# If you are running more than one instances of Graylog server you have to selec

1. # If you are running more than one instances of Graylog server you have to select one of these
2. # instances as master. The master will perform some periodical tasks that non-masters won't perform.
3. is_master = true
4.  
5. # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
6. # to use an absolute file path here if you are starting Graylog server from init scripts or similar.
7. node_id_file = /etc/graylog/server/node-id
8.  
9. # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
10. # Generate one by using for example: pwgen -N 1 -s 96
11. password_secret = lwk4afk6z6gNsXLFDMYS6LnqXvNNBkisusG4dCYtqd5RrupIIjv2V6EefTFcUxEZsrds8GZbySBjVg13IViDypkSd6uud3WM
12.  
13. # The default root user is named 'admin'
14. root_username = myusername
15.  
16. # You MUST specify a hash password for the root user (which you only need to initially set up the
17. # system and in case you lose connectivity to your authentication backend)
18. # This password cannot be changed using the API or via the web interface. If you need to change it,
19. # modify it in this file.
20. # Create one by using for example: echo -n yourpassword | shasum -a 256
21. # and put the resulting hash value into the following line
22. root_password_sha2 = 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
23.  
24. # The email address of the root user.
25. # Default is empty
26. root_email = my email id
27.  
28. # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
29. # Default is UTC
30. #root_timezone = UTC
31.  
32. # Set plugin directory here (relative or absolute)
33. plugin_dir = /usr/share/graylog-server/plugin
34.  
35. # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
36. # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
37. rest_listen_uri = http://myip:12900/
38.  
39. # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
40. # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
41. # If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on
42. # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
43. # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
44. # the scheme, host name or URI.
45. # This must not contain a wildcard address (0.0.0.0).
46. rest_transport_uri = http://myip:12900/
47.  
48. # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.
49. # If these are disabled, modern browsers will not be able to retrieve resources from the server.
50. # This is enabled by default. Uncomment the next line to disable it.
51. #rest_enable_cors = false
52.  
53. # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce
54. # overall round trip times. This is disabled by default. Uncomment the next line to enable it.
55. #rest_enable_gzip = true
56.  
57. # Enable HTTPS support for the REST API. This secures the communication with the REST API with
58. # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
59. # next line to enable it.
60. #rest_enable_tls = true
61.  
62. # The X.509 certificate chain file in PEM format to use for securing the REST API.
63. #rest_tls_cert_file = /path/to/graylog.crt
64.  
65. # The PKCS#8 private key file in PEM format to use for securing the REST API.
66. #rest_tls_key_file = /path/to/graylog.key
67.  
68. # The password to unlock the private key used for securing the REST API.
69. #rest_tls_key_password = secret
70.  
71. # The maximum size of the HTTP request headers in bytes.
72. #rest_max_header_size = 8192
73.  
74. # The maximal length of the initial HTTP/1.1 line in bytes.
75.  
76. # The maximal length of the initial HTTP/1.1 line in bytes.
77. #rest_max_initial_line_length = 4096
78.  
79. # The size of the thread pool used exclusively for serving the REST API.
80. #rest_thread_pool_size = 16
81.  
82. # Enable the embedded Graylog web interface.
83. # Default: true
84. #web_enable = false
85.  
86. # Web interface listen URI. It must not contain a path other than "/".
87. web_listen_uri = http://myip:9000/
88.  
89. # Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header.
90. # Default: $rest_transport_uri
91. web_endpoint_uri = http://myip:9000/
92.  
93. # Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly.
94. # If these are disabled, modern browsers will not be able to retrieve resources from the server.
95. #web_enable_cors = false
96.  
97. # Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce
98. # overall round trip times. This is enabled by default. Uncomment the next line to disable it.
99. #web_enable_gzip = false
100.  
101. # Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface
102. # using TLS to prevent request forgery and eavesdropping.
103. # This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.
104. #web_enable_tls = true
105.  
106. # The X.509 certificate chain file in PEM format to use for securing the web interface.
107. #web_tls_cert_file = /path/to/graylog-web.crt
108.  
109. # The PKCS#8 private key file in PEM format to use for securing the web interface.
110. #web_tls_key_file = /path/to/graylog-web.key
111.  
112. # The password to unlock the private key used for securing the web interface.
113. Type :quit<Enter> to exit Vim 73,0-1 14%
114.  
115. # The password to unlock the private key used for securing the web interface.
116. #web_tls_key_password = secret
117.  
118. # The maximum size of the HTTP request headers in bytes.
119. #web_max_header_size = 8192
120.  
121. # The maximal length of the initial HTTP/1.1 line in bytes.
122. #web_max_initial_line_length = 4096
123.  
124. # The size of the thread pool used exclusively for serving the web interface.
125. #web_thread_pool_size = 16
126.  
127. # Configuration file for the embedded Elasticsearch instance in Graylog.
128. # Pay attention to the working directory of the server, maybe use an absolute path here.
129. # Default: empty
130. #elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml
131.  
132. # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
133. # when to rotate the currently active write index.
134. # It supports multiple rotation strategies:
135. # - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
136. # - "size" per index, use elasticsearch_max_size_per_index below to configure
137. # valid values are "count", "size" and "time", default is "count"
138. #
139. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
140. # to your previous 1.x settings so they will be migrated to the database!
141. rotation_strategy = count
142.  
143. # (Approximate) maximum number of documents in an Elasticsearch index before a new index
144. # is being created, also see no_retention and elasticsearch_max_number_of_indices.
145. # Configure this if you used 'rotation_strategy = count' above.
146. #
147. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
148. # to your previous 1.x settings so they will be migrated to the database!
149. elasticsearch_max_docs_per_index = 20000000
150.  
151. # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
152. 109,0-1 22%
153.  
154. # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
155. # no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
156. # Configure this if you used 'rotation_strategy = size' above.
157. #
158. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
159. # to your previous 1.x settings so they will be migrated to the database!
160. #elasticsearch_max_size_per_index = 1073741824
161.  
162. # (Approximate) maximum time before a new Elasticsearch index is being created, also see
163. # no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
164. # Configure this if you used 'rotation_strategy = time' above.
165. # Please note that this rotation period does not look at the time specified in the received messages, but is
166. # using the real clock value to decide when to rotate the index!
167. # Specify the time using a duration and a suffix indicating which unit you want:
168. # 1w = 1 week
169. # 1d = 1 day
170. # 12h = 12 hours
171. # Permitted suffixes are: d for day, h for hour, m for minute, s for second.
172. #
173. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
174. # to your previous 1.x settings so they will be migrated to the database!
175. #elasticsearch_max_time_per_index = 1d
176.  
177. # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
178. # when to rotate the currently active write index.
179. # It supports multiple rotation strategies:
180. # - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
181. # - "size" per index, use elasticsearch_max_size_per_index below to configure
182. # valid values are "count", "size" and "time", default is "count"
183. #
184. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
185. # to your previous 1.x settings so they will be migrated to the database!
186. rotation_strategy = count
187.  
188. # (Approximate) maximum number of documents in an Elasticsearch index before a new index
189. # is being created, also see no_retention and elasticsearch_max_number_of_indices.
190. # Configure this if you used 'rotation_strategy = count' above.
191. 145,0-1 29%
192. # is being created, also see no_retention and elasticsearch_max_number_of_indices.
193. # Configure this if you used 'rotation_strategy = count' above.
194. #
195. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
196. # to your previous 1.x settings so they will be migrated to the database!
197. elasticsearch_max_docs_per_index = 20000000
198.  
199. # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
200. # no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
201. # Configure this if you used 'rotation_strategy = size' above.
202. #
203. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
204. # to your previous 1.x settings so they will be migrated to the database!
205. #elasticsearch_max_size_per_index = 1073741824
206.  
207. # (Approximate) maximum time before a new Elasticsearch index is being created, also see
208. # no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
209. # Configure this if you used 'rotation_strategy = time' above.
210. # Please note that this rotation period does not look at the time specified in the received messages, but is
211. # using the real clock value to decide when to rotate the index!
212. # Specify the time using a duration and a suffix indicating which unit you want:
213. # 1w = 1 week
214. # 1d = 1 day
215. # 12h = 12 hours
216. # Permitted suffixes are: d for day, h for hour, m for minute, s for second.
217. #
218. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
219. # to your previous 1.x settings so they will be migrated to the database!
220. #elasticsearch_max_time_per_index = 1d
221.  
222. # Disable checking the version of Elasticsearch for being compatible with this Graylog release.
223. # WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
224. #elasticsearch_disable_version_check = true
225.  
226. # Disable message retention on this node, i. e. disable Elasticsearch index rotation.
227. #no_retention = false
228.  
229. # How many indices do you want to keep?
230. 181,1 36%
231.  
232. # How many indices do you want to keep?
233. #
234. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
235. # to your previous 1.x settings so they will be migrated to the database!
236. elasticsearch_max_number_of_indices = 20
237.  
238. # Decide what happens with the oldest indices when the maximum number of indices is reached.
239. # The following strategies are availble:
240. # - delete # Deletes the index completely (Default)
241. # - close # Closes the index and hides it from the system. Can be re-opened later.
242. #
243. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
244. # to your previous 1.x settings so they will be migrated to the database!
245. retention_strategy = delete
246.  
247. # How many indices do you want to keep?
248. #
249. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
250. # to your previous 1.x settings so they will be migrated to the database!
251. elasticsearch_max_number_of_indices = 20
252.  
253. # Decide what happens with the oldest indices when the maximum number of indices is reached.
254. # The following strategies are availble:
255. # - delete # Deletes the index completely (Default)
256. # - close # Closes the index and hides it from the system. Can be re-opened later.
257. #
258. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
259. # to your previous 1.x settings so they will be migrated to the database!
260. retention_strategy = delete
261.  
262. # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
263. elasticsearch_shards = 1
264. elasticsearch_replicas = 0
265.  
266. # Prefix for all Elasticsearch indices and index aliases managed by Graylog.
267. elasticsearch_index_prefix = graylog
268.  
269. 217,0-1 44%
270. elasticsearch_index_prefix = graylog
271.  
272. # Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.
273. # # Default: graylog-internal
274. #elasticsearch_template_name = graylog-internal
275.  
276. # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
277. # be enabled with care. See also: https://www.graylog.org/documentation/general/queries/
278. allow_leading_wildcard_searches = false
279.  
280. # Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
281. # should only be enabled after making sure your Elasticsearch cluster has enough memory.
282. allow_highlighting = false
283.  
284. # settings to be passed to elasticsearch's client (overriding those in the provided elasticsearch_config_file)
285. # all these
286. # this must be the same as for your Elasticsearch cluster
287. #elasticsearch_cluster_name = graylog
288.  
289. # The prefix being used to generate the Elasticsearch node name which makes it easier to identify the specific Graylog
290. # server running the embedded Elasticsearch instance. The node name will be constructed by concatenating this prefix
291. # and the Graylog node ID (see node_id_file), for example "graylog-17052010-1234-5678-abcd-1337cafebabe".
292. # Default: graylog-
293. #elasticsearch_node_name_prefix = graylog-
294.  
295. # A comma-separated list of Elasticsearch nodes which Graylog is using to connect to the Elasticsearch cluster,
296. # see https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-discovery-zen.html for details.
297. # Default: 127.0.0.1
298. #elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300, 127.0.0.2:9500
299.  
300. # we don't want the Graylog server to store any data, or be master node
301. #elasticsearch_node_master = false
302. #elasticsearch_node_data = false
303.  
304. # use a different port if you run multiple Elasticsearch nodes on one machine
305. #elasticsearch_transport_tcp_port = 9350
306.  
307. # we don't need to run the embedded HTTP server here
308. 253,1 51%
309.  
310. # we don't need to run the embedded HTTP server here
311. #elasticsearch_http_enabled = false
312.  
313. # Enable Elasticsearch multicast discovery. This requires the installation of an Elasticsearch plugin,
314. # see https://www.elastic.co/guide/en/elasticsearch/plugins/2.3/discovery-multicast.html for details.
315. # Default: false
316. #elasticsearch_discovery_zen_ping_multicast_enabled = false
317.  
318. # Change the following setting if you are running into problems with timeouts during Elasticsearch cluster discovery.
319. # The setting is specified in milliseconds, the default is 5000ms (5 seconds).
320. #elasticsearch_cluster_discovery_timeout = 5000
321.  
322. # the following settings allow to change the bind addresses for the Elasticsearch client in Graylog
323. # these settings are empty by default, letting Elasticsearch choose automatically,
324. # override them here or in the 'elasticsearch_config_file' if you need to bind to a special address
325. # refer to http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/modules-network.html
326. # for special values here
327. #elasticsearch_network_host =
328. #elasticsearch_network_bind_host =
329. #elasticsearch_network_publish_host =
330.  
331. # The total amount of time discovery will look for other Elasticsearch nodes in the cluster
332. # before giving up and declaring the current node master.
333. #elasticsearch_discovery_initial_state_timeout = 3s
334.  
335. # Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
336. # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
337. # Elasticsearch documentation: http://www.elasticsearch.org/guide/reference/index-modules/analysis/
338. # Note that this setting only takes effect on newly created indices.
339. elasticsearch_analyzer = standard
340.  
341. # Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
342. # calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
343. # Default: 1m
344. #elasticsearch_request_timeout = 1m
345.  
346. # Time interval for index range information cleanups. This setting defines how often stale index range information
347. 289,0-1 58%
348.  
349. # Time interval for index range information cleanups. This setting defines how often stale index range information
350. # is being purged from the database.
351. # Default: 1h
352. #index_ranges_cleanup_interval = 1h
353.  
354. # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
355. # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
356. # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
357. # that every outputbuffer processor manages its own batch and performs its own batch write calls.
358. # ("outputbuffer_processors" variable)
359. output_batch_size = 500
360.  
361. # Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
362. # batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
363. # for this time period is less than output_batch_size * outputbuffer_processors.
364. output_flush_interval = 1
365.  
366. # As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
367. # over again. To prevent this, the following configuration options define after how many faults an output will
368. # not be tried again for an also configurable amount of seconds.
369. output_fault_count_threshold = 5
370. output_fault_penalty_seconds = 30
371.  
372. # The number of parallel running processors.
373. # Raise this number if your buffers are filling up.
374. processbuffer_processors = 5
375. outputbuffer_processors = 3
376.  
377. #outputbuffer_processor_keep_alive_time = 5000
378. #outputbuffer_processor_threads_core_pool_size = 3
379. #outputbuffer_processor_threads_max_pool_size = 30
380.  
381. # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
382. #udp_recvbuffer_sizes = 1048576
383.  
384. # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
385. # Possible types:
386. 325,0-1 66%
387. # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
388. # Possible types:
389. # - yielding
390. # Compromise between performance and CPU usage.
391. # - sleeping
392. # Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
393. # - blocking
394. # High throughput, low latency, higher CPU usage.
395. # - busy_spinning
396. # Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
397. processor_wait_strategy = blocking
398.  
399. # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
400. # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
401. # Must be a power of 2. (512, 1024, 2048, ...)
402. ring_size = 65536
403.  
404. inputbuffer_ring_size = 65536
405. inputbuffer_processors = 2
406. inputbuffer_wait_strategy = blocking
407.  
408. # Enable the disk based message journal.
409. message_journal_enabled = true
410.  
411. # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
412. # must not contain any other files than the ones created by Graylog itself.
413. message_journal_dir = /var/lib/graylog-server/journal
414.  
415. # Journal hold messages before they could be written to Elasticsearch.
416. # For a maximum of 12 hours or 5 GB whichever happens first.
417. # During normal operation the journal will be smaller.
418. #message_journal_max_age = 12h
419. #message_journal_max_size = 5gb
420.  
421. #message_journal_flush_age = 1m
422. #message_journal_flush_interval = 1000000
423. #message_journal_segment_age = 1h
424. #message_journal_segment_size = 100mb
425. 361,1 73%
426. #message_journal_segment_age = 1h
427. #message_journal_segment_size = 100mb
428.  
429. # Number of threads used exclusively for dispatching internal events. Default is 2.
430. #async_eventbus_processors = 2
431.  
432. # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
433. # shutdown process. Set to 0 if you have no status checking load balancers in front.
434. lb_recognition_period_seconds = 3
435.  
436. # Every message is matched against the configured streams and it can happen that a stream contains rules which
437. # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
438. # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
439. # streams, Graylog limits the execution time for each stream.
440. # The default values are noted below, the timeout is in milliseconds.
441. # If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
442. # that stream is disabled and a notification is shown in the web interface.
443. #stream_processing_timeout = 2000
444. #stream_processing_max_faults = 3
445.  
446. # Length of the interval in seconds in which the alert conditions for all streams should be checked
447. # and alarms are being sent.
448. #alert_check_interval = 60
449.  
450. # Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple
451. # outputs. The next setting defines the timeout for a single output module, including the default output module where all
452. # messages end up.
453. #
454. # Time in milliseconds to wait for all message outputs to finish writing a single message.
455. #output_module_timeout = 10000
456.  
457. # Time in milliseconds after which a detected stale master node is being rechecked on startup.
458. #stale_master_timeout = 2000
459.  
460. # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
461. #shutdown_timeout = 30000
462.  
463. # MongoDB connection string
464. 397,1 80%
465.  
466. # MongoDB connection string
467. # See http://docs.mongodb.org/manual/reference/connection-string/ for details
468. mongodb_uri = mongodb://localhost/graylog
469.  
470. # Authenticate against the MongoDB server
471. #mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
472.  
473. # Use a replica set instead of a single host
474. #mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
475.  
476. # Increase this value according to the maximum connections your MongoDB server can handle from a single client
477. # if you encounter MongoDB connection problems.
478. mongodb_max_connections = 1000
479.  
480. # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
481. # If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
482. # then 500 threads can block. More than that and an exception will be thrown.
483. # http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
484. mongodb_threads_allowed_to_block_multiplier = 5
485.  
486. # Drools Rule File (Use to rewrite incoming log messages)
487. # See: https://www.graylog.org/documentation/general/rewriting/
488. #rules_file = /etc/graylog/server/rules.drl
489.  
490. # Email transport
491. transport_email_enabled = true
492. transport_email_hostname = smtp.gmail.com
493. transport_email_port = 465
494. transport_email_use_auth = true
495. transport_email_use_tls = true
496. transport_email_use_ssl = true
497. transport_email_auth_username =
498. # Specify and uncomment this if you want to include links to the stream in your stream alert mails.
499. # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
500. transport_email_web_interface_url = https://myip:9000
501.  
502. # The default connect timeout for outgoing HTTP connections.
503. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
504. # Default: 5s
505. #http_connect_timeout = 5s
506.  
507. # The default read timeout for outgoing HTTP connections.
508. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
509. # Default: 10s
510. #http_read_timeout = 10s
511.  
512. # The default write timeout for outgoing HTTP connections.
513. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
514. # Default: 10s
515. #http_write_timeout = 10s
516.  
517. # HTTP proxy for outgoing HTTP connections
518. #http_proxy_uri =
519.  
520. # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch
521. # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize
522. # cycled indices.
523. #disable_index_optimization = true
524.  
525. # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch
526. # on heavily used systems with large indices, but it will decrease search performance. The default is 1.
527. #index_optimization_max_num_segments = 1
528.  
529. # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
530. # will be generated to warn the administrator about possible problems with the system. Default is 1 second.
531. #gc_warning_threshold = 1s
532.  
533. # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
534. #ldap_connection_timeout = 2000
535. 469,0-1 95%
536. # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
537. #ldap_connection_timeout = 2000
538.  
539. # Enable collection of Graylog-related metrics into MongoDB
540. # WARNING: This will add *a lot* of data into your MongoDB database on a regular interval (1 second)!
541. # DEPRECATED: This setting and the respective feature will be removed in a future version of Graylog.
542. #enable_metrics_collection = false
543.  
544. # Disable the use of SIGAR for collecting system stats
545. #disable_sigar = false
546.  
547. # The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
548. #dashboard_widget_default_cache_time = 10s
549.  
550. # Automatically load content packs in "content_packs_dir" on the first start of Graylog.
551. #content_packs_loader_enabled = true
552.  
553. # The directory which contains content packs which should be loaded on the first start of Graylog.
554. content_packs_dir = /usr/share/graylog-server/contentpacks
555.  
556. # A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
557. # the first start of Graylog.
558. # Default: empty
559. content_packs_auto_load = grok-patterns.json
560. ~
561. ~
562. ~
563. ~
564. ~
565. ~
566. ~
567. ~
568. ~
569. ~
570. ~
571. ~
572. ~
573. ~
574. 505,1 Bot
575.  
576. transport_email_auth_password =
577. transport_email_subject_prefix = [test]
578. #transport_email_from_email = graylog@example.com
579.  
580. # Specify and uncomment this if you want to include links to the stream in your stream alert mails.
581. 433,0-1 88%