Data Node Configuration Settings Reference

The file datanode.conf is the Data Node configuration file. When you install and configure the Graylog Data Node, we recommend that you follow the instructions provided in Graylog Data Node. For additional configuration options available via this file, consult the tables below.

Configuration Database Connection Properties

These properties define connections to the MongoDB database, which stores cluster configuration metadata.

Parameter Type Required Default Value Description
mongodb_max_connections

 

 

1000 Increase this value according to the maximum connections your MongoDB server can handle from a single client if you encounter MongoDB connection problems.
mongodb_uri

 

 

mongodb://localhost/graylog MongoDB connection string. See the MongoDB documentation for details.
mongodb_version_probe_attempts

 

 

0 This defines the number of attempts the search version probe should run before giving up. Default 0 means retry indefinitely until a connection can be established.

Core Graylog Cluster Settings Properties

These properties define important cluster identification and security elements that must be set.

Parameter Type Required Default Value Description
config_location

Path

No

None Source directory of the additional configuration files for the Data Node. Additional certificates can be provided here.
node_id_file

String

No

data/node-id The auto-generated node ID will be stored in this file and read after restarts. It is recommended to use an absolute file path here if you are starting Graylog Data Node from init scripts or similar.
node_name

String

No

None Unique name of your Data Node instance. Use this if your node name should be different from the hostname that's found by programmatically looking it up.
password_secret

String

Yes

None You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using, for example: pwgen -N 1 -s 96.

 

 

 

Warning: The password_secret value must be the same on all Graylog and Data Node nodes in the cluster. Changing this value after installation renders all user sessions and encrypted values in the database invalid (e.g. encrypted access tokens).

skip_preflight_checks

Boolean

No

false Do not perform any preflight checks when starting the Data Node.

Data Tiering Properties

These properties define where data is stored for the data tiering feature.

Parameter Type Required Default Value Description
node_search_cache_size

String

No

10gb Cache size for searchable snaphots. This space will be automatically reserved if you have either S3 or shared filesystem repositories enabled and configured. See s3_client_* and path_repo configuration options.
path_repo

List

No

None Filesystem path where searchable snapshots should be stored.
s3_client_default_access_key

String

No

None S3 repository access key for searchable snapshots.
s3_client_default_endpoint

String

No

None S3 repository endpoint for searchable snapshots.
s3_client_default_path_style_access

Boolean

No

true S3 repository path-style access for searchable snapshots.
s3_client_default_protocol

String

No

http S3 repository protocol for searchable snapshots.
s3_client_default_region

String

No

us-east-2 S3 repository region for searchable snapshots. See the AWS documentation for available regions for configuration.
s3_client_default_secret_key

String

No

None S3 repository secret key for searchable snapshots.

Networking Properties

These properties relate to communication between Graylog nodes as well as between Graylog and external environments.

Parameter Type Required Default Value Description
bind_address

String

Yes

0.0.0.0 HTTP bind address. The network interface used by the Graylog Data Node to bind all services.
datanode_http_port

Integer

Yes

8999 HTTP port. The port on which the Data Node REST API is listening.
enabled_tls_protocols

Set

No

None Allowed TLS protocols for system-wide TLS-enabled servers (e.g. message inputs, HTTP interface). Setting this to an empty value leaves it up to system libraries and JDK to chose a default.
http_certificate

String

No

None Relative path (to config_location) to a keystore used for OpenSearch REST-layer TLS.

http_certificate_alias

String

No

 

The HTTP keystore alias name. The default is found in the first alias.

http_certificate_password

String

No

None Password for a keystore defined in http_certificate.
http_enable_gzip

Boolean

No

true Enable GZIP support for HTTP interface. This compresses API responses and helps to reduce overall round trip times.
http_max_header_size

Integer

Yes

8192 The maximum size of the HTTP request headers in bytes.
http_publish_uri

URI

No

None This configuration should be used if you want to connect to this Graylog Data Node's REST API, and it is available on another network interface than $bind_addressss like, for example, if the machine has multiple network interfaces or is behind a NAT gateway.
http_thread_pool_size

Integer

Yes

64 The size of the thread pool used exclusively for serving the HTTP interface.
indexer_jwt_auth_token_caching_duration

Duration

No

60 seconds Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the interval between token regenerations.
indexer_jwt_auth_token_expiration_duration

Duration

No

180 seconds Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the validity interval of JWT tokens.
opensearch_http_port

Integer

No

9200 HTTP port on which the embedded OpenSearch listens.
opensearch_network_host

String

No

None Binds an OpenSearch node to an address. Use 0.0.0.0 to include all available network interfaces, or specify an IP address assigned to a specific interface.
opensearch_transport_port

Integer

No

9300 Transport port on which the embedded OpenSearch listens.
transport_certificate

String

No

None

Relative path (to config_location) to a keystore used for OpenSearch transport-layer TLS
transport_certificate_alias

String

No

 

The transport keystore alias name. The default is found in the first alias.
transport_certificate_password

String

No

None

The password for a keystore defined in transport_certificate.

Performance Tuning Properties

These properties allow you to affect the performance of your Graylog installation.

Parameter Type Required Default Value Description
opensearch_heap

String

No

1g OpenSearch heap memory. Initial and maxmium heap must be identical for OpenSearch; otherwise the boot fails.

Performance Monitoring and Logging Properties

These properties control configuration of metrics and logging that Graylog performs.

Parameter Type Required Default Value Description
opensearch_logger_org_opensearch

String

No

INFO

Configures verbosity of embedded OpenSearch logs. Possible values OFF, FATAL, ERROR, WARN, INFO, DEBUG, and TRACE. These values map to Log4j2’s built-in log levels.

opensearch_logs_location

Path

Yes

datanode/logs Logs directory of the embedded OpenSearch.
opensearch_plugins_security_audit_type

String

None

None Configures OpenSearch audit log storage type. See the OpenSearch documentation for more information.
process_logs_buffer_size

Integer

No

500 The number of log entries the OpenSearch process should hold in memory and make accessible for Data Node via API calls.

Search Backend Configuration Properties

These properties affect how the backend search service is configured, such as where data is stored and node roles.

Parameter Type Required Default Value Description
clustername

String

No

datanode-cluster Name of the cluster on which the embedded OpenSearch will form. Should be the same for all data nodes in one cluster.
initial_cluster_manager_nodes

String

No

None Comma-separated list of OpenSearch nodes that are eligible as manager nodes.
node_roles

List

No

cluster_manager,data,ingest,remote_cluster_client The Data Node's roles. If nothing is defined, Data Node will use cluster_manager,data,ingest,remote_cluster_client. If roles are not defined but configuration contains snapshots configuration (by path_repo or S3 credentials), the search role will also be automatically added.
opensearch_config_location

Path

Yes

datanode/config Configuration directory of the embedded OpenSearch. This is the directory where the OpenSearch process will store its configuration files.

 

 

 

Warning: Each start of the Data Node regenerates the complete contents of the configuration directory!

opensearch_configuration_overrides_file

Path

No

None

The path to the file with configuration properties overriding default OpenSearch parameters. Required format is a Java properties file. If the path is relative, Data Node will try to resolve the file relative to the configured config_location path.

 

 

 

Warning: Overriding OpenSearch configuration parameters is not supported and may break in any future release. See Configuration Overrides for more information.

opensearch_data_location

Path

Yes

datanode/data Data directory of the embedded OpenSearch. Contains OpenSearch indices. It may be pointed to an existing OpenSearch directory during in-place migration to Data Node.
opensearch_discovery_seed_hosts

List

No

[] Provides a list of the addresses of the leader-eligible nodes in the cluster. Automatically sets to all nodes if not configured.
opensearch_location

String

No

dist Directory where Data Node will search for an OpenSearch distribution.

User Experience Properties

These properties affect the user experience in the Graylog web interface.

Parameter Type Required Default Value Description
opensearch_indices_query_bool_max_clause_count

Integer

No

32768 This setting limits the number of clauses a Lucene Boolean query can have.

Miscellaneous Properties

These properties affect Graylog elements not directly relevant to other categories.

Parameter Type Required Default Value Description
shutdown_timeout

Integer

No

30000 How many milliseconds should the Data Node wait for termination of all tasks during the shutdown.