Authentication and enforcing fields

Hello all!

Is there any way to tie certain fields to certain auth keys or any way to set a field if a client auths with a particular cert?

For example, I want to be able to receive data from multiple business units and I want to be able to say this in my filebeat config:

bu: accounting

and not allow anyone with access to that machine be able to change it to anything else? I know I can't prevent someone with admin access to that machine changing it. So I'm just wondering how to best handle this. If they auth with accounting's key I want them to have bu: accounting or be able to track the logs from accounting in some other way. The problem I am trying to solve is that I index by business unit with index name keyed off of that field and I don't want one BU sticking their logs into the index for another. Ideas?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.