| makeresults 
| eval _raw="[http-nio-8080-exec-16] [] [bf66e103-8dda-4759-b56f-b2f79f7a4e0c] [com.cox.cb.cbma.common.logging.RequestLoggingFilter] INFO -{\"id\":\"20358\",\"address\":\"http://****/services/voicecallforward/callForwardSelectiveRule/add\",\"httpMethod\":\"PUT\",\"headers\":{\"referer\":\"https://******/****/voice/callsettings/addcallforwardingselective\",\"clientid\":\"cbmauser\",\"sec-fetch-site\":\"same-origin\",\"sm_sdomain\":\".coxbusiness.com\",\"origin\":\"https://myaccount.coxbusiness.com\",\"x-forwarded-port\":\"443\",\"sm_realmoid\":\"06-000c2aa5-c4f2-1935-8893-c6cbac124047\",\"newrelic\":\"eyJkIjp7ImFjIjoiMTQwMDM1MiIsInByIjowLjc3Mzc0OCwidHgiOiI3ZGNkYTVmMDY0Nzg1YmIwIiwidGkiOjE1Nzc3MTU3ODg0MTEsInR5IjoiQXBwIiwidGsiOiIxMTkwODkzIiwidHIiOiI3ZGNkYTVmMDY0Nzg1YmIwIiwic2EiOmZhbHNlLCJhcCI6IjYxNDMwODE1In0sInYiOlswLDFdfQ==\",\"sm_user\":\"4057131392@cox.com\",\"cb_session\":\"4057131392@cox.com\",\"x-forwarded-host\":\"voice-callforward-cbma.eps.corp.cox.com\",\"incap-client-ip\":\"204.87.100.69\",\"host\":\"voice-callforward-cbma.eps.corp.cox.com\",\"incap-proxy-981\":\"OK\",\"sm_timetoexpire\":\"10484\",\"content-type\":\"application/json\",\"sm_authdirnamespace\":\"ODBC:\",\"sm_serversessionid\":\"qJQqVfxRP9lsSlpVIlV4b9XApYc=\",\"cache-control\":\"no-cache\",\"Content-Length\":\"358\",\"sec-fetch-mode\":\"cors\",\"sm_authdiroid\":\"0e-0003d1dc-07e4-1fc9-a0da-363dac124005\",\"sm_userdn\":\"4057131392@cox.com\",\"Accept\":\"application/json, text/plain, /\",\"accept-language\":\"en-US,en;q=0.9\",\"apikey\":\"5d228662-aaa1-4a18-be1c-fb84db78cf13\",\"cookie\":\"aam_uuid=01731156288586562410083429037275412674; cox-current-zipcode=73102; aamSegId=SegId%3D10908662%2C1640846%2C14130724; CBLOCALE=en-US,en; JSESSIONID=HDIClfSxMrbOBU69FZtQvxXl_OmJ4Fh1cAIW5cmL.; cbma-current-user=; start_time=1577715483.411; page_threshold_event_triggered=false; time_threshold_event_triggered=false; threshold_page_count=2; fltk=segID%3D4595188%2C1640846; CBSESSION=1kJcR/vY2o5CYoSSy4mMhQ0I4/hjrsnINng3xYvm4moWFJKldkVi4wkRwXxT2NkgpsPrZ9/hK4jdrRusi21U3reJPy/WBFkeMRYyrBtWWwC9BmLBnb778gAxA4uc4YtLLeT9UAzE2Y5Xu37U53plMEgFir1Ywvqpb5Y1WeR/WknfNvFWap3knkt4CnrlxN4ie97KC8fcEAm+Xp5/xlWGCTVj4jD23fUPNeXxXre4FrRFnQhEYKv6aNq3usaLGxLVbeHHQp1U8hON+GLtQ0CAqO8VgBsKiMJnNLzrwrnDq99Hmy6pU3b6zXG09l5hJKEofD5Oh4dTvyw1EtCfqPwM+wwQXeXmq7r8+Rm5qxvTmX3icxVw/xspRD73Uq/YIUrph/OyLjwaC5LmsQkpeRtvwJeAk09JI+3mcCVyuOSaDdmYjgibysgWq5OosQGk01vtv03nE51EJjvkU0Nloq8zn4+87bsj5jnZbF0ue1Mq8tvrOZIJsKEIjLRYiuqhIiXMgtpbZt9ru3bbKXtk5Kr5pBLHB3CcGUpJmOuIeRNfANPKLOhBPcAotfq4d/waSG29M62LQywtNwP3fWqIm3L0gzsv5ZRM4swzwxtdLhHwTAKqWVQbMynt/nJgfwGdD0ALosEUv6kACNH2nKNfGZPMk0Jt65/pi3Hs+3Drqd4tJI+1s31r6VbUMstwISAQyeZ5DJh4TVGHBzN4itZtGsst4VTZpC0QliEExovP3VXxTED1eEB1Ny3eyipcs8z3xviR4VoyCuOeWkT4ekWNiptrE0m0MbJ2+1IeCu1Wqd/c6cjCd3alUtySkBMuYRt4lA9vmQoxr7kixWn+f9XIHWg4z5D+AeWGMh+MgS61l3sQ5O0P+Dvacu9r34p268yAX3Uu7/sHEg42Rd4kAjypQl/KgkuWyQTka2maJLyDQqjoM8jFskstvq+JBjO54Did3Z5WZTLn2EbSlUJZs4HEkW7N4VmzBlspNFGVhWwgsgRHSbrk8Hk9dTUwsn3LjC8dV2Z2jw0KiM67bQQjZYOeRgJ4iQGU3J49YSulqst1p21GeUEYhOe+qy+A8z84QmSqjE53t1NCvBUCK04vFzR5r0DEID1W4+wE7jt8\",\"x-forwarded-proto\":\"https\",\"ma_transaction_id\":\"bf66e103-8dda-4759-b56f-b2f79f7a4e0c\",\"clienttransactionid\":\"2d9fbcdab0001620a4f17b22965711b66485a0004fea878f3be084d366e0436d\",\"sm_authdirname\":\"UD_IDM_SEC_USERS_AUTH\",\"sm_universalid\":\"\",\"sm_realm\":\"root_rm\",\"x-forwarded-for\":\"; \",\"sm_transactionid\":\"000000000000000000000000eaf012ac-5ff3-5e0a084c-8a5d6700-90a75d2dc5b4\",\"forwarded\":o=https;protoserver\":\"\",\"sm_serversessionspec\":\"IiFDzc2A8ccgN8TX1Mt9GHm283L8trkxflp0CsDK4B9ryNvCnsUvhLWaivVzeHiv1La62isS5qTrHBhp8W0p9WQkprS9fPb/hLigtxQIAvjiZW9aLtBKIbhAWTmSIpdQWvQdI/LAd6TB3FOefd85+Gf1ZAJLTmjQXCMWxrRyAaoGI/60GOTxaKmuTM5ohpfyD61W5zpSQo60L+CpEi0Hg5Z5DbD1gWd7Zt3gfr1gyZk0Mv0W4o+GCvN49BjEeoxrcjQ9JX33HXdMEgGFpSPOIYTDD7NkgpJObXqxLlZ+p/EoemFmSbjMAORzc4l+HlhijjgDIbcWOu09m/2nXIdZJsnvOfMWJuOKf1z53WzgSIXExS/++loIEx8vccZlteHPCRuMHI5LommkHvSEh8Pf+08u7no8IkYlvmyuMGanotRmz59ARW4GxwivSEmPtsaSDrm8iiDIcko=\",\"accept-encoding\":\"gzip, deflate, br\",\"sm_authreason\":\"0\",\"user-agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36\"},\"payload\":{\"messages\":[],\"payload\":\"{\\\"id\\\":\\\"1492679\\\",\\\"newRuleName\\\":\\\"SWING\\\",\\\"callForwardSelectiveDetails\\\":{\\\"description\\\":\\\"SWING\\\",\\\"action\\\":false,\\\"doNotForwardPhoneNumber\\\":\\\"4044044040\\\",\\\"anyPhoneNumber\\\":true,\\\"anyPrivateNumber\\\":false,\\\"anyUnavailableNumber\\\":false,\\\"holidayScheduleAccess\\\":null,\\\"holidayScheduleName\\\":null,\\\"timeScheduleAccess\\\":\\\"Group\\\",\\\"timeScheduleName\\\":\\\"Swing Shift\\\",\\\"phoneNumbers\\\":[]}}\"},\"encoding\":null,\"contentType\":\"application/json\",\"responseCode\":null}"
| rex "(?<json_text>(?=\{\\\\\"id).+)"
| fields json_text
| rex field=json_text mode=sed "s/(true|false|null)/\"\1\"/g"
| rex field=json_text mode=sed "s/\\\//g"
| rename json_text as _raw
| spath 
| fields - _*
| rename callForwardSelectiveDetails.* as *

Backslashes!

Have posted the log info which I'm not able to extract the phone number. the number will be changing

[http-nio-8080-exec-16] [] [bf66e103-8dda-4759-b56f-b2f79f7a4e0c] [com.cox.cb.cbma.common.logging.RequestLoggingFilter] INFO -{"id":"20358","address":"http://*/services/voicecallforward/callForwardSelectiveRule/add","httpMethod":"PUT","headers":{"referer":"https:////voice/callsettings/addcallforwardingselective","clientid":"cbmauser","sec-fetch-site":"same-origin","sm_sdomain":".coxbusiness.com","origin":"https://myaccount.coxbusiness.com","x-forwarded-port":"443","sm_realmoid":"06-000c2aa5-c4f2-1935-889..., text/plain, */","accept-language":"en-US,en;q=0.9","apikey":"5d228662-aaa1-4a18-be1c-fb84db78cf13","cookie":"aam_uuid=01731156288586562410083429037275412674; cox-current-zipcode=73102; aamSegId=SegId%3D10908662%2C1640846%2C14130724; CBLOCALE=en-US,en; JSESSIONID=HDIClfSxMrbOBU69FZtQvxXl_OmJ4Fh1cAIW5cmL.***; cbma-current-user=; start_time=1577715483.411; page_threshold_event_triggered=false; time_threshold_event_triggered=false; threshold_page_count=2; fltk=segID%3D4595188%2C1640846; CBSESSION=1kJcR/vY2o5CYoSSy4mMhQ0I4/hjrsnINng3xYvm4moWFJKldkVi4wkRwXxT2NkgpsPrZ9/hK4jdrRusi21U3reJPy/WBFkeMRYyrBtWWwC9BmLBnb778gAxA4uc4YtLLeT9UAzE2Y5Xu37U53plMEgFir1Ywvqpb5Y1WeR/WknfNvFWap3knkt4CnrlxN4ie97KC8fcEAm+Xp5/xlWGCTVj4jD23fUPNeXxXre4FrRFnQhEYKv6aNq3usaLGxLVbeHHQp1U8hON+GLtQ0CAqO8VgBsKiMJnNLzrwrnDq99Hmy6pU3b6zXG09l5hJKEofD5Oh4dTvyw1EtCfqPwM+wwQXeXmq7r8+Rm5qxvTmX3icxVw/xspRD73Uq/YIUrph/OyLjwaC5LmsQkpeRtvwJeAk09JI+3mcCVyuOSaDdmYjgibysgWq5OosQGk01vtv03nE51EJjvkU0Nloq8zn4+87bsj5jnZbF0ue1Mq8tvrOZIJsKEIjLRYiuqhIiXMgtpbZt9ru3bbKXtk5Kr5pBLHB3CcGUpJmOuIeRNfANPKLOhBPcAotfq4d/waSG29M62LQywtNwP3fWqIm3L0gzsv5ZRM4swzwxtdLhHwTAKqWVQbMynt/nJgfwGdD0ALosEUv6kACNH2nKNfGZPMk0Jt65/pi3Hs+3Drqd4tJI+1s31r6VbUMstwISAQyeZ5DJh4TVGHBzN4itZtGsst4VTZpC0QliEExovP3VXxTED1eEB1Ny3eyipcs8z3xviR4VoyCuOeWkT4ekWNiptrE0m0MbJ2+1IeCu1Wqd/c6cjCd3alUtySkBMuYRt4lA9vmQoxr7kixWn+f9XIHWg4z5D+AeWGMh+MgS61l3sQ5O0P+Dvacu9r34p268yAX3Uu7/sHEg42Rd4kAjypQl/KgkuWyQTka2maJLyDQqjoM8jFskstvq+JBjO54Did3Z5WZTLn2EbSlUJZs4HEkW7N4VmzBlspNFGVhWwgsgRHSbrk8Hk9dTUwsn3LjC8dV2Z2jw0KiM67bQQjZYOeRgJ4iQGU3J49YSulqst1p21GeUEYhOe+qy+A8z84QmSqjE53t1NCvBUCK04vFzR5r0DEID1W4+wE7jt8","x-forwarded-proto":"https","ma_transaction_id":"bf66e103-8dda-4759-b56f-b2f79f7a4e0c","clienttransactionid":"2d9fbcdab0001620a4f17b22965711b66485a0004fea878f3be084d366e0436d","sm_authdirname":"UD_IDM_SEC_USERS_AUTH","sm_universalid":"","sm_realm":"root_rm","x-forwarded-for":"; ","sm_transactionid":"000000000000000000000000eaf012ac-5ff3-5e0a084c-8a5d6700-90a75d2dc5b4","forwarded":o=https;protoserver":"***","sm_serversessionspec":"IiFDzc2A8ccgN8TX1Mt9GHm283L8trkxflp0CsDK4B9ryNvCnsUvhLWaivVzeHiv1La62isS5qTrHBhp8W0p9WQkprS9fPb/hLigtxQIAvjiZW9aLtBKIbhAWTmSIpdQWvQdI/LAd6TB3FOefd85+Gf1ZAJLTmjQXCMWxrRyAaoGI/60GOTxaKmuTM5ohpfyD61W5zpSQo60L+CpEi0Hg5Z5DbD1gWd7Zt3gfr1gyZk0Mv0W4o+GCvN49BjEeoxrcjQ9JX33HXdMEgGFpSPOIYTDD7NkgpJObXqxLlZ+p/EoemFmSbjMAORzc4l+HlhijjgDIbcWOu09m/2nXIdZJsnvOfMWJuOKf1z53WzgSIXExS/++loIEx8vccZlteHPCRuMHI5LommkHvSEh8Pf+08u7no8IkYlvmyuMGanotRmz59ARW4GxwivSEmPtsaSDrm8iiDIcko=","accept-encoding":"gzip, deflate, br","sm_authreason":"0","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"},"payload":{"messages":[],"payload":"{\"id\":\"1492679\",\"newRuleName\":\"SWING\",\"callForwardSelectiveDetails\":{\"description\":\"SWING\",\"action\":false,\"doNotForwardPhoneNumber\":\"4044044040\",\"anyPhoneNumber\":true,\"anyPrivateNumber\":false,\"anyUnavailableNumber\":false,\"holidayScheduleAccess\":null,\"holidayScheduleName\":null,\"timeScheduleAccess\":\"Group\",\"timeScheduleName\":\"Swing Shift\",\"phoneNumbers\":[]}}"},"encoding":null,"contentType":"application/json","responseCode":null}

| makeresults 
| eval _raw="{\"callForwardSelectiveDetails\":{\"description\":\"New Years Temp\",\"action\":\"false\",\"doNotForwardPhoneNumber\":\"999-999-9999\",\"anyPhoneNumber\":\"true\",\"anyPrivateNumber\":\"false\",\"anyUnavailableNumber\":\"false\",\"holidayScheduleAccess\":\"Group\",\"holidayScheduleName\":\"New Years Temp\",\"timeScheduleAccess\":\"null\",\"timeScheduleName\":\"null\",\"phoneNumbers\":\"\"},\"encoding\":\"null\",\"contentType\":\"application/json\",\"responseCode\":\"null\"}"
| spath path=callForwardSelectiveDetails output=callForwardSelectiveDetails
| spath input=callForwardSelectiveDetails
| fields - _*, callForwardSelectiveDetails

Did you fail to copy the log?

Assuming you want the string following "doNotForwardPhoneNumber", this should do the job.

... | rex "PhoneNumber\\\":\\\"(?<phoneNumber>[^\\\"]+)"

Backslashes!

| makeresults
| eval _raw="callForwardSelectiveDetails\\\":{\\\"description\\\":\\\"New Years Temp\\\",\\\"action\\\":false,\\\"doNotForwardPhoneNumber\\\":\\\"999-999-9999\\\",\\\"anyPhoneNumber\\\":true,\\\"anyPrivateNumber\\\":false,\\\"anyUnavailableNumber\\\":false,\\\"holidayScheduleAccess\\\":\\\"Group\\\",\\\"holidayScheduleName\\\":\\\"New Years Temp\\\",\\\"timeScheduleAccess\\\":null,\\\"timeScheduleName\\\":null,\\\"phoneNumbers\\\":[]}}\"},\"encoding\":null,\"contentType\":\"application/json\",\"responseCode\":null}"
| rex "doNotForwardPhoneNumber\\\\\":\\\\\"(?<phoneNum>[^\\\\]+).*"