Home / Documentation / Regular Expression Primer / The Basics

The Basics

This chapter introduces the basic pattern pieces used by logging24 queries. For the full query model and the supported analysis captures, refer back to Querying .

Literal Characters

The simplest pattern matches literal characters exactly as they appear:

error Matches lines containing "error" (but see full-line matching note below)
404 Matches lines containing "404" (HTTP status, error codes)
connection refused Matches the exact phrase "connection refused"

Full-Line Matching Context

Because logging24 matches the entire log event , literal substring searches usually need surrounding wildcards: 

# Find "error" anywhere in the line
.*error.*

# Find "404" status codes
.*404.*

The Dot (.) — Any Character

The dot matches any single character except newline:

. Any single character
.. Any two characters
ser.er Matches "server", "ser7er", "ser_er", etc.

Log Analysis Examples

Match any single character between delimiters 

.*status: . occurred.*

Matches: "status: 5 occurred", "status: 0 occurred", etc.

Match two-character error codes 

.*ERR ..:.*

Matches: "ERR 01:", "ERR AB:", "ERR 42:", etc.

Character Escapes

To match special characters literally, escape them with a backslash:

\. Literal dot (useful for IP addresses, version numbers)
\( Literal opening parenthesis
\[ Literal opening bracket
\\ Literal backslash

Log Analysis Examples

Match IP addresses 

.*192\.168\.1\..*

Matches any line containing IP addresses in 192.168.1.x range

Match version numbers 

.*version 2\.1\.4.*

Matches exactly version 2.1.4 logs

Single Character Escape Sequences

logging24 supports special escape sequences for common control characters:

\t Tab character (ASCII 0x09)
\n New line (ASCII 0x0a)
\r Carriage return (ASCII 0x0d)
\f Form feed (ASCII 0x0c)
\a Alert/bell (ASCII 0x07)
\e Escape character (ASCII 0x1b)

Log Analysis Example

Match tab-separated values 

.*ERROR\t.*\t500.*

Matches lines with ERROR, tab, any text, tab, 500

Hexadecimal Byte Specification

For precise binary matching, use hexadecimal notation:

\x20 Space character (ASCII 32)
\x00 Null byte
\x7F Delete character

Next Steps

Now that you understand literal matching and basic wildcards, learn how to match sets of characters efficiently with Character Classes .