I want to extract Primary and StandyBy DB names from the below string which I found in my splunk search.
Jul 20 14:43:31 XXXXXXXX GuptaA GuptaA - Primary database GuptaC - (*) Physical standby database GuptaB - Physical standby database.
Jul 20 14:43:31 XXXXXXXX KumarA KumarA - Primary database KumarC - (*) Physical standby database KumarD - Physical standby database - Physical standby database KumarE - Physical standby database
Primary DB : GuptaA SecondaryDBs : GuptaC, GuptaB
I want to show a table with below details.
Primary DB StandyByDB
GuptaA GuptaC, GuptaB KumarA KumarC, KumarD, KumarE
Any suggestions using splunk search?
Thank you!
rex field=_raw "Primary Database (?<primary>\S+) .* standby database (?<standby>\S+)"
| table primary standby