Kibana discover custom index pattern

Hi!

Can you suggest some security model to me.

I have few groups of users with custom indinces access rights. For example fliebeat-nginx-a-* filebeat-nginx-b-* filebeat-java-a-* filebeat-java-b-*

Then such a user logs in to kibana and trying to discover indices (default index pattern is “asterisk”) he receives no data error.
If i creating index pattern like fliebeat-nginx-a-* filebeat-nginx-b-* filebeat-java-a-* filebeat-java-b-* it works, but it is not very useful, as i have to create as many index patterns as datasets i have.

I think my problem can be solved by creating tenant for every dataset i have.

Maybe you have suggestions how to create default index pattern * and every user can see own dataset in discover depending on his access rights

my regards

Let’s see if I understood your question. I guess I would base my index names on the group that have access to the dataset instead of the dataset. So instead of filebeat-nginx-b-* I would do nginxadmin-filbeat-nginx-b-* . This would make it possible for a group e.g. nginxadmin to make an index pattern like nginxadmin-* and find all index patterns that they should have access to.

I guess you could create a tenant (and role?) for each dataset but I feel that it would probably be better to create a role and tenant for each group of users.

An alternative could be to script the creation of index patterns for each tenants so that all tenants already have a ready made index pattern for everything they should be able to see Header "securitytenant" not work properly for select tenant - #3 by ogallart

1 Like

Thanks for the answer. I will create tenants for each dataset i need in the end.
I just wondering if i can set default index pattern per role or user, as i set index access rights to them. So user logged in to global tenant can have dynamic index pattern from all his roles in discover. Maybe its not implemented.

Anyway thanks for the answer

Default index can be configured via kibana → management → advanced settings → Default index. You will need to select the tenant and then perform the same. usually first index pattern you create via kibana is set as default index pattern.

There is a api for this but i believe its still in experimental mode.

1 Like

Index pattern is per tenant.

1 Like

yeah index pattern is per tenant and default index pattern can be set in advanced settings (for the specific tenant). i was able to automate the default tenant selection via api

POST <kibana_endpoint>/api/saved_objects/config/<kibana-version>
{
    "attributes": {
        "defaultIndex": "index-pattern*"
}

BTW you can use the same api to update other kibana advanced settings
Note: you will need to use POST for first call and then use PUT

1 Like