Hello. I'm trying to parse event message to fields.
There is no problem with simple fields, but i'm unable to highlight biggest field that looks like this:
Details: {"Realm_Size":68,"Realm":"https://uisnotification-sb.accesscontrol.windows.net/v2/mgmt/service","action_Size":11,"action":"ACTION_NONE","TokenType_Size":59,"TokenType":"http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0","IssuerUrl_Size":78,"IssuerUrl":"https://uisnotification-sb.accesscontrol.windows.net/v2/wstrust/13/certificate","CertificateSerialNumber_Size":32,"CertificateSerialNumber":"123456789ASDGFHGFJDHGIYU"}
NOTSPACE and GREEDYDATA are not fit, because (as i think) field contains string breaks and other interesting symbols.
Is there any pattern that can highlight this peace of message?