I have an error event in this format indexed in Splunk.
Error for batch element #1: One or more values in the INSERT statement, UPDATE statement, or foreign key update caused by a DELETE statement are not valid because the primary key, unique constraint or unique index identified by "2" constrains table "TABLE_NAME" from having duplicate values for the index key.. SQLCODE=-803, SQLSTATE=23505, DRIVER=4.11.77
How do I extract the TABLE_NAME out of this event?
Thanks
In your Search command in SPL:
... | rex "constrains table \"(?P<tablename>[^\"]*)\""
In your Search command in SPL:
... | rex "constrains table \"(?P<tablename>[^\"]*)\""
Thanks. it worked.