Latest Version 0.2.0
January 22, 2021
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
IP Format Conversion Scripted Lookup
Splunk's built-in eval command can be used to perform IP address format conversion, however it's a complex and messy process that doesn't lend itself well to the mapping of IP address fields to the Common Information Model (CIM). This app provides an 'ipconvert' scripted lookup for converting IP addresses to and from an integer. With this app installed on the search head you can create a props.conf stanza to automatically convert an integer format IP address to a CIM-normalised string IP address field:
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Splunk's built-in eval command can be used to perform IP address format conversion, however it's a complex and messy process that doesn't lend itself well to the mapping of IP address fields to the Common Information Model (CIM). This app provides an 'ipconvert' scripted lookup for converting IP addresses to and from an integer. With this app installed on the search head you can create a props.conf stanza to automatically convert an integer format IP address to a CIM-normalised string IP address field:
LOOKUP-example_src_ip = ipconvert integerfield AS ip_src OUTPUT stringfield AS src_ip
The lookup can also be used in-line with SPL. For example:
| stats count | eval src_ip_int="3232235521" | lookup ipconvert integerfield AS src_ip_int OUTPUT stringfield AS src_ip
Categories
Created By
Doug Brown
Type
addon
Downloads
848
Licensing
Splunk Answers
Resources
Log in to report this app listing