Regex for natural language logs

Edit online

Natural language logs are presented in a sentence-like form and each event type might look different.

For example, a simple login event can be presented in the following form:
<13>Sep 09 22:40:40 192.0.2.12 Account JohnDoe initiated a login action 
from 192.0.2.24 at 01/09/2016 22:40:39 UTC
The following table shows how the properties of the natural language log in the example above, can be captured:
Table 1. Regex for capturing properties of a natural language log
Property Regex
action initiated a (.*?) action
accountname Account (.*?) initiated
clientIP from (.*?) at
timestamp at (.*?)
Note: Writing regex for natural language logs requires you to look at the static information that surrounds the value you want to capture before you create the capture group.