Splunk Search

How do I escape single quote within DBXquery SQL like command?

LearningGuy
Motivator

how do I escape single quote within DBXquery SQL like command
For example:   
content = '. . . . . .  src_port': 20, 'dst_port': 21     .....   '  there is space after colon :
| dbxquery connection=visibility query="select  content from DB where content like '%port\'\:\s20\,' "
This query gave me an error.  I already tried to escape single quote with single quote, but did gave me 0 result

Thanks

Labels (2)
Tags (2)
0 Karma

tscroggins
Influencer

Hi,

Escape sequences vary by SQL implementation, but generally, an apostrophe can be included in a character string with a preceding apostrophe, e.g.:

SELECT 'FOO''BAR'

returns FOO'BAR, where the double apostrophe is replaced with a single apostrophe.

In your example:

| dbxquery connection=visibility query="select content from DB where content like '%port'': 20,' "

will return the content column from all DB table rows where content ends with port':[space]20,'[space].

To find all rows containing a src_port or dest_port string (or any other _port': string), you might try:

| dbxquery connection=visibility query="select content from DB where content like '''%\_port'':%' escape '\'"

In LIKE predicate patterns, % and _ are wildcards. I've introduced the ESCAPE clause to explicitly define an escape character.

LIKE predicate patterns are not regular expressions, so you may match more than you intended.

0 Karma
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...