Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ip2decimal command is exist. Is decimal2ip command exist?

joy76
Path Finder
‎10-11-2011 06:59 PM

Hi~

ip2decimal command is exist. Is decimal2ip command exist?

example>

  • | eval foo="210.192.120.23" | ip2decimal | table ipdecimal

result>>>> ipdecimal=2130706433

I want convert decimal_ip to dot_ip
"2130706433" >>> "210.192.120.23"

I will try to make a user command by python.

take care.

Tags (2)
0 Karma
Reply

magnusmolbach
Explorer
‎11-17-2016 06:14 AM

Hi!
You could add this in props.conf (this is two lines, one for DestinationIP-field and one for ClientIP;

EVAL-dst = if(DestinationIP!=0,tostring(floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216))+"."+tostring(floor((if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)-floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216)*16777216)/65536))+"."+tostring(floor((if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)-(floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216)*16777216+floor((if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)-floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216)*16777216)/65536)*65536))/256))+"."+tostring(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)-(floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216)*16777216+floor((if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)-floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216)*16777216)/65536)*65536+floor((if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)-(floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216)*16777216+floor((if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)-floor(if(DestinationIP<1,DestinationIP+2147483648,DestinationIP)/16777216)*16777216)/65536)*65536))/256)*256)),0)

EVAL-src = if(ClientIP!=0,tostring(floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216))+"."+tostring(floor((if(ClientIP<1,ClientIP+2147483648,ClientIP)-floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216)*16777216)/65536))+"."+tostring(floor((if(ClientIP<1,ClientIP+2147483648,ClientIP)-(floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216)*16777216+floor((if(ClientIP<1,ClientIP+2147483648,ClientIP)-floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216)*16777216)/65536)*65536))/256))+"."+tostring(if(ClientIP<1,ClientIP+2147483648,ClientIP)-(floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216)*16777216+floor((if(ClientIP<1,ClientIP+2147483648,ClientIP)-floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216)*16777216)/65536)*65536+floor((if(ClientIP<1,ClientIP+2147483648,ClientIP)-(floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216)*16777216+floor((if(ClientIP<1,ClientIP+2147483648,ClientIP)-floor(if(ClientIP<1,ClientIP+2147483648,ClientIP)/16777216)*16777216)/65536)*65536))/256)*256)),0)

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎10-11-2011 10:36 PM

First of all, your math seems to be wrong. I don't really know what you're trying to convert, but I don't see how an IP of 210.192.120.23 converts to 2130706433. I could see it converting to hex 0xd2c07817, which is decimal 3535829015. Assuming that's what you're working with, you could simply do:

... | eval ipdecimal=3535829015 | eval ip=(floor(ipdecimal/16777216)%256).".".(floor(ipdecimal/65536)%256).".".(floor(ipdecimal/256)%256).".".(ipdecimal%256)

And really, the ip2decimal command is a waste of time. It is much more efficient in Splunk to simply do:

... | eval ip="210.192.120.23" | eval ipmv=split(ip,".") | eval ipdecimal=(mvindex(ipmv,0)*16777216)+(mvindex(ipmv,1)*65536)+(mvindex(ipmv,2)*256)+mvindex(ipmv,3)
Reply

joy76
Path Finder
‎10-11-2011 11:43 PM

Thanks a lot for you help.
I solved problem for your advice.
P.S.
this is correct.
... | eval ip="210.192.120.23" | eval ipdecimal=(tonumber(mvindex(ipmv,0),10)*16777216)+(tonumber(mvindex(ipmv,1),10)*65536)+(tonumber(mvindex(ipmv,2),10)*256)+tonumber(mvindex(ipmv,3),10)

I appreciate that your help again.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...