Regular Expression Primer

This section is a learning track for people who need help building regex patterns in logging24. For the canonical explanation of how queries work, including prefixes, time ranges, and the full-line match model, see Querying .

It appears last in the main documentation flow on purpose. Most readers should start with the product chapters and only come here when they want extra help writing patterns.

How to Use This Primer

This primer is organized into progressive chapters, each building on the previous:

1. The Basics — Learn fundamental matching patterns
2. Character Classes — Match specific types of characters efficiently
3. Anchors & Boundaries — Control where matches occur
4. Quantifiers — Match varying amounts of text
5. Groups & Alternation — Structure complex patterns
6. Capturing & Extraction — Extract numeric and textual data for analysis
7. Real-World Examples — Common log analysis patterns

Key Concept: Full Line Matching

logging24 matches the regex against the entire log event. In practice, substring searches usually need .* at the beginning and end so the pattern can match surrounding text too.

.*ERROR.*

ERROR

Practical Tips

• Use specific prefixes to narrow log stream selection before regex matching
• Constrain time ranges—shorter ranges scan less data
• When possible, replace broad .* sections with more specific text or character classes
• For numeric capture, ensure your prefix uniquely identifies the target value

Let's begin with The Basics .