 10) | eval nnn=tonumber("00111111", 2) | table _raw, n, nn, nnn
=> 63, 63, 63
Hexa :
ff ff ff ff ff ff f8 3f
Decimal :
255 255 255 255 255 255 248 63
Binary :
11111111 11111111 11111111 11111111 11111111 11111111 11111000 00111111
I need to regexp Binary result.