In Logstash, does HOUR's regular expression (?:2[0123]|[01])?[0-9]) I wonder what the number after the colon means and how to interpret the whole thing.
That is not correct, you have an extra ). The expression is (?:2[0123]|[01]?[0-9])
That uses a capture group () around an alternation (indicated by the | character) of two patterns. It can match either pattern.
The two is a literal 2, not regexp magic. An hour can be 2[0123] -- a 2 followed by any one of 0, 1, 2, or 3. This will match 20, or 23, but not 24.
Or it can be [01]?[0-9] which is (optionally, indicated by ?) 0 or 1, followed by one through nine. This will match 01, or 1, or 11 or other single or double digit hour numbers below 20.
If you google regexp tester you can find sites that will match the regexp and explain the matches to you.
1 Like
Thank you for the detailed explanation. Now I understand what the principle is.
And the site you referred to is very useful, so I will practice a lot from now on.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.