Presuming Splunk hasn’t already extracted these automatically (it looks close to JSON, perhaps), this will do it:
index=ndx sourcetype=srctp
| rex field=_raw "status\":(?<status>\d+)"
| search status=0
from User warren – Stack Overflow https://stackoverflow.com/questions/42234216/extracting-particular-value-using-regex-in-splunk/73129772#73129772
via IFTTT