syslog-ng - set a value or macro based on value of another macro

Question

I have a patterndb config that is parsing pfsense filterlog messages to extract the various fields to send to Azure Sentinel in CEF format, it is largely working fine

I need to set the Severity field of my event based upon the firewall action.

for example, if the field "PF.PF_ACTION" is block, the "Severity" needs to = 4, if the "PF.PF_ACTION" is pass "Severity" needs to = 1

Severity does not exist at this point, i am creating a new macro here or want to return the correct value based upon the original Macro

I have tried a template function with if but it seems to always think the result is true

template-function set_pfsense_severity "$(if (\"${PF.PF_ACTION}\" == \"pass\" ) \"4\" \"1\")";
template-function cef_header_netgate "${ISODATE} ${HOST} CEF:0|Netgate|pfSense||${PF.PF_TRACKER}||$(set_pfsense_severity)|";
        file(
                "/var/log/pfsense.log"
                fsync(yes)
                template("$(cef_header_netgate)$(format-welf --omit-empty-values act=${PF.PF_ACTION} dvc=$HOST dvchost=$HOST dst=${PF.PF_IP_DESTINATION_IP} dpt=${PF.PF_IP_DESTINATION_PORT} in=${PF.PF_IP_PAYLOAD_LENGTH} msg=$MSG proto=${PF.PF_IP_PROTOCOL_TEXT} src=${PF.PF_IP_SOURCE_IP} spt=${PF.PF_IP_SOURCE_PORT} csl=${PF.PF_RULE_NUMBER} deviceDirection=${PF.PF_DIRECTION} deviceFacility=$FACILITY)\n")
        );
};
log {
        source(s_udp_oms);
        filter(f_oms_pfsense_filterlog);
        parser(pfsense);
        rewrite(r_set_direction);
        destination(pfsense_parsed);
};

here is 2 log lines for reference, the Severity field is the field before |act=

2022-03-09T20:23:38+00:00 192.168.x.254 CEF:0|Netgate|pfSense||1000000103||4|act=block csl=4 deviceDirection=0 deviceFacility=local0 dpt=9999 dst=255.255.255.255 dvc=192.168.x.254 dvchost=192.168.x.x in=14 msg=4,,,1000000103,igb0.20,match,block,in,4,0x0,,64,0,0,DF,17,udp,34,0.0.0.0,255.255.255.255,9998,9999,14 proto=udp spt=9998 src=0.0.0.0
2022-03-09T20:23:41+00:00 192.168.x.254 CEF:0|Netgate|pfSense||1770011110||4|act=pass csl=130 deviceDirection=0 deviceFacility=local0 dpt=443 dst=17.253.x.x dvc=192.168.x.254 dvchost=192.168.x.x in=0 msg=130,,,1770011110,igb0.10,match,pass,in,4,0x0,,64,0,0,DF,6,tcp,64,192.168.x.x,17.253.x.x,58359,443,0,S,3162698201,,0,,mss;nop;wscale;nop;nop;TS;sackOK;eol proto=tcp spt=58359 src=192.168.x.x

how else can i either configure a macro that i can place in the template or return the correct value?