Options of Regular expression parsers

The Regular expression parser has the following options.

flags()


Synopsis:	flags(“ignore-case” “unicode”)
Mandatory:	no

Description: The flags to apply for the parser. The available flags depend on the type() of the regular expression. For details, see Options of regular expressions.

patterns()


Synopsis:	patterns(“pattern1” “pattern2”)
Mandatory:	yes

Description: The regular expression patterns that you want to find a match. regexp-parser() supports multiple patterns, and stops the processing at the first successful match.

prefix()


Synopsis:	prefix()

Description: Insert a prefix before the name part of the parsed name-value pairs to help further processing. For example:

To insert the my-parsed-data. prefix, use the prefix(my-parsed-data.) option.
To refer to a particular data that has a prefix, use the prefix in the name of the macro, for example, ${my-parsed-data.name}.
If you forward the parsed messages using the IETF-syslog protocol, you can insert all the parsed data into the SDATA part of the message using the prefix(.SDATA.my-parsed-data.) option.

Names starting with a dot (for example, .example) are reserved for use by AxoSyslog. If you use such a macro name as the name of a parsed value, it will attempt to replace the original value of the macro (note that only soft macros can be overwritten, see Hard versus soft macros for details). To avoid such problems, use a prefix when naming the parsed values, for example, prefix(my-parsed-data.)

This parser does not have a default prefix. To configure a custom prefix, use the following format:

   parser p_regexp{
        regexp-parser(
            patterns( ... )
            prefix("myprefix.")
        );
    };

template()


Synopsis:	`template("${<macroname>}")`

Description: The macro that contains the part of the message that the parser will process. It can also be a macro created by a previous parser of the log path. By default, the parser processes the entire message (${MESSAGE}).

type()


Synopsis:	`pcre`, `string`, `glob`
Mandatory:	no, defaults to `pcre`

Description: Sets how the patterns() expressions are interpreted: as Perl Compatible Regular Expressions (pcre, used by default), literal string searches (string), or glob patterns without regular expression support (glob).

Last modified January 16, 2026: Review fixes (0ff8d04)