Extract and convert domains and IP addresses from server logs
When you're managing servers and analyzing logs, domain names and IP addresses scatter throughout access logs, firewall rules, DNS queries, and network traces. Finding them manually is tedious, converting between formats is error-prone, and figuring out which IPs belong to the same subnet requires calculation. TextArray gives you fast, accurate tools to extract what matters and work with the formats your scripts expect—all in your browser, with nothing leaving your machine.
Extract domains from server logs
Log files often contain domain names buried among timestamps, status codes, and other noise. The domain extractor reads raw log text and pulls out every valid domain, whether they're FQDNs, subdomains, or single-label hosts. Paste an Apache access log, a mail server log, or a firewall audit trail, and it surfaces all the domains in seconds. The output is line-separated, making it trivial to feed into further analysis or de-duplication. This is especially useful when analyzing HTTP headers, email logs, or DNS queries where domain names may appear in different contexts and formats.
Extract IP addresses from text
IP addresses are scattered across network logs, configuration files, and diagnostic output. Rather than grepping manually and sorting through false positives, use the IP extractor to pull every valid IPv4 and IPv6 address in one pass. Paste a syslog dump, a tcpdump transcript, or a firewall rule export, and it extracts clean, line-separated addresses ready for classification or blocking. The tool handles both standard dotted-decimal notation and other representations, catching addresses that simple regex patterns might miss.
Convert between IP formats
Network tools speak different languages: some expect CIDR notation, others want binary or decimal ranges, and scripts might require specific formats. The IP converter transforms addresses between common representations—decimal, hexadecimal, binary, and CIDR—so your output feeds your automation without manual translation. Paste an IP, choose the target format, and copy the result directly into your tool chain. This is invaluable when working with legacy systems, cloud provider APIs, or custom security tools that require non-standard address formats.
Calculate subnet ranges and network sizes
Understanding which addresses belong to the same network is essential for firewall policy, access control, and route summarization. The IP subnet calculator takes a network address and mask and computes the broadcast address, usable range, and network size. Feed it a CIDR block like 192.168.1.0/24, and it tells you immediately that you have 254 usable hosts, or expand a larger allocation across your organization's subnets. For supernetting scenarios, where you need to combine multiple subnets into a larger block, the calculator helps you find the right aggregated range and mask.
Handling IPv6 and modern network formats
As IPv6 adoption grows, logs increasingly mix IPv4 and IPv6 addresses side by side. The extraction and conversion tools handle both formats transparently, so you don't need separate workflows for legacy and modern infrastructure. IPv6 addresses use a different notation—colon-separated hexadecimal groups like 2001:db8::1—and the tools recognize and preserve them correctly. This matters when parsing cloud logs, containerized environments, or any infrastructure built for dual-stack networking. When you paste mixed logs, both formats come out clean and ready to use.
Typical workflow: parsing a firewall log
Here's how it works in practice: your firewall exports a log with dozens of lines. Paste it into the domain extractor to find all the hostnames triggering rules, then feed those into your DNS or threat-intelligence system. Extract the IPs in parallel, convert any that are in decimal format to standard dotted-decimal notation using the IP converter, and pass them through the subnet calculator to see which subnets are most active. The entire workflow runs offline, takes seconds, and requires no API keys or external dependencies. You can then pivot between the extracted domains and IPs to build a complete picture of which external systems are communicating with your network.
Security analysis and threat intelligence
When investigating suspicious activity, you need to rapidly extract and categorize network indicators. Extract all IPs and domains from your logs, then check them against threat feeds or internal blocklists. The domain extractor and IP extractor give you clean, deduplicated lists ready for import into security tools. Because processing happens locally, you can work with sensitive incident-response data without worrying about where it's sent. The subnet calculator helps you identify if compromised hosts share infrastructure or block addresses that span multiple threat actors.
Privacy and local processing
These tools run entirely in your browser—your log files, server addresses, and network data never leave your machine. No upload to a server, no account, no tracking. If your network drops, they keep working. If you're handling sensitive logs or compliance-critical information, local processing means zero risk of accidental exposure or third-party access. This is especially important in regulated industries where network data handling is tightly governed.
Built for network operations
Whether you're auditing logs, writing automation, troubleshooting connectivity, or responding to security incidents, having fast, local tools for domain and IP work saves time and cuts error. No learning curve, no signup—open TextArray, paste your data, and get results in seconds.