I needed to get some values out of a logfile, for some realtime reporting of spam blocked by our mail server.

Here's the regex:
if (/bouncer postfix\S+ reject: RCPT from (\S+) (530|554|450) (\S+): (.*) from=<(.*?)> to=<(.*?)>/) {

Here's what it was decoding:

Jul  3 11:19:00 bouncer postfix/smtpd[14071]: reject: RCPT from unknow
+n[123.123.123.12]: 530 <qwertyy@domain.tld>: Recipient address reject
+ed: Cannot find your hostname, [123.123.123.12]. Ask your system mana
+ger to fix your reverse domain name registration.  If you are sending
+ spam, go away. ; from=<aaaaaaaaaaaaaaaaaaaaaaaaaa@aaaa.aaa-aaaaa.com
+> to=<qwertyy@domain.tld>
[download]

For monks not familiar with regex, here's a brief runthrough.

First it looks for "bouncer postfix" and then some non-whitespace stuff, " reject: RCPT from ", more non-whitespace(and keep track of it), " ", one of ( 530,554,450 ) and keep track of it , " ", more non-whitespace(keep track of it, ": ", anything, "from=<", anything(keep track of it) non-greedy, "> to=<", anything(keep track of it) non-greedy, ">"

In other words, from the example above, $1, $2 etc contain "unknown123.123.123.12:","530", "<qwertyy@domain.tld>", the error message, "aaaaaaaaaaaaaaaaaaaaaaaaaa@aaaa.aaa-aaaaa.com", "qwertyy@domain.tld"

I'm not a very good teacher, but this might be a good real-world example of something a regex shines in. I'll let the book author explain it better. :)