wazuh-docker-orginal/wazuh/config/filebeat.yml

# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
filebeat:
 prospectors:
  - input_type: log
    paths:
     - "/var/ossec/data/logs/alerts/alerts.json"
    document_type: wazuh-alerts
    json.message_key: log
    json.keys_under_root: true
    json.overwrite_keys: true

output:
 logstash:
   # The Logstash hosts
   hosts: ["logstash:5000"]
#   ssl:
#     certificate_authorities: ["/etc/filebeat/logstash.crt"]