I'm using a KQL query in Azure to create a Sentinel alert.
I can't workout how to trim a string to show the data between the third instance of the " character and the first instance of (
I've tried to use a trim_start/ trim_end and also a split command but keep getting regex problems.
An example of the string is [ "HOSTNAME", "Test User (t.user#example.com)" ]
I'd like to either extract Test User from the string or HOSTNAME, Test User and t.user#example.com into separate fields.
Any help or pointers in the right direction would be appreciated
you could use the parse operator.
for example:
print input = '[ "HOSTNAME", "Test User (t.user#example.com)" ]'
| parse input with * '"' host_name '"' * '"' user_name ' (' email_address ')' *
input
host_name
user_name
email_address
[ "HOSTNAME", "Test User (t.user#example.com)" ]
HOSTNAME
Test User
t.user#example.com
parse-where is good for this, too.
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/parsewhereoperator
Related
lets say have column with values
"Html", "Java", "JQuery", "Sqlite"
and if user enters
"Java is my favorite programming language"
then result should be
1 row selected with value "Java"
because entered sentence starts with "Java"
but if user enters
"My application database is in Sqlite"
then query should return empty.
0 row selected
because entered sentence does not start with "Sqlite".
I am trying following query:
SELECT * FROM demo where 'Java' like demo.name; // work
but if enter long text then it fails
SELECT * FROM demo where 'Java is my favorite programming language' like demo.name; // Fails
I think you want something like this :
SELECT * FROM demo WHERE yourText LIKE demo.name || '%' ;
Just put the column name on the left side of the like operator, and concatenate a wildcard at the right side of your string keywork:
select * from demo where name like 'Java%' ; -- or like 'Sqlite%' etc
You can make it more generic like:
select * from demo where name like ? || %' ;
where ? is a bind parameter that represents the value provided by the user (you may also concatenate with the wildcard in your application before passing the parameter).
Concatenate your column with a wildcard:
SELECT * FROM demo where 'Java is my favorite programming language' like demo.name || '%';
You can make your query like this
Select * from SearchPojo where name GLOB '*' || :namestring|| '*'"
Not sure if I got the problem but ...
You can query these values (Html, Java, JQuery, Sqlite) put them in a collection, like List, then grab user's input and check it:
List<String> values ... // Html, Java, JQuery, Sqlite
for (String value : values) {
if (userInput.contains(value) {
// print
System.out.println("1 row selected with value \"Java\");
}
}
It supports cases where user type more then one option.
I have requirement where the input is List
{
"zip_codes": [
"94587",
"94544",
"94566"
]
}
and I need to use Datawave to store them in a string variable.
select * from DB where zipcode in (#zipcode):
The zipcode should be comma separated.
SQL statement in actual execution should be
select * from DB where zipcode in (94587,
94544,
94566)
i was able finally get the output using the below function
zipcode: payload.zip_codes joinBy ", "
output is zipcode= 94587, 94544, 94566
I have a 1 to many Organization: Users relationship.
I want to fetch the usernames of all User model of an Organization, capture a part of that username and append/substitute it with new value.
Here is how I am doing:
Form the raw SQL to Get the matching usernames and replace them with new value.
raw = "SELECT REGEXP_REPLACE($1::string[], '(^[a-z0-9]+)((\s[a-z0-9]+))*\#([a-z0-9]+)$', m.name[1] || '#' || $2) FROM (SELECT REGEXP_MATCHES($1::string[], '(^[a-z0-9]+)((\s[a-z0-9]+))*\#([a-z0-9]+)$') AS name) m"
Get the matching usernames and replace them with new value.
usernames: list of usernames retrieved from queryable
Repo.query(raw, [usernames, a_string])
Error I am getting
SELECT REGEXP_REPLACE($1::string[], '(^[a-z0-9]+)(( [a-z0-9]+))#([a-z0-9]+)$', m.name[1] || '#' || $2) FROM (SELECT REGEXP_MATCHES($1::string[], '(^[a-z0-9]+)(( [a-z0-9]+))#([a-z0-9]+)$') AS name) m [["tradeboox#trdbx18"], "trdbx17"]
{:error,
%Postgrex.Error{connection_id: 7222, message: nil,
postgres: %{code: :undefined_object, file: "parse_type.c", line: "257",
message: "type \"string[]\" does not exist", pg_code: "42704",
position: "137", routine: "typenameType", severity: "ERROR",
unknown: "ERROR"}}}
FYI: The username field of User model is of type citext
Once I get the replaced values, I want to update the User with something like
update([u], set: [username: new_values])
Any ideas on how to proceed with this?
`
There is no string type in PostgreSQL.
Function regexp_matches accepts as first parameter only text and it can't be array. So what you need to do is first change that type to text, then unnest($1::text[]) your array. Iterate over resulting set of rows with those regexp.
raw = "SELECT REGEXP_REPLACE(m.item, '(^[a-z0-9]+)((\s[a-z0-9]+))*\#([a-z0-9]+)$', m.name[1] || '#' || $2)
FROM (
SELECT item, REGEXP_MATCHES(item, '(^[a-z0-9]+)((\s[a-z0-9]+))*\#([a-z0-9]+)$') AS name
FROM unnest($1::text[]) AS items(item)
) m"
If I understand it correctly, you are trying to replace everything after # with some different string - if that is the case, then your regexp will put anything after spacebar into second element of matches array. You would need this instead: ((^[a-z0-9]+)(\s[a-z0-9]+)*).
If above is true, then you can do all that much easier with this:
SELECT REGEXP_REPLACE(item, '((^[a-z0-9]+)(\s[a-z0-9]+)*)\#([a-z0-9]+)$', '\1' || $2) AS name
FROM unnest($1::text[]) AS items(item)
Best practice however is to simply do replace in UPDATE statement:
UPDATE "User" SET
name = concat(split_part(name, '#', 1), '#', $2)
WHERE organization_id = $3
AND name ~* '^[a-z0-9]+(\s[a-z0-9]+)*\#[a-z0-9]+$'
It will split name by #, take first part, then append # and whatever is assigned to $2 (domain name I guess). It will update only rows that have organization_id matching to some id and have names matching your regexp (you can omit regexp if you want to change all names from organization). Make sure that table in actually named User, case sensitive, or remove double quotes to have case insensitive version.
I sadly do not know how to do this in your ORM.
I've searched everywhere for a decent and logical CHECK constraint to validate that an email is in the right format. So far I've found really long and unnecessary expressions like:
create table t (
email varchar2(320) check (
regexp_like(email, '[[:alnum:]]+#[[:alnum:]]+\.[[:alnum:]]')
)
);
and
create table stk_t (
email varchar2(320) check (
email LIKE '%#%.%' AND email NOT LIKE '#%' AND email NOT LIKE '%#%#%'
)
);
Surely there is a simpler way?
I'm using Oracle 11g database and SQL Developer IDE.
This is what I have:
constraint Emails_Check check (Emails LIKE '%_#%_._%')
Can someone please let me know if this is the most efficient way of validating emails?
You can try this
email varchar2(255) check (
email LIKE '%#%.%' AND email NOT LIKE '#%' AND email NOT LIKE '%#%#%' )
CREATE TABLE MYTABLE(
EMAIL VARCHAR2(30) CHECK(REGEXP_LIKE (EMAIL,'^[A-Za-z]+[A-Za-z0-9.]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$'))
)
Explanation of Regular Expression
^ #start of the line
[_A-Za-z0-9-]+ # must start with string in the bracket [ ], must contains one or more (+)
( # start of group #1
\\.[_A-Za-z0-9-]+ # follow by a dot "." and string in the bracket [ ], must contains one or more (+)
)* # end of group #1, this group is optional (*)
# # must contains a "#" symbol
[A-Za-z0-9]+ # follow by string in the bracket [ ], must contains one or more (+)
( # start of group #2 - first level TLD checking
\\.[A-Za-z0-9]+ # follow by a dot "." and string in the bracket [ ], must contains one or more (+)
)* # end of group #2, this group is optional (*)
( # start of group #3 - second level TLD checking
\\.[A-Za-z]{2,} # follow by a dot "." and string in the bracket [ ], with minimum length of 2
) # end of group #3
$ #end of the line
Stumbled upon this answer while hunting for a simple solution on the internet:
ALTER TABLE YourTableName
ADD CONSTRAINT YourConstraintName CHECK(YourColumnName LIKE '%___#___%.__%')
All points to #bhanu_nz here
I am on Oracle 11gR2.
I am trying to extract the text between '[' and ']' including [].
ex:
select regexp_substr('select userid,username from tablename where user_id=[REQ.UID] and username=[REQD.VP.UNAME]','\[(.*)\]') from dual
Output:
[REQ.UID] and username=[REQD.VP.UNAME]
Output needed:
[REQ.UID][REQD.VP.UNAME]
Please let me know how to get the needed output.
Thanks & Regards,
Bishal
Assuming you are just going to have two occurrences of [] then the following should suffice. The ? in the .*? means that it is non-greedy so that it doesn't gobble up the last ].
select
regexp_replace('select userid,username from tablename where user_id=[REQ.UID] and username=[REQD.VP.UNAME]'
,'.*(\[.*?\]).*(\[.*?\]).*','\1\2')
from dual
;
I'm not an Oracle user, but from quick perusal of the docs, I think this should be close:
REGEXP_REPLACE('select userid,username from tablename where user_id=[REQ.UID] and username=[REQD.VP.UNAME]',
'^[^\[]*(\[[^\]]*\])[^\[]*(\[[^\]]*\])$', '\1 \2')
Which looks much nastier than it is.
Pattern is:
^[^\[]* Capture all characters up to (but not including) the first [
(\[[^\]]*\]) Capture into group 1 anything like [<not "]">]
[^\[]* Capture everything up to (nut not including) the next [
(\[[^\]]*\]) Capture into group 2 anything like [<not "]">], at the end of the string
Then the replacement is simple, just <grp 1> <grp 2>