I am doing a prove of concept installing ELK to manage all the logs from different applications. What I have is two instances of Elasticsearch (9200 9201), Kibana (5601 5602) and Logstash (5044 5045) and one nginx acting as a reverse proxy and two different machines running different applications and sending their logs to Logstash through Filebeat.
I want to set permissions to the users, so some users can access to the logs from machine A and some others can access to the logs in machine B, but when I start Filebeat in both machines, each of them should send their own logs to different port in logstash as it is configured like this but what I get when I access to kibana (both ports) is all the logs from both machines.
Is it possible to split the logs in the different instances of the installation?
Thanks in advance.
It is right to change both clusternames and give them different names, furthermore to keep both nodes independent it is necessary to edit the filebeat template because by default it is pointing to elasticsearch:9200.