"Fossies" - the Fresh Open Source Software Archive

Member "graylog-2.2.2/graylog.conf.example" (2 Mar 2017, 27269 Bytes) of archive /linux/misc/graylog-2.2.2.tgz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "graylog.conf.example": 2.1.3_vs_2.2.0.

    1 ############################
    2 # GRAYLOG CONFIGURATION FILE
    3 ############################
    4 #
    5 # This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
    6 # Characters that cannot be directly represented in this encoding can be written using Unicode escapes
    7 # as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.
    8 # For example, \u002c.
    9 # 
   10 # * Entries are generally expected to be a single line of the form, one of the following:
   11 #
   12 # propertyName=propertyValue
   13 # propertyName:propertyValue
   14 #
   15 # * White space that appears between the property name and property value is ignored,
   16 #   so the following are equivalent:
   17 # 
   18 # name=Stephen
   19 # name = Stephen
   20 #
   21 # * White space at the beginning of the line is also ignored.
   22 #
   23 # * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
   24 #
   25 # * The property value is generally terminated by the end of the line. White space following the
   26 #   property value is not ignored, and is treated as part of the property value.
   27 #
   28 # * A property value can span several lines if each line is terminated by a backslash (‘\’) character.
   29 #   For example:
   30 #
   31 # targetCities=\
   32 #         Detroit,\
   33 #         Chicago,\
   34 #         Los Angeles
   35 #
   36 #   This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).
   37 # 
   38 # * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.
   39 # 
   40 # * The backslash character must be escaped as a double backslash. For example:
   41 # 
   42 # path=c:\\docs\\doc1
   43 #
   44 
   45 # If you are running more than one instances of Graylog server you have to select one of these
   46 # instances as master. The master will perform some periodical tasks that non-masters won't perform.
   47 is_master = true
   48 
   49 # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
   50 # to use an absolute file path here if you are starting Graylog server from init scripts or similar.
   51 node_id_file = /etc/graylog/server/node-id
   52 
   53 # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
   54 # Generate one by using for example: pwgen -N 1 -s 96
   55 password_secret =
   56 
   57 # The default root user is named 'admin'
   58 #root_username = admin
   59 
   60 # You MUST specify a hash password for the root user (which you only need to initially set up the
   61 # system and in case you lose connectivity to your authentication backend)
   62 # This password cannot be changed using the API or via the web interface. If you need to change it,
   63 # modify it in this file.
   64 # Create one by using for example: echo -n yourpassword | shasum -a 256
   65 # and put the resulting hash value into the following line
   66 root_password_sha2 =
   67 
   68 # The email address of the root user.
   69 # Default is empty
   70 #root_email = ""
   71 
   72 # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
   73 # Default is UTC
   74 #root_timezone = UTC
   75 
   76 # Set plugin directory here (relative or absolute)
   77 plugin_dir = plugin
   78 
   79 # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
   80 # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
   81 rest_listen_uri = http://127.0.0.1:9000/api/
   82 
   83 # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
   84 # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
   85 # If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on
   86 # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
   87 # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
   88 # the scheme, host name or URI.
   89 # This must not contain a wildcard address (0.0.0.0).
   90 #rest_transport_uri = http://192.168.1.1:9000/api/
   91 
   92 # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.
   93 # If these are disabled, modern browsers will not be able to retrieve resources from the server.
   94 # This is enabled by default. Uncomment the next line to disable it.
   95 #rest_enable_cors = false
   96 
   97 # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce
   98 # overall round trip times. This is enabled by default. Uncomment the next line to disable it.
   99 #rest_enable_gzip = false
  100 
  101 # Enable HTTPS support for the REST API. This secures the communication with the REST API with
  102 # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
  103 # next line to enable it.
  104 #rest_enable_tls = true
  105 
  106 # The X.509 certificate chain file in PEM format to use for securing the REST API.
  107 #rest_tls_cert_file = /path/to/graylog.crt
  108 
  109 # The PKCS#8 private key file in PEM format to use for securing the REST API.
  110 #rest_tls_key_file = /path/to/graylog.key
  111 
  112 # The password to unlock the private key used for securing the REST API.
  113 #rest_tls_key_password = secret
  114 
  115 # The maximum size of the HTTP request headers in bytes.
  116 #rest_max_header_size = 8192
  117 
  118 # The maximal length of the initial HTTP/1.1 line in bytes.
  119 #rest_max_initial_line_length = 4096
  120 
  121 # The size of the thread pool used exclusively for serving the REST API.
  122 #rest_thread_pool_size = 16
  123 
  124 # Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For
  125 # header. May be subnets, or hosts.
  126 #trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
  127 
  128 # Enable the embedded Graylog web interface.
  129 # Default: true
  130 #web_enable = false
  131 
  132 # Web interface listen URI.
  133 # Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement
  134 # for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface.
  135 #web_listen_uri = http://127.0.0.1:9000/
  136 
  137 # Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header.
  138 # Default: $rest_transport_uri
  139 #web_endpoint_uri =
  140 
  141 # Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly.
  142 # If these are disabled, modern browsers will not be able to retrieve resources from the server.
  143 #web_enable_cors = false
  144 
  145 # Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce
  146 # overall round trip times. This is enabled by default. Uncomment the next line to disable it.
  147 #web_enable_gzip = false
  148 
  149 # Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface
  150 # using TLS to prevent request forgery and eavesdropping.
  151 # This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.
  152 #web_enable_tls = true
  153 
  154 # The X.509 certificate chain file in PEM format to use for securing the web interface.
  155 #web_tls_cert_file = /path/to/graylog-web.crt
  156 
  157 # The PKCS#8 private key file in PEM format to use for securing the web interface.
  158 #web_tls_key_file = /path/to/graylog-web.key
  159 
  160 # The password to unlock the private key used for securing the web interface.
  161 #web_tls_key_password = secret
  162 
  163 # The maximum size of the HTTP request headers in bytes.
  164 #web_max_header_size = 8192
  165 
  166 # The maximal length of the initial HTTP/1.1 line in bytes.
  167 #web_max_initial_line_length = 4096
  168 
  169 # The size of the thread pool used exclusively for serving the web interface.
  170 #web_thread_pool_size = 16
  171 
  172 # Configuration file for the embedded Elasticsearch instance in Graylog.
  173 # Pay attention to the working directory of the server, maybe use an absolute path here.
  174 # Default: empty
  175 #elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml
  176 
  177 # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
  178 # when to rotate the currently active write index.
  179 # It supports multiple rotation strategies:
  180 #   - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
  181 #   - "size" per index, use elasticsearch_max_size_per_index below to configure
  182 # valid values are "count", "size" and "time", default is "count"
  183 #
  184 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
  185 #            to your previous 1.x settings so they will be migrated to the database!
  186 rotation_strategy = count
  187 
  188 # (Approximate) maximum number of documents in an Elasticsearch index before a new index
  189 # is being created, also see no_retention and elasticsearch_max_number_of_indices.
  190 # Configure this if you used 'rotation_strategy = count' above.
  191 #
  192 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
  193 #            to your previous 1.x settings so they will be migrated to the database!
  194 elasticsearch_max_docs_per_index = 20000000
  195 
  196 # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
  197 # no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
  198 # Configure this if you used 'rotation_strategy = size' above.
  199 #
  200 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
  201 #            to your previous 1.x settings so they will be migrated to the database!
  202 #elasticsearch_max_size_per_index = 1073741824
  203 
  204 # (Approximate) maximum time before a new Elasticsearch index is being created, also see
  205 # no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
  206 # Configure this if you used 'rotation_strategy = time' above.
  207 # Please note that this rotation period does not look at the time specified in the received messages, but is
  208 # using the real clock value to decide when to rotate the index!
  209 # Specify the time using a duration and a suffix indicating which unit you want:
  210 #  1w  = 1 week
  211 #  1d  = 1 day
  212 #  12h = 12 hours
  213 # Permitted suffixes are: d for day, h for hour, m for minute, s for second.
  214 #
  215 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
  216 #            to your previous 1.x settings so they will be migrated to the database!
  217 #elasticsearch_max_time_per_index = 1d
  218 
  219 # Disable checking the version of Elasticsearch for being compatible with this Graylog release.
  220 # WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
  221 #elasticsearch_disable_version_check = true
  222 
  223 # Disable message retention on this node, i. e. disable Elasticsearch index rotation.
  224 #no_retention = false
  225 
  226 # How many indices do you want to keep?
  227 #
  228 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
  229 #            to your previous 1.x settings so they will be migrated to the database!
  230 elasticsearch_max_number_of_indices = 20
  231 
  232 # Decide what happens with the oldest indices when the maximum number of indices is reached.
  233 # The following strategies are availble:
  234 #   - delete # Deletes the index completely (Default)
  235 #   - close # Closes the index and hides it from the system. Can be re-opened later.
  236 #
  237 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
  238 #            to your previous 1.x settings so they will be migrated to the database!
  239 retention_strategy = delete
  240 
  241 # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
  242 # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
  243 #            to your previous settings so they will be migrated to the database!
  244 elasticsearch_shards = 4
  245 elasticsearch_replicas = 0
  246 
  247 # Prefix for all Elasticsearch indices and index aliases managed by Graylog.
  248 #
  249 # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
  250 #            to your previous settings so they will be migrated to the database!
  251 elasticsearch_index_prefix = graylog
  252 
  253 # Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.
  254 # Default: graylog-internal
  255 #
  256 # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
  257 #            to your previous settings so they will be migrated to the database!
  258 #elasticsearch_template_name = graylog-internal
  259 
  260 # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
  261 # be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html
  262 allow_leading_wildcard_searches = false
  263 
  264 # Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
  265 # should only be enabled after making sure your Elasticsearch cluster has enough memory.
  266 allow_highlighting = false
  267 
  268 # settings to be passed to elasticsearch's client (overriding those in the provided elasticsearch_config_file)
  269 # all these
  270 # this must be the same as for your Elasticsearch cluster
  271 #elasticsearch_cluster_name = graylog
  272 
  273 # The prefix being used to generate the Elasticsearch node name which makes it easier to identify the specific Graylog
  274 # server running the embedded Elasticsearch instance. The node name will be constructed by concatenating this prefix
  275 # and the Graylog node ID (see node_id_file), for example "graylog-17052010-1234-5678-abcd-1337cafebabe".
  276 # Default: graylog-
  277 #elasticsearch_node_name_prefix = graylog-
  278 
  279 # A comma-separated list of Elasticsearch nodes which Graylog is using to connect to the Elasticsearch cluster,
  280 # see https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-discovery-zen.html for details.
  281 # Default: 127.0.0.1
  282 #elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
  283 
  284 # Use multiple Elasticsearch nodes as seed
  285 #elasticsearch_discovery_zen_ping_unicast_hosts = 198.51.100.23:9300, 198.51.100.42:9300
  286 
  287 # we don't want the Graylog server to store any data, or be master node
  288 #elasticsearch_node_master = false
  289 #elasticsearch_node_data = false
  290 
  291 # use a different port if you run multiple Elasticsearch nodes on one machine
  292 #elasticsearch_transport_tcp_port = 9350
  293 
  294 # we don't need to run the embedded HTTP server here
  295 #elasticsearch_http_enabled = false
  296 
  297 # Change the following setting if you are running into problems with timeouts during Elasticsearch cluster discovery.
  298 # The setting is specified in milliseconds, the default is 5000ms (5 seconds).
  299 #elasticsearch_cluster_discovery_timeout = 5000
  300 
  301 # the following settings allow to change the bind addresses for the Elasticsearch client in Graylog
  302 # these settings are empty by default, letting Elasticsearch choose automatically,
  303 # override them here or in the 'elasticsearch_config_file' if you need to bind to a special address
  304 # refer to https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html
  305 # for special values here
  306 #elasticsearch_network_host =
  307 #elasticsearch_network_bind_host =
  308 #elasticsearch_network_publish_host =
  309 
  310 # The total amount of time discovery will look for other Elasticsearch nodes in the cluster
  311 # before giving up and declaring the current node master.
  312 #elasticsearch_discovery_initial_state_timeout = 3s
  313 
  314 # Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
  315 # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
  316 # Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html
  317 # Note that this setting only takes effect on newly created indices.
  318 #
  319 # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
  320 #            to your previous settings so they will be migrated to the database!
  321 elasticsearch_analyzer = standard
  322 
  323 # Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
  324 # calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
  325 # Default: 1m
  326 #elasticsearch_request_timeout = 1m
  327 
  328 # Global timeout for index optimization (force merge) requests.
  329 # Default: 1h
  330 #elasticsearch_index_optimization_timeout = 1h
  331 
  332 # Maximum number of concurrently running index optimization (force merge) jobs.
  333 # If you are using lots of different index sets, you might want to increase that number.
  334 # Default: 20
  335 #elasticsearch_index_optimization_jobs = 20
  336 
  337 # Time interval for index range information cleanups. This setting defines how often stale index range information
  338 # is being purged from the database.
  339 # Default: 1h
  340 #index_ranges_cleanup_interval = 1h
  341 
  342 # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
  343 # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
  344 # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
  345 # that every outputbuffer processor manages its own batch and performs its own batch write calls.
  346 # ("outputbuffer_processors" variable)
  347 output_batch_size = 500
  348 
  349 # Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
  350 # batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
  351 # for this time period is less than output_batch_size * outputbuffer_processors.
  352 output_flush_interval = 1
  353 
  354 # As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
  355 # over again. To prevent this, the following configuration options define after how many faults an output will
  356 # not be tried again for an also configurable amount of seconds.
  357 output_fault_count_threshold = 5
  358 output_fault_penalty_seconds = 30
  359 
  360 # The number of parallel running processors.
  361 # Raise this number if your buffers are filling up.
  362 processbuffer_processors = 5
  363 outputbuffer_processors = 3
  364 
  365 #outputbuffer_processor_keep_alive_time = 5000
  366 #outputbuffer_processor_threads_core_pool_size = 3
  367 #outputbuffer_processor_threads_max_pool_size = 30
  368 
  369 # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
  370 #udp_recvbuffer_sizes = 1048576
  371 
  372 # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
  373 # Possible types:
  374 #  - yielding
  375 #     Compromise between performance and CPU usage.
  376 #  - sleeping
  377 #     Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
  378 #  - blocking
  379 #     High throughput, low latency, higher CPU usage.
  380 #  - busy_spinning
  381 #     Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
  382 processor_wait_strategy = blocking
  383 
  384 # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
  385 # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
  386 # Must be a power of 2. (512, 1024, 2048, ...)
  387 ring_size = 65536
  388 
  389 inputbuffer_ring_size = 65536
  390 inputbuffer_processors = 2
  391 inputbuffer_wait_strategy = blocking
  392 
  393 # Enable the disk based message journal.
  394 message_journal_enabled = true
  395 
  396 # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
  397 # must not contain any other files than the ones created by Graylog itself.
  398 #
  399 # ATTENTION:
  400 #   If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found'
  401 #   in the root directory, you need to create a sub directory for your journal.
  402 #   Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start.
  403 message_journal_dir = data/journal
  404 
  405 # Journal hold messages before they could be written to Elasticsearch.
  406 # For a maximum of 12 hours or 5 GB whichever happens first.
  407 # During normal operation the journal will be smaller.
  408 #message_journal_max_age = 12h
  409 #message_journal_max_size = 5gb
  410 
  411 #message_journal_flush_age = 1m
  412 #message_journal_flush_interval = 1000000
  413 #message_journal_segment_age = 1h
  414 #message_journal_segment_size = 100mb
  415 
  416 # Number of threads used exclusively for dispatching internal events. Default is 2.
  417 #async_eventbus_processors = 2
  418 
  419 # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
  420 # shutdown process. Set to 0 if you have no status checking load balancers in front.
  421 lb_recognition_period_seconds = 3
  422 
  423 # Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is
  424 # disabled if not set.
  425 #lb_throttle_threshold_percentage = 95
  426 
  427 # Every message is matched against the configured streams and it can happen that a stream contains rules which
  428 # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
  429 # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
  430 # streams, Graylog limits the execution time for each stream.
  431 # The default values are noted below, the timeout is in milliseconds.
  432 # If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
  433 # that stream is disabled and a notification is shown in the web interface.
  434 #stream_processing_timeout = 2000
  435 #stream_processing_max_faults = 3
  436 
  437 # Length of the interval in seconds in which the alert conditions for all streams should be checked
  438 # and alarms are being sent.
  439 #alert_check_interval = 60
  440 
  441 # Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple
  442 # outputs. The next setting defines the timeout for a single output module, including the default output module where all
  443 # messages end up.
  444 #
  445 # Time in milliseconds to wait for all message outputs to finish writing a single message.
  446 #output_module_timeout = 10000
  447 
  448 # Time in milliseconds after which a detected stale master node is being rechecked on startup.
  449 #stale_master_timeout = 2000
  450 
  451 # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
  452 #shutdown_timeout = 30000
  453 
  454 # MongoDB connection string
  455 # See https://docs.mongodb.com/manual/reference/connection-string/ for details
  456 mongodb_uri = mongodb://localhost/graylog
  457 
  458 # Authenticate against the MongoDB server
  459 #mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
  460 
  461 # Use a replica set instead of a single host
  462 #mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
  463 
  464 # Increase this value according to the maximum connections your MongoDB server can handle from a single client
  465 # if you encounter MongoDB connection problems.
  466 mongodb_max_connections = 1000
  467 
  468 # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
  469 # If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
  470 # then 500 threads can block. More than that and an exception will be thrown.
  471 # http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
  472 mongodb_threads_allowed_to_block_multiplier = 5
  473 
  474 # Drools Rule File (Use to rewrite incoming log messages)
  475 # See: http://docs.graylog.org/en/2.1/pages/drools.html
  476 #rules_file = /etc/graylog/server/rules.drl
  477 
  478 # Email transport
  479 #transport_email_enabled = false
  480 #transport_email_hostname = mail.example.com
  481 #transport_email_port = 587
  482 #transport_email_use_auth = true
  483 #transport_email_use_tls = true
  484 #transport_email_use_ssl = true
  485 #transport_email_auth_username = you@example.com
  486 #transport_email_auth_password = secret
  487 #transport_email_subject_prefix = [graylog]
  488 #transport_email_from_email = graylog@example.com
  489 
  490 # Specify and uncomment this if you want to include links to the stream in your stream alert mails.
  491 # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
  492 #transport_email_web_interface_url = https://graylog.example.com
  493 
  494 # The default connect timeout for outgoing HTTP connections.
  495 # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
  496 # Default: 5s
  497 #http_connect_timeout = 5s
  498 
  499 # The default read timeout for outgoing HTTP connections.
  500 # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
  501 # Default: 10s
  502 #http_read_timeout = 10s
  503 
  504 # The default write timeout for outgoing HTTP connections.
  505 # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
  506 # Default: 10s
  507 #http_write_timeout = 10s
  508 
  509 # HTTP proxy for outgoing HTTP connections
  510 #http_proxy_uri =
  511 
  512 # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch
  513 # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize
  514 # cycled indices.
  515 #
  516 # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
  517 #            to your previous settings so they will be migrated to the database!
  518 #disable_index_optimization = true
  519 
  520 # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch
  521 # on heavily used systems with large indices, but it will decrease search performance. The default is 1.
  522 #
  523 # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
  524 #            to your previous settings so they will be migrated to the database!
  525 #index_optimization_max_num_segments = 1
  526 
  527 # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
  528 # will be generated to warn the administrator about possible problems with the system. Default is 1 second.
  529 #gc_warning_threshold = 1s
  530 
  531 # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
  532 #ldap_connection_timeout = 2000
  533 
  534 # Disable the use of SIGAR for collecting system stats
  535 #disable_sigar = false
  536 
  537 # The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
  538 #dashboard_widget_default_cache_time = 10s
  539 
  540 # Automatically load content packs in "content_packs_dir" on the first start of Graylog.
  541 #content_packs_loader_enabled = true
  542 
  543 # The directory which contains content packs which should be loaded on the first start of Graylog.
  544 #content_packs_dir = data/contentpacks
  545 
  546 # A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
  547 # the first start of Graylog.
  548 # Default: empty
  549 content_packs_auto_load = grok-patterns.json
  550 
  551 # For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number
  552 # of threads available for this. Increase it, if '/cluster/*' requests take long to complete.
  553 # Should be rest_thread_pool_size * average_cluster_size if you have a high number of concurrent users.
  554 proxied_requests_thread_pool_size = 32