求指导一下，想提取 [ ] 里面的内容， 这种数据怎么用grok分割，参考了logstash的写法，没效果

[mad1230]

"[2020-07-17T09:21:22,629][INFO ][index.search.slowlog.query] [xxx] [xxx][4] took[753.7ms], took_millis[753], total_hits[1600383], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[990], source[{"size":500,"query":{"bool":{"must":[{"match_all":{"boost":1.0}},{"bool":{"should":[{"match_phrase":{"check_type":{"query":"4","slop":0,"zero_terms_query":"NONE","boost":1.0}}},{"match_phrase":{"check_type":{"query":"6","slop":0,"zero_terms_query":"NONE","boost":1.0}}}],"adjust_pure_negative":true,"minimum_should_match":"1","boost":1.0}},{"range":{"@timestamp":{"from":null,"to":null,"include_lower":true,"include_upper":true,"boost":1.0}}}],"adjust_pure_negative":true,"boost":1.0}},"version":true,"_source":{"includes":[],"excludes":[]},"stored_fields":"","docvalue_fields":["@timestamp","create_time"],"script_fields":{},"sort":[{"@timestamp":{"order":"desc","unmapped_type":"boolean"}}],"aggregations":{"2":{"date_histogram":{"field":"@timestamp","time_zone":"Asia/Shanghai","interval":"1d","offset":0,"order":{"_key":"asc"},"keyed":false,"min_doc_count":1}}},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fragment_size":2147483647,"fields":{"":{}}}}], "

[childe]

说一下你想要啥效果呢?

[mad1230]

就是上面那段文本，想要达到这样的效果 { "log_time":"2020-07-17T09:21:22,629", "level":"INFO", "indexType":"index.search.slowlog.query" } 相当于把 [ ] 中括号里面的内容提取出来结构化成这种样子，能不能帮个忙给个示范，学习一下

[childe]

[%{TIMESTAMP_ISO8601:log_time}][%{LOG_LEVEL:level}\s*][%{DATA:indexType] 大概这样吧