Enable SIEM on Filr Admin Console. See SIEM Integration in Filr 4.3: Administrative UI Reference
Ensure that Kafka and Zookeeper services are running. To do this, go to Admin Console > System > SIEM and click Check Services button.
Setup the SIEM Solution or use an existing SIEM solution.
Install the connector provided by your SIEM solution that can consume CEF events from Kafka or the database.