Equal - case insensitive (eqic)
Description
You can apply this operation either as a Filter or Create column operation:
Filter | Compares two strings and returns only the events where both values are exactly the same, ignoring case. |
---|---|
Create column | Compares two strings of the same type and creates a Boolean column that shows true when both strings are exactly the same, ignoring case. |
Use the Equal (eq, =) operation if you need to discriminate between uppercase and lowercase letters.
How does it work in the search window?
Select Filter / Create column in the search window toolbar, then select the Equal - case insensitive operation. You need to specify two arguments:
Argument | Data type |
---|---|
Value mandatory | string |
is equal (ignoring case) to mandatory | string |
If you use the Create field operation, the data type of the values in the new column is boolean (true or false).
Example
In the demo.ecommerce.data
table, we want to get only the events with method GET. To do it, we will apply a Filter using the Equal - case insensitive operation.
Active case insensitive
Some operations have a case sensitive and a case insensitive version, for example, Contains - case insensitive (weakhas) and Contains (has, ->). Use these options to display only the sensitive or insensitive versions of these operations, or choose all to show both versions. Operations that don't have a sensitive and insensitive version will be visible regardless of the option selected. You can select the default option in your User preferences, and Admin users can do the same for all the users in the domain in their Domain preferences.
The arguments needed are:
Value - method field
is equal (ignoring case) to - Click the pencil icon and enter get or GET. Since this operation is case insensitive, the filter will return the same results with both values.
Click Filter and you will see the following result:
Click Create field and follow the same steps to add a new Boolean field that shows true when the method of the event is GET.
How does it work in LINQ?
Use the operator where
... to apply the Filter operation and select
... as
... to apply the Create column operation. These are the valid formats of the Equal - case insensitive operation:
eqic(string1, string2)
Examples
You can copy the following LINQ script and try the above example on the demo.ecommerce.data
 table:
from siem.logtrust.web.activity
where eqic(method, "get")
And this is the same example using the Create column operation:
from siem.logtrust.web.activity
select eqic(method, "get") as get_method