Restrict queries which are not fully defined

To ES community,
I have a large org to support where newbie users issue random/ adhoc
queries across all indexes and fields slowing down the server. While we
are working on ramping up the storage etc -- i feel the need to restrict
queries unless it is well defined. A well defined query would be the one
which specifies and index(1) and a field name (2).

Requrement to restrict queries based on Index name (1) is captured in ER:
https://github.com/elastic/elasticsearch/issues/6470
For restricting queries based on field name (2), the way i understand, i
can use "index.query.default_field" to point to insignificant column. This
forces users to write correct queries for meaningful result. Would this
approach work? Cons?

Details:
To try (2), i queried template on my instance but i do not see the
parameter "index.query.default_field". Below is the command i execute.
curl -XGET 'localhost:9200/_template?pretty'

To set the parameter, i need to do this:

curl -XPUT http://localhost:9200/_template/ -d '
{
"template" : "logstash*",
"settings" : {
"index.query.default_field" : "@id"

 }

}
'

Would this prevent users through kibana to execute query and get meaningful result unless they specify field name? My understanding:

Search string: * "Andy" *would return 0 results since it gets executed on filed "id"

Search string *name:"Andy" * would return correct results since it will search only on field "name" across all indexes, if index is not specified.

Is expectation correct?

Appreciate quick comments from community. Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/5dda3a83-1df6-4aea-a37d-a59f17681af0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

This is a little complex as you need to define what you think is a valid
query, and unfortunately there isn't a single solution here.

On 2 April 2015 at 03:59, Andy abordia@gmail.com wrote:

To ES community,
I have a large org to support where newbie users issue random/ adhoc
queries across all indexes and fields slowing down the server. While we
are working on ramping up the storage etc -- i feel the need to restrict
queries unless it is well defined. A well defined query would be the one
which specifies and index(1) and a field name (2).

Requrement to restrict queries based on Index name (1) is captured in ER:
Disable searching across all indices · Issue #6470 · elastic/elasticsearch · GitHub
For restricting queries based on field name (2), the way i understand, i
can use "index.query.default_field" to point to insignificant column.
This forces users to write correct queries for meaningful result. Would
this approach work? Cons?

Details:
To try (2), i queried template on my instance but i do not see the
parameter "index.query.default_field". Below is the command i execute.
curl -XGET 'localhost:9200/_template?pretty'

To set the parameter, i need to do this:

curl -XPUT http://localhost:9200/_template/ -d '
{
"template" : "logstash*",
"settings" : {
"index.query.default_field" : "@id"

 }

}
'

Would this prevent users through kibana to execute query and get meaningful result unless they specify field name? My understanding:

Search string: * "Andy" *would return 0 results since it gets executed on filed "id"

Search string *name:"Andy" * would return correct results since it will search only on field "name" across all indexes, if index is not specified.

Is expectation correct?

Appreciate quick comments from community. Thanks!

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/5dda3a83-1df6-4aea-a37d-a59f17681af0%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/5dda3a83-1df6-4aea-a37d-a59f17681af0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X8%3DenxP8DGenO9yd-kNPgCqKbCym2mfSNKL-Y6AEp9THw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.