Use Playbooks to retrieve logs (alternative mode)

Sometimes the application insert some junk information that are not useful in the logs.
Here a description on how to collect the important information:

In our example there are some values like: current_link, next_link and last_log_item_generation that are excluded

Last start key: means the array where our values are stored, here an example of the scructure:

"security_events":[{event1}, {event2}, ... {eventN}]

Timestamp key: means the key that indicate the timestamp. in our example we put message.detection_time because detection_time is a key nested in message

Timestamp format: means the format of our timestamp.