Segregate Multiple Applications per each ELK Instance


I am a newbie to ELK, exploring the things from few days. Using the ELK 8.1.4 version

We recently got the ELK Stack installed as a SaaS in our Azure Cloud Subscription. So we have one instance of ELK in each environment like Dev, Staging and Production.

We been looking at the things like how do we handle multiple applications (app1, app2, app3..) to monitor in each instance of ELK in Dev or Staging or Prod.

Assume that we have multiple applications running in Azure AKS cluster on a dedicated namespace (app1, app2, app3) in prod environment. Now I want to segregate these applications where I can assign roles and permissions for users based on application type (app1..etc). Looking for suggestions.

Basically we want to onboard multiple applications
=> segregate projects, data, users and permissions
Currently giving access to users with Azure AD.


Welcome to our community! :smiley:

Usually this would be separated out into index namespaces, that you can then control access to.

Thanks for the response.

Currently we have one application and all the data is coming.. when looked at indices it has default ones like filebeat*, logs*, elasticloudlogs*..etc. when discover the filebeat* it showing all the app data from all cluster namespaces like app1, app2..etc

But I am looking to find out how to handle at the index namespace level to populate relevant app data to the spaces I want.. like app1 data to space1 and have role1, app2 data to space2 and assign role2.

The idea here in future we have multiple apps which we be deployed in our AKS cluster.. and want to use same instance of elastic to monitor.

Please suggest.


You would need to use aliases set on APM indices & configure new aliases on space->APM->settings.

Hi @swchandu

Thanks for your response. I could able to follow that and restrict per space with index created and mapped to role.

But this works based on environment like dev/staging/prod.

I am looking to figure out how to restrict the application data coming to space like app1 data coming to space1.. not only apm but also on the dataview only app1 data should come..whereas app2 or app3 data shouldn't be coming to space1.

More of at high level trying to achieve one elastic instance per environment handles multiple applications data, monitoring and access seperately.. rather than all data (app1,app2,app3) coming to all spaces and can be restricted at space level.


I am working on a solution and to create POC to achieve below.

User log in Elastic using Azure AD creds => enter in his space (space1 with a role of app1_dev_user) =>
Where he can have access to all features as a readonly privilege=> when he to discover he should have a dataview with app1 data => In APM ( app1 metrics for all environments prod/staging/dev) => with minimum privilege of (hope read is the minimum privlege if not wrong) => Finally he should not see other metrics or apps data(app2, app3) and only troubleshoot issues but can't perform any manage actions.

Sorry for the length question


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.