Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Compare case-sensitivity of fields

tb5821
Communicator
‎03-24-2020 02:02 PM

I'm using a rex to extract a field called field1 from my search... how do I take all the results of field1 and call out if they match on case or not? ie 

_time   abc_123  
_time   ABC_123

_time   def_123
_time   def_123

first example I'd want to say there's a case diff while the second example is fine since the case's match

0 Karma
Reply

woodcock
Esteemed Legend
‎03-24-2020 04:56 PM

The easiest thing is to do this:

... | eval field1lower=lower(field1)
| stats values(field1) values(field1lower) dc(field1) dc(field1lower)

You can also use the ignore-case modifier (?i) for any RegEx.

0 Karma
Reply

to4kawa
Ultra Champion
‎03-24-2020 02:45 PM

try (?i) option

https://www.pcre.org/original/doc/html/pcrepattern.html#SEC13

0 Karma
Reply

tb5821
Communicator
‎03-24-2020 03:24 PM

sorry not the regex - I already got the field reguardless of case but now I need to compare them ....

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...