Hello everybody,
let's suppose I have 2 machines where I run the same agent (packetbeat for example), how can I do to create 2 users where each user can only access data that has been created from one machine ?
so user_1 can display in kibana only data of packetbeat of the machine 1 and user_2 can only display logs of machine 2 !
Thanks for your help.
There's function for users and roles in Elasticsearch
Create roles (say role A and role B) to have access only data of packetbeat by specifying the index name
Create user for user_1 and user_2, assign them to role A and role B
Hope this can help you
thanks for your reply @kavierkoo,
But how can I do this as the index have the same name ?
Two ways I could thought of:
Use a different index name
Create roles with Kibana Grant read privileges to specific documents or API and use query to match field that is able to identify your device like host
Thanks for your answer
I will try your suggestions and keep you in touch
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.