in reply to Re^2: Extracting useful information from Windows Event Logs
in thread Extracting useful information from Windows Event Logs

my $text="Document Wod.doc owned by DUSASAE was printed on HPLJ5 via p
+ort LPT1. Size in bytes: 37836; pages printed: 1";
if ($text =~ /^Document\s+(\S+)\s+owned by\s+(\w+).+pages printed:\s+(
+\d+)\z/) {
    print <<"EOT";
pages printed: $3
filename: '$1'
username: $2
EOT
}

[download]

Appears to work for this simple case. But can the filename and username contain spaces. If so, what happens? Hard to say without a more precise spec. Feel free to adapt to your needs, though.

Replies are listed 'Best First'.
Re^4: Extracting useful information from Windows Event Logs
by saadatsaeed (Initiate) on May 24, 2007 at 15:04 UTC
    Ok I have added this to search through my text..... but the second regex is doing a backward search and not a forward search. 
    if (($mday1 eq $mday)&($mon eq $mon1)&($year eq $year1)) {
                Win32::EventLog::GetMessageText($hashRef);
                print "Entry $x: $mday $mon $year $hashRef->{Message}\
+n";
                $Message = $hashRef->{Message};
                $Message1 = $Message;
                if ($Message1 =~ /owned by /g) {
                     print "xx", pos $Message1, " \n";
                }
                if ($Message =~ / (?=owned by )/g) {
                     print "xy", pos $Message, " \n";
                }
            }

    [download]
[reply]
[d/l]

      I don't understand what you mean. But (?=owned by ) does not capture, and why are you interested in pos anyway? Wild guess: don't you want (?<=owned by ) maybe?

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom