Regular Expressions 101

Save & Share

  • Regex Version: ver. 4
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

r"
"
g

Test String

Code Generator

Language

Generated Code

re = /CEF:(?<cef_cefVersion>\d+)\|(?<deviceVendor>[^|]*)\|(?<deviceProduct>[^|]*)\|(?<deviceVersion>[^|]*)\|(?<deviceEventClassId>[^|]*)\|(?<name>[^|]*)\|(?<severity>[^|]*)/ str = 'CEF:0|NombreDeFabricante|NombreDeProducto|1.0|IdentificadorTipoEvento|NombreEvento|High| eventId=6642904107 type=2 mrt=1435653826633 sessionId=0 generatorID=qn7nr00BABCAAWmHK722fQ\\=\\= catdt=Sinkhole modelConfidence=0 severity=0 relevance=10 assetCriticality=0 priority=3 art=1435653847001 cat=Bot deviceSeverity=Warning act=Mevade rt=1435653777000 shost=HostOrigen src=IPOrigen sourceZoneID=MfdHjJR0BABCAT9DSiOoDxQ\\=\\= sourceZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/62.0.0.0-62.255.255.255 (RIPE NCC) sourceGeoCountryCode=ES sourceGeoLocationInfo=NombreCiudad slong=-3.xxx slat=43.xxx sourceGeoPostalCode=xxxxx sourceGeoRegionCode=xx dhost=HostDestino dst=IPDestino destinationZoneID=Mokee5CcBABCGKZ5Updd27g\\=\\= destinationZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/193.0.0.0-195.255.255.255 (RIPE NCC) dpt=80 destinationGeoCountryCode=PT destinationGeoLocationInfo=NombreCiudad dlong=-9.xxx dlat=38.xxx destinationGeoPostalCode=xxx destinationGeoRegionCode=xx fname=Conexiones maliciosas filePath=/Ruta al fname/Conexiones maliciosas fileType=Rule request=http://HostDestino/policy ruleThreadId=SeiiQ04BABD9xHYRcACZnw\\=\\= cs1=Unknown cs2=<Resource URI\\="/xxxxxxxxxxx/Conexiones maliciosas" ID\\="5ATikaUQBABDArjxMSXCuNQ\\=\\="/> cs6=CFYDHANP cn1=6739 flexNumber1=8 locality=1 cs1Label=Nombre ASN cs2Label=Configuration Resource ahost=xxxx.incibe.es agt=xxx.xxx.xxx.xxx av=5.1.2.5857.0 atz=Europe/Madrid aid=qn7nr00BABCAAWmHK722fQ\\=\\= at=superagent_ng dvchost=xxxx.incibe.es dvc=xxx.xxx.xxx.xxx deviceZoneID=Mbp432AABABCDUVpYAT3UdQ\\=\\= deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 172.16.0.0-172.31.255.255 deviceZoneExternalID=RFC1918: 172.16.0.0-172.31.255.255 deviceAssetId=4W0dT8T4BABCAV5TwjQThbw\\=\\= dtz=Europe/Madrid deviceFacility=Rules Engine eventAnnotationStageUpdateTime=1435653827604 eventAnnotationModificationTime=1435653827604 eventAnnotationAuditTrail=1,1435635335503,root,Queued,,,,\\n eventAnnotationVersion=1 eventAnnotationFlags=0 eventAnnotationEndTime=1435653777000 eventAnnotationManagerReceiptTime=1435653826633 _cefVer=0.1 ad.arcSightEventPath=3PUhT8T4BABCAYJTwjQThbw\\=\\= baseEventIds=6642903984 CEF:0|NombreDeFabricante|NombreDeProducto|1.0|IdentificadorTipoEvento|NombreEvento|High| eventId=6642904107 type=2 mrt=1435653826633 sessionId=0 generatorID=qn7nr00BABCAAWmHK722fQ\\=\\= catdt=Sinkhole modelConfidence=0 severity=0 relevance=10 assetCriticality=0 priority=3 art=1435653847001 cat=Bot deviceSeverity=Warning act=Mevade rt=1435653777000 shost=HostOrigen src=IPOrigen sourceZoneID=MfdHjJR0BABCAT9DSiOoDxQ\\=\\= sourceZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/62.0.0.0-62.255.255.255 (RIPE NCC) sourceGeoCountryCode=ES sourceGeoLocationInfo=NombreCiudad slong=-3.xxx slat=43.xxx sourceGeoPostalCode=xxxxx sourceGeoRegionCode=xx dhost=HostDestino dst=IPDestino destinationZoneID=Mokee5CcBABCGKZ5Updd27g\\=\\= destinationZoneURI=/All Zones/ArcSight System/Public Address Space Zones/RIPE NCC/193.0.0.0-195.255.255.255 (RIPE NCC) dpt=80 destinationGeoCountryCode=PT destinationGeoLocationInfo=NombreCiudad dlong=-9.xxx dlat=38.xxx destinationGeoPostalCode=xxx destinationGeoRegionCode=xx fname=Conexiones maliciosas filePath=/Ruta al fname/Conexiones maliciosas fileType=Rule request=http://HostDestino/policy ruleThreadId=SeiiQ04BABD9xHYRcACZnw\\=\\= cs1=Unknown cs2=<Resource URI\\="/xxxxxxxxxxx/Conexiones maliciosas" ID\\="5ATikaUQBABDArjxMSXCuNQ\\=\\="/> cs6=CFYDHANP cn1=6739 flexNumber1=8 locality=1 cs1Label=Nombre ASN cs2Label=Configuration Resource ahost=xxxx.incibe.es agt=xxx.xxx.xxx.xxx av=5.1.2.5857.0 atz=Europe/Madrid aid=qn7nr00BABCAAWmHK722fQ\\=\\= at=superagent_ng dvchost=xxxx.incibe.es dvc=xxx.xxx.xxx.xxx deviceZoneID=Mbp432AABABCDUVpYAT3UdQ\\=\\= deviceZoneURI=/All Zones/ArcSight System/Private Address Space Zones/RFC1918: 172.16.0.0-172.31.255.255 deviceZoneExternalID=RFC1918: 172.16.0.0-172.31.255.255 deviceAssetId=4W0dT8T4BABCAV5TwjQThbw\\=\\= dtz=Europe/Madrid deviceFacility=Rules Engine eventAnnotationStageUpdateTime=1435653827604 eventAnnotationModificationTime=1435653827604 eventAnnotationAuditTrail=1,1435635335503,root,Queued,,,,\\n eventAnnotationVersion=1 eventAnnotationFlags=0 eventAnnotationEndTime=1435653777000 eventAnnotationManagerReceiptTime=1435653826633 _cefVer=0.1 ad.arcSightEventPath=3PUhT8T4BABCAYJTwjQThbw\\=\\= baseEventIds=6642903984 ' # Print the match result str.scan(re) do |match| puts match.to_s end

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Ruby, please visit: http://ruby-doc.org/core-2.2.0/Regexp.html