Rsyslog regular expression

I have a lot of incoming syslog messages on my rsyslog server. It's a stormshield that sends different categories of messages (connection, web, alarm, ...) I can't configure a different facility for each category so I need to use regular expression to split incoming messages in differents files. All messages are different and have more or less fields in the message, but there is one field logtype to identify the category : Syslog message Msg = bullshitcontentbullshitcontent logtype:"connection" bullshitcontentbullshitcontent So the question is : How can I collect the string of the logtype field with a POSIX regular expression that is understandable by rsyslog and - if you know how - split in different files depending of the value of the logtype?