We have an ES cluster we're using for logs. We have many indexes that are prefixed with "log-". I'm trying to create two roles, one which has access to all log indexes which is easy enough, but another that has access to all log indexes except a few. I've tried using the lucene regex to exclude index patterns that contain certain phrases but i'm having no luck. I've found little to no documentation or examples on how to do various regex based tasks with lucene. I've gone through the Elasticsearch regexp syntax but that also is not getting me to what i want. Am i stuck whitelisting all indexes by name or can i solve this with a regexp and am just not knowing what to do?
i want a role that can only have read access to all but "log-wuble-wamwam-" and "log-monkey-". if i were using standard-ish regex, i would do something like this:
but this clearly doesn't work. Any suggestions? Any solutions is helpful as long as i dont have to individually list out every index pattern individually.
You can do this with regular expressions, but the syntax isn't super-obvious.
We use Lucene RegExp syntax for this, which is powerful, but slightly different to standard java Patterns.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.