Elasticsearch Immutable Documents in Indexes

I am using Elastic Stack to store logs of multiple servers. I need to make the logs/document immutable, i.e. Write-once only. There is a compliance requirement to prevent alteration of logs. I am using Elasticsearch 7.10.2 with Basic license. I am unable to find anything to achieve this, apart from an external vendor called search-guard. Can anyone help?

How about Security privileges | Elasticsearch Guide [7.16] | Elastic ?
If you deprive all, create, index...etc from every role and add just create_doc and other necessary priviledges, the docs could be immutable as a result. It is not as simple as just tag "immutable" to index settings, you will need to give careful consideration to the design of index names and roles.

So you mean I need to simulate this using a combination of privileges and there's no native setting to do that?

I think so. As far as I know, there is no such native setting.

1 Like

Welcome to our community! :smiley:

The native setting is the included Security functionality that lets you create these sorts of access limitations.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.