Hello Gopans,
Thanks for using Wazuh!
To help you in this case the best way will be that you post here a few examples of the events you are trying to filter. By this way, I can analyze the fields that comes inside those logs.
I would like that you share with me the details about some questions.
How do you want to send the logs from the primary to the secondary server?
Where do you want to filter those logs, inside dashboards or directly at the alerts/archives files?
I will be waiting for your answer.