I am writing a filebeat configuration when I am matching if a line starts with a number like 03:32:33 ( a timestamp). I am currently doing it by-
\d
But its not getting recognised, is there anything else which I should do. I am not particularly good/ have experience with regex. Help will be appreciated.
The real problem is that filebeat does not support \d.
Replace \d by [0-9] and your regular expression will work.
I suggest you to give a look at the filebeat's Supported Patterns.
Also, be sure you've used ^, it stands for the start of the string.
Regex: (^\d)
1st Capturing group (^\d)
^ Match at the start of the string
\d match a digit [0-9]
You can use this regex:
^([0-9]{2}:?){3}
Assert position at the beginning of the string «^»
Match the regex below and capture its match into backreference number 1 «([0-9]{2}:?){3}»
Exactly 3 times «{3}»
You repeated the capturing group itself. The group will capture only the last iteration. Put a capturing group around the repeated group to capture all iterations. «{3}»
Or, if you don’t want to capture anything, replace the capturing group with a non-capturing group to make your regex more efficient.
Match a single character in the range between “0” and “9” «[0-9]{2}»
Exactly 2 times «{2}»
Match the character “:” literally «:?»
Between zero and one times, as many times as possible, giving back as needed (greedy) «?»
You can use:
^\d{2}:\d{2}:\d{2}
The character ^ matches the start of a line.
