I've tried to apply grok pattern to filter nested brackets in the logs which is as below,
[2022-05-20T02:21:54.715] [INFO] [{"id":"876g4jd8v36w0dhna2","data":"fetching public base-plans ..."}]
My grok pattern looks like this. But here, I'm unable to parse nested brackets (brackets inside brackets). Any help is much appreciated, since I'm trying this for long.
\[%{TIMESTAMP_ISO8601:time}\] \[%{WORD:logLevel}\] \[%{DATA:id}\]
Below is working fine and will filter as expected (regex)
filter {
grok {
match => { "message" => "\[%{TIMESTAMP_ISO8601:time}\] \[%{WORD:logLevel}\] \[\{\"id\":%{DATA:id},\"data\":%{DATA:response}\]"}
}
}