############################# GRAYLOG CONFIGURATION FILE####################

1. ############################
2. # GRAYLOG CONFIGURATION FILE
3. ############################
4. #
5. # This is the Graylog configuration file. The file has to use ISO 8859-1/Latin-1 character encoding.
6. # Characters that cannot be directly represented in this encoding can be written using Unicode escapes
7. # as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.
8. # For example, \u002c.
9. #
10. # * Entries are generally expected to be a single line of the form, one of the following:
11. #
12. # propertyName=propertyValue
13. # propertyName:propertyValue
14. #
15. # * White space that appears between the property name and property value is ignored,
16. # so the following are equivalent:
17. #
18. # name=Stephen
19. # name = Stephen
20. #
21. # * White space at the beginning of the line is also ignored.
22. #
23. # * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.
24. #
25. # * The property value is generally terminated by the end of the line. White space following the
26. # property value is not ignored, and is treated as part of the property value.
27. #
28. # * A property value can span several lines if each line is terminated by a backslash (‘\’) character.
29. # For example:
30. #
31. # targetCities=\
32. # Detroit,\
33. # Chicago,\
34. # Los Angeles
35. #
36. # This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).
37. #
38. # * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.
39. #
40. # * The backslash character must be escaped as a double backslash. For example:
41. #
42. # path=c:\\docs\\doc1
43. #
44.  
45. # If you are running more than one instances of Graylog server you have to select one of these
46. # instances as master. The master will perform some periodical tasks that non-masters won't perform.
47. is_master = true
48.  
49. # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
50. # to use an absolute file path here if you are starting Graylog server from init scripts or similar.
51. node_id_file = /etc/graylog/server/node-id
52.  
53. # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
54. # Generate one by using for example: pwgen -N 1 -s 96
55. password_secret = ebkHHOwOBR3ZsbDYHvbkNMRvnnEw46hm2ysSXn4qeLYOanUAyR8m46b0oIBz9uCgvP3DT0cccc3tlaSDKfLG1fbXFKaDE7Fe
56.  
57. # The default root user is named 'admin'
58. #root_username = admin
59.  
60. # You MUST specify a hash password for the root user (which you only need to initially set up the
61. # system and in case you lose connectivity to your authentication backend)
62. # This password cannot be changed using the API or via the web interface. If you need to change it,
63. # modify it in this file.
64. # Create one by using for example: echo -n yourpassword | shasum -a 256
65. # and put the resulting hash value into the following line
66. root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
67.  
68.  
69. # The email address of the root user.
70. # Default is empty
71. #root_email = ""
72.  
73. # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
74. # Default is UTC
75. #root_timezone = UTC
76.  
77. # Set plugin directory here (relative or absolute)
78. plugin_dir = /usr/share/graylog-server/plugin
79.  
80. # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
81. # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
82. rest_listen_uri = http://10.11.22.99:9000/api/
83.  
84. # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
85. # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
86. # If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on
87. # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
88. # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
89. # the scheme, host name or URI.
90. # This must not contain a wildcard address (0.0.0.0).
91. #rest_transport_uri = http://10.11.22.99:9000/api/
92.  
93. # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.
94. # If these are disabled, modern browsers will not be able to retrieve resources from the server.
95. # This is enabled by default. Uncomment the next line to disable it.
96. #rest_enable_cors = false
97.  
98. # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce
99. # overall round trip times. This is enabled by default. Uncomment the next line to disable it.
100. #rest_enable_gzip = false
101.  
102. # Enable HTTPS support for the REST API. This secures the communication with the REST API with
103. # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
104. # next line to enable it.
105. #rest_enable_tls = true
106.  
107. # The X.509 certificate chain file in PEM format to use for securing the REST API.
108. #rest_tls_cert_file = /path/to/graylog.crt
109.  
110. # The PKCS#8 private key file in PEM format to use for securing the REST API.
111. #rest_tls_key_file = /path/to/graylog.key
112.  
113. # The password to unlock the private key used for securing the REST API.
114. #rest_tls_key_password = secret
115.  
116. # The maximum size of the HTTP request headers in bytes.
117. #rest_max_header_size = 8192
118.  
119. # The size of the thread pool used exclusively for serving the REST API.
120. #rest_thread_pool_size = 16
121.  
122. # Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For
123. # header. May be subnets, or hosts.
124. #trusted_proxies = 127.0.0.1/32, 0:0:0:0:0:0:0:1/128
125.  
126. # Enable the embedded Graylog web interface.
127. # Default: true
128. #web_enable = false
129.  
130. # Web interface listen URI.
131. # Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement
132. # for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface.
133. web_listen_uri = http://10.11.22.99:9000/
134.  
135. # Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header.
136. # Default: $rest_transport_uri
137. #web_endpoint_uri =
138.  
139. # Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly.
140. # If these are disabled, modern browsers will not be able to retrieve resources from the server.
141. #web_enable_cors = false
142.  
143. # Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce
144. # overall round trip times. This is enabled by default. Uncomment the next line to disable it.
145. #web_enable_gzip = false
146.  
147. # Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface
148. # using TLS to prevent request forgery and eavesdropping.
149. # This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.
150. #web_enable_tls = true
151.  
152. # The X.509 certificate chain file in PEM format to use for securing the web interface.
153. #web_tls_cert_file = /path/to/graylog-web.crt
154.  
155. # The PKCS#8 private key file in PEM format to use for securing the web interface.
156. #web_tls_key_file = /path/to/graylog-web.key
157.  
158. # The password to unlock the private key used for securing the web interface.
159. #web_tls_key_password = secret
160.  
161. # The maximum size of the HTTP request headers in bytes.
162. #web_max_header_size = 8192
163.  
164. # The size of the thread pool used exclusively for serving the web interface.
165. #web_thread_pool_size = 16
166.  
167. # List of Elasticsearch hosts Graylog should connect to.
168. # Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.
169. # If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that
170. # requires authentication.
171. #
172. # Default: http://127.0.0.1:9200
173. #elasticsearch_hosts = http://10.11.22.99:9200,http://user:password@node2:19200
174.  
175.  
176.  
177. # Maximum amount of time to wait for successfull connection to Elasticsearch HTTP port.
178. #
179. # Default: 10 Seconds
180. #elasticsearch_connect_timeout = 10s
181.  
182. # Maximum amount of time to wait for reading back a response from an Elasticsearch server.
183. #
184. # Default: 60 seconds
185. #elasticsearch_socket_timeout = 60s
186.  
187. # Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will
188. # be tore down.
189. #
190. # Default: inf
191. #elasticsearch_idle_timeout = -1s
192.  
193. # Maximum number of total connections to Elasticsearch.
194. #
195. # Default: 20
196. #elasticsearch_max_total_connections = 20
197.  
198. # Maximum number of total connections per Elasticsearch route (normally this means per
199. # elasticsearch server).
200. #
201. # Default: 2
202. #elasticsearch_max_total_connections_per_route = 2
203.  
204. # Maximum number of times Graylog will retry failed requests to Elasticsearch.
205. #
206. # Default: 2
207. #elasticsearch_max_retries = 2
208.  
209. # Enable automatic Elasticsearch node discovery through Nodes Info,
210. # see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html
211. #
212. # WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield.
213. #
214. # Default: false
215. #elasticsearch_discovery_enabled = true
216.  
217. # Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes,
218. # see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes
219. #
220. # Default: empty
221. #elasticsearch_discovery_filter = rack:42
222.  
223. # Frequency of the Elasticsearch node discovery.
224. #
225. # Default: 30s
226. # elasticsearch_discovery_frequency = 30s
227.  
228. # Enable payload compression for Elasticsearch requests.
229. #
230. # Default: false
231. #elasticsearch_compression_enabled = true
232.  
233. # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
234. # when to rotate the currently active write index.
235. # It supports multiple rotation strategies:
236. # - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
237. # - "size" per index, use elasticsearch_max_size_per_index below to configure
238. # valid values are "count", "size" and "time", default is "count"
239. #
240. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
241. # to your previous 1.x settings so they will be migrated to the database!
242. rotation_strategy = count
243.  
244. # (Approximate) maximum number of documents in an Elasticsearch index before a new index
245. # is being created, also see no_retention and elasticsearch_max_number_of_indices.
246. # Configure this if you used 'rotation_strategy = count' above.
247. #
248. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
249. # to your previous 1.x settings so they will be migrated to the database!
250. elasticsearch_max_docs_per_index = 20000000
251.  
252. # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
253. # no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
254. # Configure this if you used 'rotation_strategy = size' above.
255. #
256. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
257. # to your previous 1.x settings so they will be migrated to the database!
258. #elasticsearch_max_size_per_index = 1073741824
259.  
260. # (Approximate) maximum time before a new Elasticsearch index is being created, also see
261. # no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
262. # Configure this if you used 'rotation_strategy = time' above.
263. # Please note that this rotation period does not look at the time specified in the received messages, but is
264. # using the real clock value to decide when to rotate the index!
265. # Specify the time using a duration and a suffix indicating which unit you want:
266. # 1w = 1 week
267. # 1d = 1 day
268. # 12h = 12 hours
269. # Permitted suffixes are: d for day, h for hour, m for minute, s for second.
270. #
271. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
272. # to your previous 1.x settings so they will be migrated to the database!
273. #elasticsearch_max_time_per_index = 1d
274.  
275. # Disable checking the version of Elasticsearch for being compatible with this Graylog release.
276. # WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
277. #elasticsearch_disable_version_check = true
278.  
279. # Disable message retention on this node, i. e. disable Elasticsearch index rotation.
280. #no_retention = false
281.  
282. # How many indices do you want to keep?
283. #
284. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
285. # to your previous 1.x settings so they will be migrated to the database!
286. elasticsearch_max_number_of_indices = 20
287.  
288. # Decide what happens with the oldest indices when the maximum number of indices is reached.
289. # The following strategies are availble:
290. # - delete # Deletes the index completely (Default)
291. # - close # Closes the index and hides it from the system. Can be re-opened later.
292. #
293. # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these
294. # to your previous 1.x settings so they will be migrated to the database!
295. retention_strategy = delete
296.  
297. # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
298. # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
299. # to your previous settings so they will be migrated to the database!
300. elasticsearch_shards = 1
301. elasticsearch_replicas = 0
302.  
303. # Prefix for all Elasticsearch indices and index aliases managed by Graylog.
304. #
305. # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
306. # to your previous settings so they will be migrated to the database!
307. elasticsearch_index_prefix = graylog
308.  
309. # Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.
310. # Default: graylog-internal
311. #
312. # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
313. # to your previous settings so they will be migrated to the database!
314. #elasticsearch_template_name = graylog-internal
315.  
316. # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
317. # be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html
318. allow_leading_wildcard_searches = false
319.  
320. # Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
321. # should only be enabled after making sure your Elasticsearch cluster has enough memory.
322. allow_highlighting = false
323.  
324. # Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
325. # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
326. # Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html
327. # Note that this setting only takes effect on newly created indices.
328. #
329. # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
330. # to your previous settings so they will be migrated to the database!
331. elasticsearch_analyzer = standard
332.  
333. # Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
334. # calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
335. # Default: 1m
336. #elasticsearch_request_timeout = 1m
337.  
338. # Global timeout for index optimization (force merge) requests.
339. # Default: 1h
340. #elasticsearch_index_optimization_timeout = 1h
341.  
342. # Maximum number of concurrently running index optimization (force merge) jobs.
343. # If you are using lots of different index sets, you might want to increase that number.
344. # Default: 20
345. #elasticsearch_index_optimization_jobs = 20
346.  
347. # Time interval for index range information cleanups. This setting defines how often stale index range information
348. # is being purged from the database.
349. # Default: 1h
350. #index_ranges_cleanup_interval = 1h
351. # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
352. # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
353. # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
354. # that every outputbuffer processor manages its own batch and performs its own batch write calls.
355. # ("outputbuffer_processors" variable)
356. output_batch_size = 500
357.  
358. # Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
359. # batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
360. # for this time period is less than output_batch_size * outputbuffer_processors.
361. output_flush_interval = 1
362.  
363. # As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
364. # over again. To prevent this, the following configuration options define after how many faults an output will
365. # not be tried again for an also configurable amount of seconds.
366. output_fault_count_threshold = 5
367. output_fault_penalty_seconds = 30
368.  
369. # The number of parallel running processors.
370. # Raise this number if your buffers are filling up.
371. processbuffer_processors = 5
372. outputbuffer_processors = 3
373.  
374. # The following settings (outputbuffer_processor_*) configure the thread pools backing each output buffer processor.
375. # See https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ThreadPoolExecutor.html for technical details
376.  
377. # When the number of threads is greater than the core (see outputbuffer_processor_threads_core_pool_size),
378. # this is the maximum time in milliseconds that excess idle threads will wait for new tasks before terminating.
379. # Default: 5000
380. #outputbuffer_processor_keep_alive_time = 5000
381.  
382. # The number of threads to keep in the pool, even if they are idle, unless allowCoreThreadTimeOut is set
383. # Default: 3
384. #outputbuffer_processor_threads_core_pool_size = 3
385.  
386. # The maximum number of threads to allow in the pool
387. # Default: 30
388. #outputbuffer_processor_threads_max_pool_size = 30
389.  
390. # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
391. #udp_recvbuffer_sizes = 1048576
392.  
393. # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
394. # Possible types:
395. # - yielding
396. # Compromise between performance and CPU usage.
397. # - sleeping
398. # Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
399. # - blocking
400. # High throughput, low latency, higher CPU usage.
401. # - busy_spinning
402. # Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
403. processor_wait_strategy = blocking
404.  
405. # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
406. # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
407. # Must be a power of 2. (512, 1024, 2048, ...)
408. ring_size = 65536
409.  
410. inputbuffer_ring_size = 65536
411. inputbuffer_processors = 2
412. inputbuffer_wait_strategy = blocking
413.  
414. # Enable the disk based message journal.
415. message_journal_enabled = true
416.  
417. # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
418. # must not contain any other files than the ones created by Graylog itself.
419. #
420. # ATTENTION:
421. # If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found'
422. # in the root directory, you need to create a sub directory for your journal.
423. # Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start.
424. message_journal_dir = /var/lib/graylog-server/journal
425.  
426. # Journal hold messages before they could be written to Elasticsearch.
427. # For a maximum of 12 hours or 5 GB whichever happens first.
428. # During normal operation the journal will be smaller.
429. #message_journal_max_age = 12h
430. #message_journal_max_size = 5gb
431.  
432. #message_journal_flush_age = 1m
433. #message_journal_flush_interval = 1000000
434. #message_journal_segment_age = 1h
435. #message_journal_segment_size = 100mb
436.  
437. # Number of threads used exclusively for dispatching internal events. Default is 2.
438. #async_eventbus_processors = 2
439. # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
440. # shutdown process. Set to 0 if you have no status checking load balancers in front.
441. lb_recognition_period_seconds = 3
442.  
443. # Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is
444. # disabled if not set.
445. #lb_throttle_threshold_percentage = 95
446.  
447. # Every message is matched against the configured streams and it can happen that a stream contains rules which
448. # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
449. # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
450. # streams, Graylog limits the execution time for each stream.
451. # The default values are noted below, the timeout is in milliseconds.
452. # If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
453. # that stream is disabled and a notification is shown in the web interface.
454. #stream_processing_timeout = 2000
455. #stream_processing_max_faults = 3
456.  
457. # Length of the interval in seconds in which the alert conditions for all streams should be checked
458. # and alarms are being sent.
459. #alert_check_interval = 60
460.  
461. # Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple
462. # outputs. The next setting defines the timeout for a single output module, including the default output module where all
463. # messages end up.
464. #
465. # Time in milliseconds to wait for all message outputs to finish writing a single message.
466. #output_module_timeout = 10000
467.  
468. # Time in milliseconds after which a detected stale master node is being rechecked on startup.
469. #stale_master_timeout = 2000
470.  
471. # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
472. #shutdown_timeout = 30000
473.  
474. # MongoDB connection string
475. # See https://docs.mongodb.com/manual/reference/connection-string/ for details
476. mongodb_uri = mongodb://localhost/graylog
477.  
478. # Authenticate against the MongoDB server
479. #mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
480.  
481. # Use a replica set instead of a single host
482. #mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
483. # Use a replica set instead of a single host
484. #mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
485.  
486. # Increase this value according to the maximum connections your MongoDB server can handle from a single client
487. # if you encounter MongoDB connection problems.
488. mongodb_max_connections = 1000
489.  
490. # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
491. # If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
492. # then 500 threads can block. More than that and an exception will be thrown.
493. # http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
494. mongodb_threads_allowed_to_block_multiplier = 5
495.  
496. # Drools Rule File (Use to rewrite incoming log messages)
497. # See: http://docs.graylog.org/en/2.1/pages/drools.html
498. #rules_file = /etc/graylog/server/rules.drl
499.  
500. # Email transport
501. #transport_email_enabled = false
502. #transport_email_hostname = mail.example.com
503. #transport_email_port = 587
504. #transport_email_use_auth = true
505. #transport_email_use_tls = true
506. #transport_email_use_ssl = true
507. #transport_email_auth_username = you@example.com
508. #transport_email_auth_password = secret
509. #transport_email_subject_prefix = [graylog]
510. #transport_email_from_email = graylog@example.com
511.  
512. # Specify and uncomment this if you want to include links to the stream in your stream alert mails.
513. # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
514. #transport_email_web_interface_url = https://graylog.example.com
515.  
516. # The default connect timeout for outgoing HTTP connections.
517. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
518. # Default: 5s
519. #http_connect_timeout = 5s
520.  
521. # The default read timeout for outgoing HTTP connections.
522. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
523. # Default: 10s
524. #http_read_timeout = 10s
525.  
526. # The default write timeout for outgoing HTTP connections.
527. # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
528. # Default: 10s
529. #http_write_timeout = 10s
530.  
531. # HTTP proxy for outgoing HTTP connections
532. # ATTENTION: If you configure a proxy, make sure to also configure the "http_non_proxy_hosts" option so internal
533. # HTTP connections with other nodes does not go through the proxy.
534. # Examples:
535. # - http://proxy.example.com:8123
536. # - http://username:password@proxy.example.com:8123
537. #http_proxy_uri =
538.  
539. # A list of hosts that should be reached directly, bypassing the configured proxy server.
540. # This is a list of patterns separated by ",". The patterns may start or end with a "*" for wildcards.
541. # Any host matching one of these patterns will be reached through a direct connection instead of through a proxy.
542. # Examples:
543. # - localhost,127.0.0.1
544. # - 10.0.*,*.example.com
545. #http_non_proxy_hosts =
546.  
547. # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch
548. # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize
549. # cycled indices.
550. #
551. # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
552. # to your previous settings so they will be migrated to the database!
553. #disable_index_optimization = true
554.  
555. # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch
556. # on heavily used systems with large indices, but it will decrease search performance. The default is 1.
557. #
558. # ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these
559. # to your previous settings so they will be migrated to the database!
560. #index_optimization_max_num_segments = 1
561.  
562. # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
563. # will be generated to warn the administrator about possible problems with the system. Default is 1 second.
564. #gc_warning_threshold = 1s
565.  
566. # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
567. #ldap_connection_timeout = 2000
568.  
569. # Disable the use of SIGAR for collecting system stats
570. #disable_sigar = false
571. # The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
572. #dashboard_widget_default_cache_time = 10s
573.  
574. # Automatically load content packs in "content_packs_dir" on the first start of Graylog.
575. #content_packs_loader_enabled = true
576.  
577. # The directory which contains content packs which should be loaded on the first start of Graylog.
578. content_packs_dir = /usr/share/graylog-server/contentpacks
579.  
580. # A comma-separated list of content packs (files in "content_packs_dir") which should be applied on
581. # the first start of Graylog.
582. # Default: empty
583. content_packs_auto_load = grok-patterns.json
584.  
585. # For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number
586. # of threads available for this. Increase it, if '/cluster/*' requests take long to complete.
587. # Should be rest_thread_pool_size * average_cluster_size if you have a high number of concurrent users.
588. proxied_requests_thread_pool_size = 32
589.  
590. elasticsearch_discovery_zen_ping_unicast_hosts = 10.11.22.99:9300