Please see the below code that I am trying to ingest into elastic search. My goal is to get all the fields parsed out so that I can use them to filter data.
{
"data": [
{
"type": "projection",
"id": "2016597",
"attributes": {
"adjusted_odds": null,
"board_time": "2024-02-16T17:00:00-05:00",
"custom_image": null,
"description": "NBASZN (27 Games Remaining)",
"discount_percentage": 94,
"end_time": "2024-02-22T21:00:00-05:00",
"flash_sale_line_score": 0.5,
"hr_20": true,
"is_promo": true,
"line_score": 9.5,
"odds_type": "standard",
"projection_type": "Single Stat",
"rank": 0,
"refundable": true,
"start_time": "2024-02-22T21:00:00-05:00",
"stat_type": "30+ Points Games",
"status": "pre_game",
"today": true,
"tv_channel": null,
"updated_at": "2024-02-16T17:01:34-05:00"
},
"relationships": {
"duration": {
"data": null
},
"league": {
"data": {
"type": "league",
"id": "188"
}
},
"new_player": {
"data": {
"type": "new_player",
"id": "60344"
}
},
"projection_type": {
"data": {
"type": "projection_type",
"id": "2"
}
},
"stat_type": {
"data": {
"type": "stat_type",
"id": "363"
}
}
}
}
}
This is the current Grok pattern
%{QUOTEDSTRING:field}: "%{TIMESTAMP_ISO8601:timestamp}%{QUOTEDSTRING:field2}.*?%{QUOTEDSTRING:field3}.*?%{QUOTEDSTRING:field4}.*?%{QUOTEDSTRING:field5}.*
but it only parses certain fields, and majority of it gets added to the field named "message".
If someone can please assist me with this, I would be very grateful!