Parse out window event logs message

I would like to take the message section from windows event logs and be able to use the different areas to filter. Right now the message comes across as

"message": "An attempt was made to access an object.\n\nSubject:\n\tSecurity ID:\t\txxxxxxxxxxx\n\tAccount Name:\t\txxxxx\n\tAccount Domain:\t\txxxx\n\tLogon ID:\t\txxxxxx\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tFile\n\tObject Name:\tD:\USERS\xxxxxx\My Pictures\xxxx.jpg\n\tHandle ID:\xxxx\n\nProcess Information:\n\tProcess ID:\txxx\n\tProcess Name:\t\n\nAccess Request Information:\n\tAccesses:\tReadData (or ListDirectory)\n\t\t\t\t\n\tAccess Mask:\t0x1",

I would like to filter the access request information and access part of the message log.
Can anyone help me out with this.

It can be done. But you need to learn enough "markdown" to show what your message looks like. A simple posting will consume * (bold) and _ (newline) as if they as formatting, and \t and \n are not interpreted the way you expect.

First remove unnecessary tab from your message, for this you can use gsub

mutate{
gsub => ["message", "\t", ""]
}

now split the message into key-value pair.

kv{
source => "message"
value_split => ":"
field_split => "\n"
}

try the above solution and let me know is it working or not.

That worked. Thanks for the help

Choose or post your solution @NieruHawic, Thanks!