Hi everyone. I'm new to the Elastic stack, and I'm trying to find out the best approach for this problem:
I'm trying to set message (event) visibility per user in Kibana in order to display only a subset of messages within one index to a certain user.
In short, the setup that I'm testing looks like this:
- I'm using the official docker containers for elasticsearch, logstash and kibana, with
xpack.security.enabled: truein elasticsearch settings.
- I have a logstash pipeline that gets messages from RabbitMQ (JSON), and outputs them to elasticsearch. All messages are sent to a single index.
- I have a limited number of producers and consumers of messages.
- The messages have
I would like to achieve this:
- create the same users / roles in Kibana, e.g.
- display only those messages to user, that are issued by them (for producers) or addressed to them (for consumers).
Generally speaking, I just want to limit message visibility to Kibana users based on specific message fields.
I believe, I could filter messages in Logstash, and output them to different indices, but that would mean having separate indices per each user, and I'm not sure that this optimal.
I tried to see if I can achieve it using dashboards within spaces, but I'm not sure how. If user has access to certain index, then they are able to see all messages.
What would be the best way to solve this? I would appreciate any help.