use strict;
my $str = '<14>Jul 4 18:56:24 - 1,2018/07/04 18:56:24,010401007075,THREAT,url,0,2018/07/04 18:56:24,212.252.96.87,88.255.40.30,212.252.96.87,172.16.0.153,mail.sayistay.gov.tr,,,ssl,vsys1,Untrust-Zone,DMZ-1-Zone,ethernet1/1,ethernet1/6,SAY-Log-Forwarding-Profile,2018/07/04 18:56:24,401373,1,34538,443,34538,443,0x40f000,tcp,alert,"mail.sayistay.gov.tr/",(9999),URL-Allow-List,informational,client-to-server,257394,0x8000000000000000,Turkey,Turkey,0,,0,,,0,,,,,,,,0,0,0,0,0,,INT-FW-2,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0ESC[0m';
my $regex = qr/(?P<pan_log_receive_time>\w{3}\s*\d+\s*\d+:\d+:\d+)\s+(?:[^,]*,){3}(?P<pan_log_type>THREAT),(?P<pan_log_subtype>[^,]*),(?:[^,]*,){2}(?P<pan_log_src>[^,]*),(?P<pan_log_dst>[^,]*),(?:[^,]*,){2}(?P<pan_threat_policy>[^,]*),(?P<pan_threat_srcuser>[^,]*),(?:[^,]*),(?P<pan_threat_app>[^,]*),(?P<pan_threat_vsys>[^,]*),(?P<pan_threat_srczone>[^,]*),(?P<pan_threat_dstzone>[^,]*),(?P<pan_threat_inbound_if>[^,]*),(?P<pan_threat_outbound_if>[^,]*),(?:[^,]*,){4}(?P<pan_log_sport>[^,]*),(?P<pan_log_dstport>[^,]*),(?:[^,]*,){3}(?P<proto>[^,]*),(?P<action>[^,]*),"(?P<url>[^"]*)",\((?P<threat_id>\d+)\),(?P<cat>[^,]*),(?P<sev>[^,]*)/mp;
if ( $str =~ /$regex/g ) {
print "Whole match is ${^MATCH} and its start/end positions can be obtained via \$-[0] and \$+[0]\n";
# print "Capture Group 1 is $1 and its start/end positions can be obtained via \$-[1] and \$+[1]\n";
# print "Capture Group 2 is $2 ... and so on\n";
}
# ${^POSTMATCH} and ${^PREMATCH} are also available with the use of '/p'
# Named capture groups can be called via $+{name}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Perl, please visit: http://perldoc.perl.org/perlre.html