Hello,
we are currently using wazuh in conjunction with ELK stack 7.17.9, we would like to gradually switch to the full elastic stack, but to do this we would first like to normalize the fields that wazuh sends to elasticsearch in the ECS.
I've seen the function in Kibana "Ingest Pipelines," and created one suitable for the purpose, but unfortunately I can't figure out how to implement it.
From what I understand, I should connect the wazuh pipeline (filebeat) to this pipeline, before doing the ingest inside elastic. However, I don't quite understand HOW to do it.
Can you kindly help me?
Thank you very much.
Francesco
