Hello,
I’m also looking into securing access to elasticsearch for our different environments. This subject comes up often, but one thing we have started doing was looking for ways to limit access to elasticsearch as in this post below.
When digging deeper into Security I also came across these documents.
https://docs.graylog.org/en/3.3/pages/configuration/elasticsearch.html#graylog
I haven’t fully tested this out for performance issues in my lab yet but it’s a start.
As performing “a query of 1+ year on grafana and graylog” I’m not so sure. What we do is limit users’ activities through Authentication Services settings which is configured to use MS AD in that environment.
That’s about all the info I have. Sorry I cant be more help.