Hello,
Thanks for the feed back. I am curious and correct me if I’m wrong but the JSON logs are received and indexed, meaning you can see these logs in a search?
Have you tried a different INPUT type/PORT? The reason I stated this is because a GELF UDP input might help create those fields for you. Not sure if this was tested already.
My apologies , not very good at making a JSON extractor. I try to avoid them as much as possible. I have a tendency to either use a pipeline here or Regex extractor.
I can find out what REGEX Extractor are needed from the example of the log you have posted if you want to go that route?