Hi Team, I want to disable reads for few indices in an index pattern. I tried using index.blocks.read : true But due to this, when I am trying to query using index pattern, getting the below error
Access to indices can be controlled by the user's role. I think you can write both "Allow read access to these indices (by alias) and "Deny access" when defining the role.
I am not sure if there is special setting for denying access, or if your use a minus sign like "- indexname" when you list the indices that the role should have access to.
Context: Currently we store 30d of data and having one index per day. We want to reduce the retention to 15d, but before doing that, we want to first mask the data >15d (without deleting) and observe the usage patterns before we completely reduce the retention.
Currently we are not following any user concept in our cluster. Hence checking if there is any other way
I would create an alias that covers only 15 days worth of indices amd let the customers query through this. You would add this to all new indices through an index template and then remove it using Curator when the index is older than 15 days.
Yes that is one way @Christian_Dahlqvist , but i have few more Indices/rather tenants which work on index patterns. Wanted to have unified thing for all tenants, hence was trying to explore if there is another way
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.