This simple query function may be used to change the text given, by way of a field from an event or otherwise, to all lower-case letters. This is based on the presumed language, but you can set the language and locale if needed.
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
as | string | optional[a] | _lower | The name of the output field. |
field[b] | string | required | The name of the input field with the value to convert to lower-case. | |
locale | string | optional[a] | system locale | Locale to use, as ISO-639 language and an optional ISO-3166 country (e.g., en or en_US). |
type | string | optional[a] | The name of the locale to use as ISO 639 language and an ISO 3166 country. When not specified, uses the system locale. | |
[a] Optional parameters use their default value unless explicitly set | ||||
Omitted Argument NamesThe argument name for
fieldcan be omitted; the following forms of this function are equivalent:logscalelower("value")and:
logscalelower(field="value")
In addition to providing the field of events to change to all lower-case letters, as well as optionally assigning a name to the resulting field, you can specify the country and language so that conversion is done correctly and without odd characters.
For the value of type, you can specify just the language, or you can
refine that choice by including the country. For instance, you might
specify en for English. You could be
more specific by entering en_UK for
U.K. English or en_US for U.S.
English. Choosing the right language is perhaps most important when data
includes text in other languages like Russian with Cyrillic letters.
lower() Examples
As a simple example, suppose you have two fields that you want to
concatenate together, but want to set one to all lower-case letters and
the other to all upper-case letters. You might do that using the
concat() function, along with the
lower() and upper() query
functions, like so:
lower(@error_msg[0], as=msg1)
| upper(@error_msg[1], as=msg2)
| concat([msg1, msg2], as=test)
In this query, the as parameter were used for the
lower() and for the upper()
query functions to label their results. Those field names are then used
with the concat() function. That wasn't necessary,
though. They could have be referenced by the default names,
_lower and
_upper. The specific labeling,
though, is particularly useful when you have more than one field that
use the same query function.
The screenshot shown in Figure 178, “lower() Example” shows
the results of the query above.
 |
Figure 178. lower() Example
One of the events is selected. Notice the text of the message is in lower-case letters, for the first part, and the second message is in upper-case — that part is highlighted in blue in the screenshot.