Read logs stored using Enterprise Semantic Logging format

Elastic Stack Logstash
3

I tried it. Even had posted this on the forum, but NO reply :frowning:

This is my request log

EventId : 1, Level : Informational, Message : Request, Payload : [sessionID : 43a7be8b-3222-4958-9082-ecc4428f0037] [ipAddress : 172.16.22.88] [method : POST] [requestUri : https://myserver.my,com:4433/MyService/api/click2mob] [content : {"callType":"Sales_Appl","customer":{"firstName":"Service","lastName":"Interceptor","phones":[{"countryCode":"1","areaCode":"612","number":"2221213"}],"emailAddresses":[{"email":"myinterceptor@bestbuy.com"}]}}] , EventName : RequestInfo, Timestamp : 2016-03-22T04:06:01.4157082Z, ProcessId : 9784, ThreadId : 18768

My Current GROK Filter in Logstash -

%{WORD:Event} %{NOTSPACE:Colons} %{WORD:EventID}%{NOTSPACE:Colons} %{WORD:Level} %{NOTSPACE:Colons} %{WORD:LevelDetail}%{NOTSPACE:Colons} %{WORD:Message} %{NOTSPACE:Colons} %{WORD:Request}%{NOTSPACE:Colons} %{WORD:Payload} %{NOTSPACE:Colons} %{NOTSPACE:Colons}%{WORD: Session} %{NOTSPACE:Colons} %{UUID:SessionID}%{NOTSPACE:Colons} %{NOTSPACE:Colons}%{WORD: IPAddress} %{NOTSPACE:Colons} %{IPORHOST:IP}%{NOTSPACE:Colons} %{NOTSPACE:Colons}%{WORD: Method} %{NOTSPACE:Colons} %{WORD:HTTP_VERB}%{NOTSPACE:Colons} %{NOTSPACE:Colons}%{WORD: RequestURI} %{NOTSPACE:Colons} %{URI:URL}%{NOTSPACE:Colons}%{WORD: content} %{NOTSPACE:Colons} %{GREEDYDATA:keyvalues}%{NOTSPACE:Colons} %{WORD: EventName} %{NOTSPACE:Colons} %{WORD:RequestInfo}%{NOTSPACE:Colons} %{WORD:IIS_TimeStamp} %{NOTSPACE:Colons} %{TIMESTAMP_ISO8601:IIS_TimeStamp}%{NOTSPACE:Colons} %{WORD: ProcessID} %{NOTSPACE:Colons} %{WORD:Process_ID}%{NOTSPACE:Colons} %{WORD: ThreadID} %{NOTSPACE:Colons} %{WORD:Thread_ID}

How can I optimize this query to get only the req. values?

Is there anything that can help me here ?