Prevent API based searches without a filter

Is there a way to force an API account to only have access to scrape log messages for a given stream(s)?

I have a requirement to give a customer API access to a stream of data I have created. What I don’t want to do is allow them to search for log messages outside of this stream. We would prefer to have the customer scrape data rather than forward via a stream output to avoid data duplication.

Is there a way to achieve this natively in Graylog? I know that you can scrape messages for a stream like this, it would be nice if we could lock down the account so that they had to supply a filter for every search request.

This should be possible by giving the user account access to these streams and nothing else.

Normal “Reader” users shouldn’t be able to use the search without a given stream ID.

If that’s possible, it’s a bug and you should create a bug report at with all necessary information (e. g. which roles and permissions you gave to the user account).

No bug, I assumed I had to give the API “search” privileges when in fact they should have only had stream.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.