Regular Expressions 101

Save & Share

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
g

Test String

Code Generator

Language

Generated Code

#include <StringConstants.au3> ; to declare the Constants of StringRegExp #include <Array.au3> ; UDF needed for _ArrayDisplay and _ArrayConcatenate Local $sRegex = "Audit (?P<audit_outcome>Success|Failure),(?P<log_date>.*)\s+(?P<log_time>.*),Microsoft-Windows-Security-Auditing,(?P<event_id>\d+),(?P<category>.*),(?P<event_message>.*)\s+Subject:\s+Security ID:\s+(?P<subject_security_id>.*)\s+Account Name:\s+(?P<subject_account_name>.*)\s+Account Domain:\s+(?P<subject_account_domain>.*)\s+Logon ID:\s+(?P<subject_logon_id>.*)\s+Process Information:\s+Process ID:\s+(?P<PI_process_id>.*)\s+Name:\s+(?P<PI_name>.*)\s+Previous Time:\s+(?P<previous_time>.*)\s+New Time:\s+(?P<new_time>.*)\s+(?P<audit_message>.*)" Local $sString = "Audit Success,29/08/2017 09:42:50,Microsoft-Windows-Security-Auditing,4616,Security State Change,"The system time was changed." & @CRLF & _ "" & @CRLF & _ "Subject:" & @CRLF & _ " Security ID: LOCAL SERVICE" & @CRLF & _ " Account Name: LOCAL SERVICE" & @CRLF & _ " Account Domain: NT AUTHORITY" & @CRLF & _ " Logon ID: 0x3E5" & @CRLF & _ "" & @CRLF & _ "Process Information:" & @CRLF & _ " Process ID: 0x3e8" & @CRLF & _ " Name: C:\Windows\System32\svchost.exe" & @CRLF & _ "" & @CRLF & _ "Previous Time: ‎2017‎-‎08‎-‎29T01:42:49.858143700Z" & @CRLF & _ "New Time: ‎2017‎-‎08‎-‎29T01:42:49.520000000Z" & @CRLF & _ "" & @CRLF & _ "This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer."" Local $aArray = StringRegExp($sString, $sRegex, $STR_REGEXPARRAYGLOBALFULLMATCH) Local $aFullArray[0] For $i = 0 To UBound($aArray) -1 _ArrayConcatenate($aFullArray, $aArray[$i]) Next $aArray = $aFullArray ; Present the entire match result _ArrayDisplay($aArray, "Result")

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for AutoIt, please visit: https://www.autoitscript.com/autoit3/docs/functions/StringRegExp.htm