How to Make Search String Case Sensitive in Splunk
In this post we are going to share how to make search string case sensitive in Splunk. There are two ways by which you can make search string case sensitive :
Process 1:
By the search command in Splunk you can easily make a search string case sensitive. Below we have given the queries :
Query 1:
Find a search string which is in Upper-Case
index=”test” sourcetype=”testlog”
| search CASE(ABHAY)
Result:
Explanation :
In the above query test is the index name and sourcetype name is testlog. We have used CASE function with search command to make the search string case sensitive. Here by the search command we are getting only those events where given search string(ABHAY) is in Upper-Case .
****************************************************************************
Query 2:
Find a search string which is in Lower-Case
index=”test” sourcetype=”testlog”
| search CASE(abhay)
Result:
Explanation :
In the above query test is the index name and sourcetype name is testlog. We have used CASE function with search command to make the search string case sensitive. Here by the search command we are getting only those events where given search string(abhay) is in Lower-Case .
***********************************************************************************
Process 2:
By the regex command in splunk you can easily make a search string case sensitive. Below we have given the queries :
Query 1:
Find a search string which is in Upper-Case
index=”test” sourcetype=”testlog”
| regex “(?=ABHAY)”
Result:
Explanation :
In the above query test is the index name and sourcetype name is testlog. With the help of regex command we can perfectly match the search string (ABHAY) which is in Upper-Case . We have used “?” sign for perfect matching. At last we are getting only those events where given search string(ABHAY) is in Upper-Case .
********************************************************************************
Query 2:
Find a search string which is in Lower-Case
index=”test” sourcetype=”testlog”
| regex “(?=abhay)”
Result:
Explanation :
In the above query test is the index name and sourcetype name is testlog. With the help of regex command we can perfectly match the search string (abhay) which is in Lower-Case. We have used “?” sign for perfect matching. At last we are getting only those events where given search string(abhay) is in Lower-Case .
Hope this has helped you in achieving the below requirement without fail :
How to Make Search String Case Sensitive in Splunk
Happy Splunking !!
