Sometime we need using regex to search in Splunk

In our example, find a query insert/update into a table in MySQL

index="adt_mysql" host="192.168.2.3" | regex sql_query="^(UPDATE|update|insert|INSERT).*news\s.*"

Result:

# Time: 2021-07-28T06:09:19.811464Z
# User@Host: test1[test1] @  [192.168.2.123]  Id: 1081397395
# Schema:   Last_errno: 0  Killed: 0
# Query_time: 0.000080  Lock_time: 0.000028  Rows_sent: 0  Rows_examined: 1  Rows_affected: 0
# Bytes_sent: 52
SET timestamp=1627452559;
UPDATE db1.news SET selected=2 WHERE id=869948895375028961;