we are planning a bigger summarised logging solution for different teams and environments, a central logging solution so to say.
To keep the maintenance effort low from our side we will work with summarised indices that come together unified from a certain service and differentiated in the fields of the message (K8s enriched fields - env, service, system etc.).
Role based policies in the dashboard will keep away unwanted access. We would like to solve this by using DSL and Field-level security. But at this point we havent any experience with the effect on the performance when requesting data in the dashboard. We are talking about around 60 mio. messages per day and index.
Are there any benchmarks or is this irrelevant with such numbers?