There is a lot of useful detail in the `index=wineventlog`. I would like to be able to allow my front tier service desk access to dashboards that show things such as "user accounts locked out" or "print job failed".
However, I don't want them to have any access to the wineventlog index itself.
Is there a way of generating a report off of one index say, and moving the results to a separate index so that they don't gain access to the remainder of the information in the index?
↧