I’ve been wondering about buying the Enterprise for a long time and I’ve got some questions about it.
Is it possible to give permissions on Views for specific streams?
I want LDAP Group A, with role “A” to be able to only use Views with Stream “Group A Stream” and I want another LDAP Group B with role “B” to be able to only use Views with Stream “Group B Stream”.
It is required by my company’s security that people are not able to see all data stored in Graylog but some specific portions of it (financial company so this is a must-have)
Is it possible to give API permissions for searching on specific streams?
As far as I used Graylog I saw that a role has to have permissions for “SEARCH” category but “SEARCH” is literally searching in all data, not on specific streams. Like in the above example I can’t allow people to search trough everything that is stored in my Graylog/Elasticsearch, only their portions of it.
So, is it possible to give API permissions to roles allowing them to search data trough Graylog’s API (automated testing for example) but ONLY from specific streams?
Can I point archiving directory into an NFS mounted filesystem (from an objective storage, I know it sucks …)?
We tried closing elasticsearch indices on a such mounted filesystem but it sucks reaaaally bad, objective storage is slow as hell and storing indices in there was not a problem but opening them was a … well, random events occured which almost every time resulted in losing our data (and it impacted Elasticsearch cluster heavily).
So my questions in general means: Can I just store those pretty Graylog archives on such a mounted filesystem and then restore them without much of a fuss?
As far as I understood those archives are plaintext so it shouldn’t be a problem even if the “backend” is slow and I shouldn’t lose those archives either because I can try to reindex them as many times as I want to, right?
That would be it! Permissions and archiving are the deal breaker for my project.
P.S Also, I’ve run into some problems with sorting (ASC / DESC) fields that are of type LONG but when I change the elastic mapping for them into INTEGER they are sorting just fine - Graylog 3.0.1, I’ll probably create another topic for that stuff tho