Powershell Regex Log Files for Mitel

I am struggling to get this regex going. Here is the string I am trying to work with.

08:07:46.914 ( 1708: 8624) G-MST: 400000EF " guid=00040000-73b2-5c7f-2295-00104941e7b0" ("10.10.60.3","10.10.29.251"),(10292, 59046),2(ULaw),rsn:1,12:05:15.623 (UTC),pl:20,(s:7525, r:7557, l:0),(j:0,u:27037,o:0) flgs:0x00000000 "sip:TGrp_5,p111@10.10.60.3:5441",vpn:0

I am failing badly at this one. It's kicking my butt. Any help would be amazing. What I have so far:

(?<date>\d+[:]\d+[:]\d+[.]\d+).*?(?<InPorts>\d+).*?(?<OutPort>\d+).*?(?<GMST>\d+\w+).*?(?<Guid>\d+............................).*?(?<SourceIP>\d+\D+\d+\D+\d+\D+\d+).*?(?<targetIP>\d+\D+\d+\D+\d+\D+\d+).*?(?<SourceSpeed>\d+).*?(?<TargetSpeed>\d+).*?(?<AudioType>\d+).*?(?<rsn>\d+).*?(?<utc>\d+\D+\d+\D+\d+\D+\d+).*?(?<pl>\d+).*?(?<s>\d+).*?(?<r>\d+).*?(?<l>\d+).*?(?<j>\d+).*?(?<u>\d+).*?(?<o>\d+).*?(?<flags>\d+\w\d+).*?(?<sip>:(.*)").*?(?<vpn>\d+)

The problem with this code are, The GUIDs are different lengths. The Sip is not always a tgrp_5, sometimes it's just the p111. Sometimes it's even more complex.

The ultimate goal with this regex is to parse logs that all match the same pattern into a database.

You may use a pattern like

(?<date>\d[\d:.]+)\W+(?<InPorts>\d+):\s*(?<OutPort>\d+)\W+G-MST:\s*(?<GMST>\w+)\W+guid=(?<Guid>[^"]+)"\W+(?<SourceIP>\d{1,3}(?:\.\d{1,3}){3})\W+(?<targetIP>\d{1,3}(?:\.\d{1,3}){3})\W+(?<SourceSpeed>\d+)\W+(?<TargetSpeed>\d+)\D+(?<AudioType>\d+)\D+(?<rsn>\d+)\W+(?<utc>\d[\d.:]*)\D+(?<pl>\d+)\D+(?<s>\d+)\D+(?<r>\d+)\D+(?<l>\d+)\D+(?<j>\d+)\D+(?<u>\d+)\D+(?<o>\d+)\D+(?<flags>0x\d+).*?:(?<sip>[^"]*)"\D+(?<vpn>\d+)

See the regex demo.

Its main points are:

• Get rid of .* and .*?, these patterns tend to "overfire" and overmatch
• Use specific patterns, \D+ to get from the current position to the nearest digit (if the next pattern is \d+) or \W+ if the next pattern is a word char.