Amazing ptamba, Thank you
I use filter json and It almost work
The problem is related with the field target_ips because it is a dictionary and when I use filter json my Elastic exceed the number 1000 fields like this:
target_ips.172.0.0.0
target_ips.172.0.0.1
target_ips.172.0.0.2
etc
I tried to remove it with the filter mutate
mutate {
remove_field => [ "[parser_result][target_ips]" ]
But it doesn't work because field target_ips is dynamic , is possible to help me ?
Thank you again