Splunk Search

Eval to convert IPv6 - to IPv4 Dotted decimal format

Explorer

I've found many samples of how to convert an IPv4 to many different formats but I can't seem to locate one to convert an IPv6 address to IPv4 - Dotted decimal format.

Can anyone help?

Thanks,
Robert

0 Karma

New Member

There is an RFC related to this. https://tools.ietf.org/html/rfc6144 which speaks of

IPv4-translatable addresses: IPv6 addresses to be assigned to IPv6
nodes for use with stateless translation. They have an explicit
mapping relationship to IPv4 addresses. A stateless translator
uses the corresponding IPv4 addresses to represent the IPv6
addresses. A stateful translator does not use this kind of
addresses, since IPv6 hosts are represented by the IPv4 address
pool in the translator via dynamic state.

0 Karma

SplunkTrust
SplunkTrust

Splunk has built-in functions to convert hexadecimal to decimal: http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/ConversionFunctions#tonumber.28NUM...
Using that, you can build whatever representation you like for IP addresses.

I can't help you with how to write the eval until you let me know how you'd like the lossy conversion from IPv6 to IPv4 to look like - keep in mind, IPv6 addresses are 128bit while IPv4 ones are only 32bit.

0 Karma