Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # splunk search command to give ipv4 equivalent of decimal ip field named src
- # written by: Michael Bentley (michael@bentleypc.com)
- import splunk.Intersplunk
- import splunk.mining.dcutils as dcu
- # use splunk logger (sends to _internal index)
- logger = dcu.getLogger()
- try:
- # function to covert from decimal to ipv4
- def decimalToIPv4(results):
- for result in results:
- if result["src"]: # change "src" to field name you desire if decimal ip is in different field
- decIP = int(result["src"])
- firstOctet = int(decIP/16777216)
- secondOctet = int((decIP-(firstOctet*16777216))/65536)
- thirdOctet = int((decIP-(firstOctet*16777216)-(secondOctet*65536))/ 256)
- fourthOctet = int((decIP-(firstOctet*16777216)-(secondOctet*65536)-(thirdOctet*256)))
- result["ipv4"] = str(firstOctet) + "." + str(secondOctet) + "." + str(thirdOctet) + "." + str(fourthOctet)
- return results
- # get the previous search results
- results,dummy,settings = splunk.Intersplunk.getOrganizedResults()
- # return the previous search results
- splunk.Intersplunk.outputResults(decimalToIPv4(results))
- except Exception as e:
- logger.error(e)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
