Hi @rahul7514 - Please take a look at Data RBAC - https://cloud.google.com/chronicle/docs/administration/datarbac-overview

Having the namespace configure would be ideal for setting up Data RBAC.

@cmorris If i go back and add namespace in the forwarders and feeds, will it impact the older logs or only the new logs. 

Only the new logs

Hi @gkush / @cmorris 
I have created the namespace as such , will it work  ? 
reason for asking is someone said i should follow this pattern ^[a-z]([a-z0-9
-]{0,61}[a-z0-9])?$" .
If this is the case it is really bad if there is such restriction then while creating namespace this should be validated automatically and asked to remove so as to not use them .Making changes in prod env is not easy task.

For the guardduty there is spaces even between namespace , kindly let me know if this will pose any challenges to creating data RBAC

Hello Rahul,

I can't find definitive information on this, but I do not believe our namespace support includes spaces in the name.  Outside of that those namespace choices look fine.

@gkush : Thanks. So i can use these namespaces (except guard duty:since it contains spaces ) and create an data RBAC. Is my understanding correct? 

Yes - your longest string is 36 characters and I've seen namespace string lengths of over 100 characters. My own environment has mixed case, underlines, and colons in various namespace examples.  Some of those come up from GCP automatically (in my environment).