matcher desc
<'metaFieldName'>, <pos> metadata field declaration. See Metadata Fields
ENUM{ string=integer, ...} enum value matcher. See Enum
JSON_OBJECT{ jsonFields ... }
Json matcher. See JSON Objects
Json array matcher.
Json value matcher.
KVP{patternExprs} Key-value pair matcher. See Key-Value Pairs
ARRAY{patternExprs} Array matcher. See Array
STRUCTURE{patternExprs} Structure matcher. See Structure
DATA Multiline data matcher. See Multiline Data
LDATA, LD Line data matcher. See Line Data
(patternExpr | ...) Alternatives group. See Alternatives Group
(patternExpr, ...) Sequence group. See Sequence Group
BOS, BOF Beginning of file/stream matcher. See Beginning of File
MOS, MOF Middle of file/stream matcher. See Middle of File
EOS, EOF End of file/stream matcher. See End of File
EOL, LF matches Line Feed character. See EOL; LF
EOLWIN, WINEOL matches Line Feed, Carriage Return characters. See EOLWIN
CR Matches single Carriage Return character. See CR
UPPER matches uppercase characters. See UPPER
LOWER matches lowercase characters. See LOWER
ALPHA Matches alphabetic characters a-z; A-Z. See ALPHA
DIGIT matches digits. See DIGIT
XDIGIT matches digits in hexadecimal notation. See XDIGIT
ALNUM Matches alphanumeric characters a-z; A-Z; 0-9. See ALNUM
PUNCT Matches punctuation and symbol characters. See PUNCT
BLANK Matches space and tab characters. See BLANK
SPACE Matches whitespace characters. See SPACE
NSPACE Matches all characters except whitespace. See NSPACE
GRAPH Matches visible characters. See GRAPH
PRINT Matches printable characters. See PRINT
WORD Matches words. See WORD
ASCII Matches all ASCII characters. See ASCII
CNTRL Matches control characters. See CNTRL
TIME, TIMESTAMP Matches time and date. See TIMESTAMP, TIME
Matches timestamp in the form of yyyy-MM-ddTHH:mm:ss.SSSZ.
Matches timestamp in the form of yyyy-MM-ddTHH:mm:ssZ.
See: ISO8601
Matches timestamp in the form of dd/MMM/yyyy:HH:mm:ss Z.
Matches case insensitive strings true and false.
FLOAT Matches floating point numbers. See FLOAT
Matches floating point numbers with separator comma.
DOUBLE Matches floating point numbers. See DOUBLE
Matches floating point numbers with separator comma.
INT, INTEGER Matches integral numbers. See INT, INTEGER
HEXINT Matches integral numbers in hexadecimal notation. See HEXINT
LONG Matches integral numbers. See LONG
Matches integral numbers in hexadecimal notation.
CREDITCARD Matches valid credit card numbers. See Credit Card Data
SSN_EE Matches Estonian social security numbers. See SSN_EE
SSN_FI Matches Finnish social security numbers. See Social Security Numbers
IPADDR Matches IPv4 and IPV6 addresses. See IPADDR
IPV4, IPV4ADDR Matches IPv4 addresses. See IPV4, IPV4ADDR
IPV4NET Matches IPv4 network in CIDR notation. See IPV4NET
IPV4SOCKET Matches IPv4 socket. See IPV4SOCKET
IPV6, IPV6ADDR Matches IPv6 address. See IPV6, IPV6ADDR
MACADDR Matches MAC address. See MACADDR
STRING Matches single or double quoted strings and … ?
SQS Matches single quoted string. See SQS
DQS Matches double quoted string. See DQS
CSVSQS Matches single quoted string with csv escaping. See CSVSQS
CSVDQS Matches double quoted string with csv escaping. See CSVDQS
PCAP Extracts network packet capture data. See PCAP
<< Look behind. See Modifiers
>> Look ahead. See Modifiers
!<< Negative look behind. See Modifiers
!>> Negative look ahead. See Modifiers