Welcome to Regex Cribl-Flavor!

A regular expression (also called “regex”) is a specific sequence of characters arranged in a pattern to match, locate, and manage text. Like a good incantation, you must put regex characters in a specific order for it to work. Regex is essentially its own mini programming language with its own terminologies, conditions, and syntax.

Cribl provides several resources to help you easily create, test, and deploy regex expressions. The graphical user interface makes it easy to build complex regex patterns (a.k.a., powerful spells) on your sample data – without having to write code. Cribl also provides a library of pre-built regex patterns, built-in functions, and extensibility, to get you the results you want.

In this sandbox, we explore the following scenarios:

• Use Cribl’s Mask Function (our concealing charm) to address personally identifiable information (PII) like potential Social Security numbers or credit card numbers.
• Apply the Mask Function to groups of fields, based on wildcards that match the field names.
• Conjure/extract missing fields from an event. For example, extract the host field from a sample log file's events.
• Use regex to filter events, in real time.
• Sprinkle Lookups with regex magic.

Before we dive in to the scenarios, we’ll give you some quick pointers to guide you along the way.