We are developing a query to restrict specific user role to limited services. So we create a query for restriction and we are able to add itsi_summary with serviceid but not sure how to do it for itsi_summary_metrics index. Without metrics index , users are not able see the services assigned to them through teams
Please let me know how write a query for itsi_summary_metrics with serviceid
Are you trying to restrict access to the service view, or the underlying data the search returns? Metrics have no real private info except a host name so not really sure why you are restricting this way. Use teams instead from within ITSI to assign which services which members can see.
The itsi_summary_metrics index is a metric format
You probably cannot use the same logic that for an "event format" index.
I do not know if this possible to do a filter that works for metric, or for metric AND events.
The docs are not clear on that, they only give SPL filters examples :
To test :