https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566723#M197485 <P>Without knowing what you are actually trying to capture (some example events would be useful), it is difficult to say how it can be fixed, but in simple terms, a lot of the capture groups have not been closed, so simply adding some closing parentheses will make the regex valid, although it may not give you what you want</P><LI-CODE lang="markup">(?i)union.*?select.*?from (?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?))))))</LI-CODE> Sat, 11 Sep 2021 16:39:54 GMT ITWhisperer 2021-09-11T16:39:54Z https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566722#M197484 <P>hi all,</P><P>I have multiple string that are regex, i want to find logs that match with this string.<BR />this is a example of my regex:<BR />(?i)union.*?select.*?from<BR />(?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)</P><P>and when i write&nbsp;<BR />index="xyz" | regex "(?i)union.*?select.*?from |&nbsp;(?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)"<BR />didn't show true result.</P><P>how can i write it? please help me.</P> Sat, 11 Sep 2021 16:18:41 GMT https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566722#M197484 szone 2021-09-11T16:18:41Z https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566723#M197485 <P>Without knowing what you are actually trying to capture (some example events would be useful), it is difficult to say how it can be fixed, but in simple terms, a lot of the capture groups have not been closed, so simply adding some closing parentheses will make the regex valid, although it may not give you what you want</P><LI-CODE lang="markup">(?i)union.*?select.*?from (?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?))))))</LI-CODE> Sat, 11 Sep 2021 16:39:54 GMT https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566723#M197485 ITWhisperer 2021-09-11T16:39:54Z https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566727#M197489 <P>i want to capture strings matched with that regex and the regex is from good source and don't need to&nbsp;<SPAN>closing parentheses and i write part of the entire of string for summarize and example.<BR />please help me.</SPAN></P> Sat, 11 Sep 2021 17:11:02 GMT https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566727#M197489 szone 2021-09-11T17:11:02Z https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566728#M197490 <P>Rather than using non-capture groups (?:pattern) use capture groups (?&lt;fieldname&gt;pattern)</P> Sat, 11 Sep 2021 17:19:10 GMT https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566728#M197490 ITWhisperer 2021-09-11T17:19:10Z https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566729#M197491 <P>please&nbsp;Explain in more detail. I'm new in splunk.<BR />two of string is:<BR />(?i:\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)|db)|aster\.\.sysdatabases|ysql\.db)|pg_(?:catalog|toast)|information_schema|northwind|tempdb)\b|s(?:(?:ys(?:\.database_name|aux)|qlite(?:_temp)?_master)\b|chema(?:_name\b|\W*\())|d(?:atabas|b_nam)e\W*\())<BR />&nbsp;and<BR />(?i)union.*?select.*?from<BR />please help me</P> Sat, 11 Sep 2021 18:22:25 GMT https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566729#M197491 szone 2021-09-11T18:22:25Z https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566800#M197511 <P>Hi</P><P>as&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;said, to help you we are needing your sample data and explanation what you try to get from that sample (if it's not obviously based on your sample). Otherwise you could try it with&nbsp;<A href="https://regex101.com" target="_blank">https://regex101.com</A>&nbsp;which also have option to save &amp; share your regex.</P><P>r. Ismo</P> Mon, 13 Sep 2021 08:06:47 GMT https://community.splunk.com/t5/Splunk-Search/how-to-match-multiple-regex-in-splunk/m-p/566800#M197511 isoutamo 2021-09-13T08:06:47Z