Let’s say message field has following JSON:

{"SERIAL_NO":"STR123","KEY":"1d00e838-429f-437e-b892-3476280ef71c","LENGTH":"43"}

You can use the below to find the KEY Value.

rex field=message ".*,\"KEY\":\"(?<strKey>.*)\",\"LENGTH\"" 

., – Checks whether it has some string in the first followed by , \”KEY\”:\” – Checks for “KEY”:” string in the message field (?.) – Gets the value for KEY
\”,\”LENGTH\” – Checks for “,”LENGTH”

JSON with multi-level:

Your Search
| spath input=payload | table attributes.test

Sample payload field JSON:

{"example1":"ex1", "attributes":{"test":"sample"}}