Document toolboxDocument toolbox

Equal - case insensitive (eqic)

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: May 13, 2024 by Borja Moro Moreno
2 min read
[ 1 Description ] [ 2 How does it work in the search window? ] [ 3 How does it work in LINQ? ]

Description

You can apply this operation either as a Filter or Create field operation:

Filter

Compares two strings and returns only the events where both values are exactly the same, ignoring case.

Create field

Compares two strings of the same type and creates a Boolean field that shows true when both strings are exactly the same, ignoring case.

Use the Equal (eq, =) operation if you need to discriminate between uppercase and lowercase letters.

How does it work in the search window?

Select Filter / Create field in the search window toolbar, then select the Equal - case insensitive operation. You need to specify two arguments:

Argument

Data type

Argument

Data type

Value mandatory

string

is equal (ignoring case) to mandatory

string

If you use the Create field operation, the data type of the values in the new field is boolean (true or false).

Example

In the siem.logtrust.web.activity table, we want to get only the events with method GET. To do it, we will apply a Filter using the Equal - case insensitive operation.

Active case insensitive

Some operations have a case sensitive and a case insensitive version, for example, Contains - case insensitive (weakhas) and Contains (has, ->). Use these options to display only the sensitive or insensitive versions of these operations, or choose all to show both versions. Operations that don't have a sensitive and insensitive version will be visible regardless of the option selected.

The arguments needed are:

  • Value - method field

  • is equal (ignoring case) to - Click the pencil icon and enter get or GET. Since this operation is case insensitive, the filter will return the same results with both values.

Click Filter and you will see the following result:

 

Click Create field and follow the same steps to add a new Boolean field that shows true when the method of the event is GET.

How does it work in LINQ?

Use the operator where...  to apply the Filter operation and select... as...  to apply the Create field operation. These are the valid formats of the Equal - case insensitive operation:

  • eqic(string1, string2)

Examples

You can copy the following LINQ script and try the above example on the demo.ecommerce.data table:

from siem.logtrust.web.activity where eqic(method, "get")

And this is the same example using the Create field operation:

from siem.logtrust.web.activity select eqic(method, "get") as get_method