Data Node Configuration Settings Reference

The file datanode.conf is the Data Node configuration file. When you install and configure the Graylog Data Node, we recommend that you follow the instructions provided in Graylog Data Node. For additional configuration options available via this file, consult the tables below.

Configuration Database Connection Properties

These properties define connections to the MongoDB database, which stores cluster configuration metadata.

Parameter	Default Value	Description
`mongodb_max_connections`	`1000`	Increase this value according to the maximum connections your MongoDB server can handle from a single client if you encounter MongoDB connection problems.
`mongodb_uri`	`mongodb://localhost/graylog`	MongoDB connection string. See the MongoDB documentation for details
`mongodb_version_probe_attempts`	`0`	This defines the number of attempts the search version probe should run before giving up. Default 0 means retry indefinitely until a connection can be established.

Core Graylog Cluster Settings Properties

These properties define important cluster identification and security elements that must be set.

Parameter	Default Value	Description
`config_location`	None	Source directory of the additional configuration files for the Data Node. Additional certificates can be provided here.
`node_id_file`	`data/node-id`	The auto-generated node ID will be stored in this file and read after restarts. It is recommended to use an absolute file path here if you are starting Graylog Data Node from init scripts or similar.
`node_name`	None	Unique name of your Data Node instance. Use this if your node name should be different from the `hostname` that's found by programmatically looking it up.
`password_secret`	None	You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using, for example: `pwgen -N 1 -s 96`.
	Warning: The `password_secret` value must be the same on all Graylog and Data Node nodes in the cluster. Changing this value after installation renders all user sessions and encrypted values in the database invalid (e.g. encrypted access tokens).
`root_password_sha2`	None	You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend). This password cannot be changed using the API or via the web interface. If you need to change it, modify it in this file. Create one by using, for example: `echo -n yourpassword \| shasum -a 256`.
`root_username`	`admin`	The default root user is named `admin`.
`skip_preflight_checks`	`0`	Do not perform any preflight checks when starting the Data Node.

Data Tiering Properties

These properties define where data is stored for the data tiering feature.

Parameter	Default Value	Description
`node_search_cache_size`	`10gb`	Cache size for searchable snaphots.
`path_repo`	None	Filesystem path where searchable snapshots should be stored.
`s3_client_default_access_key`	None	S3 repository access key for searchable snapshots.
`s3_client_default_endpoint`	None	S3 repository endpoint for searchable snapshots.
`s3_client_default_path_style_access`	`1`	S3 repository path-style access for searchable snapshots.
`s3_client_default_protocol`	`http`	S3 repository protocol for searchable snapshots.
`s3_client_default_region`	`us-east-2`	S3 repository region for searchable snapshots.
`s3_client_default_secret_key`	None	S3 repository secret key for searchable snapshots.

Networking Properties

These properties relate to communication between Graylog nodes as well as between Graylog and external environments.

Parameter	Default Value	Description
`bind_address`	`0.0.0.0`	HTTP bind address. The network interface used by the Graylog Data Node to bind all services.
`datanode_http_port`	`8999`	HTTP port. The port on which the Data Node REST API is listening.
`enabled_tls_protocols`	None	Allowed TLS protocols for system-wide TLS-enabled servers (e.g. message inputs, http interface). Setting this to an empty value leaves it up to system libraries and the used JDK to chose a default.
`http_certificate`	None	Relative path (to `config_location`) to a keystore used for OpenSearch REST layer TLS.
`http_certificate_password`	None	Password for a keystore defined in `http_certificate`.
`http_enable_gzip`	`1`	Enable GZIP support for HTTP interface. This compresses API responses and helps to reduce overall round trip times.
`http_max_header_size`	`8192`	The maximum size of the HTTP request headers in bytes
`http_publish_uri`		This configuration should be used if you want to connect to this Graylog Data Node's REST API, and it is available on another network interface than `$http_bind_address`, for example if the machine has multiple network interfaces or is behind a NAT gateway.
`http_thread_pool_size`	`64`	The size of the thread pool used exclusively for serving the HTTP interface.
`indexer_jwt_auth_token_caching_duration`	`60 seconds`	Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the interval between token regenerations.
`indexer_jwt_auth_token_expiration_duration`	`180 seconds`	Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the validity interval of JWT tokens.
`opensearch_http_port`	`9200`	HTTP port on which the embedded OpenSearch listens.
`opensearch_network_host`		Binds an OpenSearch node to an address. Use `0.0.0.0` to include all available network interfaces, or specify an IP address assigned to a specific interface.
`opensearch_transport_port`	`9300`	Transport port on which the embedded OpenSearch listens.

Performance Tuning Properties

These properties allow you to affect the performance of your Graylog installation.

Parameter	Default Value	Description
`opensearch_heap`	`1g`	OpenSearch heap memory. Initial and maxmium heap must be identical for OpenSearch; otherwise the boot fails.

Performance Monitoring and Logging Properties

These properties control configuration of metrics and logging that Graylog performs.

Parameter	Default Value	Description
`opensearch_logger_org_opensearch`	`INFO`	Configures verbosity of embedded OpenSearch logs. Possible values `OFF`, `FATAL`, `ERROR`, `WARN`, `INFO`, `DEBUG`, and `TRACE`.
`opensearch_logs_location`	`datanode/logs`	Logs directory of the embedded OpenSearch.
`opensearch_plugins_security_audit_type`	None	Configures OpenSearch audit log storage type. See the OpenSearch documentation for more information.
`process_logs_buffer_size`	`500`	The number of log entries the OpenSearch process should hold in memory and make accessible for Data Node via API calls.

Search Backend Configuration Properties

These properties affect how the backend search service is configured, such as where data is stored and node roles.

Parameter	Default Value	Description
`clustername`	`datanode-cluster`	Name of the cluster on which the embedded OpenSearch will form. Should be the same for all data nodes in one cluster.
`initial_cluster_manager_nodes`	None	Comma-separated list of OpenSearch nodes that are eligible as manager nodes.
`node_roles`	`[cluster_manager, data, ingest, remote_cluster_client, search]`	The list of the OpenSearch node's roles.
`opensearch_config_location`	`datanode/config`	Configuration directory of the embedded OpenSearch. This is the directory where the OpenSearch process will store its configuration files.
	Warning: Each start of the Data Node regenerates the complete contents of the configuration directory!
`opensearch_data_location`	`datanode/data`	Data directory of the embedded OpenSearch. Contains OpenSearch indices.
`opensearch_discovery_seed_hosts`	`[]`	Provides a list of the addresses of the leader-eligible nodes in the cluster. Automatically sets to all nodes if not provided.
`opensearch_location`	`dist`	Directory where Data Node will search for an OpenSearch distribution.

User Experience Properties

These properties affect the user experience in the Graylog web interface.

Parameter	Default Value	Description
`opensearch_indices_query_bool_max_clause_count`	`32768`	This setting limits the number of clauses a Lucene Boolean query can have.

Miscellaneous Properties

These properties affect Graylog elements not directly relevant to other categories.

Parameter	Default Value	Description
`shutdown_timeout`	`30000`	How many milliseconds should the Data Node wait for termination of all tasks during the shutdown.