[FEATURE] PPL parse command should support substring match

[penghuo]

Is your feature request related to a problem?

PUT my-index-000001/_doc/1
{ "log": "response {200 map {\"code\":\"449\",\"msg\":\"session has expired\"} false}\n" }
 
### no match
POST _plugins/_ppl
{
  "query": """
  source = my-index-000001 | WHERE match(log, "response") | parse lambdalog 'msg\":\"(?<msg>[^\"]+)' | fields msg;
  """
}

### matched
POST _plugins/_ppl
{
  "query": """
  source = my-index-000001 | WHERE match(log, "response") | parse lambdalog '.+msg\":\"(?<msg>[^\"]+).*\n?' | fields msg;
  """
}

What solution would you like?
Currently, parse using matcher.matches which requried the regex match the entire string.

We can consider change to matcher.find to match substring.

More reading, https://stackoverflow.com/questions/4450045/difference-between-matches-and-find-in-java-regex

What alternatives have you considered?
A clear and concise description of any alternative solutions or features you've considered.

Do you have any additional context?
Add any other context or screenshots about the feature request here.

[dblock]

[Catch All Triage - 1, 2, 3]]