# regexp The `regexp` parser plugin parses logs by given regexp pattern. The regexp must have at least one named capture (`?`PATTERN). If the regexp has a capture named `time`, this is configurable via `time_key` parameter, it is used as the time of the event. You can specify the time format using the `time_format` parameter. ``` @type regexp expression /.../ ``` ## Parameters See [Parse Section Configurations](https://docs.fluentd.org/configuration/parse-section) for common parameters. ### `expression` | type | default | version | | ------ | ------------------ | ------- | | regexp | required parameter | 1.2.0 | Specifies the regular expression for matching logs. Regular expression also supports `i` and `m` suffix. #### `i` (ignorecase) Ignores case in matching. ``` expression /.../i ``` #### `m` (multiline) Build regular expression as a multiline mode. `.` matches the newline. See Ruby's [Regexp](https://ruby-doc.org/core-2.4.1/Regexp.html#class-Regexp-label-Options). ``` expression /.../m ``` #### `both` Specifies both `i` and `m`. ``` expression /.../im ``` `expression` is the string type before 1.2.0. ### `ignorecase` | type | default | version | | ---- | ------- | ------- | | bool | false | 0.14.2 | Ignores case in matching. Use `i` option with expression. Deprecated since 1.2.0. Use `expression /pattern/i` instead. ### `multiline` | type | default | version | | ---- | ------- | ------- | | bool | false | 0.14.2 | Builds regular expression in multiline mode. `.` matches the newline. See Ruby's [Regexp](https://ruby-doc.org/core-2.4.1/Regexp.html#class-Regexp-label-Options). Use `m` option with expression. Deprecated since 1.2.0. Use `expression /pattern/m` instead. ## Example With this configuration: ``` @type regexp expression /^\[(?[^\]]*)\] (?[^ ]*) (?[^ ]*) (?<id>\d*)$/ time_key logtime time_format %Y-%m-%d %H:%M:%S %z types id:integer </parse> ``` This incoming event: ``` [2013-02-28 12:00:00 +0900] alice engineer 1 ``` is parsed as: ``` time: 1362020400 (2013-02-28 12:00:00 +0900) record: { "name" : "alice", "title": "engineer", "id" : 1 } ``` ## FAQ ### How to debug my regexp pattern? [fluentd-ui's `in_tail` editor](https://docs.fluentd.org/deployment/fluentd-ui#in_tail-setting) helps your regexp testing. Another way, [Fluentular](http://fluentular.herokuapp.com/) is a great website to test your regexp for Fluentd configuration. NOTE: You may hit Application Error at Fluentular due to [heroku's free plan limitation](https://www.heroku.com/pricing). Retry a few hours later or use `fluentd-ui` instead. If this article is incorrect or outdated, or omits critical information, please [let us know](https://github.com/fluent/fluentd-docs-gitbook/issues?state=open). [Fluentd](http://www.fluentd.org/) is an open-source project under [Cloud Native Computing Foundation (CNCF)](https://cncf.io/). All components are available under the Apache 2 License. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fluentd.org/parser/regexp.md?ask=<question> ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.