Solved: Re: Are field values case sensitive?

araitz · ‎01-14-2010

Are field values case sensitive? Is this behavior the same in 3.x and 4.x versions of Splunk?

Ledion_Bitincka · ‎01-14-2010

each search operator is allowed to treat field value case sensitivity as it sees fit.

search is case insensitive 
stats is case sensitive 
sort is case sensitive

View solution in original post

khodges_splunk · ‎09-08-2011

Also, by default, values in lookup tables are case sensitive but you can change them to be case insensitive in transforms.conf.

Check out transforms.conf.spec in $SPLUNK_HOME/etc/system/README

case_sensitive_match =
* If set to false, case insensitive matching will be performed for all fields in a lookup
table
* Defaults to true (case sensitive matching)

sideview · ‎04-24-2010

Field values are not case sensitive. When searching for plain text tokens like foo, and phrase searches like "foo bar", these are are not case sensitive either.

On the other hand field names are always case sensitive, in the search command and in other commands.

eg if you have a field extracted as 'myfield', searching for myfield="bar" will work, whereas myField="bar" will not.

As far as other commands besides search, arguments and values are generally case sensitive and my advice is to assume that they are until proven otherwise.

I believe this picture was the same back in 3.X but im not positive.

Ledion_Bitincka · ‎01-14-2010

each search operator is allowed to treat field value case sensitivity as it sees fit.

search is case insensitive 
stats is case sensitive 
sort is case sensitive

Are field values case sensitive?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor