If you can send an exaple of the log you want to parse I will try assist ?
Can you actually post here the structure of that correlation rule and the original log? I don't think you have trouble parsing the logs, but I'm not sure if something like that is achievable on the level of correlations.
Edit: my bad, there is a new feature "Regex" in matching strings in correlation rules, seems pretty awesome.
Yes, the new "Regex" feature (on both correlation rules and alarms) should do the trick... Thanks