I have the following log lines in a log file access_20170118_14.log -

127.0.0.1 - - [18/Jan/2017:14:22:16 +0000]  "GET //fam/shared_generate_test_devicelist.php HTTP/1.1" 200 168 "-" "curl/7.40.0" - 0.008
127.0.0.1 - - [18/Jan/2017:14:22:24 +0000]  "GET //fam/shared_generate_test_devicelist.php HTTP/1.0" 200 168 "-" "curl/7.40.0" - 0.008

Following is an nginx logwarn command which prints out those log lines from this log file which have an HTTP access code different from 200 and 204.

/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_nginx_access /mnt/log/nginx/access_20170118_14.log '!.*HTTP/1.(1|0)\"\s*(200|204)' 

The regex in the above command works as expected.

However, I want to get rid of the (1|0), which are added to match the HTTP versions 1.0 and 1.1, and replace it with any digit, so that it works for any version of HTTP.

The following command, with the [:digit:] character class however matches the lines with HTTP version 1.1 and 1.0 and with access code 200 -

/usr/local/nagios/libexec/check_logwarn -d /tmp/logwarn_nginx_access /mnt/log/nginx/access_20170118_14.log '!.*HTTP/1.[:digit:]\"\s*(200|204)' 

Output (not what I desire) -

Log errors: 127.0.0.1 - - [18/Jan/2017:14:22:16 +0000]  "GET //fam/shared_generate_test_devicelist.php HTTP/1.1" 200 168 "-" "curl/7.40.0" - 0.008
127.0.0.1 - - [18/Jan/2017:14:22:24 +0000]  "GET //fam/shared_generate_test_devicelist.php HTTP/1.0" 200 168 "-" "curl/7.40.0" - 0.008

POSIX character classes should be used inside a regular expression character class, so a single digit could be represented as:

[[:digit:]]

Notice the double brackets. See this document for more.

Also, you have a naked . representing a period (I presume) - which should be escaped with a backslash as \. to represent a literal period.