Regular Expressions¶
Regular expressions (a sequence of characters that define a search pattern) are used to match your log event code sequences. See ~training/cheatsheets/regex-cheatsheet-for-mkpy.pdf for more detail; the basics are below
Ordinary characters¶
match themselves 1-1 for each letter, numeral, and white space (white space is in between each event code when we are matching codes in our log files)
Example
1234 matches 1234 but not 1324 or 12 34
Metacharacters¶
define complex patterns using symbols combined with numbers or specifiers
Basic Matching¶
each symbol matches a single character
Example
. = anything (other than line breaks)
\d = digit (0123456789)
^ = not this (i.e., ^1 would match any character, including non-numbers, other than 1)
Square Brackets¶
define a set of characters to match
Example
[123]456 matches 1456 and 2456 and 3456 but not 4456
Backslash Characters¶
match a type of character, e.g., numerals
Example
\d456 and [0123456789]456 are equivalent and would match 1456 and 2456 and so on
Quantifiers¶
specify the number of pattern repetitions to match for the character before it
Example
* = zero or more, 12*3 matches 13 and 123 and 1223 and 12223 and so on
+ = one or more, 12+3 matches 123 and 1223 and 12223 and so on
{3} = exactly 3, 1\d{3}3 matches 10003 and 11113 and 12223 and so on
{1,3} = between 1 and 3, 12{1,3}3 matches 123 and 1223 and 12223 (only)
Parentheses¶
capture a subpattern or group within the pattern
Example
(1234) 56 78 captures the group 1234 that is followed by 56 78
(\d234) 56 78 captures any group of 4 digits ending in 234 followed by 56 78
(\d{4}) captures any group of 4-digits