I was wondering if anyone has tried to use lookup tables to determine what a user can search against? I'm wanting to allow administrators to have the most knowledge possible about their systems without just giving them "keys to the kingdom".
So, for instance, I don't mind if a windows admin searches against the windows event logs and can have unfiltered access there, however I would like him to only see windows servers in the firewall logs & proxy logs.
Has anyone tried to use lookup tables as a search filter to contrain user groups search ability?
As per my knowledge so far that lookups just do mapping between existing field and external fields from csv file.
I think with props.conf you can route a subset from firewall/proxy logs to a new index that windows admins have access on it.
Regards,
Ahmed