Is your feature request related to a problem? Please describe.
When we want to look back to investigate potential hackers / attackers within our network we currently have to access the MariaDB Database and write a SQL Query to gather the data, export it to CSV and then analyse it. A better way to access this and other data within the database would be ideal.
Describe the solution you'd like
I'd like a fast way to be able to run queries over data within the nm_chat table. My proposed solution would be by allowing a server owner to run their own Elasticsearch cluster and enter the details for it into NetworkManager. Network Manager would then "Dual feed" data both to the current nm_chat table, and to an index in the Elasticsearch cluster that the user could then use to run full text search / other powerful analytics over.
Describe alternatives you've considered
Currently the alternative solution is to query the database yourself, which is not ideal and introduces risk if you accidentality delete data from your live service.
We have also started to look at if we can pull data out of the MariaDB Database and ingest it into Elasticsearch ourselves.
It would also be possible for the Webbie UI to run these searches over the MariaDB Database, but the SQL Syntax will be more limited when you want to run full text search.
Additional context
I've focused primarily around chat, but other data such as the nm_serverAnalytics table, nm_punishments and various other pieces of data could also be useful if written into Elasticsearch as well as the MariaDB Database.
Is your feature request related to a problem? Please describe. When we want to look back to investigate potential hackers / attackers within our network we currently have to access the MariaDB Database and write a SQL Query to gather the data, export it to CSV and then analyse it. A better way to access this and other data within the database would be ideal.
Describe the solution you'd like I'd like a fast way to be able to run queries over data within the nm_chat table. My proposed solution would be by allowing a server owner to run their own Elasticsearch cluster and enter the details for it into NetworkManager. Network Manager would then "Dual feed" data both to the current nm_chat table, and to an index in the Elasticsearch cluster that the user could then use to run full text search / other powerful analytics over.
Describe alternatives you've considered Currently the alternative solution is to query the database yourself, which is not ideal and introduces risk if you accidentality delete data from your live service.
We have also started to look at if we can pull data out of the MariaDB Database and ingest it into Elasticsearch ourselves.
It would also be possible for the Webbie UI to run these searches over the MariaDB Database, but the SQL Syntax will be more limited when you want to run full text search.
Additional context I've focused primarily around chat, but other data such as the nm_serverAnalytics table, nm_punishments and various other pieces of data could also be useful if written into Elasticsearch as well as the MariaDB Database.