Regex find strings between colon

Question

I try to regex the following string

 : hostname: Oct 16 03:49:39.515: %BLA: message

and want to get the strings between the ": " and the last string after the last ": "

when I use : (.+?): I get hostname.

Unfortenately I am not able to get Oct 16 03:49:39.515, %BLA and message. I need single regex for every substring, I don't want to have them all in one.

I need one regex to find the substring between the second and third ": ", one for the substring between the third and 4. ": " and one for the substring behind the last ": " — sbstnmrwld, Oct 16 '14 at 11:13
No, I need 4 regex "strings" where every regex represents one of your matches — sbstnmrwld, Oct 16 '14 at 11:44

anubhava · Answer 1 · 2014-10-16T16:47:12.957

3

Since graylog2 is written in Java I believe lookarounds should work. Try this regex:

(?<=: )(.+?)(?=: |$)

RegEx Demo

Update: If you really need 4 different regex for 4 components then use:

RegEx 1:

(?<=: )(.+)(?=(?:: .+){3}[^:]*$)

RegEx 2:

: [^:]*: (.+?)(?=: )

RegEx 3:

: [^:]*: .+?: ([^:]+)

RegEx 4:

(?<=: )([^:]+)$

edited Oct 16 '14 at 16:47

answered Oct 16 '14 at 11:20

anubhava

761,203
64
569
643

great, but graylog only uses the first match. so I need one regex for every substring but I don't know how to "find" the second ": " to start there – sbstnmrwld Oct 16 '14 at 11:22
Do you have a documentation of `graylog2 regex`. There should be some **global** switch or `findAll` type of feature. – anubhava Oct 16 '14 at 11:24
I want to create 4 extractors, one for every substring, so I need 4 regex, one for every substring – sbstnmrwld Oct 16 '14 at 11:27
But in question you wrote: `I need single regex` – anubhava Oct 16 '14 at 11:32
I think its my bad english, I mean 1 (single) regex for every substring. My bad – sbstnmrwld Oct 16 '14 at 11:33
You want to get `Oct 16 03:49:39.515` in one match but it also has colons in it. – anubhava Oct 16 '14 at 11:54
What about `: .+?: (.+?):` etc.? – Lynn Oct 16 '14 at 12:57

Regex find strings between colon

1 Answers1

RegEx Demo