Looking at the indices info, you are wasting plenty of resources by oversharding.
You should have only one shard per index instead of 3 sometimes.
Also, some indices are super small which is indeed inefficient.
I'd ask Wazuh to change their settings and use datastreams. But in the meantime, I suppose that wazuh is generating an index template. May be you can change it and set the number of primary shard to 1.
Then you could reindex your data and squeeze them into one bigger index and shard.
It is possible to reindex automatically it every month?
Not automatically, no but you can probably write a simple cron script for that.
May be you can configure Wazuh to use an alias instead of an index by day? And then use the rollover API?