Data Node Configuration
The file datanode.conf is the Data Node configuration file. When first installing and configuring the Graylog Data node, we recommend that you follow the instructions provided in the Data Node installation guide. For additional configuration options available via this file, consult the chart below:
| Parameter | Required | Default Value | Description |
|---|---|---|---|
bind_address
|
TRUE | 0.0.0.0
|
HTTP bind address. The network interface used by the Graylog Data Node to bind all services. |
clustername
|
FALSE | datanode-cluster
|
Name of the cluster on which the embedded OpenSearch will form. Should be the same for all data nodes in one cluster. |
config_location
|
FALSE | Source directory of the additional configuration files for the Data Node. Additional certificates can be provided here. | |
datanode_http_port
|
TRUE | 8999
|
HTTP port. The port on which the Data Node REST API is listening. |
enabled_tls_protocols
|
FALSE | Allowed TLS protocols for system-wide TLS-enabled servers (e.g. message inputs, http interface). Setting this to an empty value leaves it up to system libraries and the used JDK to chose a default. | |
http_certificate
|
FALSE | Relative path (to config_location) to a keystore used for OpenSearch REST layer TLS. |
|
http_certificate_password
|
FALSE | Password for a keystore defined in http_certificate. |
|
http_enable_gzip
|
FALSE | 1
|
Enable GZIP support for HTTP interface. This compresses API responses and helps to reduce overall round trip times. |
http_max_header_size
|
TRUE | 8192
|
The maximum size of the HTTP request headers in bytes |
http_publish_uri
|
FALSE | This configuration should be used if you want to connect to this Graylog Data Node's REST API, and it is available on another network interface than $http_bind_address, for example if the machine has multiple network interfaces or is behind a NAT gateway. |
|
http_thread_pool_size
|
TRUE | 64
|
The size of the thread pool used exclusively for serving the HTTP interface. |
indexer_jwt_auth_token_caching_duration
|
FALSE | 60 seconds
|
Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the interval between token regenerations. |
indexer_jwt_auth_token_expiration_duration
|
FALSE | 180 seconds
|
Communication between Graylog and OpenSearch is secured by JWT. This configuration defines the validity interval of JWT tokens. |
initial_cluster_manager_nodes
|
FALSE | Comma-separated list of OpenSearch nodes that are eligible as manager nodes. | |
mongodb_max_connections
|
FALSE | 1000
|
Increase this value according to the maximum connections your MongoDB server can handle from a single client if you encounter MongoDB connection problems. |
mongodb_uri
|
TRUE | mongodb://localhost/graylog
|
MongoDB connection string. See the MongoDB documentation for details |
mongodb_version_probe_attempts
|
FALSE | 0
|
This defines the number of attempts the search version probe should run before giving up. Default 0 means retry indefinitely until a connection can be established. |
node_id_file
|
FALSE | data/node-id
|
The auto-generated node ID will be stored in this file and read after restarts. It is recommended to use an absolute file path here if you are starting Graylog Data Node from init scripts or similar. |
node_name
|
FALSE | Unique name of your Data Node instance. Use this if your node name should be different from the hostname that's found by programmatically looking it up. |
|
node_roles
|
FALSE | [cluster_manager, data, ingest, remote_cluster_client, search]
|
The list of the OpenSearch node's roles. |
node_search_cache_size
|
FALSE | 10gb
|
Cache size for searchable snaphots. |
opensearch_config_location
|
TRUE | datanode/config
|
Configuration directory of the embedded OpenSearch. This is the directory where the OpenSearch process will store its configuration files. Warning: Each start of the Data Node will regenerate the complete content of the directory! |
opensearch_data_location
|
TRUE | datanode/data
|
Data directory of the embedded OpenSearch. Contains OpenSearch indices. |
opensearch_discovery_seed_hosts
|
FALSE | []
|
Provides a list of the addresses of the leader-eligible nodes in the cluster. Automatically sets to all nodes if not provided. |
opensearch_heap
|
FALSE | 1g
|
OpenSearch heap memory. Initial and maximum heap must be identical for OpenSearch; otherwise the boot fails. |
opensearch_http_port
|
FALSE | 9200
|
HTTP port on which the embedded OpenSearch listens. |
opensearch_indices_query_bool_max_clause_count
|
FALSE | 32768
|
This setting limits the number of clauses a Lucene Boolean query can have. |
opensearch_location
|
FALSE | dist
|
Directory where Data Node will search for an OpenSearch distribution. |
opensearch_logger_org_opensearch
|
FALSE | INFO
|
Configures verbosity of embedded OpenSearch logs. Possible values OFF, FATAL, ERROR, WARN, INFO, DEBUG, and TRACE. |
opensearch_logs_location
|
TRUE | datanode/logs
|
Logs directory of the embedded OpenSearch. |
opensearch_network_host
|
FALSE | Binds an OpenSearch node to an address. Use 0.0.0.0 to include all available network interfaces, or specify an IP address assigned to a specific interface. |
|
opensearch_plugins_security_audit_type
|
FALSE | Configures OpenSearch audit log storage type. See the OpenSearch documentation for more information. | |
opensearch_transport_port
|
FALSE | 9300
|
Transport port on which the embedded OpenSearch listens. |
password_secret
|
TRUE | You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using, for example: pwgen -N 1 -s 96.
Warning: This value must be the same on all Graylog and Data Node nodes in the cluster. Changing this value after installation will render all user sessions and encrypted values in the database invalid (e.g. encrypted access tokens). |
|
path_repo
|
FALSE | Filesystem path where searchable snapshots should be stored. | |
process_logs_buffer_size
|
FALSE | 500
|
The number of log entries the OpenSearch process should hold in memory and make accessible for Data Node via API calls. |
root_password_sha2
|
FALSE | You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend). This password cannot be changed using the API or via the web interface. If you need to change it, modify it in this file. Create one by using, for example: echo -n yourpassword | shasum -a 256. |
|
root_username
|
FALSE | admin
|
The default root user is named admin. |
s3_client_default_access_key
|
FALSE | S3 repository access key for searchable snapshots. | |
s3_client_default_endpoint
|
FALSE | S3 repository endpoint for searchable snapshots. | |
s3_client_default_path_style_access
|
FALSE | 1
|
S3 repository path-style access for searchable snapshots. |
s3_client_default_protocol
|
FALSE | http
|
S3 repository protocol for searchable snapshots. |
s3_client_default_region
|
FALSE | us-east-2
|
S3 repository region for searchable snapshots. |
s3_client_default_secret_key
|
FALSE | S3 repository secret key for searchable snapshots. | |
shutdown_timeout
|
FALSE | 30000
|
How many milliseconds should the Data Node wait for termination of all tasks during the shutdown. |
skip_preflight_checks
|
FALSE | 0
|
Do not perform any preflight checks when starting the Data Node. |
transport_certificate
|
FALSE | Relative path (to config_location) to a keystore used for OpenSearch transport layer TLS. |
|
transport_certificate_password
|
FALSE | Password for a keystore defined in transport_certificate. |
