$re = '/Processing Initiated: (?<TimeStamp>\w+\s+\w+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+.*Date Range Processed:\s+yesterday\s+\(\s+(?<Date_Range>[^ ]*)\s+.*\s+.*\s+Detail Level of Output:(?<Level_of_input>[^ ]*)\s+Type of Output\/Format:\s+(?<Type>.*)\s*Logfiles for Host: (?<Logfile>[^ ]*)\s+\#/m';
$str = '#################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Mon Apr 8 10:26:58 2019
Date Range Processed: yesterday
( 2019-Apr-07 )
Period is day.
Detail Level of Output:5
Type of Output/Format: file / text
Logfiles for Host: vdlsplunkapph08
##################################################################
------------------------Kernel Audit Begin------------------------
**Unmatched Entries** (Only first 100 out of 127 are printed)
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch error reporting limit reached - ending report notification.
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
dispatch err (pipe full) event lost
---------------------- Kernel Audit End -------------------------
---------------------Kernel Begin -----------------------------
WARNING: Kernel Errors Present
blk_update_request: I/O error, dev fdO, sector ...: 51 Time(s)
2 Time(s): hpet: lost 1 rtc interrupts
5 Time(s): hpet: lost 10 rtc interrupts
4 Time(s): hpet: lost 11 rtc interrupts
3 Time(s): hpet: lost 13 rtc interrupts
2 Time(s): hpet: lost 14 rtc interrupts
5 Time(s): hpet: lost 15 rtc interrupts
2 Time(s): hpet: lost 16 rtc interrupts
1 Time(s): hpet: lost 17 rtc interrupts
4 Time(s): hpet: lost 18 rtc interrupts
4 Time(s): hpet: lost 19 rtc interrupts
1 Time(s): hpet: lost 2 rtc interrupts
1 Time(s): hpet: lost 20 rtc interrupts
3 Time(s): hpet: lost 22 rtc interrupts
1 Time(s): hpet: lost 23 rtc interrupts
2 Time(s): hpet: lost 24 rtc interrupts
2 Time(s): hpet: lost 25 rtc interrupts
4 Time(s): hpet: lost 26 rtc interrupts
2 Time(s): hpet: lost 27 rtc interrupts
3 Time(s): hpet: lost 3 rtc interrupts
1 Time(s): hpet: lost 31 rtc interrupts
2 Time(s): hpet: lost 32 rtc interrupts
5 Time(s): hpet: lost 34 rtc interrupts
2 Time(s): hpet: lost 36 rtc interrupts
1 Time(s): hpet: lost 37 rtc interrupts
1 Time(s): hpet: lost 38 rtc interrupts
1 Time(s): hpet: lost 39 rtc interrupts
4 Time(s): hpet: lost 4 rtc interrupts
2 Time(s): hpet: lost 40 rtc interrupts
1 Time(s): hpet: lost 41 rtc interrupts
2 Time(s): hpet: lost 42 rtc interrupts
1 Time(s): hpet: lost 43 rtc interrupts
1 Time(s): hpet: lost 47 rtc interrupts
1 Time(s): hpet: lost 48 rtc interrupts
3 Time(s): hpet: lost 5 rtc interrupts
3 Time(s): hpet: lost 6 rtc interrupts
2 Time(s): hpet: lost 7 rtc interrupts
1 Time(s): hpet: lost 8 rtc interrupts
1 Time(s): hpet: lost 9 rtc interrupts
----------------------Kernel End ----------------------
---------------------pam_unix Begin ---------------------
sshd:
Sessions Opened:
fk012640: 1 Time(s)
runansi: 1 Time(s)
sudo:
Sessions Opened:
root -> root: 1 Time(s)
----------------------pam_unix End-------------------------
----------------------Postfix Begin------------------------
******Summary***************************************************************************************
13.569k Bytes accepted 13,895
123.627k Bytes sent via SMTP 126,594
13.569k Bytes forwarded 13,895
======== =========================================================
1 Accepted 100.00%
-------- ---------------------------------------------------------
1 Total 100.00%
======== =========================================================
2 Removed from queue
9 Sent via SMTP
1 Forwarded
1 PIX workaround enabled
****** Detail (1) **************************************************************************************
9 Sent via SMTP --------------------------------------------------------------------------------
9 syf.com
1 Forwarded--------------------------------------------------------------------------------------
1 vdlsplunkapph08.prvcld.syfbank.com
1 PIX workaround enabled-------------------------------------------------------------------------
1 disabled_esmtp delay_dotcrlf
===Delivery Delays Percentiles ==============================================================
0% 25% 50% 75% 90% 95% 98% 100%
---------------------------------------------------------------------------------------------
Before qmgr 0.01 0.01 0.01 0.01 0.18 0.94 1.40 1.70
In qmgr 0.01 0.02 0.02 0.02 0.02 0.02 0.02 0.02
Conn setup 0.00 0.04 0.04 0.04 0.04 0.04 0.04 0.04
Transmission 0.01 0.90 0.90 0.90 0.90 0.90 0.90 0.90
Total 0.96 0.96 0.96 0.96 1.03 1.37 1.57 1.70
=============================================================================================
--------------------Postfix End------------------------------
--------------------SSHD Begin-----------------------------
Users logging in through sshd:
fk012640:
10.65.26.142 (pplsplunkapda14.sec.syfbank.com): 1 time
runansi:
10.144.33.20 (vdlnixcwapda01.prvcld.syfbank.com): 1 time
Received disconnect:
11:disconnected by user
10.144.33.20 : 1 Time(s)
10.65.26.142 : 1 Time(s)
----------------------SSHD End -----------------------------
---------------------Sudo (secure-log) Begin-------------------------
fk012640 => root
----------------
/home/fk001233/scripts_for_SDC/logwatch.sh - 1 Time(s).
-----------------------Sudo (secure-log) End----------------------------
----------------------Disk Space Begin -----------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rootvg-root 35G 9.6G 26G 28% /
devtmpfs 32G 0 32G 0% /dev
/dev/mapper/vg_application-lv_opt_splunk 1.1T 2.7G 1.1T 1% /opt/splunk
/dev/sdb1 4.8G 20M 4.6G 1% /appbin
/dev/sda1 497M 178M 319M 36% /boot
npnfs8080c1da01-nfs:/vol/AISB_ATS_HOME/home/fk012640 23T 13T 11T 55% /home/fk012640
npnfs8080c1da01-nfs:/vol/AISB_AIS_HOME/home/fk001233 23T 13T 11T 55% /home/fk001233
npnfs8080c1da01-nfs:/vol/AISB_AIS_HOME/home/fk001233 23T 13T 11T 55% /home/splunk
--------------------------Disk Space End -------------------------
####################Logwatch End ####################
';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php