Hey all!
What I am trying to accomplish is to grant access to my Kibana indexes for a certain user BUT limit them to only data being ingested where agent.hostame matches a certain host.
I thought I could easily accomplish this by creating a specific role for said user and limit their access this way but unable to find any examples on how exactly to do this.
I am looking at Stack Management/Roles and trying to configure Granted documents query.
I'm doing something obviously wrong but also not getting any great feedback on what it could be.
This is the only query that I found that doesn't generate an error but also doesn't work as expected.
{
"bool": {
"filter": {
"term": { "agent.hostname": "HOSTNAME" }
}
}
}
Ideas on what I can try next?
Thanks in advance!