Home > Software design >  Splunk regex : Extract data with line breaks and fixed format
Splunk regex : Extract data with line breaks and fixed format

Time:03-21

I have a splunk event like below from which I need to extract the delete count and insert count from the below :

DELETE FROM ABC WHERE (Id) IN (SELECT Id FROM XYZ WHERE PK = 101 group by 1,2,3,4,5) ;
 OUTPUT 
--------
 797
(1 row)
INSERT INTO ABC (Id, Name, Desc) SELECT Id, Name, Desc FROM XYZ WHERE PK = 101;
 OUTPUT 
--------
 804
(1 row)
COMMIT ;

Output :

DELETE  INSERT
797     804

Is there a way to achieve this in one regex ?

Thank you for any suggestions.

CodePudding user response:

I think this might work for you? : (?:(DELETE)|(INSERT))(?:.*\n){3}( ?\d )

Here is my example: https://regex101.com/r/sn3nVy/1

Page link:https//www.codepudding.com/Softwaredesign/343136.html

Prev:Replacing acronyms with their full forms in Python
Next:Regex fro fetching the substring after nth _
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding