Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to convert an IP address in hex format to ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to convert an IP address in hex format to a normal IP address?
srinathd
Contributor
02-10-2016
01:12 AM
How do I convert an IP address in hex format "00000000000000000000FFFF0A15856E" into a normal dotted IP address
I tried like this, but it is not giving correct address:
| eval x="00000000000000000000FFFF0A15856E" | eval IP_ADDR1=tonumber(x,16) | table IP_ADDR1 | eval firstoctet = floor(IP_ADDR1/pow(256,3)) |
eval IP_ADDR1 = IP_ADDR1-(firstoctet*pow(256,3)) |
eval secondoctet = floor(IP_ADDR1/pow(256,2)) |
eval IP_ADDR1 = IP_ADDR1-secondoctet*pow(256,2) |
eval thirdoctet = floor(IP_ADDR1/pow(256,1)) |
eval IP_ADDR1 = IP_ADDR1-thirdoctet*pow(256,1) |
eval SRC_IP = firstoctet+"."+secondoctet+"."+thirdoctet+"."+IP_ADDR1 | table SRC_IP
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
02-11-2016
01:35 PM
Seems like there are junk characters added. Give something like this a try, considering only last 8 characters to ip conversion
| gentimes start=-1 | eval Reason="00000000000000000000FFFF0A15856E" | table Reason| rex field=Reason "(?<d1>\S{2})(?<d2>\S{2})(?<d3>[0-9A-F]{2})(?<d4>\S{2})$" | eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
erritesh17
Path Finder
02-10-2016
02:37 AM
As you asked a question to convert decimal ipaddress to normal ipaddress, you can use the following query and check it:
index=* or your base search here | rex "(?i)(?[0-9A-F]{2})(?[0-9A-F]{2})(?[0-9A-F]{2})(?[0-9A-F]{2})" | eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinathd
Contributor
02-11-2016
12:45 PM
From database i am fetching ipaddress which is in binary format. so i have used HEX(ipaddr,16) to convert binary to HEX in database query. Then In splunk i am trying to convert this ipaddress to decimal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jplumsdaine22
Influencer
02-10-2016
02:03 AM
That does not look like an IPv4 address - There should be only 8 hex digits in an IP address
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinathd
Contributor
02-11-2016
12:44 PM
From database i am fetching ipaddress which is in binary format. so i have used HEX(ipaddr,16) to convert binary to HEX in database query. Then In splunk i am trying to convert this ipaddress to decimal.
Get Updates on the Splunk Community!
Index This | What did the zero say to the eight?
June 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this month’s ...
Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...
This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Now Playing: Splunk Education Summer Learning Premieres
It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...
