Hello all!
Is there any way to tie certain fields to certain auth keys or any way to set a field if a client auths with a particular cert?
For example, I want to be able to receive data from multiple business units and I want to be able to say this in my filebeat config:
filebeat.prospectors:
fields:
bu: accounting
and not allow anyone with access to that machine be able to change it to anything else? I know I can't prevent someone with admin access to that machine changing it. So I'm just wondering how to best handle this. If they auth with accounting's key I want them to have bu: accounting or be able to track the logs from accounting in some other way. The problem I am trying to solve is that I index by business unit with index name keyed off of that field and I don't want one BU sticking their logs into the index for another. Ideas?
Thanks!