How to index user account data vs their indexed data?

baden0x1 · December 14, 2016, 5:35pm

In an existing v1.0, in a RDMS we have user-based tables that relate to user details, login credentials, access logs, account configuration, etc., and a data mart with all the users' data.

Now for v2.0 using ELK, what would the suggested architecture be? Can we use one index for user-related credentials, their details, account configurations, etc., then have a separate index for each user's data (rather than a data mart type scenario with all users' data)?

I would like some suggestions on how to structure the user-related credential/config data and their actual data. User a RDMS in combination with ES? I don't like this option but am open to suggestions.

warkolm · December 14, 2016, 10:03pm

The two main options are;

Have an index for the user info, then time based ones for their data. Then do a join in your code to enrich an event with the user data.
Have time based indices, and include all the user data with each record.

system · January 11, 2017, 10:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch to store account information Elasticsearch	4	2869	July 6, 2017
Elasticsearch to store account information Elasticsearch	1	252	July 6, 2017
Index Management considerations on ES used as search agent on top of cassandra Elasticsearch	2	525	September 6, 2017
How to list users that uses Elasticsearch/Kibana? Elasticsearch	2	371	October 6, 2022
Help with data structure (small project) Elasticsearch	9	404	May 29, 2020

How to index user account data vs their indexed data?

Related topics