Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to convert an IP address in hex format to ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to convert an IP address in hex format to a normal IP address?
srinathd
Contributor
02-10-2016
01:12 AM
How do I convert an IP address in hex format "00000000000000000000FFFF0A15856E" into a normal dotted IP address
I tried like this, but it is not giving correct address:
| eval x="00000000000000000000FFFF0A15856E" | eval IP_ADDR1=tonumber(x,16) | table IP_ADDR1 | eval firstoctet = floor(IP_ADDR1/pow(256,3)) |
eval IP_ADDR1 = IP_ADDR1-(firstoctet*pow(256,3)) |
eval secondoctet = floor(IP_ADDR1/pow(256,2)) |
eval IP_ADDR1 = IP_ADDR1-secondoctet*pow(256,2) |
eval thirdoctet = floor(IP_ADDR1/pow(256,1)) |
eval IP_ADDR1 = IP_ADDR1-thirdoctet*pow(256,1) |
eval SRC_IP = firstoctet+"."+secondoctet+"."+thirdoctet+"."+IP_ADDR1 | table SRC_IP
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
02-11-2016
01:35 PM
Seems like there are junk characters added. Give something like this a try, considering only last 8 characters to ip conversion
| gentimes start=-1 | eval Reason="00000000000000000000FFFF0A15856E" | table Reason| rex field=Reason "(?<d1>\S{2})(?<d2>\S{2})(?<d3>[0-9A-F]{2})(?<d4>\S{2})$" | eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
erritesh17
Path Finder
02-10-2016
02:37 AM
As you asked a question to convert decimal ipaddress to normal ipaddress, you can use the following query and check it:
index=* or your base search here | rex "(?i)(?[0-9A-F]{2})(?[0-9A-F]{2})(?[0-9A-F]{2})(?[0-9A-F]{2})" | eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinathd
Contributor
02-11-2016
12:45 PM
From database i am fetching ipaddress which is in binary format. so i have used HEX(ipaddr,16) to convert binary to HEX in database query. Then In splunk i am trying to convert this ipaddress to decimal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jplumsdaine22
Influencer
02-10-2016
02:03 AM
That does not look like an IPv4 address - There should be only 8 hex digits in an IP address
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinathd
Contributor
02-11-2016
12:44 PM
From database i am fetching ipaddress which is in binary format. so i have used HEX(ipaddr,16) to convert binary to HEX in database query. Then In splunk i am trying to convert this ipaddress to decimal.
Get Updates on the Splunk Community!
Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...
This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Splunk Community Badges!
Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
