I am trying to extract a field from logs and generate report from it. Basically, I am trying to identify the authentication method.
My current search looks like -
This extracts a field called authentication_type with value password. But, it considers Password and password to be two different values. Does anyone know how can I force splunk to consider both the same values?
asked 14 Jun '11, 07:12
Splunk's search command is case insensitive. When creating a report, Splunk will consider these to be seperate values. If you want to make reporting commands insensitive to the case of a field, we can convert the field using eval and lower.
answered 14 Jun '11, 11:24