Regular Expressions 101

Save & Manage Regex

  • Current Version: 1
  • Save & Share
  • Community Library

Flavor

  • PCRE2 (PHP)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java
  • .NET 7.0 (C#)
  • Rust
  • PCRE (Legacy)
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests
Sponsors
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
Processing...

Test String

Substitution
Processing...

Code Generator

Language

Generated Code

re = /.*(?'Event'eventId=\d+).*(?'IP'dst=\d+.\d+.\d+.\d+).*/ str = 'Alert event match count [1], threshold [1] sec Alert base events are: Event Time [March 17, 2017 4:13:31 PM BRT] Event Receipt Time [March 17, 2017 4:13:32 PM BRT] Event Device Address [10.1.1.53] Event Content [CEF:0|Microsoft|Microsoft Windows||Microsoft-Windows-Security-Auditing:4729|A member was removed from a security-enabled global group.|Low| eventId=1199381 externalId=4729 categorySignificance=/Informational categoryBehavior=/Authorization/Delete categoryDeviceGroup=/Operating System catdt=Operating System categoryOutcome=/Success categoryObject=/Host/Operating System art=1489777997695 cat=Security deviceSeverity=Audit_success rt=1489777995000 sntdom=TCU suser=b2br_igorht_a suid=0x4a92603f dhost=SRV-DCC.tcu.gov.br dst=10.1.0.36 destinationZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 dntdom=TCU duser=S-1-5-21-2076597496-86852003-636688714-284199 duid=CN\\=B2BR CLAUDIO GERMANO da COSTA PEREIRA,OU\\=B2BR,OU\\=Semop,OU\\=Gerenciamento de Servicos,OU\\=_Gerenciamento,DC\\=tcu,DC\\=gov,DC\\=br dpriv=- cs2=Account Management:Security Group Management cs6=TCU\\\\Library Admins c6a4=fe80:0:0:0:250:56ff:febb:4bc0 cs1Label=Accesses cs2Label=EventlogCategory cs4Label=Reason or Error Code cs5Label=Authentication Package Name cs6Label=Group Domain and Name cn1Label=LogonType cn2Label=CrashOnAuditFail cn3Label=Count c6a4Label=Agent IPv6 Address ahost=clarc0701tcsb.tcu.gov.br agt=10.1.1.53 agentZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 av=7.3.0.7886.0 atz=America/Sao_Paulo at=windowsfg dvchost=SRV-DCC.tcu.gov.br dvc=10.1.0.36 deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 10.0.0.0-10.255.255.255 deviceNtDomain=TCU dtz=America/Sao_Paulo _cefVer=0.1 ad.WindowsVersion=Windows Server 2008 R2 ad.Group:Security_,ID=S-1-5-21-2076597496-86852003-636688714-269789 ad.WindowsParserFamily=Windows 2008 R2|2008|7|Vista ad.WindowsKeyMapFamily=Windows 2008 R2 ad.EventIndex=1041104459 aid=3AreSLFkBABCACbVBCpi35g\\=\\=] ' subst = '${Event}\\n${IP}' result = str.gsub(re, subst) # Print the result of the substitution puts result

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Ruby, please visit: http://ruby-doc.org/core-2.2.0/Regexp.html