Filtering Specific Events from Logstash to a SIEM

Right now we have logstash up and running and sending a large volume of logs to elasticsearch which are searchable using kibana.
Can a filter be built to send just specific use cases to another location such as ArcSight/Qradar? So fo example if we wanted to send failed VPN logins from a specific FW is there a way to filte out from the large volume of logs being processed by Logstash but send to both elastic as usual but send just these specific logs to ArcSight/Qradar?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.