David Maislin told me about http://regex101.com several years ago, and it made a big difference for me. It's a great tool and everyone should use it (or try it) if you're learning regex. I hope this helps someone

All of those don't support (?\w+) constructs. It isn't possible to test field extraction with those.

note: i'm not able to use angular brackets here.
( ? < field1 > \w+ )

stefanlasiewski,

Someone on one of my Splunk courses (actually he was on both my Splunk courses), pointed me to the following site.. "http://gskinner.com/RegExr/".

It allows you test out some regular expressions, with some of your actual data. This is achieved with a simple "copy and paste" of you data into the window provided on the webpage. You can type in your own regex, or you can use the right-hand pane to look through the various "samples" if you are unsure.

It definately helped me the most when learning regex. It's hasn't always met my requirements, but it always helps in some way... worth a look. Plus from the looks of things, it provides more assistive features than the tool you mentioned.

Hope this helps,

MHibbin

P.S. If this answers you question please mark it as "Accepted", and/or upvote. Thanks

Splunk uses the PCRE flavor of regular expressions, so anything that is PCRE-compliant should work.

http://www.regular-expressions.info is a great site, and points to a variety of regular expression books, software and other resources.