Latest Version 0.2.0
January 22, 2021
Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
This app is archived. App archiving documentation
IP Format Conversion Scripted Lookup
Splunk's built-in eval command can be used to perform IP address format conversion, however it's a complex and messy process that doesn't lend itself well to the mapping of IP address fields to the Common Information Model (CIM). This app provides an 'ipconvert' scripted lookup for converting IP addresses to and from an integer. With this app installed on the search head you can create a props.conf stanza to automatically convert an integer format IP address to a CIM-normalised string IP address field:
Built by
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Splunk's built-in eval command can be used to perform IP address format conversion, however it's a complex and messy process that doesn't lend itself well to the mapping of IP address fields to the Common Information Model (CIM). This app provides an 'ipconvert' scripted lookup for converting IP addresses to and from an integer. With this app installed on the search head you can create a props.conf stanza to automatically convert an integer format IP address to a CIM-normalised string IP address field:
LOOKUP-example_src_ip = ipconvert integerfield AS ip_src OUTPUT stringfield AS src_ip
The lookup can also be used in-line with SPL. For example:
| stats count | eval src_ip_int="3232235521" | lookup ipconvert integerfield AS src_ip_int OUTPUT stringfield AS src_ip
Categories
Utilities
Created By
Doug Brown
Type
addon
Downloads
856
Licensing
MIT(Opens new window)Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing