That would be
| rex "ACTION\s:\[\d\]\s\'(?<ACTION>[^\']*)\'\s+DATABASE\[\d+\]\s\'(?<DATABASE>[^\']*)\'"
The above works fine. Based on your example breaking across lines, I might go with
| rex "ACTION\s:\[\d\]\s\'(?<ACTION>[^\']*)\'"
| rex "DATABASE\[\d+\]\s\'(?<DATABASE>[^\']*)\'"
...or...
| rex "ACTION\s:\[\d\]\s\'(?<ACTION>[^\']*)\'|DATABASE\[\d+\]\s\'(?<DATABASE>[^\']*)\'" max_match=0
Any of the above should work.
