GitLab

it should be possible to read data when making request as

curl -XGET '/__es/logs-uninett-authorized-2016.04.14,logs-uninett-unauthorized-2016.04.14/_search?pretty' -d '{ "facets": { "0": { "date_histogram": { "field": "@timestamp", "interval": "30s" }, "global": true, "facet_filter": { "fquery": { "query": { "filtered": { "query": { "query_string": { "query": "*" } }, "filter": { "bool": { "must": [ { "range": { "@timestamp": { "from": 1460618361887, "to": 1460621961887 } } } ] } } } } } } } }, "size": 0 }'

To get data back from authorized index and filter our unauthorized one. This can be implemented as sending 302 redirect to client with rewritten url after filtering that index.

Let try to do this currently only for GET request with indices in the URI itself, not for multi search API (https://www.elastic.co/guide/en/elasticsearch/reference/1.7/search-multi-search.html).