Initial Configuration Settings

During Graylog installation, you are required to assign or update values for several configuration properties in both server.conf and datanode.conf before you can start Graylog.

This article lists the essential initial configuration settings for Graylog, which includes the properties you set during installation as well as others you most likely need to set or adjust as soon as your Graylog server is running.

Hint: The configuration files include many other important and useful properties not covered here. We encourage you to review these files after your initial setup is complete. For a complete lists of properties available in the these files, see Graylog Server Configuration Settings Reference and Data Node Configuration Settings Reference. For information about editing these files, see Graylog Server Configuration.

Essential Properties

Property	Description	File	Default
`password_secret`	Used for password encryption and salting. Use at least 64 characters. Set the same `password_secret` value for `graylog-server` and all Data Node nodes. If you run multiple `graylog-server` nodes, they must all have the same value set as well.	`datanode.conf`, `server.conf`	None. You must set this value or the server will not start.
	Hint: Generate a password secret with, for example: `pwgen -N 1 -s 96`.
`mongodb_uri`	Sets your MongoDB connection, including authentication information. See the MongoDB documentation for details.	`datanode.conf`, `server.conf`	`mongodb://localhost/graylog`
`opensearch_heap`	Sets the heap memory for OpenSearch. Set this value to half your system memory, up to a max of 31 GB.	`datanode.conf`	`1g`
`root_password_sha2`	A SHA2 hash of the password you will use for your initial login.	`datanode.conf`, `server.conf`	None. You must set this value.
	You must specify a hash password for the root user, which you need to initially set up the system and if you lose connectivity to your authentication backend. This password cannot be changed via the API or the web interface. You can modify it only in the `server.conf` file. The admin password you set in this step is the one you use to log in to Graylog after you complete the preflight steps. For the initial preflight log in, you must use the generated credentials, as described in that section. Hint: You can generate and insert a SHA2 hash with the following code: `echo -n "Enter Password: " && head -1 </dev/stdin \| tr -d '\n' \| sha256sum \| cut -d" " -f1`.
`http_bind_address`	The network interface used by the Graylog HTTP interface. This address and port is used by default in the `http_publish_uri`. This network interface must be accessible by all Graylog nodes in the cluster and by all clients using the Graylog web interface. For more information, see The Web Interface.	`server.conf`	`127.0.0.1:9000` If you change this value but do not specify a port, Graylog uses port 9000 by default.
`http_external_uri`	Sets the public URI for Graylog, which is used by the Graylog web interface to communicate with the Graylog REST API. The `http://graylog.user.com/` value equals the DNS record set on your load balancer.	`server.conf`	`$http_publish_uri`
`message_journal_max_age` `message_journal_max-size`	These two properties work together to determine how long journal messages are held before they are written to the search backend. We recommend you configure your journal max age setting to 72 hours and the max size to your expected total log volume over a 72-hour period. So, if your expected daily log volume is 30 GB, your max size should be adjusted to 90 GB.	`server.conf`	`12h` / `5gb`
`is_leader`	Sets the node as the leader if you are running more than one instance of the Graylog server. For multi-node architecture, you must designate one `graylog-server` node as the leader. This node performs periodic and maintenance actions that other nodes do not perform. All other nodes, which are follower or replica nodes, should be set to `false`. Replica nodes accept messages the same as leader nodes do.	`server.conf`	`true`