Abstract
Learn more about the Cortex Query Language case_sensitive config stage.
Syntax
config case_sensitive = true | false
Description
The case_sensitive configuration identifies whether field values are evaluated as case sensitive or case insensitive. The config case_sensitive stage must be added at the beginning of the query. You can also add another config case_sensitive stage when adding a Join or Union stage to a query.
If you do not provide this stage in your query, the default behavior is false, and case is not considered when evaluating field values.
Note
The → → → setting can overwrite this case_sensitive configuration for all fields in the application except for BIOCs, which will remain case insensitive no matter what this setting is set to.
Examples
config case_sensitive = true | dataset = xdr_data | fields actor_process_image_name as apin | filter apin != NULL and apin contains "python" | limit 100