The painless specification and the painless API reference should have the information you are looking for.
My bad, but I just realized I was mistaken in this comment above -- I forgot that painless doesn't actually allow JSON parsing in its API. (In part because it would be really terrible from a performance perspective as I mentioned).
So your best bet is going to be parsing those message strings to objects at ingest time as stated in the comment above... these two threads have more on this topic:
- How to convert a json format string to json object using painless script kibana
- Painless scripting JSON functions
The only other alternative I can think of would be regex matching for a substring, which is also going to slow things down, and definitely isn't considered a best practice for a situation like this.