Regular Expressions 101

Save & Manage Regex

  • Current Version: 1
  • Save & Share
  • Community Library

Flavor

  • PCRE2 (PHP)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java
  • .NET 7.0 (C#)
  • Rust
  • PCRE (Legacy)
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests
Sponsors
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
Processing...

Test String

Substitution
Processing...

Code Generator

Language

Generated Code

$re = '/.*(?\'Event\'eventId=\d+).*(?\'IP\'dst=\d+.\d+.\d+.\d+).*/'; $str = 'Alert event match count [1], threshold [1] sec Alert base events are: Event Time [March 17, 2017 4:13:31 PM BRT] Event Receipt Time [March 17, 2017 4:13:32 PM BRT] Event Device Address [10.1.1.53] Event Content [CEF:0|Microsoft|Microsoft Windows||Microsoft-Windows-Security-Auditing:4729|A member was removed from a security-enabled global group.|Low| eventId=1199381 externalId=4729 categorySignificance=/Informational categoryBehavior=/Authorization/Delete categoryDeviceGroup=/Operating System catdt=Operating System categoryOutcome=/Success categoryObject=/Host/Operating System art=1489777997695 cat=Security deviceSeverity=Audit_success rt=1489777995000 sntdom=TCU suser=b2br_igorht_a suid=0x4a92603f dhost=SRV-DCC.tcu.gov.br dst=10.1.0.36 destinationZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 dntdom=TCU duser=S-1-5-21-2076597496-86852003-636688714-284199 duid=CN\\=B2BR CLAUDIO GERMANO da COSTA PEREIRA,OU\\=B2BR,OU\\=Semop,OU\\=Gerenciamento de Servicos,OU\\=_Gerenciamento,DC\\=tcu,DC\\=gov,DC\\=br dpriv=- cs2=Account Management:Security Group Management cs6=TCU\\\\Library Admins c6a4=fe80:0:0:0:250:56ff:febb:4bc0 cs1Label=Accesses cs2Label=EventlogCategory cs4Label=Reason or Error Code cs5Label=Authentication Package Name cs6Label=Group Domain and Name cn1Label=LogonType cn2Label=CrashOnAuditFail cn3Label=Count c6a4Label=Agent IPv6 Address ahost=clarc0701tcsb.tcu.gov.br agt=10.1.1.53 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 av=7.3.0.7886.0 atz=America/Sao_Paulo at=windowsfg dvchost=SRV-DCC.tcu.gov.br dvc=10.1.0.36 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 deviceNtDomain=TCU dtz=America/Sao_Paulo _cefVer=0.1 ad.WindowsVersion=Windows Server 2008 R2 ad.Group:Security_,ID=S-1-5-21-2076597496-86852003-636688714-269789 ad.WindowsParserFamily=Windows 2008 R2|2008|7|Vista ad.WindowsKeyMapFamily=Windows 2008 R2 ad.EventIndex=1041104459 aid=3AreSLFkBABCACbVBCpi35g\\=\\=] '; $subst = "${Event}\n${IP}"; $result = preg_replace($re, $subst, $str); echo "The result of the substitution is ".$result;

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php