Solved: Case-insensitve sort

atornes · ‎09-12-2012

Is there a way that I can sort some data alphabetically where the values are case insensitive? Currently, it sorts all lowercase values alphabetically first, then all of the capitalized values alphabetically after. I want them intermingled so a term like "cat", "Cat", "dog" or are intermingled based on another field rather than being sorted as "cat", "dog", "Cat"

ayme · ‎09-12-2012

... | eval pet=lower(pet) | sort - pet

View solution in original post

Ayn · ‎09-12-2012

A somewhat ugly but working way of doing this would be to write a new hidden field with just lowercase versions of the values and then sort by this field, but show the "original" field in the results:

... | eval _sortfield=lower(yourmixedcasefield) | table yourmixedcasefield _sortfield | sort _sortfield

Micheal_S · ‎07-07-2022

Ran into this yesterday and this is exactly what I needed. Thank you.

helge · ‎02-13-2015

This works, but as you mentioned it is ugly. Especially since you need to make the search even longer by removing _sortfield or it will show up in the table:
| fields - _sortfield

ayme · ‎09-12-2012

... | eval pet=lower(pet) | sort - pet

helge · ‎02-13-2015

This should really be possible out of the box without resorting to this ugly hack.

Case-insensitve sort

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update