Regular Expressions 101

Save & Share

  • Regex Version: ver. 1
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

using System; using System.Text.RegularExpressions; public class Example { public static void Main() { string pattern = @".*type=""(log|event|utm)"".*(*SKIP)(*FAIL)|(^.{15})\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).+?(devname=\S+)\s(devid=\S+).+?(?:vd=\H+)|(srcip=\H+)|(srcport=\H+)|(srcintf=\H+)|(dstip=\H+)|(dstport=\H+)|(dstintf=\H+)|(proto=\H+)|(action=\H+)|(policyid=\H+)|(user=\H+)|(service=\H+)|(transport=\H+)|(app=\H+)|(applist=\H+)|(vpn=\H+)|(vpntype=""?\S+""?)|(?:\s+)|(?:\S+="".+?"")|(?:\S+=\S+)"; string input = @"Apr 29 11:08:16 10.150.148.52 date=2023-04-29 time=11:08:17 devname=""ABCZWPFWFTG-B"" devid=""ABCVM8V0000158159"" eventtime=1682791697444922720 tz=""-0700"" logid=""1059028704"" type=""utm"" subtype=""app-ctrl"" eventtype=""signature"" level=""information"" vd=""root"" appid=40568 srcip=10.150.150.10 dstip=20.62.63.153 srcport=55544 dstport=443 srcintf=""port2"" srcintfrole=""lan"" dstintf=""port1"" dstintfrole=""wan"" proto=6 service=""SSL"" direction=""incoming"" policyid=1 sessionid=4976047 applist=""PROD-APPCTRL-AZURE"" action=""pass"" appcat=""Web.Client"" app=""HTTPS.BROWSER"" hostname=""124537f1-b52d-4e77-a6bd-e73c9904ea48.agentsvc.azure-automation.net"" incidentserialno=205723388 url=""/"" msg=""Web.Client: HTTPS.BROWSER,"" apprisk=""medium"" scertcname=""*.azure-automation.net"" scertissuer=""Microsoft RSA TLS CA 01"" May 19 16:32:23 10.150.160.13 date=2023-05-19 time=16:32:25 devname=""fw1-test-lv-external"" devid=""ABC1K5DT918800482"" eventtime=1684539145135795404 tz=""-0700"" logid=""0000000013"" type=""traffic"" subtype=""forward"" level=""notice"" vd=""PRODUCTION"" srcip=10.150.161.11 srcport=64507 srcintf=""ABCTCORPO3.3052"" srcintfrole=""lan"" dstip=208.11.121.76 dstport=53 dstintf=""ABCTINTPO1.3053"" dstintfrole=""wan"" srccountry=""Reserved"" dstcountry=""United States"" sessionid=547154413 proto=17 action=""accept"" policyid=247 policytype=""policy"" poluuid=""07588088-f351-51ec-153c-4a07e49c5818"" policyname=""Microsoft DNS to Umbrella"" service=""DNS"" trandisp=""snat"" transip=38.70.139.3 transport=64507 duration=249 sentbyte=169 rcvdbyte=231 sentpkt=2 rcvdpkt=2 appcat=""unscanned"" srchwvendor=""Cisco"" devtype=""Network"" srcfamily=""AP"" osname=""Cisco IOS"" mastersrcmac=""12:12:12:12:dc:27"" srcmac=""12:12:12:12:dc:27"" srcserver=0 Apr 29 11:08:16 10.150.148.52 date=2023-04-29 time=11:08:17 devname=""ABCZWPFWFTG-B"" devid=""ABCVM8V0000158159"" eventtime=1682791697444901220 tz=""-0700"" logid=""1059028704"" type=""utm"" subtype=""app-ctrl"" eventtype=""signature"" level=""information"" vd=""root"" appid=15895 srcip=10.150.150.10 dstip=20.62.63.153 srcport=55544 dstport=443 srcintf=""port2"" srcintfrole=""lan"" dstintf=""port1"" dstintfrole=""wan"" proto=6 service=""SSL"" direction=""outgoing"" policyid=1 sessionid=4976047 applist=""PROD-APPCTRL-AZURE"" action=""pass"" appcat=""Network.Service"" app=""SSL"" hostname=""124537f1-b52d-4e77-a6bd-e73c9904ea48.agentsvc.azure-automation.net"" incidentserialno=205723383 url=""/"" msg=""Network.Service: SSL,"" apprisk=""elevated"" scertcname=""*.azure-automation.net"" scertissuer=""Microsoft RSA TLS CA 01"" May 19 16:23:57 10.150.160.13 date=2023-05-19 time=16:23:58 devname=""fw1-test-lv-external"" devid=""ABC1K5DT918800482"" eventtime=1684538639125610717 tz=""-0700"" logid=""0000000020"" type=""traffic"" subtype=""forward"" level=""notice"" vd=""PRODUCTION"" srcip=10.150.161.11 srcport=63392 srcintf=""ABCTCORPO3.3052"" srcintfrole=""lan"" dstip=208.11.121.76 dstport=53 dstintf=""ABCTINTPO1.3053"" dstintfrole=""wan"" srccountry=""Reserved"" dstcountry=""United States"" sessionid=547134202 proto=17 action=""accept"" policyid=247 policytype=""policy"" poluuid=""07588088-f351-51ec-153c-4a07e49c5818"" policyname=""Microsoft DNS to Umbrella"" service=""DNS"" trandisp=""snat"" transip=38.70.139.3 transport=63392 duration=145 sentbyte=230 rcvdbyte=382 sentpkt=3 rcvdpkt=3 appcat=""unscanned"" sentdelta=230 rcvddelta=382 srchwvendor=""Cisco"" devtype=""Network"" srcfamily=""AP"" osname=""Cisco IOS"" mastersrcmac=""12:12:12:12:dc:27"" srcmac=""12:12:12:12:dc:27"" srcserver=0 Apr 29 11:08:16 10.150.148.52 date=2023-04-29 time=11:08:17 devname=""ABCZWPFWFTG-B"" devid=""ABCVM8V0000158159"" eventtime=1682791697444603820 tz=""-0700"" logid=""1059028704"" type=""utm"" subtype=""app-ctrl"" eventtype=""signature"" level=""information"" vd=""root"" appid=40568 srcip=45.42.34.136 dstip=10.150.148.104 srcport=60638 dstport=443 srcintf=""port1"" srcintfrole=""wan"" dstintf=""port5"" dstintfrole=""dmz"" proto=6 service=""SSL"" direction=""incoming"" policyid=10 sessionid=4976049 applist=""PROD-APPCTRL-AZURE"" action=""pass"" appcat=""Web.Client"" app=""HTTPS.BROWSER"" hostname=""www.testdata.com"" incidentserialno=205723390 url=""/"" msg=""Web.Client: HTTPS.BROWSER,"" apprisk=""medium"" scertcname=""www.testdata.com"" May 19 16:25:35 10.132.119.14 date=2023-05-19 time=16:25:36 devname=""FW1-testMAIN-ABCT01"" devid=""ABCT3KD3Z17800372"" eventtime=1684538737153322514 tz=""-0700"" logid=""0000000020"" type=""traffic"" subtype=""forward"" level=""notice"" vd=""PRODUCTION"" srcip=10.151.143.4 srcport=50423 srcintf=""port4"" srcintfrole=""lan"" dstip=52.111.145.1 dstport=443 dstintf=""port3"" dstintfrole=""undefined"" srccountry=""Reserved"" dstinetsvc=""Microsoft-Office365"" dstcountry=""United States"" dstregion=""California"" dstcity=""San Jose"" dstreputation=5 sessionid=3673596551 proto=6 action=""accept"" policyid=10045 policytype=""policy"" poluuid=""96f15028-15d6-51e9-6b81-d98bf1466b99"" user=""JULLOPEZ"" authserver=""FSSO_PSR"" service=""Microsoft-Office365"" trandisp=""snat"" transip=199.68.152.135 transport=50423 appid=41468 app=""Microsoft.Office.365.Portal"" appcat=""Collaboration"" apprisk=""elevated"" applist=""Edge-Prod-Block-Mode-P2P_PROXY"" duration=30553 sentbyte=94401 rcvdbyte=112203 sentpkt=1052 rcvdpkt=1539 sentdelta=254 rcvddelta=230 May 19 16:26:00 10.150.160.13 date=2023-05-19 time=16:26:01 devname=""fw1-test-lv-external"" devid=""ABC1K5DT918800482"" eventtime=1684538762118706615 tz=""-0700"" logid=""0000000020"" type=""traffic"" subtype=""forward"" level=""notice"" vd=""PRODUCTION"" srcip=10.150.106.11 srcport=54254 srcintf=""ABCTCORPO3.3052"" srcintfrole=""lan"" dstip=17.188.143.10 dstport=443 dstintf=""ABCTINTPO1.3053"" dstintfrole=""wan"" srccountry=""Reserved"" dstcountry=""United States"" sessionid=513091673 proto=6 action=""accept"" policyid=83 policytype=""policy"" poluuid=""2k2k2-b4c8-51e9-512e-62cf5b7e3bcd"" policyname=""Internal Server Nets Outbound"" service=""HTTPS"" trandisp=""snat"" transip=38.70.139.3 transport=54254 appid=42662 app=""Apple.Services"" appcat=""General.Interest"" apprisk=""elevated"" applist=""PROD-APPCTRL_LV-EXT"" appact=""detected"" duration=686309 sentbyte=22070530 rcvdbyte=14199406 sentpkt=279649 rcvdpkt=148924 sentdelta=3600 rcvddelta=2352 srchwvendor=""Cisco"" devtype=""Network"" srcfamily=""AP"" osname=""Cisco IOS"" mastersrcmac=""12:12:12:12:dc:27"" srcmac=""12:12:12:12:dc:27"" srcserver=0 May 19 16:26:59 10.151.129.106 date=2023-05-19 time=16:27:00 devname=""FW1-testPSR-DC"" devid=""ABCT3KD3Z17800305"" eventtime=1684538820421783095 tz=""-0700"" logid=""0000000013"" type=""traffic"" subtype=""forward"" level=""notice"" vd=""DataCenter"" srcip=10.151.110.100 srcname=""PSRPSOLAPP01.test.NET"" identifier=2875 srcintf=""Enterprise_ACI"" srcintfrole=""wan"" dstip=10.132.116.4 dstname=""10.132.116.4"" dstintf=""Enterprise"" dstintfrole=""lan"" srccountry=""Reserved"" dstcountry=""Reserved"" sessionid=3796675657 proto=1 action=""accept"" policyid=10654 policytype=""policy"" poluuid=""6ddcbe16-9058-51ec-2052-64e35cf6fddc"" policyname=""Solarwinds Catch-ALL"" user=""SVC-SOLARWINDS-IPAM"" authserver=""FSSO_PSR"" service=""PING"" trandisp=""noop"" duration=60 sentbyte=59 rcvdbyte=59 sentpkt=1 rcvdpkt=1 appcat=""unscanned"" May 19 16:33:13 10.150.148.52 date=2023-05-19 time=16:33:14 devname=""ABCZWPFWFTG-B"" devid=""ABCVM8V0000158159"" eventtime=1684539194871377700 tz=""-0700"" logid=""0000000013"" type=""traffic"" subtype=""forward"" level=""notice"" vd=""root"" srcip=10.151.100.36 identifier=18877 srcintf=""TUNNEL_SCH"" srcintfrole=""undefined"" dstip=10.150.148.52 dstintf=""port2"" dstintfrole=""lan"" srccountry=""Reserved"" dstcountry=""Reserved"" sessionid=105443335 proto=1 action=""accept"" policyid=8 policytype=""policy"" poluuid=""06d7ce0e-e8ae-51ed-b77f-59e907ddba86"" policyname=""test TO AZURE LAN"" service=""icmp/8/0"" trandisp=""noop"" appid=24466 app=""Ping"" appcat=""Network.Service"" apprisk=""elevated"" applist=""PROD-APPCTRL-AZURE"" duration=60 sentbyte=84 rcvdbyte=84 sentpkt=1 rcvdpkt=1 vpn=""TUNNEL_SCH"" vpntype=""ipsec-static"" utmaction=""allow"" countapp=1 masterdstmac=""12:12:12:12:9a:bc"" dstmac=""12:12:12:12:9a:bc"" dstserver=1 "; RegexOptions options = RegexOptions.Multiline; foreach (Match m in Regex.Matches(input, pattern, options)) { Console.WriteLine("'{0}' found at index {1}.", m.Value, m.Index); } } }

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for C#, please visit: https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex(v=vs.110).aspx