Case insensitive search in GROK extracted field

Hi all,
I have a simple GROK extractor parsing various DATA fields, assigning custom names to each one.

In the search window, I would like to do a case insensitive search in some of these field, but I can not see how. For example, I have a field called “result” which contain the word “Accepted”. Searching for it, I need to type “result:Accepted”, because something as “result:accepted” will not work.

How can I search for “result:accepted” for any field having something like “Accepted”, “accepteD”, “accEpted”, etc?

Thanks.

You could create a custom Elasticsearch index mapping for the “result” field which applies a case-insensitive analyzer.

Hi, in Graylog documentation I read:

be extremely cautious and conservative about the custom index mappings!

So, as a new Graylog user, I wonder if I can search in case insensitive mode, rather tha store the messages themselves all lowercase. Any thoughts on that?

Thanks.

No, that’s currently not possible with Graylog.

OK. Thank you so much for the direct answer.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.