Solved: How to convert hexadecimal IP to decimal

vrmandadi · ‎09-11-2019

Hello all,
How can we convert this to regular IP?
I tried using the below search but it's not converting correctly.
Below is the sample event:

| rex "(?i)(?<d1>[0-9A-F]{2})(?<d2>[0-9A-F]{2})(?<d3>[0-9A-F]{2})(?<d4>[0-9A-F]{2})"
 | eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))

SYMNP-SMI::enterprises."9.9.42.1.3.2.1.8.13.3197256382.1.1" = "0x0aa0a04b"

poete · ‎09-11-2019

Hello @vrmandadi,

here is the solution.

| makeresults 
| eval _raw="SYMNP-SMI::enterprises.\"9.9.42.1.3.2.1.8.13.3197256382.1.1\" = \"0x0aa0a04b\""
| rex "0x(?i)(?<d1>[0-9A-F]{2})(?<d2>[0-9A-F]{2})(?<d3>[0-9A-F]{2})(?<d4>[0-9A-F]{2})"
| eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))

View solution in original post

poete · ‎09-11-2019

Hello @vrmandadi,

here is the solution.

| makeresults 
| eval _raw="SYMNP-SMI::enterprises.\"9.9.42.1.3.2.1.8.13.3197256382.1.1\" = \"0x0aa0a04b\""
| rex "0x(?i)(?<d1>[0-9A-F]{2})(?<d2>[0-9A-F]{2})(?<d3>[0-9A-F]{2})(?<d4>[0-9A-F]{2})"
| eval ip=tostring(tonumber(d1,16))+"."+tostring(tonumber(d2,16))+"."+tostring(tonumber(d3,16))+"."+tostring(tonumber(d4,16))

vrmandadi · ‎09-11-2019

Thank you very much @poete

How to convert hexadecimal IP to decimal

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability

Introducing the Splunk Community Dashboard Challenge!