Solved: What is the best way to count case sensitive chara...

Mr_Forensics · ‎05-27-2022

Hello Team,

I am interested in determining the best way to count the number of case sensitive letters and special characters for each value.

Examples:

- PoWERshell = 4 uppercase and 6 lowercase and 0 special characters

- Powershell = 1 uppercase and 9 lowercase and 0 special characters

- Power`SHell = 3 uppercase and 7 lowercase and 1 special charater

For each value in the same field, is it possible to count this and create a field value pair for it?

The desired table would be the following fields:

(Original Feild value) (count of uppercase letters) (count of lower case letters) (special characters count)

Example output: Power`Shell --- 2--- 8---1

ITWhisperer · ‎05-27-2022

Here is one way

| rex max_match=0 "(?<upper>[A-Z])"
| rex max_match=0 "(?<lower>[a-z])"
| eval count_upper=mvcount(upper)
| eval count_lower=mvcount(lower)
| eval count_special=len(_raw)-count_upper-count_lower

View solution in original post

ITWhisperer · ‎05-27-2022

Here is one way

| rex max_match=0 "(?<upper>[A-Z])"
| rex max_match=0 "(?<lower>[a-z])"
| eval count_upper=mvcount(upper)
| eval count_lower=mvcount(lower)
| eval count_special=len(_raw)-count_upper-count_lower

What is the best way to count case sensitive characters in a value?

stats

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

What is the best way to count case sensitive characters in a value?

stats

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine