How to index user account data vs their indexed data?


In an existing v1.0, in a RDMS we have user-based tables that relate to user details, login credentials, access logs, account configuration, etc., and a data mart with all the users' data.

Now for v2.0 using ELK, what would the suggested architecture be? Can we use one index for user-related credentials, their details, account configurations, etc., then have a separate index for each user's data (rather than a data mart type scenario with all users' data)?

I would like some suggestions on how to structure the user-related credential/config data and their actual data. User a RDMS in combination with ES? I don't like this option but am open to suggestions.

(Mark Walkom) #2

The two main options are;

  1. Have an index for the user info, then time based ones for their data. Then do a join in your code to enrich an event with the user data.
  2. Have time based indices, and include all the user data with each record.

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.