Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to check a particular bit in a field that returns a hex value?

CYamaguchi
Engager
‎05-16-2015 08:08 AM

I have a field that returns a hex value. The value returned can be anything from 0 to FF.

We'll call this field CRAYON. If bit position 0 is a 1 (or turned on), the crayon is BLUE. If bit position 1 is on, crayon is GREEN. If bit position 2 is on, crayon is PURPLE. This goes on for each of the 8 bits with each bit representing a different color of crayon.

The program that sets CRAYON only changes a single bit at a time. When CRAYON is set to BLUE, only the bit for that position is changed. The other 7 bits can be any combination of on/off. Which is why something simple like CRAYON = 1 would not identify all blue crayons. I would only find that color when all other bits were turned off, which does not happen often. Usually, 3 or 4 bits are turned on at a time.

I need to check for each color individually based on its bit position. How can I determine the color of CRAYON when I'm given a hex value between 0 and FF? Any help is much appreciated!

Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-16-2015 10:53 AM

With a bit of limboing around the lack of bitwise operations, sure.

| stats count as number | eval number = mvrange(0,256) | mvexpand number | eval n = mvrange(0,8) | mvexpand n
| eval hex = tostring(number, "hex") | eval dec = tonumber(hex, 16)
| eval nth_bit = floor(number / pow(2, n)) % 2

The first line sets up a 100% test coverage data set: 256 numbers and one row for each bit to test.
The second line shows how you can convert between hexadecimal and decimal.
The last line does the actual testing, nth_bit will be 1 iff the nth bit of number is set.

From a bitwise perspective, this is basically (number >> n) & 1

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎05-16-2015 10:53 AM

With a bit of limboing around the lack of bitwise operations, sure.

| stats count as number | eval number = mvrange(0,256) | mvexpand number | eval n = mvrange(0,8) | mvexpand n
| eval hex = tostring(number, "hex") | eval dec = tonumber(hex, 16)
| eval nth_bit = floor(number / pow(2, n)) % 2

The first line sets up a 100% test coverage data set: 256 numbers and one row for each bit to test.
The second line shows how you can convert between hexadecimal and decimal.
The last line does the actual testing, nth_bit will be 1 iff the nth bit of number is set.

From a bitwise perspective, this is basically (number >> n) & 1

Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top