system-slow-regexes
Retrieves regex execution statistics for queries that experienced regular expression processing delays.
Command properties
| Property | Description |
|---|---|
| Command type | Driver query |
| Required permission | None |
| License usage | Not counted |
| Parallel execution | Not supported |
| Distributed execution | Not supported |
Syntax
Options
None
Output fields
| Field | Type | Description |
|---|---|---|
| id | long | Unique identifier of the statistics entry |
| created_at | timestamp | Time the statistics entry was first created |
| last_update | timestamp | Time the statistics entry was last updated |
| query_id | integer | ID of the query where the delay occurred |
| query_source | string | Source of the query where the delay occurred |
| query_string | string | Full query string of the query where the delay occurred |
| regex_origin | string | Original location where the regular expression is defined |
| pattern | string | Regular expression pattern where the delay occurred |
| re2j_started | long | Number of RE2J engine executions |
| re2j_finished | long | Number of RE2J engine successful completions |
| re2j_success | long | Number of RE2J engine successes |
| jdk_started | long | Number of JDK regex engine executions |
| jdk_finished | long | Number of JDK regex engine successful completions |
| jdk_success | long | Number of JDK regex engine successes |
| jdk_cancel | long | Number of JDK regex engine cancellations |
| jdk_step_limit | long | Number of JDK regex engine step limit exceeded occurrences |
Error codes
Parsing errors
N/A
Runtime errors
N/A
Description
The system-slow-regexes command retrieves execution statistics for queries that experienced regular expression processing delays. Logpresso first attempts to process regular expressions using the RE2J engine, and falls back to the JDK engine for patterns that RE2J does not support.
When regular expressions that take a long time to process are detected in the JDK engine, their statistics are recorded. High values for jdk_cancel or jdk_step_limit may indicate that the regular expression pattern has a ReDoS (Regular Expression Denial of Service) vulnerability.
Examples
-
Retrieve all slow regex statistics
system-slow-regexesRetrieves all statistics for regular expression processing delays.
-
Retrieve patterns with the most step limit exceeded occurrences
system-slow-regexes | sort -jdk_step_limitSorts regular expression patterns from most to fewest JDK engine step limit exceeded occurrences.
-
Retrieve regular expressions with cancellations
system-slow-regexes | search jdk_cancel > 0Retrieves only regular expression patterns that have a history of cancellation in the JDK engine.