Graylog Server Configuration Settings Reference

The file server.conf is the Graylog server configuration file. When you install and configure Graylog for the first time, we recommend that you follow the instructions provided in the installation documentation. Review Graylog Server Configuration for information on accessing and updating this configuration file. For additional configuration options available via this file, consult the tables below.

Configuration Database Connection Properties

These properties define connections to the MongoDB database, which stores cluster configuration metadata.

Parameter	Default Value	Description
`mongodb_max_connections`	`1000`	Increase this value according to the maximum connections your MongoDB server can handle from a single client if you encounter MongoDB connection problems.
`mongodb_uri`	`mongodb://localhost/graylog`	MongoDB connection string. See the MongoDB documentation for details
`mongodb_version_probe_attempts`	`0`	This defines the number of attempts the search version probe should run before giving up. Default 0 means retry indefinitely until a connection can be established.

Core Graylog Cluster Settings Properties

These properties define important cluster identification and security elements that must be set.

Parameter	Default Value	Recommended Value	Description
`bin_dir`	`bin`		This directory contains binaries that are used by the Graylog server (relative or absolute).
`content_packs_auto_install`	None		A comma-separated list of content packs (files in `content_packs_dir`) that should be applied on the first start of Graylog.
`content_packs_dir`	`data/contentpacks`		The directory that contains content packs that should be loaded on the first start of Graylog
`content_packs_loader_enabled`	`false`		Determines whether content packs in `content_packs_dir` load automatically on the first start of Graylog.
`data_dir`	`/var/lib/graylog-server`		This directory is used to store Graylog server state (relative or absolute).
`ignore_migration_failures`	`false`	`false`	Ignores any exceptions encountered when running migrations. Use with caution! Skipping failing migrations can result in an inconsistent database state.
`is_leader`	`true`		If you are running more than one instance of Graylog server, you have to select only one graylog-server node as the leader. This node performs periodic maintenance actions that replica nodes do not perform. For replica nodes, set this value to `false`. Replica nodes accept messages the same as leader nodes. Nodes fall back to replica mode if there is already a leader in the cluster.
`node_id_file`	`/etc/graylog/server/node-id`		The auto-generated node ID is stored in this file and read after restarts. It is recommended to use an absolute file path here if you are starting Graylog from init scripts or similar.
`password_secret`	None		You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using, for example: `pwgen -N 1 -s 96`.
	Warning: The `password_secret` value must be the same on all Graylog and Data Node nodes in the cluster. Changing this value after installation renders all user sessions and encrypted values in the database invalid (e.g., encrypted access tokens).
`plugin_dir`	`/usr/share/graylog-server/plugin`		Set plugin directory here (relative or absolute).
`root_email`	None	empty	The email address of the root user.
`root_password_sha2`	None		You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend). This password cannot be changed using the API or via the web interface. If you need to change it, modify it in this file. Create one by using, for example: `echo -n yourpassword \| shasum -a 256`.
`root_timezone`	`UTC`	`UTC`	The time zone setting of the root user. See this list of valid time zones.
`root_username`	`admin`		The default root user is named `admin`.
`skip_preflight_checks`	`0`		Do not perform any preflight checks when starting the Data Node.

Email Properties

These properties configure email notification delivery settings.

Parameter	Default Value	Recommended Value
`transport_email_auth_password`	`secret`
`transport_email_auth_username`	`you@example.com`	Empty
`transport_email_enabled`	`false`
`transport_email_from_email`	`graylog@example.com`	Empty
`transport_email_hostname`	`mail.example.com`	Empty
`transport_email_port`	`587`
`transport_email_socket_connection_timeout`	`10s`
`transport_email_socket_timeout`	`10s`
`transport_email_use_auth`	`true`	`true`
`transport_email_use_ssl`	`false`
`transport_email_use_tls`	`true`
`transport_email_web_interface_url`	`https://graylog.example.com`

Journal Properties

These properties control the location, size, and performance of the on-disk journal, which contains all messages until they are written in the search backend.

Parameter	Default Value	Description
`message_journal_dir`	`<data_dir>/journal`	The directory that is used to store the message journal. The directory must be exclusively used by Graylog and must not contain any files other than the ones created by Graylog itself.
`message_journal_enabled`	`true`	Enables the disk-based message journal.
`message_journal_flush_age`	`1m`	Sets a time interval at which Graylog forces an `fsync` of data written to the log. For example, if you set this value to 1000, Graylog would `fsync` after 1000 ms had passed.
`message_journal_flush_interval`	`1000000`	Specifyies a message count at which Graylog forces an `fsync` of data written to the log. For example, if you set this value to 1, Graylog would `fsync` after every message; if it were 5, Graylog would `fsync` after every 5 messages.
`message_journal_max_age`	`12h`	The maximum time the journal holds messages before they are written to the search backend. Works with message_journal_max_size so that message writes are triggered by whichever property is hit first.
`message_journal_max_size`	`5gb`	The maximum size the journal grows to before messages can be written to the search backend. Works with `message_journal_max_age` so that message writes are triggered by whichever property is hit first.
`message_journal_segment_age`	`1h`	Controls the period of time after which Graylog forces the log to roll even if the segment file isn’t full to ensure that retention can delete or compact old data.
`message_journal_segment_size`	`100mb`	Sets the size of the journal segment.
	Warning: If the journal is full and keeps receiving messages, it starts dropping messages as a FIFO queue: The first dropped message will be the first inserted and so on (and not some random order).

Networking Properties

These properties relate to communication between Graylog nodes as well as between Graylog and external environments.

Parameter	Default Value	Recommended Value	Description
`enabled_tls_protocols`	`TLSv1.2,TLSv1.3`		Configures system-wide enabled TLS protocols. Only configure this if you need to support legacy systems. We maintain a secure default (currently TLS 1.2 and TLS 1.3).
	Hint: The web interface cannot support TLS 1.3 with JDK 8.
`http_bind_address`	`127.0.0.1:9000`		Sets the network interface used by the Graylog HTTP interface. This address and port is used by default in the `http_publish_uri`. This network interface must be accessible by all Graylog nodes in the cluster and by all clients using the Graylog web interface. If the port is omitted, Graylog uses port 9000 by default.
`http_connect_timeout`	`5s`		The default connect timeout for outgoing HTTP connections. Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
`http_enable_cors`	`false`	`false`	Enables CORS headers for the HTTP interface. This setting is necessary for JavaScrip clients accessing the server directly. If this is disabled, modern browsers will not be able to retrieve resources from the server.
`http_enable_gzip`	`true`		Compresses API responses and therefore helps to reduce overall round trip times.
`http_enable_tls`	`false`		Secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping. Note that additional configuration is required.
`http_external_uri`	`$http_publish_uri`		Sets the public URI of Graylog, which is used by the Graylog web interface to communicate with the Graylog REST API. The external Graylog URI usually has to be specified if Graylog is running behind a reverse proxy or load-balancer and it will be used to generate URLs addressing entities in the Graylog REST API (see `http_bind_address`).
`http_max_header_size`	`8192`		The maximum size of the HTTP request headers in bytes.
`http_non_proxy_hosts`	None		A list of hosts that should be reached directly, bypassing the configured proxy server. This value is a list of patterns separated by commas (,). The patterns can start or end with an asterisk (*) for wildcards. Any host matching one of these patterns will be reached through a direct connection instead of through a proxy.
`http_proxy_uri`	None		Sets an HTTP proxy for outgoing HTTP connections.
	Warning: If you configure a proxy, make sure to also configure the `http_non_proxy_hosts` option so internal HTTP connections with other nodes do not go through the proxy.
`http_publish_uri`	`http://$http_bind_address/`		Sets the HTTP URI of this Graylog node, which is used to communicate with the other Graylog nodes in the cluster and by all clients using the Graylog web interface. The URI is published in the cluster discovery APIs so that other Graylog nodes are able to find and connect to this Graylog node. This setting has to be used if this Graylog node is available on a network interface other than `http_bind_address`, for example if the machine has multiple network interfaces or is behind a NAT gateway. This setting must not be configured to a wildcard address! If `http_bind_address` contains a wildcard IPv4 address (`0.0.0.0`), `http_publish_uri` will be filled with the first non-loopback IPv4 address of this machine instead.
`http_read_timeout`	`10s`		The default read timeout for outgoing HTTP connections. Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
`http_thread_pool_size`	`64`		The size of the thread pool used exclusively for serving the HTTP interface.
`http_tls_cert_file`			The X.509 certificate chain file in PEM format to use for securing the HTTP interface.
`http_tls_key_file`			The PKCS#8 private key file in PEM format to use for securing the HTTP interface.
`http_tls_key_password`			The password to unlock the private key used for securing the HTTP interface (if key is encrypted).
`http_write_timeout`	`10s`		The default write timeout for outgoing HTTP connections. Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
`lb_recognition_period_seconds`	`3`		How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual shutdown process. Set this value to 0 if you have no status checking load balancers in front.
`lb_throttle_threshold_percentage`	`disabled`		Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is disabled if not set.
`ldap_connection_timeout`	`2000`		Connection timeout for a configured LDAP server (e. g., Active Directory) in milliseconds.
`trusted_proxies`	`127.0.0.1/32, 0:0:0:0:0:0:0:1/128`		Comma-separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For header. Can be subnets or hosts.

Performance Tuning Properties

These properties allow you to affect the performance of your Graylog installation.

Parameter	Default Value	Description
`async_eventbus_processors`	`2`	Number of threads used exclusively for dispatching internal events.
`auto_restart_inputs`	`false`	Enable to auto-restart manually stopped inputs.
`inputbuffer_processors`	`2`	The number of parallel running processors. Raise the number if your input buffer is filling up.
`inputbuffer_ring_size`	`65536`
`inputbuffer_wait_strategy`	`blocking`
`job_scheduler_concurrency_limits`	no limits	Optional limits on scheduling concurrency by job type. No more than the specified number of worker threads can execute jobs of the specified type across the entire cluster.
`output_batch_size`	`500`	Batch size for the search backend output. This value is the maximum number of messages the search backend output module gets at once and writes to the search backend in a batch call. Alternatively, you can set the value to maximum size by including a size designation with the number, such as 10mb. If the configured batch size has not been reached within the number of seconds set in `output_flush_interval`, everything that is available is flushed at once. Remember that every output buffer processor manages its own batch and performs its own batch write calls (see `outputbuffer_processors`).
`output_fault_count_threshold`	`5`	Defines how many faults an output can have before not being tried again for a number of seconds set in `output_fault_penalty_seconds`.
`output_fault_penalty_seconds`	`30`	Sets the delay in seconds to wait before retrying a failing output that has hit the `output_fault_count_threshold`.
`output_flush_interval`	`1`	Flushes interval (in seconds) for the search backend output. This value is the maximum amount of time between two batches of messages written to the search backend. It is effective only if your minimum number of messages for this time period is less than `output_batch_size` * `outputbuffer_processors`.
`outputbuffer_processor_threads_core_pool_size`	`3`	Sets the size of the thread pool in the output buffer processor.
`outputbuffer_processors`	Dynamically calculated	The number of parallel running processors. By default, this value is determined automatically based on the number of CPU cores available. Set this value explicitly to override the dynamically calculated value. Raise the number if your buffers are filling up.
`processbuffer_processors`	Dynamically calculated	The number of parallel running processors. By default, this value is determined automatically based on the number of CPU cores available. Set this value explicitly to override the dynamically calculated value. Raise the number if your buffers are filling up.
`processor_wait_strategy`	`sleeping`	Wait strategy describing how buffer processors wait on a cursor sequence. Possible types: `yielding`: Compromise between performance and CPU usage. `sleeping`: Compromise between performance and CPU usage. Latency spikes can occur after quiet periods. `blocking`: High throughput, low latency, higher CPU usage. `busy_spinning`: Avoids syscalls, which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
`ring_size`	`65536`	Size of internal ring buffers. Raise this value if raising `outputbuffer_processors` does not help. For optimum performance, your `LogMessage` objects in the ring buffer should fit in your CPU L3 cache. Must be set to a power of 2 (512, 1024, 2048, …).
`udp_recvbuffer_sizes`	`1048576`	UDP receive buffer size for all message inputs (for example, `SyslogUDPInput`).

Performance Monitoring and Logging Properties

These properties control configuration of metrics and logging that Graylog performs.

Parameter	Default Value	Description
`prometheus_exporter_bind_address`	`127.0.0.1:9833`	IP address and port for the Prometheus exporter HTTP server.
`prometheus_exporter_enabled`	`false`	Enables the Prometheus exporter HTTP server.
`prometheus_exporter_mapping_file_path_core`	None	Path to the Prometheus exporter core mapping file. If this option is enabled, the full built-in core mapping is replaced with the mappings in this file. This file is monitored for changes, and updates are applied at runtime.
`prometheus_exporter_mapping_file_path_custom`	None	Path to the Prometheus exporter custom mapping file. If this option is enabled, the mappings in this file are configured in addition to the built-in core mappings. Mappings in this file cannot overwrite any core mappings. This file is monitored for changes, and updates are applied at runtime.
`prometheus_exporter_mapping_file_refresh_interval`	`60s`	Configures the refresh interval for the monitored Prometheus exporter mapping files.

Search Backend Configuration Properties

These properties affect how the backend search service is configured, such as where data is stored and node roles.

Hint: Although many of the following configuration properties include the syntax elasticsearch as a naming convention, the properties apply to any search backend.

Parameter	Default Value	Recommended Value	Description
`datanode_startup_connection_attempts`	`0`		Maximum number of attempts to connect to Data Node on boot. With the default, `0`, Graylog retries indefinitely with the given delay until a connection is established.
`datanode_startup_connection_delay`	`5s`		Sets the wait time between connection attempts for `datanode_startup_connection_attempts`.
`default_events_index_prefix`	`gl-events`		The default index prefix for Graylog events.
`default_system_events_index_prefix`	`gl-system-events`		The default index prefix for Graylog system events.
`disable_index_optimization`	`false`		Disables the optimization of search backend indices after index cycling. This process can take some load from the search backend on heavily used systems with large indices, but it will decrease search performance. The default is to optimize cycled indices.
`disabled_retention_strategies`	`delete`		This configuration list limits the retention strategies available for user configuration via the UI. The following strategies can be disabled: `delete`: Deletes the index completely (Default) `close`: Closes the index and hides it from the system. Can be re-opened later. `none`: No operation is performed. The index stays open. (Not recommended!) Note that at least one strategy must be enabled. Be careful when extending this list on existing installations!
`elasticsearch_analyzer`	`standard`	`standard`	Analyzer (tokenizer) to use for `message` and `full_message` fields. The standard filter is usually best. All supported analyzers are: `standard`, `simple`, `whitespace`, `stop`, `keyword`, `pattern`, `language`, `snowball`, `custom`. Note that this setting takes effect only on newly created indices.
`elasticsearch_compression_enabled`	`false`		Enables payload compression for search backend requests.
`elasticsearch_connect_timeout`	`10s`		Maximum amount of time to wait for successful connection to the search backend HTTP port.
`elasticsearch_disable_version_check`	`false`		Disables checking the version of the search backend for compatibility with this Graylog release.
`elasticsearch_discovery_default_scheme`	`http`		Sets the default scheme when connecting to the search backend discovered nodes. Available options: `http`, `https`
`elasticsearch_discovery_enabled`	`false`		Enables automatic search backend node discovery through Nodes Info.
`elasticsearch_discovery_filter`	Empty		Filter for including or excluding search backend nodes in discovery according to their custom attributes.
`elasticsearch_discovery_frequency`	`30s`		Frequency of the search backend node discovery.
`elasticsearch_hosts`	`http://127.0.0.1:9200`		List of search backend hosts Graylog should connect to, specified as a comma-separated list of valid URIs for the HTTP ports of your search backend nodes. If one or more of your search backend hosts require authentication, include the credentials in each node URI that requires authentication.
`elasticsearch_idle_timeout`	`inf` (infinity)		Maximum idle time for a search backend connection. If this value is exceeded, the connection is torn down.
`elasticsearch_index_optimization_jobs`	`10`		Maximum number of concurrently running index optimization (force merge) jobs. If you use many different index sets, you might need to increase this number.
`elasticsearch_index_optimization_timeout`	`1h`		Global timeout for index optimization (force merge) requests.
`elasticsearch_index_prefix`	`graylog`		The prefix for the default Graylog index set.
`elasticsearch_max_docs_per_index`	20000000		Approximate maximum number of documents in a search backend index before a new index is created. Configure this value if you set `rotation_strategy` to `count`. See also `no_retention` and `elasticsearch_max_number_of_indices`.
`elasticsearch_max_number_of_indices`	`20`		Sets the number of indices to keep.
`elasticsearch_max_retries`	`2`		Maximum number of times Graylog retries failed requests to the search backend.
`elasticsearch_max_size_per_index`	`30GB`		Approximate maximum size in bytes per search backend index on disk before a new index is created. Configure this value if you set `rotation_strategy` to `size`. See also `no_retention` and `elasticsearch_max_number_of_indices`.
`elasticsearch_max_time_per_index`	`1d`		Approximate maximum time before a new search backend index is created. Configure this value if you set `rotation_strategy` to `time`. Note that this rotation period does not look at the time specified in the received messages, but uses the real clock value to decide when to rotate the index! Specify the time using a duration and a suffix indicating which unit you want: `1w` = 1 week `1d` = 1 day `12h` = 12 hours Permitted suffixes are: `d` for day, `h` for hour, `m` for minute, `s` for second. See also `no_retention` and `elasticsearch_max_number_of_indices`.
`elasticsearch_max_total_connections`	`1d`		Maximum number of total connections to the search backend.
`elasticsearch_max_total_connections_per_route`	`20`		Maximum number of total connections per search backend route (typically this means per search backend server).
`elasticsearch_max_write_index_age`	`1d`		Optional upper bound on `elasticsearch_max_time_per_index`.
`elasticsearch_mute_deprecation_warnings`	`true`		Mutes the logging-output of search backend deprecation warnings during REST calls in the search backend REST client.
`elasticsearch_replicas`	`0`		The number of replicas for your indices. A good setting here highly depends on the number of nodes in your search backend cluster.
`elasticsearch_rotate_empty_index_set`	`false`		Controls whether empty indices are rotated. Applies only if `rotation_strategy` is set to `time`.
`elasticsearch_shards`	`1`		The number of shards for your indices. A good setting here highly depends on the number of nodes in your search backend cluster.
`elasticsearch_socket_timeout`	`60s`		Maximum amount of time to wait for reading back a response from a search backend server.
`elasticsearch_template_name`	`graylog-internal`		Name of the search backend index template used by Graylog to apply the mandatory index mapping.
`elasticsearch_use_expect_continue`	`true`		Enables use of `Expect: 100-continue` header for search backend index requests. If this setting is disabled, Graylog cannot properly handle HTTP 413 Request Entity Too Large errors.
`elasticsearch_version_probe_attempts`	`0`		Maximum number of attempts to connect to the search backend on boot for the version probe.
`elasticsearch_version_probe_delay`	`5s`		Sets the wait time between connection attempts for `elasticsearch_version_probe_attempts`.
`enabled_index_rotation_strategies = count,size,time,time-size-optimizing`	`count,size,time,time-size-optimizing`		Sets which rotation options are available through the UI. The options available to set are: `time-size-optimizing`: Tries to rotate daily while focussing on optimal sized shards. Configure the global default values with `time_size_optimizing_retention_min_lifetime` and `time_size_optimizing_retention_max_lifetime`. `count`: Number of messages per index. Use `elasticsearch_max_docs_per_index` to set the number. `size`: Size per index. Use `elasticsearch_max_size_per_index` to set the size. `time`: Time interval between index rotations. Use `elasticsearch_max_time_per_index` to set the time. A strategy can be disabled by specifying the optional `enabled_index_rotation_strategies` list and excluding that strategy.
`index_field_type_periodical_full_refresh_interval`	`5m`		Time interval to trigger a full refresh of the index field types for all indexes. This option queries the search backend for all indexes and populate any missing field type information to the database.
`index_optimization_max_num_segments`	`1`		Optimize the index down to <= `index_optimization_max_num_segments`. A higher number can take some load from the search backend on heavily used systems with large indices, but it will decrease search performance.
`index_ranges_cleanup_interval`	`1h`		Time interval for index range information cleanups. This setting defines how often stale index range information is purged from the database.
`max_index_retention_period`	None		Provides a hard upper limit for the retention period of any index set at configuration time. This setting is used to validate the value a user chooses for the maximum number of retained indexes when configuring an index set. However, it is only in effect when a time-based rotation strategy is chosen. If a rotation strategy other than time-based is selected or if no value is provided for this setting, no upper limit for index retention is enforced.
`no_retention`	`false`	`false`	Disables message retention on this node—that is, disables the search backend index rotation.
`retention_strategy`	`delete`	`delete`	Determines what happens with the oldest indices when the maximum number of indices is reached. The following strategies are available: delete: Deletes the index completely (Default) close: Closes the index and hides it from the system. Can be re-opened later.
`rotation_strategy`	`time-size-optimizing`	`time-size-optimizing`	The default index rotation strategy to use. For details, see Index Time Size Optimizing.

User Experience Properties

These properties affect the user experience in the Graylog web interface.

Parameter	Default Value	Recommended Value	Description
`allow_highlighting`	`false`		Allows searches to be highlighted. Depending on message sizes, this setting can use a lot of memory and should be enabled only after making sure your search backend cluster has enough memory.
`allow_leading_wildcard_searches`	`false`		Allows searches to begin with wildcard characters. Such searches can use a lot of resources and should only be enabled with care.
`content_stream_refresh_interval`	`7d`	`7d`	Sets how often the Welcome screen content feed checks for new posts. See `content_stream_rss_url`.
`content_stream_rss_url`	`https://www.graylog.` `org/post`	`https://www.gray` `log.org/post`	URL for the content feed that appears on the Welcome screen.
`dashboard_widget_default_cache_time`	`10s`		The default cache time for dashboard widgets. The minimum setting is 1 second.
`event_definition_max_event_limit`	`1000`		Maximum value that can be set for an event limit.
`field_value_suggestion_mode`	`on`		Sets field value suggestion mode. The possible values are: `off`: Field value suggestions are turned off. `textual_only`: Field values are suggested only for textual fields. `on`: Field values are suggested for all field types, even the types where suggestions are inefficient performance-wise (Default).
`stream_aware_field_types`	`false`		Enables Graylog to periodically investigate indices to determine which fields are used in which streams. Therefore, field lists in the Graylog interface show only fields used in selected streams. This option can decrease system performance, especially on systems with a large number of streams and fields.
`system_event_excluded_types`	`SIDECAR_STATUS_UNKNOWN`		Comma-separated list of notification types that should not lead to a system event.

Miscellaneous Properties

These properties affect Graylog elements not directly relevant to other categories.

Parameter	Default Value	Description
`allowed_auxiliary_paths`	None	Optional allowed paths for Graylog data files. If provided, certain operations in Graylog are permitted only if the data file(s) are located in the specified paths (for example, with the CSV File lookup adapter). All sub-directories of indicated paths are allowed by default. This option provides an additional layer of security and allows administrators to control where in the file system Graylog users can select files from.
`disable_native_system_stats_collector`	`false`	Disable the use of OSHI for collecting system stats.
`output_module_timeout`	`10000`	Time in milliseconds to wait for all message outputs to finish writing a single message.
`processing_status_journal_write_rate_threshold`	`1`	Time in milliseconds to wait for all message outputs to finish writing a single message.
`processing_status_persist_interval`	`1s`	Controls how often processing status information is written to the database. Values must be a positive duration and cannot be less than 1 second.
`processing_status_update_threshold`	`1m`	Configures the threshold for detecting outdated processing status records. Any records that have not been updated in the configured threshold time are ignored. Values must be a positive duration and cannot be less than 1 second.
`proxied_requests_default_call_timeout`	`5s`	The default HTTP call timeout for cluster-related REST requests. This timeout might be overriden for some resources in code or other configuration values. (Some cluster metrics resources use a lower timeout value.)
`proxied_requests_thread_pool_size`	`64`	For some cluster-related REST requests, the node must query all other nodes in the cluster. This value is the maximum number of threads available for this process. Increase the value if `/cluster/` requests take too long to complete. The value should be `http_thread_pool_size` `average_cluster_size` if you have a high number of concurrent users.
`shutdown_timeout`	`30000`	How many milliseconds should the Data Node wait for termination of all tasks during the shutdown.
`stale_leader_timeout`	`2000`	Time in milliseconds after which a detected stale leader node is rechecked on startup.
`stream_processing_max_faults`	`3`	Sets the maximum number of times a stream can timeout before it is disable and a notification shown in the web interface. See also `stream_processing_timeout`.
`stream_processing_timeout`	`2000`	Sets the maximum execution time for stream rules, in milliseconds, before throwing a fault. See also `stream_processing_max_faults`.