You might want to check out my video and some of the tools i use.
This is also good small document to learn
If you want to test your regular expressions on the spot, use the online http://www.regexpal.com/.
Take your REGEX and copy it in the first box, take the logs you are trying to match and copy them in the second box... et voila!
There's not much better on the topic than the O'Reilly book -- http://oreilly.com/catalog/9780596528126/ ... but this is not a "crash course" by any means, it is a full length discussion in great detail.
Given Splunk uses PCRE (Perl Compatible Regular Expressions) I find the "pcrepattern" man page at http://linux.die.net/man/3/pcrepattern to be a useful reference to the advanced features of PCRE.
Thanks @dwaddle - i was curious to know, what you answered - Splunk uses PCRE.
For people who like books, I suggest SAM's Teach Yourself Regular Expressions in 10 Minutes (Ben Forta)
It is reviewed on the regular-expressions info site http://www.regular-expressions.info/book10mins.html
You might want to check out my video and some of the tools i use.
Sweet. RegexBuddy will probably help me alot 🙂
@MichaelWilde - kindly update the link, as its not opening now.