I'm currently working on a fluentd regex expression to match all log entries unless the message contains the string "dbug". However, if the log contains both "dbug" and "firing" in the entry then I need the regex to match that string.
The two strings can appear anywhere in the log entry however "dbug" will always be before "firing".
Is it possible to build a single regex expression that can do this?
I'd appreciate any help on this!
We can try using lookaheads here, e.g.
^(?:(?!.*\bdbug\b)|(?=.*\bdbug\b.*\bfiring\b)).*$
The first lookahead (?!.*\bdbug\b) matches any line which does not contain dbug at all, and the second lookahead (?=.*\bdbug\b.*\bfiring\b) matches any line which contains both dbug and firing, in that order.