Looking for best practice, to limit administrative groups to only see their servers in kibana.
if I go changing the index name in the yml file, I think I have to run setup for each new name? or allow the service running metricbeat the ability to create a new index?
Would it be easier to use a yml tag or optional field. Is it fairly easy to use these long term, to manage the assets a group can view through a mapped role? or should I stick to custom index names?
Thanks in advance
Hi,
Which version of the Elastic Stack do you use? Depending on your version and license, Datastreams may be what you want:
Datastreams have a naming pattern of type-dataset-namespace, for example: logs-apache.access-team1
When using Fleet to manage your agents on the server, you can configure the namespace directly in Kibana.
Then you could easily grant the teams access to all datastreams with their team name as namespace.
Best regards
Wolfram
thank you wolfram, I think this is what I am looking for! We are running version 8, but not using fleet yet. For now, I am going to use the fields option in the yaml file and leave index name as default. Then, in kibana stack management, the role is limited to documents where the field value matches.
However, this is only easy for us where we have configmgr automating the config files. I think we will need data streams for this in the future, for assets where automating the yaml file is not so easy.
Thank you again!
Ray
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.