parsing mariadb(mysqld) audit log on ops agent

[Nobuaki Ito]

I am trying to parse the mariadb(mysqld) audit log using google cloud ops agent, but is having problem with the regex. 

This is an entry on an mariadb(mysqld) audit log:

20220521 00:50:12,prod-vm,bn_wordpress,localhost,6666,999999,QUERY,wordpress,'UPDATE `sitemeta` SET `meta_value` = \'***********\' WHERE `site_id` = 1 AND `key` = \'cloud_last_cron\'',0

I am trying to parse the audit log by configuring ops-agent, by appling the "parse_regex" type processor on the log, but have not succeeded in doing so.

Here is the regex that I used.

regex: "^(?<time>[^,]*) (?<jsonPayload.host>[^,]*) (?<jsonPayload.user>[^,]*) (?<jsonPayload.client>[^,]*) (?<jsonPayload.pid>[^,]*) (?<jsonPayload.tid>[^,]*) (?<jsonPayload.command>[^,]*) (?<jsonPayload.database>[^,]*) (?<jsonPayload.message>[^,]*) (?<jsonPayload.errorNumber>.*)$"

What could be wrong?

[Andres Fiesco Casasola]

Did you use any Google documentation to create the code? Could you also share the logs?, and do you get an error message?