How to create SQL query from log?

jeesphilipz · ‎05-18-2022

Hi

I have two files Filed1 and Filed2, Fileld1 is procedure call and Files 2 is the arguments

i want to make a proper procedure call out of it by replacing "?" with actual vales from the arguments

Eg:
Filed1 exec procedureABC arg1 = ?, arg2 = ?, arg3 = ?

Filed2 arg1=EXEC, arg2=472.59, arg3=ABCI want to make a string like this "exec proc1 arg1 = EXEC, arg2 = 472.59, arg3 = ABC"
How can i do this ?

richgalloway · ‎05-18-2022

Assuming the fields are always in the format shown, you can extract the procedure from Field1 and append the contents of Field2 as the arguments.

| rex field=Field1 "(?<call>.*?) arg1"
| eval exec = call . " " . Field2

---
If this reply helps you, Karma would be appreciated.

jeesphilipz · ‎05-18-2022

thanks for the reply

That didn't help me ,

procedure call would be more complex and some times the argument list can have more element in it
eg : exec procedureABC @arg1 = ?, @arg2 = ?, @arg3 = ? in real scenario the procedure call parameter begin with '@'

and the argument list wont have any '@' in it. also argument list can have more than 10 elements so we need a lookup there

How to create SQL query from log?

eval

field extraction

rex

stats

tstats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!