Help/advices on Elasticsearch implementation

Hi guys,
I'm wondering if you have some suggestions about the best way to implement the following scenario.

1 Main Business Company
70 Small Business Companies holded by the main one

Documents to be stored in Elasticsearch: invoices
NB: invoices are created by different billing systems grouped in logical way. For example:

BILLING SYSTEM 1 (invoices for financial services):

  • small b company 1
  • small b company 2
  • small b company 3

BILLING SYSTEM 2 (invoices for ecommerce):

  • small b company 4
  • small b company 5
  • small b company 6

Here is my implementation:

Elasticsearch: I will keep 70 monthly indices (using aliases, one per small b company) in order to provide data segregation. I think this will be good also by maintenance side.

Kibana (here comes the problem): I would like to maintain the same segregation. So: user of small b company 4 will be able to view informations and dashboards only of those specific related indices.

QUESTION: is there a way to implement this kind of limitation on dashboards visualizations? I know that this thing can be implemented by running 70 different Kibana instances, one per small b company with its specific .kibana index, but of course I would prefer not to do that.

Any advice will be extremely appreciated! Thank you guys!


This does not sound like a lot of data, so having monthly indices per client is probably overkill. This is exactly the type of problem X-PAck security addresses. You can create a shared monthly index and then use document-level security to tie subsets of documents to roles based on parameters in the data. You could e.g. create a role for each customer and have this filter based on e.g. a customer ID. A user will then only have access to his own role and only be able to see and search invoices in the shared indices just as if this only contained his/her data.

These features are available on the Elastic Cloud Elasticsearch Service, which is the easiest way to get access to this functionality. There is even a two week free trial so you can see if it meets your needs.

Hi Christian,
thank you for your suggestion! I will give a try, even if I don't like too much using a shared index because I think it limits my index management ability (for example different backup managements and so on..).
I'm reading documentation, but I don't understand if it works in Kibana too.


Ok, I understood how it works but it seems, according to what I read, that it only works with read API and not with Kibana. Isn't it?

Document level security restricts the documents that users have read access to. In particular, it restricts which documents can be accessed from document-based read APIs.


It works with Kibana as it uses the standard Elasticsearch APIs.

Thank you Christian. I tried that and it seems to work well!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.