I am trying to parse the mariadb(mysqld) audit log using google cloud ops agent, but is having problem with the regex.
This is an entry on an mariadb(mysqld) audit log:
20220521 00:50:12,prod-vm,bn_wordpress,localhost,6666,999999,QUERY,wordpress,'UPDATE `sitemeta` SET `meta_value` = \'***********\' WHERE `site_id` = 1 AND `key` = \'cloud_last_cron\'',0
I am trying to parse the audit log by configuring ops-agent, by appling the "parse_regex" type processor on the log, but have not succeeded in doing so.
Here is the regex that I used.
regex: "^(?<time>[^,]*) (?<jsonPayload.host>[^,]*) (?<jsonPayload.user>[^,]*) (?<jsonPayload.client>[^,]*) (?<jsonPayload.pid>[^,]*) (?<jsonPayload.tid>[^,]*) (?<jsonPayload.command>[^,]*) (?<jsonPayload.database>[^,]*) (?<jsonPayload.message>[^,]*) (?<jsonPayload.errorNumber>.*)$"
What could be wrong?