Hello, Currently I have the following setup.
Syslog --> Logstash --> ElasticSearch --> Kibana Logstash is creating a daily index "/etc/elasticsearch/data/test-elasticsearch/nodes/0/indices/logstash-2014.02.04" and I'm viewing all of the logs through Kibana. We want to set up some user based access control using the kibana-authentication-proxy setup due to it supporting - Per-user kibana index supported. now you can use index kibana-int-userA for user A and kibana-int-userB for user B I'd like to make it where all logs coming in from logstash with a location of "/var/log/UNIX/*.log" get sent to a new index of unix-2014.02.04 instead of the logstash one. That way I can use the Kibana auth proxy to give my UNIX users access only to their logs. I've read a little about creating the mappings but wasn't sure how to tie it all together. I saw you could do various things with API calls but was curious if I could set all of this up in the elasticsearch.yml file from the start. Thanks, Eric -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/56e2fc09-c179-4839-a23f-67a805f563ce%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
