Regular Expressions 101

Save & Share

  • Regex Version: ver. 4
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

r"
"
g

Test String

Code Generator

Language

Generated Code

using System; using System.Text.RegularExpressions; public class Example { public static void Main() { string pattern = @"CEF:(?<cef_cefVersion>\d+)\|(?<deviceVendor>[^|]*)\|(?<deviceProduct>[^|]*)\|(?<deviceVersion>[^|]*)\|(?<deviceEventClassId>[^|]*)\|(?<name>[^|]*)\|(?<severity>[^|]*)"; string input = @"CEF:0|NombreDeFabricante|NombreDeProducto|1.0|IdentificadorTipoEvento|NombreEvento|High| eventId=6642904107 type=2 mrt=1435653826633 sessionId=0 generatorID=qn7nr00BABCAAWmHK722fQ\=\= catdt=Sinkhole modelConfidence=0 severity=0 relevance=10 assetCriticality=0 priority=3 art=1435653847001 cat=Bot deviceSeverity=Warning act=Mevade rt=1435653777000 shost=HostOrigen src=IPOrigen sourceZoneID=MfdHjJR0BABCAT9DSiOoDxQ\=\= sourceZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/62.0.0.0-62.255.255.255 (RIPE NCC) sourceGeoCountryCode=ES sourceGeoLocationInfo=NombreCiudad slong=-3.xxx slat=43.xxx sourceGeoPostalCode=xxxxx sourceGeoRegionCode=xx dhost=HostDestino dst=IPDestino destinationZoneID=Mokee5CcBABCGKZ5Updd27g\=\= destinationZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/193.0.0.0-195.255.255.255 (RIPE NCC) dpt=80 destinationGeoCountryCode=PT destinationGeoLocationInfo=NombreCiudad dlong=-9.xxx dlat=38.xxx destinationGeoPostalCode=xxx destinationGeoRegionCode=xx fname=Conexiones maliciosas filePath=/Ruta al fname/Conexiones maliciosas fileType=Rule request=http://HostDestino/policy ruleThreadId=SeiiQ04BABD9xHYRcACZnw\=\= cs1=Unknown cs2=<Resource URI\=""/xxxxxxxxxxx/Conexiones maliciosas"" ID\=""5ATikaUQBABDArjxMSXCuNQ\=\=""/> cs6=CFYDHANP cn1=6739 flexNumber1=8 locality=1 cs1Label=Nombre ASN cs2Label=Configuration Resource ahost=xxxx.incibe.es agt=xxx.xxx.xxx.xxx av=5.1.2.5857.0 atz=Europe/Madrid aid=qn7nr00BABCAAWmHK722fQ\=\= at=superagent_ng dvchost=xxxx.incibe.es dvc=xxx.xxx.xxx.xxx deviceZoneID=Mbp432AABABCDUVpYAT3UdQ\=\= deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 172.16.0.0-172.31.255.255 deviceZoneExternalID=RFC1918: 172.16.0.0-172.31.255.255 deviceAssetId=4W0dT8T4BABCAV5TwjQThbw\=\= dtz=Europe/Madrid deviceFacility=Rules Engine eventAnnotationStageUpdateTime=1435653827604 eventAnnotationModificationTime=1435653827604 eventAnnotationAuditTrail=1,1435635335503,root,Queued,,,,\n eventAnnotationVersion=1 eventAnnotationFlags=0 eventAnnotationEndTime=1435653777000 eventAnnotationManagerReceiptTime=1435653826633 _cefVer=0.1 ad.arcSightEventPath=3PUhT8T4BABCAYJTwjQThbw\=\= baseEventIds=6642903984 CEF:0|NombreDeFabricante|NombreDeProducto|1.0|IdentificadorTipoEvento|NombreEvento|High| eventId=6642904107 type=2 mrt=1435653826633 sessionId=0 generatorID=qn7nr00BABCAAWmHK722fQ\=\= catdt=Sinkhole modelConfidence=0 severity=0 relevance=10 assetCriticality=0 priority=3 art=1435653847001 cat=Bot deviceSeverity=Warning act=Mevade rt=1435653777000 shost=HostOrigen src=IPOrigen sourceZoneID=MfdHjJR0BABCAT9DSiOoDxQ\=\= sourceZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/62.0.0.0-62.255.255.255 (RIPE NCC) sourceGeoCountryCode=ES sourceGeoLocationInfo=NombreCiudad slong=-3.xxx slat=43.xxx sourceGeoPostalCode=xxxxx sourceGeoRegionCode=xx dhost=HostDestino dst=IPDestino destinationZoneID=Mokee5CcBABCGKZ5Updd27g\=\= destinationZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/193.0.0.0-195.255.255.255 (RIPE NCC) dpt=80 destinationGeoCountryCode=PT destinationGeoLocationInfo=NombreCiudad dlong=-9.xxx dlat=38.xxx destinationGeoPostalCode=xxx destinationGeoRegionCode=xx fname=Conexiones maliciosas filePath=/Ruta al fname/Conexiones maliciosas fileType=Rule request=http://HostDestino/policy ruleThreadId=SeiiQ04BABD9xHYRcACZnw\=\= cs1=Unknown cs2=<Resource URI\=""/xxxxxxxxxxx/Conexiones maliciosas"" ID\=""5ATikaUQBABDArjxMSXCuNQ\=\=""/> cs6=CFYDHANP cn1=6739 flexNumber1=8 locality=1 cs1Label=Nombre ASN cs2Label=Configuration Resource ahost=xxxx.incibe.es agt=xxx.xxx.xxx.xxx av=5.1.2.5857.0 atz=Europe/Madrid aid=qn7nr00BABCAAWmHK722fQ\=\= at=superagent_ng dvchost=xxxx.incibe.es dvc=xxx.xxx.xxx.xxx deviceZoneID=Mbp432AABABCDUVpYAT3UdQ\=\= deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 172.16.0.0-172.31.255.255 deviceZoneExternalID=RFC1918: 172.16.0.0-172.31.255.255 deviceAssetId=4W0dT8T4BABCAV5TwjQThbw\=\= dtz=Europe/Madrid deviceFacility=Rules Engine eventAnnotationStageUpdateTime=1435653827604 eventAnnotationModificationTime=1435653827604 eventAnnotationAuditTrail=1,1435635335503,root,Queued,,,,\n eventAnnotationVersion=1 eventAnnotationFlags=0 eventAnnotationEndTime=1435653777000 eventAnnotationManagerReceiptTime=1435653826633 _cefVer=0.1 ad.arcSightEventPath=3PUhT8T4BABCAYJTwjQThbw\=\= baseEventIds=6642903984 "; foreach (Match m in Regex.Matches(input, pattern)) { Console.WriteLine("'{0}' found at index {1}.", m.Value, m.Index); } } }

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for C#, please visit: https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex(v=vs.110).aspx