Last updated: 2019-06-05


RegEx is an Expression Type and extracts a value from a message using a regular expression.

This default extractor loads the entire message into RAM, so make make sure to apply this extraction method on smaller messages only.

Expression Types are used in Search Fields.

How to Configure Search Field Expression.

How to Add or manage Search Field.




Some operations are:

Concatenation, which describes a sequence of sub expressions and matches results with the expression only.

Example: if "h" is the Expression and "how" is the Message Type Data, the result will be that "h" is a match.

Alternatives, which is described by a vertical line, |, is used to match at least one alternative.

Example: "dog|cat" matches both "dog" and "cat".

Iteration, which is described by an asterisk, *, is used to match an expression which is repeated 0 or more times.

Example: "go*gle" has an infinite number of matches which includes: "ggle", "gogle", "google", "gooogle" and so on.

Grouping of expressions, which is done with parentheses.

Example: a(ero|ir)plane will match both aeroplane and airplane.

Matching is described by brackets and uses one of some characters followed by certain characters.

Example: [lsh][]and matches land, sand, and hand.

A dot, ., can be used as all characters.

Example: writing ten dots will give you all unique results with ten different characters in every paragraph.

You can find more expressions here.

Test Expression

You can test an expression when configuring a Search Field in the Test Expression tab.

Test Expression

Next Step

Flat File Fixed Width
Message Context Key