Let’s say message field has following JSON:
{“SERIAL_NO”:”STR123″,”KEY”:”1d00e838-429f-437e-b892-3476280ef71c”,”LENGTH”:”43″}

You can use the below to find the KEY Value.
rex field=message “.*,\”KEY\”:\”(?<strKey>.*)\”,\”LENGTH\””

.*, – Checks whether it has some string in the first followed by ,
\”KEY\”:\” – Checks for “KEY”:” string in the message field
(?<strKey>.*) – Gets the value for KEY
\”,\”LENGTH\” – Checks for “,”LENGTH”

JSON with multi-level:

Your Search
| spath input=payload | table attributes.test

Sample payload field JSON:
{“example1″:”ex1”, “attributes”:{“test”:”sample”}}