Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to convert an IP address in hex format to a no...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to convert an IP address in hex format to a normal IP address?
srinathd
Contributor
02-10-2016
01:12 AM
How do I convert an IP address in hex format "00000000000000000000FFFF0A15856E" into a normal dotted IP address
I tried like this, but it is not giving correct address:
| eval x="00000000000000000000FFFF0A15856E" | eval IP_ADDR1=tonumber(x,16) | table IP_ADDR1 | eval firstoctet = floor(IP_ADDR1/pow(256,3)) |
eval IP_ADDR1 = IP_ADDR1-(firstoctet*pow(256,3)) |
eval secondoctet = floor(IP_ADDR1/pow(256,2)) |
eval IP_ADDR1 = IP_ADDR1-secondoctet*pow(256,2) |
eval thirdoctet = floor(IP_ADDR1/pow(256,1)) |
eval IP_ADDR1 = IP_ADDR1-thirdoctet*pow(256,1) |
eval SRC_IP = firstoctet+"."+secondoctet+"."+thirdoctet+"."+IP_ADDR1 | table SRC_IP
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
02-11-2016
01:35 PM
Seems like there are junk characters added. Give something like this a try, considering only last 8 characters to ip conversion
| gentimes start=-1 | eval Reason="00000000000000000000FFFF0A15856E" | table Reason| rex field=Reason "(?<d1>\S{2})(?<d2>\S{2})(?<d3>[0-9A-F]{2})(?<d4>\S{2})$" | eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
erritesh17
Path Finder
02-10-2016
02:37 AM
As you asked a question to convert decimal ipaddress to normal ipaddress, you can use the following query and check it:
index=* or your base search here | rex "(?i)(?[0-9A-F]{2})(?[0-9A-F]{2})(?[0-9A-F]{2})(?[0-9A-F]{2})" | eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinathd
Contributor
02-11-2016
12:45 PM
From database i am fetching ipaddress which is in binary format. so i have used HEX(ipaddr,16) to convert binary to HEX in database query. Then In splunk i am trying to convert this ipaddress to decimal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jplumsdaine22
Influencer
02-10-2016
02:03 AM
That does not look like an IPv4 address - There should be only 8 hex digits in an IP address
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinathd
Contributor
02-11-2016
12:44 PM
From database i am fetching ipaddress which is in binary format. so i have used HEX(ipaddr,16) to convert binary to HEX in database query. Then In splunk i am trying to convert this ipaddress to decimal.
Get Updates on the Splunk Community!
Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside
Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Splunk App Dev Community Updates – What’s New and What’s Next
Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...
The Latest Cisco Integrations With Splunk Platform!
Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
