Data Node Configuration Settings Reference
The file datanode.conf
is the Data Node configuration file. When you install and configure the Graylog Data Node, we recommend that you follow the instructions provided in Graylog Data Node. For additional configuration options available via this file, consult the tables below.
Configuration Database Connection Properties
These properties define connections to the MongoDB database, which stores cluster configuration metadata.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
mongodb_max_connections
|
|
|
1000
|
Increase this value according to the maximum connections your MongoDB server can handle from a single client if you encounter MongoDB connection problems. |
mongodb_uri
|
|
|
mongodb://localhost/graylog
|
MongoDB connection string. See the MongoDB documentation for details. |
mongodb_version_probe_attempts
|
|
|
0
|
This defines the number of attempts the search version probe should run before giving up. Default 0 means retry indefinitely until a connection can be established. |
Core Graylog Cluster Settings Properties
These properties define important cluster identification and security elements that must be set.
Data Tiering Properties
These properties define where data is stored for the data tiering feature.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
node_search_cache_size
|
String |
No |
10gb
|
Cache size for searchable snaphots. This space will be automatically reserved if you have either S3 or shared filesystem repositories enabled and configured. See s3_client_* and path_repo configuration options. |
path_repo
|
List |
No |
None | Filesystem path where searchable snapshots should be stored. |
s3_client_default_access_key
|
String |
No |
None | S3 repository access key for searchable snapshots. |
s3_client_default_endpoint
|
String |
No |
None | S3 repository endpoint for searchable snapshots. |
s3_client_default_path_style_access
|
Boolean |
No |
true
|
S3 repository path-style access for searchable snapshots. |
s3_client_default_protocol
|
String |
No |
http
|
S3 repository protocol for searchable snapshots. |
s3_client_default_region
|
String |
No |
us-east-2
|
S3 repository region for searchable snapshots. See the AWS documentation for available regions for configuration. |
s3_client_default_secret_key
|
String |
No |
None | S3 repository secret key for searchable snapshots. |
Networking Properties
These properties relate to communication between Graylog nodes as well as between Graylog and external environments.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
bind_address
|
String |
Yes |
0.0.0.0
|
HTTP bind address. The network interface used by the Graylog Data Node to bind all services. |
datanode_http_port
|
Integer |
Yes |
8999
|
HTTP port. The port on which the Data Node REST API is listening. |
enabled_tls_protocols
|
Set |
No |
None | Allowed TLS protocols for system-wide TLS-enabled servers (e.g. message inputs, HTTP interface). Setting this to an empty value leaves it up to system libraries and JDK to chose a default. |
http_certificate
|
String |
No |
None | Relative path (to config_location ) to a keystore used for OpenSearch REST-layer TLS. |
|
String |
No |
|
The HTTP keystore alias name. The default is found in the first alias. |
http_certificate_password
|
String |
No |
None | Password for a keystore defined in . |
http_enable_gzip
|
Boolean |
No |
true
|
Enable GZIP support for HTTP interface. This compresses API responses and helps to reduce overall round trip times. |
http_max_header_size
|
Integer |
Yes |
8192
|
The maximum size of the HTTP request headers in bytes. |
http_publish_uri
|
URI |
No |
None | This configuration should be used if you want to connect to this Graylog Data Node's REST API, and it is available on another network interface than $bind_addressss like, for example, if the machine has multiple network interfaces or is behind a NAT gateway. |
http_thread_pool_size
|
Integer |
Yes |
64
|
The size of the thread pool used exclusively for serving the HTTP interface. |
indexer_jwt_auth_token_caching_duration
|
Duration |
No |
60 seconds
|
Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the interval between token regenerations. |
indexer_jwt_auth_token_expiration_duration
|
Duration |
No |
180 seconds
|
Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the validity interval of JWT tokens. |
opensearch_http_port
|
Integer |
No |
9200
|
HTTP port on which the embedded OpenSearch listens. |
opensearch_network_host
|
String |
No |
None | Binds an OpenSearch node to an address. Use 0.0.0.0 to include all available network interfaces, or specify an IP address assigned to a specific interface. |
opensearch_transport_port
|
Integer |
No |
9300
|
Transport port on which the embedded OpenSearch listens. |
transport_certificate
|
String |
No |
None |
Relative path (to config_location ) to a keystore used for OpenSearch transport-layer TLS |
transport_certificate_alias
|
String |
No |
|
The transport keystore alias name. The default is found in the first alias. |
transport_certificate_password
|
String |
No |
None |
The password for a keystore defined in transport_certificate . |
Performance Tuning Properties
These properties allow you to affect the performance of your Graylog installation.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
opensearch_heap
|
String |
No |
1g
|
OpenSearch heap memory. Initial and maxmium heap must be identical for OpenSearch; otherwise the boot fails. |
Performance Monitoring and Logging Properties
These properties control configuration of metrics and logging that Graylog performs.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
opensearch_logger_org_opensearch
|
String |
No |
INFO
|
Configures verbosity of embedded OpenSearch logs. Possible values |
opensearch_logs_location
|
Path |
Yes |
datanode/logs
|
Logs directory of the embedded OpenSearch. |
opensearch_plugins_security_audit_type
|
String |
None |
None | Configures OpenSearch audit log storage type. See the OpenSearch documentation for more information. |
process_logs_buffer_size
|
Integer |
No |
500
|
The number of log entries the OpenSearch process should hold in memory and make accessible for Data Node via API calls. |
Search Backend Configuration Properties
These properties affect how the backend search service is configured, such as where data is stored and node roles.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
clustername
|
String |
No |
datanode-cluster
|
Name of the cluster on which the embedded OpenSearch will form. Should be the same for all data nodes in one cluster. |
initial_cluster_manager_nodes
|
String |
No |
None | Comma-separated list of OpenSearch nodes that are eligible as manager nodes. |
node_roles
|
List |
No |
cluster_manager,data,ingest,remote_cluster_client
|
The Data Node's roles. If nothing is defined, Data Node will use cluster_manager,data,ingest,remote_cluster_client . If roles are not defined but configuration contains snapshots configuration (by path_repo or S3 credentials), the search role will also be automatically added. |
opensearch_config_location
|
Path |
Yes |
datanode/config
|
Configuration directory of the embedded OpenSearch. This is the directory where the OpenSearch process will store its configuration files. |
|
|
|
Warning: Each start of the Data Node regenerates the complete contents of the configuration directory! |
|
opensearch_configuration_overrides_file
|
Path |
No |
None |
The path to the file with configuration properties overriding default OpenSearch parameters. Required format is a Java properties file. If the path is relative, Data Node will try to resolve the file relative to the configured path. |
|
|
|
Warning: Overriding OpenSearch configuration parameters is not supported and may break in any future release. See Configuration Overrides for more information. |
|
opensearch_data_location
|
Path |
Yes |
datanode/data
|
Data directory of the embedded OpenSearch. Contains OpenSearch indices. It may be pointed to an existing OpenSearch directory during in-place migration to Data Node. |
opensearch_discovery_seed_hosts
|
List |
No |
[]
|
Provides a list of the addresses of the leader-eligible nodes in the cluster. Automatically sets to all nodes if not configured. |
opensearch_location
|
String |
No |
dist
|
Directory where Data Node will search for an OpenSearch distribution. |
User Experience Properties
These properties affect the user experience in the Graylog web interface.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
opensearch_indices_query_bool_max_clause_count
|
Integer |
No |
32768
|
This setting limits the number of clauses a Lucene Boolean query can have. |
Miscellaneous Properties
These properties affect Graylog elements not directly relevant to other categories.
Parameter | Type | Required | Default Value | Description |
---|---|---|---|---|
shutdown_timeout
|
Integer |
No |
30000
|
How many milliseconds should the Data Node wait for termination of all tasks during the shutdown. |