You have several options for parsing the second level JSON:
- Configure the decode_json_fields processor in Filebeat
- Use the Ingest Node of Elasticsearch, which also has a JSON decoder processor
- Use Logstash, which can do that and much more
I suspect the easiest for you would be the first option. Let us know if you have issues with the processor (currently marked experimental).