[Performance]Document security vs multiple indeces?

Hi,

I have some data, all the same kind, but from different sources, that I need to secure. My initial plan was to create a separate index for each source and use roles to limit access to a index. But I realized the same could be achieved using document security.

I am using Kibana to visualize the data.

Does anyone know what would be the best option performance wise? If I were to put all data into a single index it might get as big as 20GB a day. Data needs to be searchable for up to 90 days so I guess that will be a pretty big search.

If I go with seperate, smaller indeces, there might be some extra overhead but the searches should be quicker as the size of the indeces would be much smaller (couple of GB)?

Unfortunately I don't have a big enough data set yet to test with.

May I suggest you look at the following resources about sizing:

https://www.elastic.co/elasticon/conf/2016/sf/quantitative-cluster-sizing

And https://www.elastic.co/webinars/using-rally-to-get-your-elasticsearch-cluster-size-right

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.