Added more SQL Query related use cases to help Community. I have also updated regular expression and made masking more unpredictable for end user.
| makeresults | eval _raw="field
select id from table where id In [\"123\",\"12\"] limit 1
select id,\"Test\" as dummy from table where id=\"123\" limit 1
select id from table where id=\"123\" limit 1
select id,name from table where id = 123 limit 1
select id,name from table where name = \"test\"
select id,name from table where mo_number=\"1234567890\"
select id,name from table where name = 'test'
select id from table where id In [123,12] limit 1
select id from table where name In [\"name1\",\"name2\"] limit 1"
| multikv forceheader=1
| rex mode=sed field=field "s/(?i)where (.*(|\s)[^=])(=|in)\s*(\"[^\"]*\"|'[^']*'|[^\s]*|[\[^\]*])/where \1\3 XXXX/g"
|table _raw field
Thanks
KV
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.
