Parse access logs wrapped in docker logs (json)

I’m having my first journey in druid data ingestion

I get access logs (apache httpd like) wrapped in json document by docker log driver :

  "date": "2021-11-13T05:55:03.000000Z",
  "source": "stdout",
  "log": " - - [13/Nov/2021:05:55:03 +0000] \"GET /img/pics/event_creation-480w-1024w.webp HTTP/2.0\" 200 91570 \"\" \"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/87.0.4280.141 Safari/537.36 Edg/87.0.664.75\" 143954 \"prod@docker\" \"\" 15ms",
  "container_id": "",
  "container_name": "/traefik_rp_1"

The JSON wrapper does not bring any interesting information, the payload is in the “log” key.
It is a access log format.

How can I combine transformations to get all pieces of information (time, IP, URL, return code, etc.) ?

Thanks you !

I’m surprise that there is no straightforward solution to this use case.

Some access logs in a docker json logs format does not seem very exotic to me.

My current solution involves jq + awk in a shell and is only few lines. I also managed to do it with goaccess but I’d really like to do it with Druid …