Match string begining with word ending with comma

Question

working in Graylog with regex expressions. Given this string:

FPWR2120_Access, AccessControlRuleName: Guest IPS and Malware Inspect, Prefilter Policy:

I am trying to extract "Guest IPS and Malware Inspect"

Using this expression:

^.*AccessControlRuleName:(.+)$

I get all the characters after AccessControlRuleName. How do I tell it to stop extracing once it reaches the first comma? Do I need to use a boundry or an anchor?

Try `^.*AccessControlRuleName:([^,]+)` https://regex101.com/r/3FqQRb/1 — The fourth bird, Mar 12 '20 at 20:49

score 1 · Answer 1 · answered Mar 12 '20 at 20:55

You can use look ahead positive and look behind positive for this purpose:

(?<=AccessControlRuleName:)[\w ]*(?=,)

Link: https://regex101.com/r/FF8zCb/1

There is an explanation of this concept in this answer: https://stackoverflow.com/a/2973495/2183174

score 1 · Accepted Answer · answered Mar 12 '20 at 20:58

1

You could use a negated character class [^,] instead matching any char except a comma.

Then match the trailing comma to make sure it is present.

^.*\bAccessControlRuleName:([^,]+),

Regex demo

answered Mar 12 '20 at 20:58

The fourth bird

127,136
16
45
63

1

++ though just `\bAccessControlRuleName:([^,]+),` would be good enough. – anubhava Mar 12 '20 at 21:04
1

@anubhava You are right, that would be enough :) I took the same start of the pattern as the OP . – The fourth bird Mar 12 '20 at 21:08

Match string begining with word ending with comma

2 Answers2