Ingest Node or Uploading data to website

What I am doing currently is, fetching logs from one elastic search index. Now I want these logs to be accessible to other users through a good user interface. For that, I was thinking of two options-

1. Create a small website to display the logs in a table format after fetching from the source elastic search index
2. Use ingest node to query some logs from one index and upload those to a new elastic search index. And using kibana we can already see the logs with a good UI.

Since one of my requirement is adding, deleting columns when visualizing the data, the second option seems suitable for now. But I am concerned about the speed efficiency of both options? Which among the two options is better from the perspective of the amount of time the user has to wait to see the required logs?

I am trying to make comparisons between these two options and finalize one of them. If you can help with other comparative parameters between these two options, it would be a great help.

Thank you

How about using an alias with a filter (note that this is not a security feature, for that you would need to use security and could go with document level security

hope this helps!

I am a beginner to Elasticsearch. Can you please elaborate how exactly will alias with a filter help me? Sorry if the question is too trivial

That's fine, but please take your time and follow the documentation and ask based on what you read. An alias with a filter allows your app to specify an alias instead of an index that always has a filter applied like website=123 and thus no other documents can ever be seen unless a different index is specified.

Oh got it. Can we see the aliased collection of documents in kibana as well? And Thank you for quick response

on the outside an alias is just an index, so yes, you can specify an alias in an index pattern.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.