idea 1 : use the json tool app https://splunkbase.splunk.com/app/3540/ (note, i haven't tried it, but seems to do the job)
idea 2 : use SPL to create a new field containing the entire line into JSON format, and pass this field to sns alert

this uses foreach command,

index=xx
| eval message="{"
| foreach *
[eval message=if("<>"="message", message, message. " \"". "<>" . "\" : \"".<>."\", ")]
| eval message=rtrim(message, " ,")| eval message=message." }"

--
then finally pass the field message : $result.message$ to sns alert