processors:
- module: json
original_field: Raw
paths:
- path: flow_id
target_field: User.FlowID
- path: flow.pkts_toserver
target_field: ECS.Destination.Bytes
processors:
- module: json
original_field: Raw
paths:
- path: flow_id
target_field: User.FlowID
- path: flow.pkts_toserver
target_field: ECS.Destination.Bytes