Hi, community. I want to read Wazuh data from kafka and write it to Elasticsearch.
All way looks like: wazuh-manager->filebeat->logstash->nifi->kafka_>filebeat->elasticsearch.
I try to write to elasticsearch using native wazuh pipeline for filebeat, but it doesn't write to elasticsearch anything.
Trying to write data from kafka, wazuh plugin disabled, pipeline is created:
Results:
Writing to elasticsearch when wazuh plugin enabled, data path looks like wazuh-manager->filebeat->elasticsearch:
Results:
Why pipeline doesn't work in first case? What I am doing wrong?