Regular Expressions 101

Save & Share

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
s

Test String

Code Generator

Language

Generated Code

#include <StringConstants.au3> ; to declare the Constants of StringRegExp #include <Array.au3> ; UDF needed for _ArrayDisplay and _ArrayConcatenate Local $sRegex = "(?s)Subject:.+?Security ID:\t{1,}(?<mswin_security_id>.+?)\n" Local $sString = "{ [-]" & @CRLF & _ " @timestamp: 2021-01-13T14:30:13.835Z" & @CRLF & _ " @version: 1" & @CRLF & _ " cloud_service_name: MOS-WIN" & @CRLF & _ " id: fd5c4ce8-b5cb-4cb4-a1e5-82c7e531673d" & @CRLF & _ " log_entry: An account was successfully logged on." & @CRLF & _ "" & @CRLF & _ "Subject:" & @CRLF & _ " Security ID: S-1-5-18" & @CRLF & _ " Account Name: PT1-X-CHRDB-1$" & @CRLF & _ " Account Domain: DRACO910" & @CRLF & _ " Logon ID: 0x3E7" & @CRLF & _ "" & @CRLF & _ "Logon Information:" & @CRLF & _ " Logon Type: 44" & @CRLF & _ " Restricted Admin Mode: -" & @CRLF & _ " Virtual Account: No" & @CRLF & _ " Elevated Token: Yes" & @CRLF & _ "" & @CRLF & _ "Impersonation Level: Impersonation" & @CRLF & _ "" & @CRLF & _ "New Logon:" & @CRLF & _ " Security ID: S-1-5-21-3515936613-886961063-2664560780-6781" & @CRLF & _ " Account Name: ABB-ESC-9e8ec" & @CRLF & _ " Account Domain: DRACO910" & @CRLF & _ " Logon ID: 0xF0D94929" & @CRLF & _ " Linked Logon ID: 0x0" & @CRLF & _ " Network Account Name: -" & @CRLF & _ " Network Account Domain: -" & @CRLF & _ " Logon GUID: {6D3F87DE-7E78-7F6F-EF45-BFC1FC1C1BFE}" & @CRLF & _ "" & @CRLF & _ "Process Information:" & @CRLF & _ " Process ID: 0x1b0" & @CRLF & _ " Process Name: C:\Program Files\EMC NetWorker\nsr\bin\nsrexecd.exe" & @CRLF & _ "" & @CRLF & _ "Network Information:" & @CRLF & _ " Workstation Name: PT1-X-CHRDB-1" & @CRLF & _ " Source Network Address: -" & @CRLF & _ " Source Port: -" & @CRLF & _ "" & @CRLF & _ "Detailed Authentication Information:" & @CRLF & _ " Logon Process: Advapi " & @CRLF & _ " Authentication Package: Negotiate" & @CRLF & _ " Transited Services: -" & @CRLF & _ " Package Name (NTLM only): -" & @CRLF & _ " Key Length: 0" & @CRLF & _ "" & @CRLF & _ "This event is generated when a logon session is created. It is generated on the computer that was accessed." & @CRLF & _ "" & @CRLF & _ "The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe." & @CRLF & _ "" & @CRLF & _ "The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network)." & @CRLF & _ "" & @CRLF & _ "The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on." & @CRLF & _ "" & @CRLF & _ "The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases." & @CRLF & _ "" & @CRLF & _ "The impersonation level field indicates the extent to which a process in the logon session can impersonate." & @CRLF & _ "" & @CRLF & _ "The authentication information fields provide detailed information about this specific logon request." & @CRLF & _ " - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event." & @CRLF & _ " - Transited services indicate which intermediate services have participated in this logon request." & @CRLF & _ " - Package name indicates which sub-protocol was used among the NTLM protocols." & @CRLF & _ " - Key length indicates the length of the generated session key. This will be 0 if no session key was requested." & @CRLF & _ " log_type: SECURITY" & @CRLF & _ " tenant_name: draco-910" & @CRLF & _ " timestamp: 2021-01-13T14:30:08.442Z" & @CRLF & _ " version: 1.0" & @CRLF & _ "}" Local $aArray = StringRegExp($sString, $sRegex, $STR_REGEXPARRAYFULLMATCH) ; Present the entire match result _ArrayDisplay($aArray, "Result")

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for AutoIt, please visit: https://www.autoitscript.com/autoit3/docs/functions/StringRegExp.htm