Hey All,
Title pretty much summarizes what I am trying to do but I can't find any information on this subject. Basically, I have a single cluster with different nodes across different subnets. I have set my firewall rules to allow communication between servers in different subnets and have set up a cluster that had remote nodes.
My goal is basically this:
I have two nodes (node-1 and node-2) where node-1 is the master/data node and node-2 is only a data node. I have filebeat pushing logs from my edge device to my cluster where they are filtered and placed into one of two indices (index-1 and index-2). I want node-1 to have visibility and access to search both of my indices, however, I want node-2 to only have visibility and access to search index-2.
I tried to mess around with shard allocation but I can still access the logs and when i curl the status of my indices from node-2, it still has all the updated logs being push to both index-1 and index-2. Maybe this is not an intended use-case for elasticsearch, but I was wondering if it was possible in the first place. Thanks !