I’m trying to modify my existing setup by having my IoT devices send data to Telegraf rather than InflxuxDB directly, as per this post.
I see that I can have a single [http_listener] input and then use a tag in the incoming data and the measurement filtering options in the output to let me send data to multiple different databases.
However, I’m left with 1 problem…
In my existing setup (no Telegraf, just InfluxDB) it is easy for me to create different write-access users for the different InfluxDB databases, and then have the IoT devices use these separate authentication credentials. Therefore, all the units sending data to Database1 will be using credentials that won’t work for Database2, and visa versa, giving me a further level of segregation and security.
But when I use the http_listener plugin in Telegraf, I will only have 1 username & password for the listener. Which means I cannot split up my IoT devices (so some only have permission to write to Database1, and some to Datbase2) - anyone who knows the http_listener credentials will be able to send data to any database, as long as they use the correct tag, which I’d like to avoid.
Is it best to have multiple http_listeners listening on different ports with different credentials, and then have my IIS frontend redirect the incoming data? eg https://mywebsite/project1/write. Or does anyone have any ideas of a better way to do it please?