RE2 in Kusto Cheat Sheet

RE2 Cheat Sheet for Data Explorer (Kusto Query Language)

Regular expressions (RE2) are used for pattern matching and data extraction in Kusto Query Language (KQL) within Azure Data Explorer. Whether parsing logs, extracting specific data formats, or validating inputs, understanding RE2 syntax and usage in KQL can help resolve common challenges when the data is not formatted as needed.

Basic Elements

Example	Description
.	any character, possibly including newline
[xyz]	character class
[^xyz]	negated character class
\d	Perl character class
\D	negated Perl character class

Composites

Example	Description
xy	x followed by y
`x	y`

Repetitions

Example	Description
x*	zero or more x, prefer more
x+	one or more x, prefer more
x?	zero or one x, prefer one
x{n,m}	n to m occurrences of x

Flags

Flags modify behaviour:

• i: case-insensitive

• m: multi-line mode

• s: allow . to match newline

Empty Strings

Example	Description
^	at beginning of text or line
$	at end of text or line
\A	at beginning of text

Character Class Elements

Example	Description
x	single character
A-Z	character range (inclusive)
\d	Perl character class
[[:foo:]]	named ASCII class

Perl Character Classes

Example	Description
\d	digits (≡ [0-9])
\D	not digits (≡ [^0-9])
\s	whitespace
\S	not whitespace

Practical Examples

IPv4 Address

• Regular Expression: \b(?:\d{1,3}\.){3}\d{1,3}\b

• Example Matches: 192.168.0.1, 10.0.123.255

IPv6 Address

• Regular Expression: \b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b

• Example Matches: 2001:0db8:85a3:0000:0000:8a2e:0370:7334, fe80::1

Email Address

• Regular Expression: \b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b

• Example Matches: john.doe@example.com, jane.smith123@test.co.uk

Using Regular Expressions in KQL

In Kusto, regular expressions are used with operators like matches regex, parse, and replace_regex() for string matching or extraction. These enable filtering data based on complex patterns and extracting meaningful insights efficiently