2026-06-07 · 6 min read · Rahul Chitturi
- regex
- observability
Before shipping a regex to production log pipelines, prototype against real samples in a tester. You learn faster with highlighted matches than with silent grep misses.
Useful patterns
Anchor patterns when the full line must match; leave them loose for substring search.
- \d{3} for HTTP status codes in fixed-width logs
- [0-9a-f-]{36} for UUID request IDs
- \d{4}-\d{2}-\d{2}T for ISO timestamps
Safety
Cap line length in servers. Catastrophic backtracking on user-controlled input is a real denial-of-service vector.