Design question

skwokie · February 10, 2020, 12:10am

Hi,

I’ve a use case and I’m trying to see if how I can implement it with Graylog; but with my limited knowledge I think I’ve hit a wall. Can someone please help? I’m trying to implement a logs system for different groups of users to use, and each group of users should only be able to see its own type of message in a message table-like widget. The type of message is declared with the “_message_type” field and so users in group A should only be able to see messages with “_message_type”: “A”, and users in group B with “_message_type”: “B”, etc. We are using a proxy, and I’m happy to see the role header feature in SSO because I can make use of it to pass in a role with the group information. e.g., when userA1 logs in, the proxy will tell Graylog that userA1 has roleA and we just need to create roleA ahead of time. I’m also very happy to see that a dashboard can be associated with a role because that also means that we just need to have the dashboard (for groupA) created ahead of time as well. It’s great so far but then I realize that Dashboard doesn’t seem to support message table widget as View does. What can I do to move forward? How would you design it? Thanks very much!

jan · February 10, 2020, 7:06am

@skwokie

you can assign different roles (users) to different streams. The user will only see the messages that are inside the stream he is allowed to use.

Please see the docs on this: https://docs.graylog.org/en/3.2/pages/streams.html

skwokie · February 10, 2020, 11:52am

Hi Jan, thanks very much for your help again. Per your suggestion, should one stream and thus a separate index set be created per group? What are the limits on the number of streams, index set, roles, and Elasticsearch indices? The number of groups may go up to thousands. Any performance concern?
In addition and in that case, I can use View for the purpose of using Message Table. Am I right?
Thanks.

jan · February 10, 2020, 2:25pm

he @skwokie

you can have one index for every stream, but streams can share indices without a problem.

The Number of indices might create problems at some point so you should not overuse that. See this blog for information

Groups can be as many as you need/want and each group can only see the data the permission is given for.

Topic		Replies	Views
Can graylog present different views to different users? Graylog Central (peer support)	8	1225	August 3, 2017
Dashboards per role (user group) Graylog Central (peer support)	4	1411	November 25, 2019
Multiple message tables within a single dashboard or stream Graylog Central (peer support) pipeline-rules , dashboards	1	326	February 29, 2024
Segment Graylog based on projects Graylog Central (peer support)	1	364	November 25, 2019
Show input messages to Reader role Graylog Central (peer support)	1	813	July 17, 2017

Design question

Related topics