Regular Expressions 101

Save & Share

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8

Function

  • Match
  • Substitution
  • List
  • Unit Tests
/
^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) date=(?<forti_date>[^ ]*) time=(?<forti_time>[^ ]*) devname=(?<dev_name>[^ ]*) device_id=(?<dev_id>[^ ]*) log_id=(?<log_id>[^ ]*) type=(?<type>[^ ]*) subtype=(?<subtype>[^ ]*) pri=(?<pri>[^ ]*) vd=(?<vd>[^ ]*) src=(?<src>[^ ]*) src_port=(?<src_port>[^ ]*) src_int="(?<src_int>[^ ]*)" dst=(?<dst>[^ ]*) dst_port=(?<dst_port>[^ ]*) dst_int="(?<dst_int>[^ ]*)" SN=(?<SN>[^ ]*) status=(?<status>[^ ]*) policyid=(?<policy_id>[^ ]*) dst_country="(?<dst_country>[^ ]*)" src_country="(?<src_country>[^ ]*)" service=(?<service>[^ ]*) proto=(?<proto>[^ ]*) duration=(?<duration>[^ ]*) sent=(?<sent>[^ ]*) rcvd=(?<rcvd>[^ ]*)$
/
^ asserts position at start of the string
Named Capture Group time
(?<time>[^ ]* [^ ]* [^ ]*)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
Named Capture Group host
(?<host>[^ ]*)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
date=
matches the characters date= literally (case sensitive)
Named Capture Group forti_date
(?<forti_date>[^ ]*)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
time=
matches the characters time= literally (case sensitive)
Named Capture Group forti_time
(?<forti_time>[^ ]*)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
devname=
matches the characters devname= literally (case sensitive)
Named Capture Group dev_name
(?<dev_name>[^ ]*)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
device_id=
matches the characters device_id= literally (case sensitive)
Named Capture Group dev_id
(?<dev_id>[^ ]*)
Match a single character not present in the list below
[^ ]
* matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)
matches the character with index 3210 (2016 or 408) literally (case sensitive)
log_id=
matches the characters log_id= literally (case sensitive)
Named Capture Group log_id
(?<log_id>[^ ]*)
type=
matches the characters type= literally (case sensitive)
Named Capture Group type
(?<type>[^ ]*)
subtype=
matches the characters subtype= literally (case sensitive)
Named Capture Group subtype
(?<subtype>[^ ]*)
pri=
matches the characters pri= literally (case sensitive)
Named Capture Group pri
(?<pri>[^ ]*)
vd=
matches the characters vd= literally (case sensitive)
Named Capture Group vd
(?<vd>[^ ]*)
src=
matches the characters src= literally (case sensitive)
Named Capture Group src
(?<src>[^ ]*)
src_port=
matches the characters src_port= literally (case sensitive)
Named Capture Group src_port
(?<src_port>[^ ]*)
src_int="
matches the characters src_int=" literally (case sensitive)
Named Capture Group src_int
(?<src_int>[^ ]*)
" dst=
matches the characters " dst= literally (case sensitive)
Named Capture Group dst
(?<dst>[^ ]*)
dst_port=
matches the characters dst_port= literally (case sensitive)
Named Capture Group dst_port
(?<dst_port>[^ ]*)
dst_int="
matches the characters dst_int=" literally (case sensitive)
Named Capture Group dst_int
(?<dst_int>[^ ]*)
" SN=
matches the characters " SN= literally (case sensitive)
Named Capture Group SN
(?<SN>[^ ]*)
status=
matches the characters status= literally (case sensitive)
Named Capture Group status
(?<status>[^ ]*)
policyid=
matches the characters policyid= literally (case sensitive)
Named Capture Group policy_id
(?<policy_id>[^ ]*)
dst_country="
matches the characters dst_country=" literally (case sensitive)
Named Capture Group dst_country
(?<dst_country>[^ ]*)
" src_country="
matches the characters " src_country=" literally (case sensitive)
Named Capture Group src_country
(?<src_country>[^ ]*)
" service=
matches the characters " service= literally (case sensitive)
Named Capture Group service
(?<service>[^ ]*)
proto=
matches the characters proto= literally (case sensitive)
Named Capture Group proto
(?<proto>[^ ]*)
duration=
matches the characters duration= literally (case sensitive)
Named Capture Group duration
(?<duration>[^ ]*)
sent=
matches the characters sent= literally (case sensitive)
Named Capture Group sent
(?<sent>[^ ]*)
rcvd=
matches the characters rcvd= literally (case sensitive)
Named Capture Group rcvd
(?<rcvd>[^ ]*)
$ asserts position at the end of the string, or before the line terminator right at the end of the string (if any)
Your regular expression does not match the subject string.Try launching the debugger to find out why.

Regular Expression
No Match

/
/

Test String