Hi @Johannnnnn
I suspect your first issue is that your JSON is Pretty formatted / multi-line and filebeat is line oriented so it expects the JSON to be single line ndjson.
If your file actually looks like above, you're going to have to use a multiline parser or just simply convert it to newline delimited with jq here are some instructions ignore it for logstash, same concept
Once in ndjson see here
If you don't want to do that, then please provide an actual sample of your file with multiple entries. Then we'll have to construct a multi-line parser which is not always easy. If you were saying it is alwaysif you were saying it is always exactly the same number of lines You can do multi-line with just number of lines... Otherwise you have to construct a regex expression.
Second part I do not recommend trying to remove parts of filebeat to get rid of the fields. Just used to drop_field processor and drop the host agent, ECS fields, etc. People do that all the time. It's very common to clean up the output ... Quick and easy