https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393120#M114364 <P>What about the following regex:</P> <PRE><CODE>(\w\:[^\r\n]+) </CODE></PRE> <P>Regards,<BR /> J</P> Fri, 15 Jun 2018 12:37:29 GMT javiergn 2018-06-15T12:37:29Z https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393118#M114362 <P>I have symbols that mean end of line</P> <PRE><CODE>\r\n </CODE></PRE> <P>Example of string:</P> <PRE><CODE>D:\INSTALL\_SysinternalsSuite\processhacker-2.39-bin\x86\r\n </CODE></PRE> <P>My regex looks like this</P> <PRE><CODE>([a-zA-Z]:)(\\.*\\r\\n) </CODE></PRE> <P>PS. log looks like this:</P> <PRE><CODE>blablabla\r\n D:\INSTALL\_SysinternalsSuite\processhacker-2.39-bin\x86\r\n blablabla\r\n </CODE></PRE> <P>I need catch only line like this</P> <PRE><CODE>D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n </CODE></PRE> Fri, 15 Jun 2018 11:32:36 GMT https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393118#M114362 avasilievnko 2018-06-15T11:32:36Z https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393119#M114363 <P>By default <CODE>.</CODE> doesn't match newline characters. You can try using <CODE>[\r\n.]*</CODE> instead of <CODE>.*</CODE>.</P> Fri, 15 Jun 2018 11:38:50 GMT https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393119#M114363 FrankVl 2018-06-15T11:38:50Z https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393120#M114364 <P>What about the following regex:</P> <PRE><CODE>(\w\:[^\r\n]+) </CODE></PRE> <P>Regards,<BR /> J</P> Fri, 15 Jun 2018 12:37:29 GMT https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393120#M114364 javiergn 2018-06-15T12:37:29Z https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393121#M114365 <P>its's better , but it catch other lines with \r\n</P> <P>Full log</P> <P>Jun 5 14:39:40 blabla-pc.blabla.bla bla|10.3.0.0 Результат: Помещено на карантин: not-a-virus:HEUR:AdWare.Script.Generic\r\nПользователь: BLA\i.blablabla (Активный пользователь)\r\nОбъект: C:\users\i.blablabla\appdata\local\Google\Chrome\User Data\Default\Cache\f_000244\r\n</P> Fri, 15 Jun 2018 12:50:40 GMT https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393121#M114365 avasilievnko 2018-06-15T12:50:40Z https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393122#M114366 <P>It's catch all log file, but i should rich and of the line in strings like this:<BR /> D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n</P> <P>(?([a-zA-Z]:)(\.*\r\n))</P> <P>So that the following lines with \r\n are not caught</P> <P>Need to stop regular expression at first match \r\n in line like this<BR /> D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n</P> Fri, 15 Jun 2018 12:52:49 GMT https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393122#M114366 avasilievnko 2018-06-15T12:52:49Z https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393123#M114367 <P>I win it with adding ? , it makes it non-greedy. regex: (?([a-zA-Z]:)(\.*?\r\n))</P> <P>I can math only lines, like in the middle<BR /> blablabla\r\n D:\INSTALL_SysinternalsSuite\processhacker-2.39-bin\x86\r\n blablabla\r\n</P> Fri, 15 Jun 2018 13:08:58 GMT https://community.splunk.com/t5/Splunk-Search/How-to-catch-end-of-line-symbols-with-regex/m-p/393123#M114367 avasilievnko 2018-06-15T13:08:58Z