Currently I have the following setup.
Syslog --> Logstash --> ElasticSearch --> Kibana
Logstash is creating a daily index
and I'm viewing all of the logs through Kibana. We want to set up some user
based access control using the kibana-authentication-proxy setup due to it
- Per-user kibana index supported. now you can use index
kibana-int-userA for user A and kibana-int-userB for user B
I'd like to make it where all logs coming in from logstash with a location
of "/var/log/UNIX/*.log" get sent to a new index of unix-2014.02.04 instead
of the logstash one. That way I can use the Kibana auth proxy to give my
UNIX users access only to their logs. I've read a little about creating the
mappings but wasn't sure how to tie it all together. I saw you could do
various things with API calls but was curious if I could set all of this up
in the elasticsearch.yml file from the start.
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to email@example.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/56e2fc09-c179-4839-a23f-67a805f563ce%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.