I’ve a use case and I’m trying to see if how I can implement it with Graylog; but with my limited knowledge I think I’ve hit a wall. Can someone please help? I’m trying to implement a logs system for different groups of users to use, and each group of users should only be able to see its own type of message in a message table-like widget. The type of message is declared with the “_message_type” field and so users in group A should only be able to see messages with “_message_type”: “A”, and users in group B with “_message_type”: “B”, etc. We are using a proxy, and I’m happy to see the role header feature in SSO because I can make use of it to pass in a role with the group information. e.g., when userA1 logs in, the proxy will tell Graylog that userA1 has roleA and we just need to create roleA ahead of time. I’m also very happy to see that a dashboard can be associated with a role because that also means that we just need to have the dashboard (for groupA) created ahead of time as well. It’s great so far but then I realize that Dashboard doesn’t seem to support message table widget as View does. What can I do to move forward? How would you design it? Thanks very much!
Hi Jan, thanks very much for your help again. Per your suggestion, should one stream and thus a separate index set be created per group? What are the limits on the number of streams, index set, roles, and Elasticsearch indices? The number of groups may go up to thousands. Any performance concern?
In addition and in that case, I can use View for the purpose of using Message Table. Am I right?
Thanks.
