Parsing a Snort alert message with the Graylog Processor Pipelines

graylog_pipeline_rule_snort.rxt

rule "Extract Snort alert fields"
when
  has_field("message")
then
  let m = regex("^\\s?\\[(\\d+):(\\d+):(\\d+)\\] (.+?) \\[Classification: (.+?)\\] \\[Priority: (\\d+)] \\{(.+?)\\} (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}):(\\d{1,5}) -> (\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}):(\\d{1,5})\\R?", to_string($message.message));
  
  set_field("snort_alert", true);
  
  set_field("generator_id", m["0"]);
  set_field("signature_id", m["1"]);
  set_field("signature_revision_id", m["2"]);
  
  set_field("description", m["3"]);
  set_field("classification", m["4"]);
  set_field("priority", to_long(m["5"]));
  set_field("protocol", m["6"]);
  
  set_field("src_addr", to_ip(m["7"]));
  set_field("src_port", to_long(m["8"]));
  
  set_field("dst_addr", to_ip(m["9"]));
  set_field("dst_port", to_long(m["10"]));
end

While using this rule set, message or full-message as i've tested aren't getting parsed correctly - any thoughts?

which regular expression did you use here.