Data Node Configuration Settings Reference

The file datanode.conf is the Data Node configuration file. When you install and configure the Graylog Data Node, we recommend that you follow the instructions provided in Graylog Data Node. For additional configuration options available via this file, consult the tables below.

Configuration Database Connection Properties

These properties define connections to the MongoDB database, which stores cluster configuration metadata.

Parameter	Default Value	Description
`mongodb_max_connections`	`1000`	Increase this value according to the maximum connections your MongoDB server can handle from a single client if you encounter MongoDB connection problems.
`mongodb_uri`	`mongodb://localhost/graylog`	MongoDB connection string. See the MongoDB documentation for details.
`mongodb_version_probe_attempts`	`0`	This defines the number of attempts the search version probe should run before giving up. Default `0` means retry indefinitely until a connection can be established.

Core Graylog Cluster Settings Properties

These properties define important cluster identification and security elements that must be set.

Parameter	Type	Required	Default Value	Description
`config_location`	Path	No	None	Source directory of the additional configuration files for the Data Node. Additional certificates can be provided here.
`node_id_file`	String	No	`data/node-id`	The auto-generated node ID will be stored in this file and read after restarts. It is recommended to use an absolute file path here if you are starting Graylog Data Node from init scripts or similar.
`node_name`	String	No	None	Unique name of your Data Node instance. Use this if your node name should be different from the hostname that's found by programmatically looking it up.
`password_secret`	String	Yes	None	You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using, for example: `pwgen -N 1 -s 96`.
			Warning: The `password_secret` value must be the same on all Graylog and Data Node nodes in the cluster. Changing this value after installation renders all user sessions and encrypted values in the database invalid (e.g. encrypted access tokens).
`skip_preflight_checks`	Boolean	No	`false`	Do not perform any preflight checks when starting the Data Node.

Data Tiering Properties

These properties define where data is stored for the data tiering feature.

Parameter	Type	Required	Default Value	Description
`node_search_cache_size`	String	No	`10gb`	Cache size for searchable snaphots. This space will be automatically reserved if you have either S3 or shared filesystem repositories enabled and configured. See `s3_client_*` and `path_repo` configuration options.
`path_repo`	List	No	None	Filesystem path where searchable snapshots should be stored.
`s3_client_default_access_key`	String	No	None	S3 repository access key for searchable snapshots.
`s3_client_default_endpoint`	String	No	None	S3 repository endpoint for searchable snapshots.
`s3_client_default_path_style_access`	Boolean	No	`true`	S3 repository path-style access for searchable snapshots.
`s3_client_default_protocol`	String	No	`http`	S3 repository protocol for searchable snapshots.
`s3_client_default_region`	String	No	`us-east-2`	S3 repository region for searchable snapshots. See the AWS documentation for available regions for configuration.
`s3_client_default_secret_key`	String	No	None	S3 repository secret key for searchable snapshots.

Networking Properties

These properties relate to communication between Graylog nodes as well as between Graylog and external environments.

Parameter	Type	Required	Default Value	Description
`bind_address`	String	Yes	`0.0.0.0`	HTTP bind address. The network interface used by the Graylog Data Node to bind all services.
`datanode_http_port`	Integer	Yes	`8999`	HTTP port. The port on which the Data Node REST API is listening.
`enabled_tls_protocols`	Set	No	None	Allowed TLS protocols for system-wide TLS-enabled servers (e.g. message inputs, HTTP interface). Setting this to an empty value leaves it up to system libraries and JDK to chose a default.
`http_certificate`	String	No	None	Relative path (to `config_location`) to a keystore used for OpenSearch REST-layer TLS.
`http_certificate_alias`	String	No		The HTTP keystore alias name. The default is found in the first alias.
`http_certificate_password`	String	No	None	Password for a keystore defined in `http_certificate`.
`http_enable_gzip`	Boolean	No	`true`	Enable GZIP support for HTTP interface. This compresses API responses and helps to reduce overall round trip times.
`http_max_header_size`	Integer	Yes	`8192`	The maximum size of the HTTP request headers in bytes.
`http_publish_uri`	URI	No	None	This configuration should be used if you want to connect to this Graylog Data Node's REST API, and it is available on another network interface than `$bind_addressss` like, for example, if the machine has multiple network interfaces or is behind a NAT gateway.
`http_thread_pool_size`	Integer	Yes	`64`	The size of the thread pool used exclusively for serving the HTTP interface.
`indexer_jwt_auth_token_caching_duration`	Duration	No	`60 seconds`	Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the interval between token regenerations.
`indexer_jwt_auth_token_expiration_duration`	Duration	No	`180 seconds`	Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the validity interval of JWT tokens.
`opensearch_http_port`	Integer	No	`9200`	HTTP port on which the embedded OpenSearch listens.
`opensearch_network_host`	String	No	None	Binds an OpenSearch node to an address. Use `0.0.0.0` to include all available network interfaces, or specify an IP address assigned to a specific interface.
`opensearch_transport_port`	Integer	No	`9300`	Transport port on which the embedded OpenSearch listens.
`transport_certificate`	String	No	None	Relative path (to `config_location`) to a keystore used for OpenSearch transport-layer TLS
`transport_certificate_alias`	String	No		The transport keystore alias name. The default is found in the first alias.
`transport_certificate_password`	String	No	None	The password for a keystore defined in `transport_certificate`.

Performance Tuning Properties

These properties allow you to affect the performance of your Graylog installation.

Parameter	Type	Required	Default Value	Description
`opensearch_heap`	String	No	`1g`	OpenSearch heap memory. Initial and maxmium heap must be identical for OpenSearch; otherwise the boot fails.

Performance Monitoring and Logging Properties

These properties control configuration of metrics and logging that Graylog performs.

Parameter	Type	Required	Default Value	Description
`opensearch_logger_org_opensearch`	String	No	`INFO`	Configures verbosity of embedded OpenSearch logs. Possible values `OFF`, `FATAL`, `ERROR`, `WARN`, `INFO`, `DEBUG`, and `TRACE`. These values map to Log4j2’s built-in log levels.
`opensearch_logs_location`	Path	Yes	`datanode/logs`	Logs directory of the embedded OpenSearch.
`opensearch_plugins_security_audit_type`	String	None	None	Configures OpenSearch audit log storage type. See the OpenSearch documentation for more information.
`process_logs_buffer_size`	Integer	No	`500`	The number of log entries the OpenSearch process should hold in memory and make accessible for Data Node via API calls.

Search Backend Configuration Properties

These properties affect how the backend search service is configured, such as where data is stored and node roles.

Parameter	Type	Required	Default Value	Description
`clustername`	String	No	`datanode-cluster`	Name of the cluster on which the embedded OpenSearch will form. Should be the same for all data nodes in one cluster.
`initial_cluster_manager_nodes`	String	No	None	Comma-separated list of OpenSearch nodes that are eligible as manager nodes.
`node_roles`	List	No	`cluster_manager,data,ingest,remote_cluster_client`	The Data Node's roles. If nothing is defined, Data Node will use `cluster_manager,data,ingest,remote_cluster_client`. If roles are not defined but configuration contains snapshots configuration (by `path_repo` or S3 credentials), the search role will also be automatically added.
`opensearch_config_location`	Path	Yes	`datanode/config`	Configuration directory of the embedded OpenSearch. This is the directory where the OpenSearch process will store its configuration files.
			Warning: Each start of the Data Node regenerates the complete contents of the configuration directory!
`opensearch_configuration_overrides_file`	Path	No	None	The path to the file with configuration properties overriding default OpenSearch parameters. Required format is a Java properties file. If the path is relative, Data Node will try to resolve the file relative to the configured `config_location` path.
			Warning: Overriding OpenSearch configuration parameters is not supported and may break in any future release. See Configuration Overrides for more information.
`opensearch_data_location`	Path	Yes	`datanode/data`	Data directory of the embedded OpenSearch. Contains OpenSearch indices. It may be pointed to an existing OpenSearch directory during in-place migration to Data Node.
`opensearch_discovery_seed_hosts`	List	No	`[]`	Provides a list of the addresses of the leader-eligible nodes in the cluster. Automatically sets to all nodes if not configured.
`opensearch_location`	String	No	`dist`	Directory where Data Node will search for an OpenSearch distribution.

User Experience Properties

These properties affect the user experience in the Graylog web interface.

Parameter	Type	Required	Default Value	Description
`opensearch_indices_query_bool_max_clause_count`	Integer	No	`32768`	This setting limits the number of clauses a Lucene Boolean query can have.

Miscellaneous Properties

These properties affect Graylog elements not directly relevant to other categories.

Parameter	Type	Required	Default Value	Description
`shutdown_timeout`	Integer	No	`30000`	How many milliseconds should the Data Node wait for termination of all tasks during the shutdown.