We haven't done the best indexing, and we have some tags that begin with a capital, and others of the same tag that begin with a lower-case. Is there a way to consolidate these into a single item on the GUI? I assume the best way to do this would be case insensitive searching, if it is supported.

Or, what would be an even more convenient solution, if there is a way to consolidate any two pieces of data into a single representation on our graph? For example, we have a bar graph with a bar for "dev" and a bar for "development". Is there a way to combine these fields, or any other arbitrary number of fields together?

One final question that could perhaps answer both of these and many future ones. Are there any sort of man pages/help docs about the capabilities and syntax of the search queries? I see two very different examples given at https://splunkbase.splunk.com/app/1577/#/documentation , both useful, but I feel like there is surely more to know than these examples provide.

Splunk is case sensitive except in the search command:

 index=aws-bill | search user:Customer=Company

will find Company, COMPANY, Company etc