- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to replace letters with numbers in a string
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to convert a long hexadecimal number (md5) to decimal.
Unfortunately md5_number = tonumber(md5_string,16) does not seem to work, perhaps due to the number's length.
So I thought I would replace respective letters in the md5 string with numbers. "a" to 10, "b" to 11 ... "f" to 16. The correctness of the final number does not play a role as I only need it to compare two neighboring events using "delta" function, so I need decimal numbers for that purpose.
Unfortunately I am unable to do it using replace or rex in sed mode.
Example md5 hash: 6c17f73c47a12dcf494cd95e3e8bd490
Any help will be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A crude way, but should work
(splitting first 8 characters and converting to number and then next 8 chars and converting and then concatenating both)
| stats count as echo | eval decimal = tostring(tonumber(substr("D431F2404CA13E22594E5C8B04D3BBB8",1,8),16)) + tostring(tonumber(substr("D431F2404CA13E22594E5C8B04D3BBB8",9,8),16))| fields decimal
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A crude way, but should work
(splitting first 8 characters and converting to number and then next 8 chars and converting and then concatenating both)
| stats count as echo | eval decimal = tostring(tonumber(substr("D431F2404CA13E22594E5C8B04D3BBB8",1,8),16)) + tostring(tonumber(substr("D431F2404CA13E22594E5C8B04D3BBB8",9,8),16))| fields decimal
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks!
I actually managed to achieve my goal by writing a rather lenghty nested replace function:
tonumber(replace(replace(replace(replace(replace(replace(log_msg_hash,"a","10"),"b","11"),"c","12"),"d","13"),"e","14"),"f","15"))
It doesn't calculate the number properly but it does create SOME decimal number which primarly was my goal.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try creating a custom command and implement your own logic in python to achieve your requirement
http://docs.splunk.com/Documentation/Splunk/6.0.8/AdvancedDev/SearchScripts
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think I would be able to do it since I'm using Web Splunk and have no access to commands.conf. I'm pretty sure one can do it with rex sed, but my level of expertise is not sufficient and I couldn't find any examples that would suit my need.
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
