Hello. I am considering to use document level security for one big index or to use multiple indexes with index-level security.
winlogbeat-YYYY.MM.DD containing millions of documents, index size more than 100 GB and set document level security so ROLE1 can see documents which contains server name SERVER1
Or multiple indexes:
group1-winlogbeat-YYYY.MM.DD with smaller size and security set just per index pattern, so ROLE1 can see group1-winlogbeat-* indexes.
It is obvious multiple indexes security will be faster. But how much? How big is document level security performance impact for large index?