Kibana 4.x with multiple indexes

Hi All,

I am in a mission to update our existing kibana 3 setup to Kibana 4. Only issue is that our old Kibana 3 has user level access control on the dashboards (which has been done with an external wrapper + nginx + lua combo). One thing to note is that, all users have access to the same elastic data (open to all allowed users).

In order to achieve the same with Kibana 4, after profiling Kibana 4 control flow, this is what I have started to do..

we have decided to use nginx to intercept the GET method and alter the default kibana_index: with a user group specific one. So far so good...! I have managed to use some lua modules to intercept the message and compose the json reply with the altered kibana_index value.

User_Agent <=== NginxProxy ==> Kibana4 <======> Elasticsearch

Steps:

  1. http://localhost:8080 proxy_passes to http://localhost:5601
  2. if a /config?_b=7264 is found then get the json output from Kibana4 and alter the content and send it back to the User Agent.
  • kibana.yml is configured with kibana_index: kibana4-dummy-name

Once converted the json reply will have kibana_index: kibana4-int-group1

In Kibana 3, when we do a post with a new index name, it creates the index but in Kibana 4 I am getting the following error,

While doing the post (by the user agent) http://localhost:8080/elasticsearch/kibana4-int-group1

"Kibana only support modifying the "kibana4-dummy-name" index. Requests that might modify other indices are not sent to to elasticsearch."

But there are no json info prior to this regarding the index name "kibana4-dunny-name" getting passed either way.

Who could be the culprit here? Please englighten me with your knowledge. Thanks.

Matt

Might you just want to use Shield to protect your data?

https://www.elastic.co/products/shield
allow the marketing department to freely search and analyze social media data with read-only permissions, while preventing access to sensitive financial data

Hi Eperry,

The only thing we want to be able to protect is the user's dashboards. All users have access to the same set of data. We just don't "User_A_from_Group_1" deleting/updating dashboards which are allocated for "User_B_from_Group_2" and vice versa.

At the current moment Shield can't do this :frowning:

Matt

Sorry I don't have an answer for you on this. I don't know kibana that well.

My only thought is to run 2 different Kibana's Servers and change your kibana_index: option from .kibana to .kibana_group1 and .kibana_group2 This way you don't have to worry about someone deleting something of a different group.

On the Apache side you can proxy /group1 -> kibana1:5600 and /group2 -> kibana2:5610

We were thinking about this, but unfortunately the existing (Kibana 3) model allows us to create index on the fly & trying to mimic the same behaviour with Kibana 4. Worse case scenario this might be my last option.

With Kibana 3, we request for a non existing index, it creates it on the fly and user has access to it, Kibana 4 behaves a bit different.