How do I escape single quote within DBXquery SQL l...

LearningGuy · ‎05-04-2023

how do I escape single quote within DBXquery SQL like command
For example:
content = '. . . . . . src_port': 20, 'dst_port': 21 ..... ' there is space after colon :
| dbxquery connection=visibility query="select content from DB where content like '%port\'\:\s20\,' "
This query gave me an error. I already tried to escape single quote with single quote, but did gave me 0 result

Thanks

tscroggins · ‎05-06-2023

Hi,

Escape sequences vary by SQL implementation, but generally, an apostrophe can be included in a character string with a preceding apostrophe, e.g.:

SELECT 'FOO''BAR'

returns FOO'BAR, where the double apostrophe is replaced with a single apostrophe.

In your example:

| dbxquery connection=visibility query="select content from DB where content like '%port'': 20,' "

will return the content column from all DB table rows where content ends with port':[space]20,'[space].

To find all rows containing a src_port or dest_port string (or any other _port': string), you might try:

| dbxquery connection=visibility query="select content from DB where content like '''%\_port'':%' escape '\'"

In LIKE predicate patterns, % and _ are wildcards. I've introduced the ESCAPE clause to explicitly define an escape character.

LIKE predicate patterns are not regular expressions, so you may match more than you intended.

How do I escape single quote within DBXquery SQL like command?

field extraction

table

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!