I am newbie for ES and Shield. I am searching the possibility of doing the following use-case:
- I have XML logs that will be ingested by Logstash
- Logstash will store the data in ES.
- I need to secure specific fields on the XML data (such as Customer Details) and it should rest as such in ES.
- I will use Shield to present the results to users through Kibana based on user roles. And if the user is allowed, they will need to see the encrypted data as decrypted. Otherwise, they will not be able to see the contents of that specific field on Kibana.
Can anyone shed some light on this and how that be achieved using ELK?
Thx a lot.