This is the log that I am trying to parse ==>
DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 10.8.10.21:28184 -> 10.8.10.19:69 UDP TTL:64 TOS:0x0 ID:40693 IpLen:20 DgmLen:88 Len: 60 Csum: 19270 (60 more bytes of original packet) ** END OF DUMP [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0068][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0790]
The Custom Filter that is used ==>
(?<pkt_detail>([A-za-z0-9:*()-.=>\s])+)%{GREEDYDATA:xrefs}
The requirement being, separation of Packet Details and XREFS (Starting from [Xref). However the Packet Details doesn't stop parsing there and instead this is the output from the debugger:
"pkt_detail": [
[
"DESTINATION UNREACHABLE: PORT UNREACHABLE ** ORIGINAL DATAGRAM DUMP: 10.8.10.21:28184 -> 10.8.10.19:69 UDP TTL:64 TOS:0x0 ID:40693 IpLen:20 DgmLen:88 Len: 60 Csum: 19270 (60 more bytes of original packet) ** END OF DUMP [Xref => http:"
]
],
"xrefs": [
[
"//cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0068][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0790] "
]
]
Kindly help to stop Packet Detail event after END OF DUMP.