How to index user account data vs their indexed data?

In an existing v1.0, in a RDMS we have user-based tables that relate to user details, login credentials, access logs, account configuration, etc., and a data mart with all the users' data.

Now for v2.0 using ELK, what would the suggested architecture be? Can we use one index for user-related credentials, their details, account configurations, etc., then have a separate index for each user's data (rather than a data mart type scenario with all users' data)?

I would like some suggestions on how to structure the user-related credential/config data and their actual data. User a RDMS in combination with ES? I don't like this option but am open to suggestions.

The two main options are;

  1. Have an index for the user info, then time based ones for their data. Then do a join in your code to enrich an event with the user data.
  2. Have time based indices, and include all the user data with each record.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.