I have been trying to parse the resource arn ex.(arn:aws:ec2:us-east-1:0123456789:volume/vol-gg4gggs0svevb3000) to extract the vol-* on CloudWatch logs insights and unable to get the regex pattern right with desired result.
I have tried using below pattern but no result.
parse @message /.[v,o,l].-([0-9][a-z]){0,17}/
In the pattern that you tried, this part
([0-9][a-z]){0,17}repeats 0 to 17 times a single digit, immediately followed by a single char a-z. The maximum number of chars is therefore 34 in that particular order.Also note that when repeating a capture group, the group value contains the value of the last iteration. In this case that will be 2 characters.
This part
.[v,o,l].can be written as.[vol,].and matches 3 chars: a dot which can match any char except a newline, then 1 of eithervolor,because it is a character class and again a dot that can match any char except a newlineReading this page, the parts that you want to extract should be in a named capture group.
The pattern matches
(?<volume>Named capture groupvolumevol-Match literally[0-9a-z]{17}Repeat 17 times any of the listed in the character class)Close named groupRegex demo