Hi and thanks for your question!
We currently don't have plans for that.
Which C++ logging frameworks are you using?
The lowercase normalizer sounds like the way to go for your use case.
Aggregations should return the normalized value, see normalizer | Elasticsearch Guide [8.11] | Elastic.
Maybe you have aggregated over the wrong field or the mapping has not been applied for the index you're aggregating over. Remember: you can't change the mapping of existing indices, only new ones.
It can get a bit more complex if not only the casing differs, such as WARN vs WARNING. In that case, you may want to use an ingest node pipeline to normalize the values.