This dataset accompanies the empirical study "Empirical Characterization of a Distributed Wazuh SIEM Infrastructure: Scalability Thresholds, Log Complexity Overhead, and Operational Deployment Guidelines." The study characterizes the performance of a three-node Wazuh 4.11.2 cluster deployed on Proxmox VE, addressing two research questions: how cluster resource utilization and detection latency scale with increasing agent count (RQ1), and what overhead structured Windows Event JSON logs impose compared to syslog (RQ2). The dataset includes raw summary statistics and regression results from 35 independent experiment runs spanning seven agent-count conditions (50 to 1,000 agents) and two log format conditions, together with all Python and shell scripts required to reproduce the experiments. Each condition was replicated five times (n=5); statistical comparisons use Welch's t-test (α=0.05) with Cohen's d effect sizes. Resource metrics (CPU utilization, memory, disk I/O, network throughput) were collected at 5-second intervals using psutil, and end-to-end detection latency was measured via 14 alert-injection probes per run. The dataset also documents a methodological pitfall — the ghost-file problem — in which improper log file cleanup between benchmark runs produces orphaned Filebeat file descriptors that silently corrupt latency measurements. The correct cleanup sequence is implemented in the accompanying cleanup.sh script and described in detail in README.txt.