igarcia
Just a little heads up on this, remember that you can publish your CloudTrail logs to CloudWatch Logs so you can query more easily all the records of interest.
Better yet, you can use Athena to query using SQL your CloudTrial files that are store in your S3 bucket.
Those options are better than reading the json by itself.