Splunk Search
Highlighted

is it an ip address or hostname

Contributor

I have a field to evaluate if the value of the field is an IP address or a hostname. if it is an IP address do something, if it is a hostname do something else.

Is there a eval function to check if field is IP or not?

Tags (2)
0 Karma
Highlighted

Re: is it an ip address or hostname

Path Finder

Could you do something like this?
| eval isLocal=if(cidrmatch("10.0.0.0/24",ip), "local", "not local")

You could try 0.0.0.0/24 and see if that matches any IP address?
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonEvalFunctions

Highlighted

Re: is it an ip address or hostname

Ultra Champion

You can do something like this:

| eval fieldX = if(match(fieldX, "^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$"), "do something", "do something else")

See: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ConditionalFunctions#match.28SUBJ...

View solution in original post

Highlighted

Re: is it an ip address or hostname

Contributor

perfect. thanks!

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.