Segregating data sent from Elastic-Agents or Beats to a Specified Index


I'm ingesting data from multiple systems and different system owners. I have multi-tenancy set up using Kibana spaces and roles, but all of the data is being sent to a single index. I would like to store my data in individual indices based on system owner. For example, if System Owner A has an Elastic-Agent on their Linux server and System Owner B has an Elastic-Agent on their Linux server forwarding logs, System Owner A index will be systemowner-A-Linux and System Owner B index will be systemowner-B-Linux. This way I can give the System Owner A read permissions to their data and System Owner B read permissions to their data. Can this be done through Index Templates? If so, how would I go about this? If not, what would be the best way to accomplish this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.