my $text="Document Wod.doc owned by DUSASAE was printed on HPLJ5 via p
+ort LPT1. Size in bytes: 37836; pages printed: 1";
if ($text =~ /^Document\s+(\S+)\s+owned by\s+(\w+).+pages printed:\s+(
+\d+)\z/) {
    print <<"EOT";
pages printed: $3
filename: '$1'
username: $2
EOT
}
[download]

Appears to work for this simple case. But can the filename and username contain spaces. If so, what happens? Hard to say without a more precise spec. Feel free to adapt to your needs, though.

Ok I have added this to search through my text..... but the second regex is doing a backward search and not a forward search.

if (($mday1 eq $mday)&($mon eq $mon1)&($year eq $year1)) {
                Win32::EventLog::GetMessageText($hashRef);
                print "Entry $x: $mday $mon $year $hashRef->{Message}\
+n";
                $Message = $hashRef->{Message};
                $Message1 = $Message;
                if ($Message1 =~ /owned by /g) {
                     print "xx", pos $Message1, " \n";
                }
                if ($Message =~ / (?=owned by )/g) {
                     print "xy", pos $Message, " \n";
                }
            }
[download]

I don't understand what you mean. But (?=owned by ) does not capture, and why are you interested in pos anyway? Wild guess: don't you want (?<=owned by ) maybe?