I am using Kibana 4 and Elasticsearch 1.7 to search across logs of several users. I want those users to only see their documents, based on a "user" field set of each document.
Kibana is proxied by a Python Flask application doing, among others things, authentication. The proxy provides Kibana the authenticated user name thru HTTP headers.
I currently have an Elasticsearch plugin catching this HTTP header, and an ActionFilter that registers the filter as string (for example: "term user john.doe") in the SearchRequest context. But then I am stuck. I don't find a suitable module to tweak the query afterward.
Do you have any clue how to achieve this?
I still have a workaround, by putting a proxy in front of Elasticsearch to inject the filter in the _search and _msearch API methods, but that would not be very elegant.
I saw it was possible to register post-filters in 1.6, it seems both not supported and not efficient because run during aggregation.