pySigma-backend-loki icon indicating copy to clipboard operation
pySigma-backend-loki copied to clipboard

Published 20 hours ago verified publisher icon grafana

Correctly support the case-insensitive condition modifier

Open kelnage opened this issue 1 year ago • 2 comments

As identified in #151, our backend does not currently support the case-insensitive modifiers i, ignorecase. We can support those in LogQL, by safely converting the string into a regular expression (if necessary/applicable), and appending it with (?i), in a similar way to the method currently used when case-sensitive is false.

kelnage avatar May 28 '24 09:05 kelnage

On further investigation, it seems the |i modifier only becomes relevant if used in combination with the |re modifier, which does work, and therefore our implementation is correct.

kelnage avatar May 28 '24 10:05 kelnage

Whilst the modifier is working, is seems that the modifier is not achieving its intended goal and therefore this is a valid bug!

kelnage avatar May 28 '24 10:05 kelnage