Regular Expressions 101

Save & Share

  • Regex Version: ver. 1
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

$re = '/\s+CommandLine: net share/m'; $str = 'Time Event 1/21/19 1:48:09.000 PM 01/21/2019 01:48:09 PM LogName=Microsoft-Windows-Sysmon/Operational SourceName=Microsoft-Windows-Sysmon EventCode=1 EventType=4 Type=Information ComputerName=DC01.PurpleHaze.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Process Create (rule: ProcessCreate) OpCode=Info RecordNumber=431111 Keywords=None Message=Process Create: RuleName: UtcTime: 2019-01-21 13:48:09.340 ProcessGuid: {834924C0-CD99-5C45-0000-0010B3DAC700} ProcessId: 4680 Image: C:\\Windows\\SysWOW64\\net1.exe FileVersion: 10.0.14393.0 (rs1_release.160715-1616) Description: Net Command Product: Microsoft® Windows® Operating System Company: Microsoft Corporation CommandLine: C:\\Windows\\system32\\net1 share CurrentDirectory: C:\\Windows\\system32\\ User: NT AUTHORITY\\SYSTEM LogonGuid: {834924C0-3E0A-5C40-0000-0020E7030000} LogonId: 0x3E7 TerminalSessionId: 0 IntegrityLevel: System Hashes: SHA1=382169595D5BBEB535C4575B3EC8CC7E5E933115 ParentProcessGuid: {834924C0-CD99-5C45-0000-00100FDAC700} ParentProcessId: 1540 ParentImage: C:\\Windows\\SysWOW64\\net.exe ParentCommandLine: net share Collapse CommandLine = C:\\Windows\\system32\\net1 share host = DC01 source = WinEventLog:Microsoft-Windows-Sysmon/Operational sourcetype = WinEventLog:Microsoft-Windows-Sysmon/Operational 1/21/19 1:48:09.000 PM 01/21/2019 01:48:09 PM LogName=Microsoft-Windows-Sysmon/Operational SourceName=Microsoft-Windows-Sysmon EventCode=1 EventType=4 Type=Information ComputerName=DC01.PurpleHaze.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Process Create (rule: ProcessCreate) OpCode=Info RecordNumber=431110 Keywords=None Message=Process Create: RuleName: UtcTime: 2019-01-21 13:48:09.330 ProcessGuid: {834924C0-CD99-5C45-0000-00100FDAC700} ProcessId: 1540 Image: C:\\Windows\\SysWOW64\\net.exe FileVersion: 10.0.14393.0 (rs1_release.160715-1616) Description: Net Command Product: Microsoft® Windows® Operating System Company: Microsoft Corporation CommandLine: net share CurrentDirectory: C:\\Windows\\system32\\ User: NT AUTHORITY\\SYSTEM LogonGuid: {834924C0-3E0A-5C40-0000-0020E7030000} LogonId: 0x3E7 TerminalSessionId: 0 IntegrityLevel: System Hashes: SHA1=B160F4462A4728BEC8FA053B99709622A4B4DD20 ParentProcessGuid: {834924C0-C9D7-5C45-0000-0010FCA2C500} ParentProcessId: 3064 ParentImage: C:\\Windows\\SysWOW64\\cmd.exe ParentCommandLine: C:\\Windows\\system32\\cmd.exe Collapse CommandLine = net share host = DC01 source = WinEventLog:Microsoft-Windows-Sysmon/Operational sourcetype = WinEventLog:Microsoft-Windows-Sysmon/Operational'; preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0); // Print the entire match result var_dump($matches);

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php