Do Log Analyser Custom Rules for Syslog support capture groups?

I want to capture alerts for SDWAN Syslog for state changes, but I want one alert per peer, rather than one over-arching alert. E.g. the syslog below.

1 2024-03-21T15:21:01+00:00 vsmart1 OMPD 2975 - [meta sequenceId="10218"] %Viptela-vsmart1-ompd-5-NTCE-1400002: Notification: omp-peer-state-change severity-level:major host-name:"vsmart1" system-ip:n.n.n.n tenant-name:"" peer:x.x.x.101 peer-new-state:down
1 2024-03-21T15:20:21+00:00 vsmart1 OMPD 2988 - [meta sequenceId="197597"] %Viptela-vsmart1-ompd-5-NTCE-1400002: Notification: omp-peer-state-change severity-level:major host-name:"vsmart1" system-ip:n.n.n.n tenant-name:"" peer:x.x.x.199 peer-new-state:up

I want to use a capture group to grab the IP address odf the peer. x.x.x.199 and x.x.x.101 so I can have an alert for each of them. The regex is easy enough: peer:(.*)\speer-new-state:down will capture the IP address.

But does SolarWinds retain the data in capture groups in a way that I can use it in an alert definition?