Hi Everyone,
I work in Cybersecurity and every week I have different sets of data to ingest that require separated indexes.
The data sets are ingested using the exactly same mappings, and everytime I have to draw new dashboards exctly like the previous 300 I draw before.
How can I reuse existing dashboards accross different indexes in Kibana?
Thanks
Hello f4d0,
Why do your new sets of data require separate indices? How are you ingesting your data?
exctly like the previous 300 I draw before
300 dashboards? Or am I misunderstanding?
How can I reuse existing dashboards accross different indexes in Kibana?
Typically this is done with index patterns / data views. (same thing)
Which version of the elastic stack are you running?
Thanks,
Matt
Hi @mattkime ,
Thank you so much for your feedback.
I require separate indices because they belong to different projects. Data should not mix, because an analyist that uses one indice should not see contents of others. There are legal and data protection reason behind this requirement.
300 dashboards is a figure of speach, sorry for that, it is just to say that I've created the same dashboards, over and over again. But normally it is fair to say that I need to create between 5 to 10 dashboards.
I ingest the data in two different ways, depends on the use case, most of the times I use a program python a python program (I have several different, they they prepare the data and then they push it to elasticseach), other times I use logstash for common firewall logs for example.
I am using version 7.15.
Is it possible to ingest everything to the same indices and block access to view data through database permissions?
Many thanks again.
Kind regards,
f4d0
@f4d0 I'd suggest each user have their own role that limits access to only specific indices - Defining roles | Elasticsearch Guide [7.15] | Elastic
Then all the users can use the same index patterns and dashboards but only see their data. You'll likely need further filtering to isolate different projects each analyst may be working on.
@mattkime, your feedback is very useful, looks to be what I was looking for.
I'll try to build something around your suggestion.
Many thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.