Solved: How to convert an IP address to binary?

Applegreengrape · ‎04-21-2016

I need to convert an IP address to binary.

i.e. IP Address:10.171.230.151
-->10 171 230 151
-->11000000101010000000010100000000
finally it is a 32 digit binary

How can I do it with a Splunk search?

thanks

javiergn · ‎04-22-2016

Hi,

Shouldn't 10.171.230.151 be represented in binary as

00001010 . 10101011 . 11100110 . 10010111

In any case, if that is what you are trying to achieve, see if the following code helps:

| stats count
| fields - count
| eval IP = "10.171.230.151"
| eval octet = split(IP, ".")
| eval rank = split("1,2,3,4", ",")
| eval octet_rank = mvzip(rank, octet)
| fields - octet, rank
| mvexpand octet_rank
| eval octet_rank_split = split(octet_rank, ",")
| eval rank = mvindex(octet_rank_split, 0)
| eval octet = mvindex(octet_rank_split, 1)
| fields - octet_rank, octet_rank_split
| eval power = mvrange(0,8)
| mvexpand power
| eval base2 = pow(2, power)
| eval mydiv = floor(octet / base2)
| eval octet_bin = mydiv % 2
| fields - mydiv, base2
| sort limit=0 IP, rank, octet, - power
| stats list(octet_bin) as octet_bin by IP, rank, octet
| eval octet_bin = mvjoin(octet_bin, "")
| sort limit=0 IP, rank
| stats list(octet_bin) as octet_bin by IP
| eval octet_bin = mvjoin(octet_bin, ".")

Output:

IP  octet_bin
10.171.230.151  00001010.10101011.11100110.10010111

I did answer something similar in the past in case that helps too:

https://answers.splunk.com/answers/342277/is-it-possible-to-perform-bitwise-operations-on-va.html

Thanks,
J

View solution in original post

javiergn · ‎04-22-2016

Hi,

Shouldn't 10.171.230.151 be represented in binary as

00001010 . 10101011 . 11100110 . 10010111

In any case, if that is what you are trying to achieve, see if the following code helps:

| stats count
| fields - count
| eval IP = "10.171.230.151"
| eval octet = split(IP, ".")
| eval rank = split("1,2,3,4", ",")
| eval octet_rank = mvzip(rank, octet)
| fields - octet, rank
| mvexpand octet_rank
| eval octet_rank_split = split(octet_rank, ",")
| eval rank = mvindex(octet_rank_split, 0)
| eval octet = mvindex(octet_rank_split, 1)
| fields - octet_rank, octet_rank_split
| eval power = mvrange(0,8)
| mvexpand power
| eval base2 = pow(2, power)
| eval mydiv = floor(octet / base2)
| eval octet_bin = mydiv % 2
| fields - mydiv, base2
| sort limit=0 IP, rank, octet, - power
| stats list(octet_bin) as octet_bin by IP, rank, octet
| eval octet_bin = mvjoin(octet_bin, "")
| sort limit=0 IP, rank
| stats list(octet_bin) as octet_bin by IP
| eval octet_bin = mvjoin(octet_bin, ".")

Output:

IP  octet_bin
10.171.230.151  00001010.10101011.11100110.10010111

I did answer something similar in the past in case that helps too:

https://answers.splunk.com/answers/342277/is-it-possible-to-perform-bitwise-operations-on-va.html

Thanks,
J

Applegreengrape · ‎04-22-2016

wow good stuff! I will definitely try it! thannnnnks!
≧❂◡❂≦

How to convert an IP address to binary?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Are you a member of the Splunk Community?

How to convert an IP address to binary?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management