Regular Expressions 101

Save & Manage Regex

  • Current Version: 1
  • Save & Share
  • Community Library

Flavor

  • PCRE2 (PHP)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java
  • .NET 7.0 (C#)
  • Rust
  • PCRE (Legacy)
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests
Sponsors
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
Processing...

Test String

Substitution
Processing...

Code Generator

Language

Generated Code

# If you'd like to omit non-matching lines from the result; add ';d' to the end of the expression. sed -E 's/.*(?'Event'eventId=\d+).*(?'IP'dst=\d+.\d+.\d+.\d+).*/${Event}\n${IP}/g;t' <<< "Alert event match count [1], threshold [1] sec Alert base events are: Event Time [March 17, 2017 4:13:31 PM BRT] Event Receipt Time [March 17, 2017 4:13:32 PM BRT] Event Device Address [10.1.1.53] Event Content [CEF:0|Microsoft|Microsoft Windows||Microsoft-Windows-Security-Auditing:4729|A member was removed from a security-enabled global group.|Low| eventId=1199381 externalId=4729 categorySignificance=/Informational categoryBehavior=/Authorization/Delete categoryDeviceGroup=/Operating System catdt=Operating System categoryOutcome=/Success categoryObject=/Host/Operating System art=1489777997695 cat=Security deviceSeverity=Audit_success rt=1489777995000 sntdom=TCU suser=b2br_igorht_a suid=0x4a92603f dhost=SRV-DCC.tcu.gov.br dst=10.1.0.36 destinationZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 dntdom=TCU duser=S-1-5-21-2076597496-86852003-636688714-284199 duid=CN\=B2BR CLAUDIO GERMANO da COSTA PEREIRA,OU\=B2BR,OU\=Semop,OU\=Gerenciamento de Servicos,OU\=_Gerenciamento,DC\=tcu,DC\=gov,DC\=br dpriv=- cs2=Account Management:Security Group Management cs6=TCU\\Library Admins c6a4=fe80:0:0:0:250:56ff:febb:4bc0 cs1Label=Accesses cs2Label=EventlogCategory cs4Label=Reason or Error Code cs5Label=Authentication Package Name cs6Label=Group Domain and Name cn1Label=LogonType cn2Label=CrashOnAuditFail cn3Label=Count c6a4Label=Agent IPv6 Address ahost=clarc0701tcsb.tcu.gov.br agt=10.1.1.53 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 av=7.3.0.7886.0 atz=America/Sao_Paulo at=windowsfg dvchost=SRV-DCC.tcu.gov.br dvc=10.1.0.36 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 deviceNtDomain=TCU dtz=America/Sao_Paulo _cefVer=0.1 ad.WindowsVersion=Windows Server 2008 R2 ad.Group:Security_,ID=S-1-5-21-2076597496-86852003-636688714-269789 ad.WindowsParserFamily=Windows 2008 R2|2008|7|Vista ad.WindowsKeyMapFamily=Windows 2008 R2 ad.EventIndex=1041104459 aid=3AreSLFkBABCACbVBCpi35g\=\=] "

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for SED, please visit: https://www.gnu.org/software/sed/manual/html_node/The-_0022s_0022-Command.html