Chronicle re.capture() Limitation: Only Returns First Match (Cannot Extract Multiple Expressions)

The re.capture function is what it is today. A feature request to expand the flexibility of it is certainly something that you should raise if you feel that it is something you need to get what you want.

In the absence of that, there are other functions that can be used to look into the command string. The lowest bar would be to perform a regex for 1=1 or strings.contains of 1=1 but i realize you might be looking for something more robust. strings.split would pull into an array commands from a string and break it into pieces at a delimiter, perhaps like where that could then be worked with. Again just throwing some ideas out there.

Just one more Questions, following up:
 

I am working on YARA-L detection rules in Google Chronicle to identify suspicious self-equality assignments (tautologies) in SQL logs. These patterns, like "1=1" or "test=test", are often used in SQL injection attempts to bypass filters or force true evaluations.
Goal: Detect patterns where the left side of "=" exactly matches the right side, such as:
test=test
1=1
time=time
status = status
flag=flag
admin=admin
bypass=bypass
enabled=enabled
id=id
version=version
But not detect mismatches like:
1=2
a=B
(and similar non-tautologies)
Challenges in Chronicle:
I Tried regex ->

([A-Za-z0-9'-]+)\s*=\s*\1

were i used /1 #BackReference, but unfortunately backreference is not supported in YARAL,
so using re.regex to directly check for equal values on both sides of "=" is not possible.
Then i used re.capture has grouping issue (As Discussed on before question)=>
‘The Chronicle re.capture() function only returns the first match in the text, and it supports only 0 or 1 capture group. If the regex contains 0 capture groups, Chronicle returns the first full substring that matches the expression. If the regex contains 1 capture group, it returns only the first captured value from that match. Chronicle never scans beyond the first match and cannot return multiple matches, If the regex contains two or more capture groups, Chronicle throws a compiler error. Because Chronicle stops at the first match, SQL statements containing’

' OR (0=1 AND 'false'='true') -- false contradictions first
  OR EXISTS(SELECT * FROM users WHERE id=1)
  OR (1=1 OR 'a'='a') -- true tautologies later
  AND (SELECT COUNT(*) FROM information_schema.tables > 0)
--

multiple comparisons such as 0=1 followed later by 1=1 will only match the earliest = expression in the string, preventing Chronicle from detecting the later valid tautology even if it exists.

Finally What i am looking for…..

Backreferences: It's impossible to match "previous group equals current text" without backreferences in pure regex, which Chronicle doesn't support for this.
I have tried various regex patterns, but due to these constraints, I can't reliably detect true tautologies across the log.
Question: Is there any workaround or creative way to detect these tautologies using regex or re.capture in Chronicle YARA-L? Or are there alternative approaches within Chronicle for handling this? Any examples or rule snippets would be greatly appreciated!