We Keep Coding

Regex: select the XML messages and time stamp from the log

I am going to streaming the logs in to nxlog, i need to push xml messages in to nexlog server, To select the XML message:
(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3})(.*)(my sentence 1....|my sentence 2 : [\S+\s+]*>\n)(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3})
But I am not able to select all XML messages from logs
https://regex101.com/r/iA8qE5/5

In your regex you have to close the alternation using ) after:
(Message Picked from the queue....|Response Message :
Using a + inside the character class would have a different meaning and would match a plus sign literally. The plus is greedy so you have to make it non greedy using a question mark to let [\S\s]+ not match all lines.
Update [\S+\s+]*>\n)
to
)([\S\s]+?>)\n
Your match is in the 4th capturing group.
(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3})(.*)(Message Picked from the queue....|Response Message : )([\S\s]+?>)\n(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3})
Regex demo
Not that if you don't need all the capturing groups, you can also omit them and take only the first capturing group (Demo)

it capture date from starting line, message and xml. it using gms flag, Demo
^([\d-\.\s\:]+)\s.*?-\s([\w\s:\.]+)(<\w+.*?)\n\d{4}
date and xml only
^([\d-\.\s\:]+)\s.*?(<\w+.*?)\n\d{4}

how to match all the strings having a particular pattern between two other strings using regex

I want to extract all strings from "Timestamp:" to "Parameter"
If I encounter any String ending with "Exception:" between "a\n" to "site" where '-' is the character preceding "\nTimestamp"
Input:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Timestamp: 8/10/2017 3:11:53 AM
Message: System.ArgumentNullException: site parameter is missing from distributed cache namespace
Parameter name: site
Output:
Timestamp: 8/10/2017 3:11:53 AM
Message: System.ArgumentNullException: site parameter is missing from distributed cache namespace
Basically, I want to detect any Exception in my .log file and show the Timestamp when that exception occured. Would be happy if the regex works from the Windows Command Line. Thank you.

you can use the regex
(Timestamp.*\n*.*Exception.*\n*)(?=Parameter)
which would capture your result in the first group, see the demo here

Here's a regex that'll capture the timestamp and the message content in capture group 1 & 2 :
/^Timestamp:\s*(.*)$\s*Message:\s*(.*)$/gm
You can test it here
Example of powershell running the regex on the command line for a file "test.txt":
powershell -Command "$f=[io.file]::ReadAllText('test.txt'); $f |Select-String '(?m)^Timestamp:\s*(.*)$\s*Message:\s*(.*)$' -AllMatches |%{$_.Matches}|%{$_.Groups[1].Value+': '+$_.Groups[2].Value}"

regex selecting multiple field

From the following example pattern, I want to select the first 3 entries in the line.
Say:
timestamp
hostname
the first word after the hostname
Example pattern:
2017-04-24T09:20:01.687387+00:00 aabvabcw74.def.co.uk hostd-probe: lacp: DEBUG]:147, Recv signal 15, LACP service is about to stop
2017-04-24T09:20:01.687387+00:00 aacdefabcw74.def.co.uk hostd-probe: lacp: DEBUG]:147, Recv signal 15, LACP service is about to stop
I have used following regex and it worked fine.
REGEX 1 - ^(?:[^\s]\s){1}([^\s]) - to select the timestamp and hostname.
REGEX 2 - ^(?:[^\s]*\s){2}([^\s]\w+) - to select the word after the hostname.
2017-04-24T09:20:01.687387+00:00 hostd probing is done Fdm: sslThumbprint>95:43:64:71:A3:60:D8:17:C8:6F:68:83:92:CE:E4:3B:53:4E:1D:AD10.199.6.5a2:0e:09:01:0a:00a2:0e:09:01:0b:01/vmfs/volumes/b01f388c-aaa4889f/vmfs/volumes/6ad2d8d7-86746df14435.5.03568722host-619286aabvabcs16.def.co.uk
But the above log has created the problem, as it is not in a standard syslog format it has picked "hostd" as the hostname.
I would like to have regex which need to select the logs which has timestamp as the first entry, hostname as second entry (it always ends with.def.co.uk) and if it satisfies both then select the 3rd entry.
How can I achieve this?

^(\S+[^\s])\s(\w+\.def.co.uk)\s(.+?)\s Demo
Break down :
(\S+[^\s])\s capture out date and timestamp, and leave out the space after it
(\w+\.def.co.uk)\s capture only if it contains something.def.co.uk, and leave the space out again
(.+)? non greedily capture the first word (assuming word means no space in between
EDIT :
Unless you also want the date and time to be in their own capture groups, then it should be like this:
^(\S+)(T\S+)\s(\w+\.def.co.uk)\s(.+?)\s
Hope this helps!

Regex get the word after match

I have a log file.
In the log file I have a lot of lines and each line contain something like this:
<h4>adi</h4><small>08/02/2015 11:14:16</small>
The name between h4 tag different in every line also the time
I want to catch, using regex the time and the date in the line where I can find the name "adi", and as I said, there is only one line contains the name "adi".
Btw - the log is html.

This matches your target input:
(?<=^<h4>adi</h4><small>)[^<]+
See live demo.

Warning:Proceed with caution. Regex is not supposed to be used for HTML parsing.Use a parser instead!
(?<=adi</h4>\s*<small>)[^<]+

Regex to get timestamp even if it starts with newline

I am trying to get each timestamp in a log entries using this regex:
/^\d{4}\-\d{2}\-\d{2} \d{2}\:\d{2}\:\d{2}/
However in this sample, I am not able to get the second entry. I suspect that it is because of the second has \r\n.
YYYY-MM-DD HH:II:SS log message here
cont.
cont.
YYYY-MM-DD HH:II:SS log message here

It depends on the regexp flavor you use, for example if it's javascript you need to provide /gm which is:
g - perform a global match
m - perform multiline matching
And I would correct your regexp a bit because in case of non valid date (like 2015-32-65) yours will match.
/^(\d{4})\-(0[1-9]|1[0-2])\-(0[1-9]|[12]\d|30|31)\s(0\d|1\d|2[0-3])(:[0-5]\d){1,2}/gm
You can check it here: https://regex101.com/r/nI3uO6/1