This simple query function may be used to change the text given, by way of a field from an event or otherwise, to all upper-case letters. This is based on the presumed language, but you can set the language and locale if needed.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
as | string | optional[a] | _upper | The name of the output field. |
field[b] | string | required | The name of the input field with the value to convert to upper-case. | |
locale | string | optional[a] | system locale | The name of the locale to use as ISO 639 language and an ISO 3166 country (for example, da, or da_DK). When not specified, uses the system locale. |
[a] Optional parameters use their default value unless explicitly set. | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
fieldcan be omitted; the following forms of this function are equivalent:logscaleupper("field")and:
logscaleupper(field="field")These examples show basic structure only.
For the value of type, you can specify just the language, or you can
refine that choice by including the country. For instance, you might
specify en for English. You could be more
specific by entering en_UK for U.K.
English or en_US for U.S. English.
Choosing the right language is perhaps most important when data includes
text in other languages like Russian with Cyrillic letters.
upper() Examples
As a simple example, suppose you have two fields that you want to
concatenate together, but want to set one's results to all lower-case
letters and the other to all upper-case letters. You might do that using
the concat() function, along with the
lower() and upper() query
functions, like so:
lower(#severity, as=severity)
| upper(#category, as=category)
| concat([severity, category], as=test)
| top(test)
In this query, the as parameter were used for the
lower() and for the upper()
query functions to label their results. Those field names are then used
with the concat() function into a
test field. That wasn't necessary, though: they
could have be referenced by the default names,
_lower and
_upper. However, the specific
labeling is particularly useful when you have more than one field that
use the same query function. Then, the top 10 values are displayed for
the field test.
| test | _count |
|---|---|
| infoALERT | 90005 |
| infoFILTERALERT | 36640 |
| errorALERT | 17256 |
| warningGRAPHQL | 14240 |
| warningALERT | 13617 |
| warningSCHEDULEDSEARCH | 11483 |
| infoSCHEDULEDSEARCH | 5917 |
| warningFILTERALERT | 1646 |
| errorFILTERALERT | 1487 |
| infoACTION | 3 |
Notice the value of #severity is in lower-case letters, and the value of #category is in upper-case.