Configuration reference
Grafana Enterprise Traces can be configured using a YAML file - specified using the -config.file
flag - or CLI flags. In case you combine both, CLI flags take precedence over the YAML config file.
The current configuration of any GET component can be seen by visiting the /config
HTTP path.
Passwords are filtered out of this endpoint.
To specify which configuration file to load, pass the -config.file
flag at the command line. The file is written in YAML format, defined by the scheme below. Brackets indicate that a parameter is optional.
Generic placeholders
<boolean>
: a boolean that can take the valuestrue
orfalse
<int>
: any integer matching the regular expression[1-9]+[0-9]*
<duration>
: a duration matching the regular expression[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)
where y = 365 days<string>
: a regular string<url>
: a URL<prefix>
: a CLI flag prefix based on the context (look at the parent configuration block to see which CLI flags prefix should be used)<time>
: a timestamp, with available formats:2006-01-20
(midnight, local timezone),2006-01-20T15:04
(local timezone), and RFC 3339 formats:2006-01-20T15:04:05Z
(UTC) or2006-01-20T15:04:05+07:00
(explicit timezone)
Use environment variables in the configuration
You can use environment variable references in the configuration file to set values that need to be configurable during deployment using --config.expand-env
option.
To do this, use:
${VAR}
Where VAR is the name of the environment variable.
Each variable reference is replaced at startup by the value of the environment variable. The replacement is case-sensitive and occurs before the YAML file is parsed. References to undefined variables are replaced by empty strings unless you specify a default value or custom error text.
To specify a default value, use:
${VAR:-default_value}
where default_value is the value to use if the environment variable is undefined.
You can find more about other supported syntax here
Supported contents and default values
# target module
# CLI flag: -target
[target: <string> | default = "all"]
# Set to true to enable auth (deprecated: use multitenancy.enabled)
# CLI flag: -auth.enabled
[auth_enabled: <boolean> | default = false]
# Set to true to enable multitenancy.
# CLI flag: -multitenancy.enabled
[multitenancy_enabled: <boolean> | default = false]
# stream_over_http_enabled is not exposed as CLI flag.
[stream_over_http_enabled: <boolean> | default = false]
# String prefix for all http api endpoints.
# CLI flag: -http-api-prefix
[http_api_prefix: <string> | default = ""]
# Set to true to replace the OpenTracing tracer with the OpenTelemetry tracer
# CLI flag: -use-otel-tracer
[use_otel_tracer: <boolean> | default = false]
# Set to true to enable all Go runtime metrics
# CLI flag: -enable-go-runtime-metrics
[enable_go_runtime_metrics: <boolean> | default = false]
# Set to true to enable autocomplete filtering
# CLI flag: -autocomplete-filtering.enabled
[autocomplete_filtering_enabled: <boolean> | default = false]
# The server_config block configures the HTTP and gRPC server of the launched
# services.
[server: <server_config>]
internal_server:
# http_listen_network is not exposed as CLI flag.
[http_listen_network: <string> | default = "tcp"]
# http_listen_address is not exposed as CLI flag.
[http_listen_address: <string> | default = "localhost"]
# http_listen_port is not exposed as CLI flag.
[http_listen_port: <int> | default = 3101]
# http_listen_conn_limit is not exposed as CLI flag.
[http_listen_conn_limit: <int> | default = 0]
# grpc_listen_network is not exposed as CLI flag.
[grpc_listen_network: <string> | default = ""]
# grpc_listen_address is not exposed as CLI flag.
[grpc_listen_address: <string> | default = ""]
# grpc_listen_port is not exposed as CLI flag.
[grpc_listen_port: <int> | default = 0]
# grpc_listen_conn_limit is not exposed as CLI flag.
[grpc_listen_conn_limit: <int> | default = 0]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
http_tls_config:
# cert is not exposed as CLI flag.
[cert: <string> | default = ""]
# key is not exposed as CLI flag.
[key: <string> | default = ""]
# client_ca is not exposed as CLI flag.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# cert is not exposed as CLI flag.
[cert: <string> | default = ""]
# key is not exposed as CLI flag.
[key: <string> | default = ""]
# client_ca is not exposed as CLI flag.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
# register_instrumentation is not exposed as CLI flag.
[register_instrumentation: <boolean> | default = false]
# graceful_shutdown_timeout is not exposed as CLI flag.
[graceful_shutdown_timeout: <duration> | default = 30s]
# http_server_read_timeout is not exposed as CLI flag.
[http_server_read_timeout: <duration> | default = 30s]
# http_server_write_timeout is not exposed as CLI flag.
[http_server_write_timeout: <duration> | default = 30s]
# http_server_idle_timeout is not exposed as CLI flag.
[http_server_idle_timeout: <duration> | default = 2m]
# grpc_server_max_recv_msg_size is not exposed as CLI flag.
[grpc_server_max_recv_msg_size: <int> | default = 0]
# grpc_server_max_send_msg_size is not exposed as CLI flag.
[grpc_server_max_send_msg_size: <int> | default = 0]
# grpc_server_max_concurrent_streams is not exposed as CLI flag.
[grpc_server_max_concurrent_streams: <int> | default = 0]
# grpc_server_max_connection_idle is not exposed as CLI flag.
[grpc_server_max_connection_idle: <duration> | default = 0s]
# grpc_server_max_connection_age is not exposed as CLI flag.
[grpc_server_max_connection_age: <duration> | default = 0s]
# grpc_server_max_connection_age_grace is not exposed as CLI flag.
[grpc_server_max_connection_age_grace: <duration> | default = 0s]
# grpc_server_keepalive_time is not exposed as CLI flag.
[grpc_server_keepalive_time: <duration> | default = 0s]
# grpc_server_keepalive_timeout is not exposed as CLI flag.
[grpc_server_keepalive_timeout: <duration> | default = 0s]
# grpc_server_min_time_between_pings is not exposed as CLI flag.
[grpc_server_min_time_between_pings: <duration> | default = 0s]
# grpc_server_ping_without_stream_allowed is not exposed as CLI flag.
[grpc_server_ping_without_stream_allowed: <boolean> | default = false]
# log_format is not exposed as CLI flag.
[log_format: <string> | default = ""]
# log_level is not exposed as CLI flag.
[log_level: <string> | default = "{ panic <nil>}"]
# log_source_ips_enabled is not exposed as CLI flag.
[log_source_ips_enabled: <boolean> | default = false]
# log_source_ips_header is not exposed as CLI flag.
[log_source_ips_header: <string> | default = ""]
# log_source_ips_regex is not exposed as CLI flag.
[log_source_ips_regex: <string> | default = ""]
# log_request_headers is not exposed as CLI flag.
[log_request_headers: <boolean> | default = false]
# log_request_at_info_level_enabled is not exposed as CLI flag.
[log_request_at_info_level_enabled: <boolean> | default = false]
# log_request_exclude_headers_list is not exposed as CLI flag.
[log_request_exclude_headers_list: <string> | default = ""]
# http_path_prefix is not exposed as CLI flag.
[http_path_prefix: <string> | default = ""]
# enable is not exposed as CLI flag.
[enable: <boolean> | default = false]
# The distributor_config block configures the distributor service.
[distributor: <distributor_config>]
# The ingester_client_config block configures how the distributor services
# connect to the ingester services.
[ingester_client: <ingester_client_config>]
metrics_generator_client:
pool_config:
# checkinterval is not exposed as CLI flag.
[checkinterval: <duration> | default = 15s]
# healthcheckenabled is not exposed as CLI flag.
[healthcheckenabled: <boolean> | default = true]
# healthchecktimeout is not exposed as CLI flag.
[healthchecktimeout: <duration> | default = 1s]
# maxconcurrenthealthchecks is not exposed as CLI flag.
[maxconcurrenthealthchecks: <int> | default = 0]
# remote_timeout is not exposed as CLI flag.
[remote_timeout: <duration> | default = 5s]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 104857600]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# initial_stream_window_size is not exposed as CLI flag.
[initial_stream_window_size: <int> | default = 65535]
# initial_connection_window_size is not exposed as CLI flag.
[initial_connection_window_size: <int> | default = 65535]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# connect_timeout is not exposed as CLI flag.
[connect_timeout: <duration> | default = 5s]
# connect_backoff_base_delay is not exposed as CLI flag.
[connect_backoff_base_delay: <duration> | default = 1s]
# connect_backoff_max_delay is not exposed as CLI flag.
[connect_backoff_max_delay: <duration> | default = 5s]
# The querier_config block configures the querier service.
[querier: <querier_config>]
# The query_frontend_config block configures the query frontend service.
[query_frontend: <query_frontend_config>]
# The compactor_config block configures the compactor service.
[compactor: <compactor_config>]
# The ingester_config block configures the ingester service.
[ingester: <ingester_config>]
metrics_generator:
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -generatorstore
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -generatorprefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -generatorconsul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -generatorconsul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -generatorconsul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -generatorconsul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -generatorconsul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -generatorconsul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -generatorconsul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -generatoretcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -generatoretcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -generatoretcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -generatoretcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -generatoretcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -generatoretcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -generatoretcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -generatoretcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -generatoretcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -generatoretcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -generatoretcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -generatoretcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -generatoretcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -generatormulti.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -generatormulti.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -generatormulti.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -generatormulti.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# instance_id is not exposed as CLI flag.
[instance_id: <string> | default = "Martins-MacBook-Pro.local"]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# instance_addr is not exposed as CLI flag.
[instance_addr: <string> | default = ""]
# instance_port is not exposed as CLI flag.
[instance_port: <int> | default = 0]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
processor:
service_graphs:
# wait is not exposed as CLI flag.
[wait: <duration> | default = 10s]
# max_items is not exposed as CLI flag.
[max_items: <int> | default = 10000]
# workers is not exposed as CLI flag.
[workers: <int> | default = 10]
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = [0.1 0.2 0.4 0.8 1.6 3.2 6.4 12.8]]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
# enable_client_server_prefix is not exposed as CLI flag.
[enable_client_server_prefix: <boolean> | default = false]
# peer_attributes is not exposed as CLI flag.
[peer_attributes: <list of string> | default = [peer.service db.name db.system]]
# span_multiplier_key is not exposed as CLI flag.
[span_multiplier_key: <string> | default = ""]
span_metrics:
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = [0.002 0.004 0.008 0.016 0.032 0.064 0.128 0.256 0.512 1.024 2.048 4.096 8.192 16.384]]
intrinsic_dimensions:
# service is not exposed as CLI flag.
[service: <boolean> | default = true]
# span_name is not exposed as CLI flag.
[span_name: <boolean> | default = true]
# span_kind is not exposed as CLI flag.
[span_kind: <boolean> | default = true]
# status_code is not exposed as CLI flag.
[status_code: <boolean> | default = true]
# status_message is not exposed as CLI flag.
[status_message: <boolean> | default = false]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
dimension_mappings:
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# source_labels is not exposed as CLI flag.
[source_labels: <list of string> | default = []]
# join is not exposed as CLI flag.
[join: <string> | default = ""]
# enable_target_info is not exposed as CLI flag.
[enable_target_info: <boolean> | default = false]
# span_multiplier_key is not exposed as CLI flag.
[span_multiplier_key: <string> | default = ""]
# subprocessors is not exposed as CLI flag.
[subprocessors: <map of spanmetrics.Subprocessor to bool> | default = map[span-metrics-latency:true span-metrics-count:true span-metrics-size:true]]
filter_policies:
include:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
exclude:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
# target_info_excluded_dimensions is not exposed as CLI flag.
[target_info_excluded_dimensions: <list of string> | default = []]
local_blocks:
block:
# bloom_filter_false_positive is not exposed as CLI flag.
[bloom_filter_false_positive: <float> | default = 0]
# bloom_filter_shard_size_bytes is not exposed as CLI flag.
[bloom_filter_shard_size_bytes: <int> | default = 0]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# search_page_size_bytes is not exposed as CLI flag.
[search_page_size_bytes: <int> | default = 0]
# v2_index_downsample_bytes is not exposed as CLI flag.
[v2_index_downsample_bytes: <int> | default = 0]
# v2_index_page_size_bytes is not exposed as CLI flag.
[v2_index_page_size_bytes: <int> | default = 0]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# parquet_row_group_size_bytes is not exposed as CLI flag.
[parquet_row_group_size_bytes: <int> | default = 0]
parquet_dedicated_columns:
# scope is not exposed as CLI flag.
[scope: <string> | default = ""]
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# type is not exposed as CLI flag.
[type: <string> | default = ""]
search:
# chunk_size_bytes is not exposed as CLI flag.
[chunk_size_bytes: <int> | default = 0]
# prefetch_trace_count is not exposed as CLI flag.
[prefetch_trace_count: <int> | default = 0]
# read_buffer_count is not exposed as CLI flag.
[read_buffer_count: <int> | default = 0]
# read_buffer_size_bytes is not exposed as CLI flag.
[read_buffer_size_bytes: <int> | default = 0]
cache_control:
# footer is not exposed as CLI flag.
[footer: <boolean> | default = false]
# column_index is not exposed as CLI flag.
[column_index: <boolean> | default = false]
# offset_index is not exposed as CLI flag.
[offset_index: <boolean> | default = false]
# flush_check_period is not exposed as CLI flag.
[flush_check_period: <duration> | default = 10s]
# trace_idle_period is not exposed as CLI flag.
[trace_idle_period: <duration> | default = 10s]
# max_block_duration is not exposed as CLI flag.
[max_block_duration: <duration> | default = 1m]
# max_block_bytes is not exposed as CLI flag.
[max_block_bytes: <int> | default = 500000000]
# complete_block_timeout is not exposed as CLI flag.
[complete_block_timeout: <duration> | default = 1h]
# max_live_traces is not exposed as CLI flag.
[max_live_traces: <int> | default = 0]
registry:
# collection_interval is not exposed as CLI flag.
[collection_interval: <duration> | default = 15s]
# stale_duration is not exposed as CLI flag.
[stale_duration: <duration> | default = 15m]
# external_labels is not exposed as CLI flag.
[external_labels: <map of string to string> | default = map[]]
# max_label_name_length is not exposed as CLI flag.
[max_label_name_length: <int> | default = 1024]
# max_label_value_length is not exposed as CLI flag.
[max_label_value_length: <int> | default = 2048]
storage:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
wal:
# wal_segment_size is not exposed as CLI flag.
[wal_segment_size: <int> | default = 134217728]
# wal_compression is not exposed as CLI flag.
[wal_compression: <boolean> | default = false]
# stripe_size is not exposed as CLI flag.
[stripe_size: <int> | default = 16384]
# truncate_frequency is not exposed as CLI flag.
[truncate_frequency: <duration> | default = 2h]
# min_wal_time is not exposed as CLI flag.
[min_wal_time: <int> | default = 300000]
# max_wal_time is not exposed as CLI flag.
[max_wal_time: <int> | default = 14400000]
# no_lockfile is not exposed as CLI flag.
[no_lockfile: <boolean> | default = false]
# remote_write_flush_deadline is not exposed as CLI flag.
[remote_write_flush_deadline: <duration> | default = 1m]
# Remote-write client configuration to send rule samples to a Prometheus
# remote-write endpoint.
# See
# https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
[remote_write: <array> | default = none]
traces_storage:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
# completedfilepath is not exposed as CLI flag.
[completedfilepath: <string> | default = ""]
# blocksfilepath is not exposed as CLI flag.
[blocksfilepath: <string> | default = ""]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 0s]
# version is not exposed as CLI flag.
[version: <string> | default = "vParquet2"]
# metrics_ingestion_time_range_slack is not exposed as CLI flag.
[metrics_ingestion_time_range_slack: <duration> | default = 30s]
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 30s]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "metrics-generator"]
# The storage_config block configures how and where to store data.
[storage: <storage_config>]
# The overrides_config block configures the overrides module to set global or
# per-tenant override settings.
[overrides: <overrides_config>]
# The memberlist_config block configures how the gossip ring connects between
# distributors, ingesters and queriers.
[memberlist: <memberlist_config>]
usage_report:
# Enable anonymous usage reporting.
# CLI flag: -reporting.enabled
[reporting_enabled: <boolean> | default = true]
backoff:
# Minimum delay when backing off.
# CLI flag: -reporting.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -reporting.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -reporting.backoff-retries
[max_retries: <int> | default = 10]
# The admin_api_config block configures the Admin API service.
[admin_api: <admin_api_config>]
# The admin_client_config block configures how the Admin API service connects to
# the storage backend.
[admin_client: <admin_client_config>]
# The auth_config block configures the authentication type to use.
[auth: <auth_config>]
# Unique ID of this GET cluster. If undefined the name in the license is used.
# CLI flag: -cluster-name
[cluster_name: <string> | default = ""]
# The tokengen_config block configures the tokengen service.
[tokengen: <tokengen_config>]
# The federation_config block configures the cross-cluster query federation
# service.
[federation: <federation_config>]
# The gateway_config block configures the gateway service.
[gateway: <gateway_config>]
# The license_config block configures the license validation module.
[license: <license_config>]
server_config
The server_config
block configures the HTTP and gRPC server of the launched services.
# http_listen_network is not exposed as CLI flag.
[http_listen_network: <string> | default = "tcp"]
# http_listen_address is not exposed as CLI flag.
[http_listen_address: <string> | default = ""]
# HTTP server listen port.
# CLI flag: -server.http-listen-port
[http_listen_port: <int> | default = 80]
# http_listen_conn_limit is not exposed as CLI flag.
[http_listen_conn_limit: <int> | default = 0]
# grpc_listen_network is not exposed as CLI flag.
[grpc_listen_network: <string> | default = "tcp"]
# grpc_listen_address is not exposed as CLI flag.
[grpc_listen_address: <string> | default = ""]
# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
[grpc_listen_port: <int> | default = 9095]
# grpc_listen_conn_limit is not exposed as CLI flag.
[grpc_listen_conn_limit: <int> | default = 0]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
http_tls_config:
# cert is not exposed as CLI flag.
[cert: <string> | default = ""]
# key is not exposed as CLI flag.
[key: <string> | default = ""]
# client_ca is not exposed as CLI flag.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# cert is not exposed as CLI flag.
[cert: <string> | default = ""]
# key is not exposed as CLI flag.
[key: <string> | default = ""]
# client_ca is not exposed as CLI flag.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
# register_instrumentation is not exposed as CLI flag.
[register_instrumentation: <boolean> | default = true]
# graceful_shutdown_timeout is not exposed as CLI flag.
[graceful_shutdown_timeout: <duration> | default = 30s]
# http_server_read_timeout is not exposed as CLI flag.
[http_server_read_timeout: <duration> | default = 30s]
# http_server_write_timeout is not exposed as CLI flag.
[http_server_write_timeout: <duration> | default = 30s]
# http_server_idle_timeout is not exposed as CLI flag.
[http_server_idle_timeout: <duration> | default = 2m]
# grpc_server_max_recv_msg_size is not exposed as CLI flag.
[grpc_server_max_recv_msg_size: <int> | default = 16777216]
# grpc_server_max_send_msg_size is not exposed as CLI flag.
[grpc_server_max_send_msg_size: <int> | default = 16777216]
# grpc_server_max_concurrent_streams is not exposed as CLI flag.
[grpc_server_max_concurrent_streams: <int> | default = 100]
# grpc_server_max_connection_idle is not exposed as CLI flag.
[grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_max_connection_age is not exposed as CLI flag.
[grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_max_connection_age_grace is not exposed as CLI flag.
[grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_keepalive_time is not exposed as CLI flag.
[grpc_server_keepalive_time: <duration> | default = 2h]
# grpc_server_keepalive_timeout is not exposed as CLI flag.
[grpc_server_keepalive_timeout: <duration> | default = 20s]
# grpc_server_min_time_between_pings is not exposed as CLI flag.
[grpc_server_min_time_between_pings: <duration> | default = 10s]
# grpc_server_ping_without_stream_allowed is not exposed as CLI flag.
[grpc_server_ping_without_stream_allowed: <boolean> | default = true]
# log_format is not exposed as CLI flag.
[log_format: <string> | default = "logfmt"]
# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
[log_level: <string> | default = "info"]
# log_source_ips_enabled is not exposed as CLI flag.
[log_source_ips_enabled: <boolean> | default = false]
# log_source_ips_header is not exposed as CLI flag.
[log_source_ips_header: <string> | default = ""]
# log_source_ips_regex is not exposed as CLI flag.
[log_source_ips_regex: <string> | default = ""]
# log_request_headers is not exposed as CLI flag.
[log_request_headers: <boolean> | default = false]
# log_request_at_info_level_enabled is not exposed as CLI flag.
[log_request_at_info_level_enabled: <boolean> | default = false]
# log_request_exclude_headers_list is not exposed as CLI flag.
[log_request_exclude_headers_list: <string> | default = ""]
# http_path_prefix is not exposed as CLI flag.
[http_path_prefix: <string> | default = ""]
distributor_config
The distributor_config
block configures the distributor service.
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = "memberlist"]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 5m]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# receivers is not exposed as CLI flag.
[receivers: <map of string to interface {}> | default = map[]]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "distributor"]
# Enable to log every received trace id to help debug ingestion.
# CLI flag: -distributor.log-received-traces
[log_received_traces: <boolean> | default = false]
log_received_spans:
# Enable to log every received span to help debug ingestion or calculate span
# error distributions using the logs.
# CLI flag: -distributor.log-received-spans.enabled
[enabled: <boolean> | default = false]
# Enable to include span attributes in the logs.
# CLI flag: -distributor.log-received-spans.include-attributes
[include_all_attributes: <boolean> | default = false]
# Enable to filter out spans without status error.
# CLI flag: -distributor.log-received-spans.filter-by-status-error
[filter_by_status_error: <boolean> | default = false]
forwarders:
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# backend is not exposed as CLI flag.
[backend: <string> | default = ""]
otlpgrpc:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
tls:
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
filter:
traces:
# span is not exposed as CLI flag.
[span: <list of string> | default = []]
# spanevent is not exposed as CLI flag.
[spanevent: <list of string> | default = []]
# extend_writes is not exposed as CLI flag.
[extend_writes: <boolean> | default = true]
query_frontend_config
The query_frontend_config
block configures the query frontend service.
# max_outstanding_per_tenant is not exposed as CLI flag.
[max_outstanding_per_tenant: <int> | default = 2000]
# querier_forget_delay is not exposed as CLI flag.
[querier_forget_delay: <duration> | default = 0s]
# max_batch_size is not exposed as CLI flag.
[max_batch_size: <int> | default = 5]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 2]
search:
# concurrent_jobs is not exposed as CLI flag.
[concurrent_jobs: <int> | default = 1000]
# target_bytes_per_job is not exposed as CLI flag.
[target_bytes_per_job: <int> | default = 104857600]
# default_result_limit is not exposed as CLI flag.
[default_result_limit: <int> | default = 20]
# max_result_limit is not exposed as CLI flag.
[max_result_limit: <int> | default = 0]
# max_duration is not exposed as CLI flag.
[max_duration: <duration> | default = 168h]
# query_backend_after is not exposed as CLI flag.
[query_backend_after: <duration> | default = 15m]
# query_ingesters_until is not exposed as CLI flag.
[query_ingesters_until: <duration> | default = 30m]
# duration_slo is not exposed as CLI flag.
[duration_slo: <duration> | default = 0s]
# throughput_bytes_slo is not exposed as CLI flag.
[throughput_bytes_slo: <float> | default = 0]
trace_by_id:
# query_shards is not exposed as CLI flag.
[query_shards: <int> | default = 50]
# concurrent_shards is not exposed as CLI flag.
[concurrent_shards: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 2s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 2]
# duration_slo is not exposed as CLI flag.
[duration_slo: <duration> | default = 0s]
# throughput_bytes_slo is not exposed as CLI flag.
[throughput_bytes_slo: <float> | default = 0]
querier_config
The querier_config
block configures the querier service.
search:
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 30s]
# prefer_self is not exposed as CLI flag.
[prefer_self: <int> | default = 10]
# external_hedge_requests_at is not exposed as CLI flag.
[external_hedge_requests_at: <duration> | default = 8s]
# external_hedge_requests_up_to is not exposed as CLI flag.
[external_hedge_requests_up_to: <int> | default = 2]
# external_backend is not exposed as CLI flag.
[external_backend: <string> | default = ""]
google_cloud_run:
# external_endpoints is not exposed as CLI flag.
[external_endpoints: <list of string> | default = []]
# noauth is not exposed as CLI flag.
[noauth: <boolean> | default = false]
# external_endpoints is not exposed as CLI flag.
[external_endpoints: <list of string> | default = []]
trace_by_id:
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 10s]
# extra_query_delay is not exposed as CLI flag.
[extra_query_delay: <duration> | default = 0s]
# max_concurrent_queries is not exposed as CLI flag.
[max_concurrent_queries: <int> | default = 20]
frontend_worker:
# Address of query frontend service, in host:port format.
# CLI flag: -querier.frontend-address
[frontend_address: <string> | default = ""]
# dns_lookup_duration is not exposed as CLI flag.
[dns_lookup_duration: <duration> | default = 10s]
# parallelism is not exposed as CLI flag.
[parallelism: <int> | default = 2]
# match_max_concurrent is not exposed as CLI flag.
[match_max_concurrent: <boolean> | default = true]
# id is not exposed as CLI flag.
[id: <string> | default = ""]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 16777216]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "gzip"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 1s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 5]
# initial_stream_window_size is not exposed as CLI flag.
[initial_stream_window_size: <int> | default = 0]
# initial_connection_window_size is not exposed as CLI flag.
[initial_connection_window_size: <int> | default = 0]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# connect_timeout is not exposed as CLI flag.
[connect_timeout: <duration> | default = 0s]
# connect_backoff_base_delay is not exposed as CLI flag.
[connect_backoff_base_delay: <duration> | default = 0s]
# connect_backoff_max_delay is not exposed as CLI flag.
[connect_backoff_max_delay: <duration> | default = 0s]
# query_relevant_ingesters is not exposed as CLI flag.
[query_relevant_ingesters: <boolean> | default = false]
# secondary_ingester_ring is not exposed as CLI flag.
[secondary_ingester_ring: <string> | default = ""]
ingester_client_config
The ingester_client_config
block configures how the distributor services connect to the ingester services.
pool_config:
# checkinterval is not exposed as CLI flag.
[checkinterval: <duration> | default = 15s]
# healthcheckenabled is not exposed as CLI flag.
[healthcheckenabled: <boolean> | default = true]
# healthchecktimeout is not exposed as CLI flag.
[healthchecktimeout: <duration> | default = 1s]
# maxconcurrenthealthchecks is not exposed as CLI flag.
[maxconcurrenthealthchecks: <int> | default = 0]
# remote_timeout is not exposed as CLI flag.
[remote_timeout: <duration> | default = 5s]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 104857600]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# initial_stream_window_size is not exposed as CLI flag.
[initial_stream_window_size: <int> | default = 65535]
# initial_connection_window_size is not exposed as CLI flag.
[initial_connection_window_size: <int> | default = 65535]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# connect_timeout is not exposed as CLI flag.
[connect_timeout: <duration> | default = 5s]
# connect_backoff_base_delay is not exposed as CLI flag.
[connect_backoff_base_delay: <duration> | default = 1s]
# connect_backoff_max_delay is not exposed as CLI flag.
[connect_backoff_max_delay: <duration> | default = 5s]
ingester_config
The ingester_config
block configures the ingester service.
lifecycler:
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = "memberlist"]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 5m]
# replication_factor is not exposed as CLI flag.
[replication_factor: <int> | default = 1]
# zone_awareness_enabled is not exposed as CLI flag.
[zone_awareness_enabled: <boolean> | default = false]
# excluded_zones is not exposed as CLI flag.
[excluded_zones: <string> | default = ""]
# num_tokens is not exposed as CLI flag.
[num_tokens: <int> | default = 128]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# observe_period is not exposed as CLI flag.
[observe_period: <duration> | default = 0s]
# join_after is not exposed as CLI flag.
[join_after: <duration> | default = 0s]
# min_ready_duration is not exposed as CLI flag.
[min_ready_duration: <duration> | default = 15s]
# interface_names is not exposed as CLI flag.
[interface_names: <list of string> | default = [en0]]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
# final_sleep is not exposed as CLI flag.
[final_sleep: <duration> | default = 0s]
# tokens_file_path is not exposed as CLI flag.
[tokens_file_path: <string> | default = ""]
# availability_zone is not exposed as CLI flag.
[availability_zone: <string> | default = ""]
# unregister_on_shutdown is not exposed as CLI flag.
[unregister_on_shutdown: <boolean> | default = true]
# readiness_check_ring_health is not exposed as CLI flag.
[readiness_check_ring_health: <boolean> | default = true]
# address is not exposed as CLI flag.
[address: <string> | default = ""]
# port is not exposed as CLI flag.
[port: <int> | default = 0]
# ID to register in the ring.
# CLI flag: -ingester.lifecycler.ID
[id: <string> | default = "Martins-MacBook-Pro.local"]
# concurrent_flushes is not exposed as CLI flag.
[concurrent_flushes: <int> | default = 4]
# flush_check_period is not exposed as CLI flag.
[flush_check_period: <duration> | default = 10s]
# flush_op_timeout is not exposed as CLI flag.
[flush_op_timeout: <duration> | default = 5m]
# Duration after which to consider a trace complete if no spans have been
# received
# CLI flag: -ingester.trace-idle-period
[trace_idle_period: <duration> | default = 10s]
# Maximum duration which the head block can be appended to before cutting it.
# CLI flag: -ingester.max-block-duration
[max_block_duration: <duration> | default = 30m]
# Maximum size of the head block before cutting it.
# CLI flag: -ingester.max-block-bytes
[max_block_bytes: <int> | default = 524288000]
# Duration to keep blocks in the ingester after they have been flushed.
# CLI flag: -ingester.complete-block-timeout
[complete_block_timeout: <duration> | default = 15m]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "ring"]
# flush_all_on_shutdown is not exposed as CLI flag.
[flush_all_on_shutdown: <boolean> | default = false]
compactor_config
The compactor_config
block configures the compactor service.
# Disable compaction.
# CLI flag: -compactor.disabled
[disabled: <boolean> | default = false]
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# wait_stability_min_duration is not exposed as CLI flag.
[wait_stability_min_duration: <duration> | default = 1m]
# wait_stability_max_duration is not exposed as CLI flag.
[wait_stability_max_duration: <duration> | default = 5m]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
# wait_active_instance_timeout is not exposed as CLI flag.
[wait_active_instance_timeout: <duration> | default = 10m]
compaction:
# v2_in_buffer_bytes is not exposed as CLI flag.
[v2_in_buffer_bytes: <int> | default = 5242880]
# v2_out_buffer_bytes is not exposed as CLI flag.
[v2_out_buffer_bytes: <int> | default = 20971520]
# v2_prefetch_traces_count is not exposed as CLI flag.
[v2_prefetch_traces_count: <int> | default = 1000]
# Maximum time window across which to compact blocks.
# CLI flag: -compactor.compaction.compaction-window
[compaction_window: <duration> | default = 1h]
# Maximum number of traces in a compacted block.
# CLI flag: -compactor.compaction.max-objects-per-block
[max_compaction_objects: <int> | default = 6000000]
# Maximum size of a compacted block.
# CLI flag: -compactor.compaction.max-block-bytes
[max_block_bytes: <int> | default = 107374182400]
# Duration to keep blocks/traces.
# CLI flag: -compactor.compaction.block-retention
[block_retention: <duration> | default = 336h]
# compacted_block_retention is not exposed as CLI flag.
[compacted_block_retention: <duration> | default = 1h]
# retention_concurrency is not exposed as CLI flag.
[retention_concurrency: <int> | default = 10]
# max_time_per_tenant is not exposed as CLI flag.
[max_time_per_tenant: <duration> | default = 5m]
# compaction_cycle is not exposed as CLI flag.
[compaction_cycle: <duration> | default = 30s]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "compactor"]
storage_config
The storage_config
block configures how and where to store data.
trace:
pool:
# max_workers is not exposed as CLI flag.
[max_workers: <int> | default = 0]
# queue_depth is not exposed as CLI flag.
[queue_depth: <int> | default = 0]
wal:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
# completedfilepath is not exposed as CLI flag.
[completedfilepath: <string> | default = ""]
# blocksfilepath is not exposed as CLI flag.
[blocksfilepath: <string> | default = ""]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 0s]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
block:
# bloom_filter_false_positive is not exposed as CLI flag.
[bloom_filter_false_positive: <float> | default = 0]
# bloom_filter_shard_size_bytes is not exposed as CLI flag.
[bloom_filter_shard_size_bytes: <int> | default = 0]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# search_page_size_bytes is not exposed as CLI flag.
[search_page_size_bytes: <int> | default = 0]
# v2_index_downsample_bytes is not exposed as CLI flag.
[v2_index_downsample_bytes: <int> | default = 0]
# v2_index_page_size_bytes is not exposed as CLI flag.
[v2_index_page_size_bytes: <int> | default = 0]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# parquet_row_group_size_bytes is not exposed as CLI flag.
[parquet_row_group_size_bytes: <int> | default = 0]
parquet_dedicated_columns:
# scope is not exposed as CLI flag.
[scope: <string> | default = ""]
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# type is not exposed as CLI flag.
[type: <string> | default = ""]
search:
# chunk_size_bytes is not exposed as CLI flag.
[chunk_size_bytes: <int> | default = 0]
# prefetch_trace_count is not exposed as CLI flag.
[prefetch_trace_count: <int> | default = 0]
# read_buffer_count is not exposed as CLI flag.
[read_buffer_count: <int> | default = 0]
# read_buffer_size_bytes is not exposed as CLI flag.
[read_buffer_size_bytes: <int> | default = 0]
cache_control:
# footer is not exposed as CLI flag.
[footer: <boolean> | default = false]
# column_index is not exposed as CLI flag.
[column_index: <boolean> | default = false]
# offset_index is not exposed as CLI flag.
[offset_index: <boolean> | default = false]
# Period at which to run the maintenance cycle.
# CLI flag: -storage.trace.blocklist_poll
[blocklist_poll: <duration> | default = 5m]
# blocklist_poll_concurrency is not exposed as CLI flag.
[blocklist_poll_concurrency: <int> | default = 50]
# blocklist_poll_fallback is not exposed as CLI flag.
[blocklist_poll_fallback: <boolean> | default = true]
# blocklist_poll_tenant_index_builders is not exposed as CLI flag.
[blocklist_poll_tenant_index_builders: <int> | default = 2]
# blocklist_poll_stale_tenant_index is not exposed as CLI flag.
[blocklist_poll_stale_tenant_index: <duration> | default = 0s]
# blocklist_poll_jitter_ms is not exposed as CLI flag.
[blocklist_poll_jitter_ms: <int> | default = 0]
# blocklist_poll_tolerate_consecutive_errors is not exposed as CLI flag.
[blocklist_poll_tolerate_consecutive_errors: <int> | default = 1]
# Trace backend (s3, azure, gcs, local)
# CLI flag: -storage.trace.backend
[backend: <string> | default = ""]
local:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
gcs:
# bucket_name is not exposed as CLI flag.
[bucket_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# chunk_buffer_size is not exposed as CLI flag.
[chunk_buffer_size: <int> | default = 0]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# object_cache_control is not exposed as CLI flag.
[object_cache_control: <string> | default = ""]
# object_metadata is not exposed as CLI flag.
[object_metadata: <map of string to string> | default = map[]]
s3:
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# bucket is not exposed as CLI flag.
[bucket: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# region is not exposed as CLI flag.
[region: <string> | default = ""]
# access_key is not exposed as CLI flag.
[access_key: <string> | default = ""]
# secret_key is not exposed as CLI flag.
[secret_key: <string> | default = ""]
# session_token is not exposed as CLI flag.
[session_token: <string> | default = ""]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# part_size is not exposed as CLI flag.
[part_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# signature_v2 is not exposed as CLI flag.
[signature_v2: <boolean> | default = false]
# forcepathstyle is not exposed as CLI flag.
[forcepathstyle: <boolean> | default = false]
# bucket_lookup_type is not exposed as CLI flag.
[bucket_lookup_type: <int> | default = 0]
# tags is not exposed as CLI flag.
[tags: <map of string to string> | default = map[]]
# storage_class is not exposed as CLI flag.
[storage_class: <string> | default = ""]
# metadata is not exposed as CLI flag.
[metadata: <map of string to string> | default = map[]]
# native_aws_auth_enabled is not exposed as CLI flag.
[native_aws_auth_enabled: <boolean> | default = false]
azure:
# storage_account_name is not exposed as CLI flag.
[storage_account_name: <string> | default = ""]
# storage_account_key is not exposed as CLI flag.
[storage_account_key: <string> | default = ""]
# use_managed_identity is not exposed as CLI flag.
[use_managed_identity: <boolean> | default = false]
# use_federated_token is not exposed as CLI flag.
[use_federated_token: <boolean> | default = false]
# user_assigned_id is not exposed as CLI flag.
[user_assigned_id: <string> | default = ""]
# container_name is not exposed as CLI flag.
[container_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint_suffix is not exposed as CLI flag.
[endpoint_suffix: <string> | default = ""]
# max_buffers is not exposed as CLI flag.
[max_buffers: <int> | default = 0]
# buffer_size is not exposed as CLI flag.
[buffer_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# use_v2_sdk is not exposed as CLI flag.
[use_v2_sdk: <boolean> | default = false]
# cache is not exposed as CLI flag.
[cache: <string> | default = ""]
# cache_min_compaction_level is not exposed as CLI flag.
[cache_min_compaction_level: <int> | default = 0]
# cache_max_block_age is not exposed as CLI flag.
[cache_max_block_age: <duration> | default = 0s]
background_cache:
# writeback_goroutines is not exposed as CLI flag.
[writeback_goroutines: <int> | default = 0]
# writeback_buffer is not exposed as CLI flag.
[writeback_buffer: <int> | default = 0]
memcached:
# host is not exposed as CLI flag.
[host: <string> | default = ""]
# service is not exposed as CLI flag.
[service: <string> | default = ""]
# addresses is not exposed as CLI flag.
[addresses: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# max_idle_conns is not exposed as CLI flag.
[max_idle_conns: <int> | default = 0]
# max_item_size is not exposed as CLI flag.
[max_item_size: <int> | default = 0]
# update_interval is not exposed as CLI flag.
[update_interval: <duration> | default = 0s]
# consistent_hash is not exposed as CLI flag.
[consistent_hash: <boolean> | default = false]
# circuit_breaker_consecutive_failures is not exposed as CLI flag.
[circuit_breaker_consecutive_failures: <int> | default = 0]
# circuit_breaker_timeout is not exposed as CLI flag.
[circuit_breaker_timeout: <duration> | default = 0s]
# circuit_breaker_interval is not exposed as CLI flag.
[circuit_breaker_interval: <duration> | default = 0s]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]
redis:
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# master_name is not exposed as CLI flag.
[master_name: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# expiration is not exposed as CLI flag.
[expiration: <duration> | default = 0s]
# db is not exposed as CLI flag.
[db: <int> | default = 0]
# pool_size is not exposed as CLI flag.
[pool_size: <int> | default = 0]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
# sentinel_username is not exposed as CLI flag.
[sentinel_username: <string> | default = ""]
# sentinel_password is not exposed as CLI flag.
[sentinel_password: <string> | default = ""]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# idle_timeout is not exposed as CLI flag.
[idle_timeout: <duration> | default = 0s]
# max_connection_age is not exposed as CLI flag.
[max_connection_age: <duration> | default = 0s]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]
overrides_config
The overrides_config
block configures the overrides module to set global or per-tenant override settings.
defaults:
ingestion:
# Whether the various ingestion rate limits should be applied individually
# to each distributor instance (local), or evenly shared across the cluster
# (global).
# CLI flag: -distributor.rate-limit-strategy
[rate_strategy: <string> | default = "local"]
# Per-user ingestion rate limit in bytes per second.
# CLI flag: -distributor.ingestion-rate-limit-bytes
[rate_limit_bytes: <int> | default = 15000000]
# Per-user ingestion burst size in bytes. Should be set to the expected size
# (in bytes) of a single push request.
# CLI flag: -distributor.ingestion-burst-size-bytes
[burst_size_bytes: <int> | default = 20000000]
# Maximum number of active traces per user, per ingester. 0 to disable.
# CLI flag: -ingester.max-traces-per-user
[max_traces_per_user: <int> | default = 10000]
# Maximum number of active traces per user, across the cluster. 0 to
# disable.
# CLI flag: -ingester.max-global-traces-per-user
[max_global_traces_per_user: <int> | default = 0]
read:
# Maximum size of response for a tag-values query. Used mainly to limit
# large the number of values associated with a particular tag
# CLI flag: -querier.max-bytes-per-tag-values-query
[max_bytes_per_tag_values_query: <int> | default = 5000000]
# Maximum number of blocks to query for a tag-values query. 0 to disable.
# CLI flag: -querier.max-blocks-per-tag-values-query
[max_blocks_per_tag_values_query: <int> | default = 0]
# max_search_duration is not exposed as CLI flag.
[max_search_duration: <duration> | default = 0s]
compaction:
# block_retention is not exposed as CLI flag.
[block_retention: <duration> | default = 0s]
metrics_generator:
# ring_size is not exposed as CLI flag.
[ring_size: <int> | default = 0]
# processors is not exposed as CLI flag.
[processors: <map of string to struct {}> | default = map[]]
# max_active_series is not exposed as CLI flag.
[max_active_series: <int> | default = 0]
# collection_interval is not exposed as CLI flag.
[collection_interval: <duration> | default = 0s]
# disable_collection is not exposed as CLI flag.
[disable_collection: <boolean> | default = false]
forwarder:
# queue_size is not exposed as CLI flag.
[queue_size: <int> | default = 0]
# workers is not exposed as CLI flag.
[workers: <int> | default = 0]
processor:
service_graphs:
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = []]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
# peer_attributes is not exposed as CLI flag.
[peer_attributes: <list of string> | default = []]
# enable_client_server_prefix is not exposed as CLI flag.
[enable_client_server_prefix: <boolean> | default = false]
span_metrics:
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = []]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
# intrinsic_dimensions is not exposed as CLI flag.
[intrinsic_dimensions: <map of string to bool> | default = map[]]
filter_policies:
include:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
exclude:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
dimension_mappings:
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# source_labels is not exposed as CLI flag.
[source_labels: <list of string> | default = []]
# join is not exposed as CLI flag.
[join: <string> | default = ""]
# enable_target_info is not exposed as CLI flag.
[enable_target_info: <boolean> | default = false]
# target_info_excluded_dimensions is not exposed as CLI flag.
[target_info_excluded_dimensions: <list of string> | default = []]
local_blocks:
# max_live_traces is not exposed as CLI flag.
[max_live_traces: <int> | default = 0]
# max_block_duration is not exposed as CLI flag.
[max_block_duration: <duration> | default = 0s]
# max_block_bytes is not exposed as CLI flag.
[max_block_bytes: <int> | default = 0]
# flush_check_period is not exposed as CLI flag.
[flush_check_period: <duration> | default = 0s]
# trace_idle_period is not exposed as CLI flag.
[trace_idle_period: <duration> | default = 0s]
# complete_block_timeout is not exposed as CLI flag.
[complete_block_timeout: <duration> | default = 0s]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 0s]
# forwarders is not exposed as CLI flag.
[forwarders: <list of string> | default = []]
global:
# Maximum size of a trace in bytes. 0 to disable.
# CLI flag: -ingester.max-bytes-per-trace
[max_bytes_per_trace: <int> | default = 5000000]
storage:
parquet_dedicated_columns:
# scope is not exposed as CLI flag.
[scope: <string> | default = ""]
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# type is not exposed as CLI flag.
[type: <string> | default = ""]
# File name of per-user Overrides.
# CLI flag: -config.per-user-override-config
[per_tenant_override_config: <string> | default = ""]
# Period with this to reload the Overrides.
# CLI flag: -config.per-user-override-period
[per_tenant_override_period: <duration> | default = 10s]
user_configurable_overrides:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# poll_interval is not exposed as CLI flag.
[poll_interval: <duration> | default = 1m]
client:
# backend is not exposed as CLI flag.
[backend: <string> | default = ""]
# confirm_versioning is not exposed as CLI flag.
[confirm_versioning: <boolean> | default = true]
local:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
gcs:
# bucket_name is not exposed as CLI flag.
[bucket_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# chunk_buffer_size is not exposed as CLI flag.
[chunk_buffer_size: <int> | default = 0]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# object_cache_control is not exposed as CLI flag.
[object_cache_control: <string> | default = ""]
# object_metadata is not exposed as CLI flag.
[object_metadata: <map of string to string> | default = map[]]
s3:
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# bucket is not exposed as CLI flag.
[bucket: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# region is not exposed as CLI flag.
[region: <string> | default = ""]
# access_key is not exposed as CLI flag.
[access_key: <string> | default = ""]
# secret_key is not exposed as CLI flag.
[secret_key: <string> | default = ""]
# session_token is not exposed as CLI flag.
[session_token: <string> | default = ""]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# part_size is not exposed as CLI flag.
[part_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# signature_v2 is not exposed as CLI flag.
[signature_v2: <boolean> | default = false]
# forcepathstyle is not exposed as CLI flag.
[forcepathstyle: <boolean> | default = false]
# bucket_lookup_type is not exposed as CLI flag.
[bucket_lookup_type: <int> | default = 0]
# tags is not exposed as CLI flag.
[tags: <map of string to string> | default = map[]]
# storage_class is not exposed as CLI flag.
[storage_class: <string> | default = ""]
# metadata is not exposed as CLI flag.
[metadata: <map of string to string> | default = map[]]
# native_aws_auth_enabled is not exposed as CLI flag.
[native_aws_auth_enabled: <boolean> | default = false]
azure:
# storage_account_name is not exposed as CLI flag.
[storage_account_name: <string> | default = ""]
# storage_account_key is not exposed as CLI flag.
[storage_account_key: <string> | default = ""]
# use_managed_identity is not exposed as CLI flag.
[use_managed_identity: <boolean> | default = false]
# use_federated_token is not exposed as CLI flag.
[use_federated_token: <boolean> | default = false]
# user_assigned_id is not exposed as CLI flag.
[user_assigned_id: <string> | default = ""]
# container_name is not exposed as CLI flag.
[container_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint_suffix is not exposed as CLI flag.
[endpoint_suffix: <string> | default = ""]
# max_buffers is not exposed as CLI flag.
[max_buffers: <int> | default = 0]
# buffer_size is not exposed as CLI flag.
[buffer_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# use_v2_sdk is not exposed as CLI flag.
[use_v2_sdk: <boolean> | default = false]
memberlist_config
The memberlist_config
block configures how the gossip ring connects between distributors, ingesters and queriers.
# node_name is not exposed as CLI flag.
[node_name: <string> | default = ""]
# randomize_node_name is not exposed as CLI flag.
[randomize_node_name: <boolean> | default = true]
# stream_timeout is not exposed as CLI flag.
[stream_timeout: <duration> | default = 10s]
# retransmit_factor is not exposed as CLI flag.
[retransmit_factor: <int> | default = 2]
# pull_push_interval is not exposed as CLI flag.
[pull_push_interval: <duration> | default = 30s]
# gossip_interval is not exposed as CLI flag.
[gossip_interval: <duration> | default = 1s]
# gossip_nodes is not exposed as CLI flag.
[gossip_nodes: <int> | default = 2]
# gossip_to_dead_nodes_time is not exposed as CLI flag.
[gossip_to_dead_nodes_time: <duration> | default = 30s]
# dead_node_reclaim_time is not exposed as CLI flag.
[dead_node_reclaim_time: <duration> | default = 0s]
# compression_enabled is not exposed as CLI flag.
[compression_enabled: <boolean> | default = false]
# advertise_addr is not exposed as CLI flag.
[advertise_addr: <string> | default = ""]
# advertise_port is not exposed as CLI flag.
[advertise_port: <int> | default = 7946]
# cluster_label is not exposed as CLI flag.
[cluster_label: <string> | default = ""]
# cluster_label_verification_disabled is not exposed as CLI flag.
[cluster_label_verification_disabled: <boolean> | default = false]
# Host port to connect to memberlist cluster.
# CLI flag: -memberlist.host-port
[join_members: <list of string> | default = []]
# min_join_backoff is not exposed as CLI flag.
[min_join_backoff: <duration> | default = 1s]
# max_join_backoff is not exposed as CLI flag.
[max_join_backoff: <duration> | default = 1m]
# max_join_retries is not exposed as CLI flag.
[max_join_retries: <int> | default = 10]
# abort_if_cluster_join_fails is not exposed as CLI flag.
[abort_if_cluster_join_fails: <boolean> | default = false]
# rejoin_interval is not exposed as CLI flag.
[rejoin_interval: <duration> | default = 0s]
# left_ingesters_timeout is not exposed as CLI flag.
[left_ingesters_timeout: <duration> | default = 5m]
# leave_timeout is not exposed as CLI flag.
[leave_timeout: <duration> | default = 20s]
# message_history_buffer_bytes is not exposed as CLI flag.
[message_history_buffer_bytes: <int> | default = 0]
# bind_addr is not exposed as CLI flag.
[bind_addr: <list of string> | default = []]
# Port for memberlist to communicate on
# CLI flag: -memberlist.bind-port
[bind_port: <int> | default = 7946]
# packet_dial_timeout is not exposed as CLI flag.
[packet_dial_timeout: <duration> | default = 2s]
# packet_write_timeout is not exposed as CLI flag.
[packet_write_timeout: <duration> | default = 5s]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
admin_api_config
The admin_api_config
block configures the Admin API service.
# Designated header to parse when searching for the grafana user ID of the user
# accessing the API.
# CLI flag: -admin.api.user-header-name
[user_header_name: <string> | default = "X-WEBAUTH-USER"]
leader_election:
# This flag enables leader election for the admin api.
# CLI flag: -admin-api.leader-election.enabled
[enabled: <boolean> | default = true]
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -admin-api.leader-election.ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -admin-api.leader-election.ring.prefix
[prefix: <string> | default = "leader-election/"]
consul:
# Hostname and port of Consul.
# CLI flag: -admin-api.leader-election.ring.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -admin-api.leader-election.ring.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -admin-api.leader-election.ring.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -admin-api.leader-election.ring.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -admin-api.leader-election.ring.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -admin-api.leader-election.ring.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -admin-api.leader-election.ring.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -admin-api.leader-election.ring.etcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -admin-api.leader-election.ring.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -admin-api.leader-election.ring.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin-api.leader-election.ring.etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin-api.leader-election.ring.etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -admin-api.leader-election.ring.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -admin-api.leader-election.ring.etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -admin-api.leader-election.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -admin-api.leader-election.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -admin-api.leader-election.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -admin-api.leader-election.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring.
# CLI flag: -admin-api.leader-election.ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which admin-api instances are considered
# unhealthy within the ring.
# CLI flag: -admin-api.leader-election.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Period to wait after generating tokens to resolve collisions. Required
# when using a gossip ring KV store.
# CLI flag: -admin-api.leader-election.ring.tokens-observe-period
[tokens_observe_period: <duration> | default = 1m]
# Instance ID to register in the ring.
# CLI flag: -admin-api.leader-election.ring.instance-id
[instance_id: <string> | default = "Martins-MacBook-Pro.local"]
# Name of network interface to read address from.
# CLI flag: -admin-api.leader-election.ring.instance-interface-names
[instance_interface_names: <list of string> | default = [en0]]
# Port to advertize in the ring (defaults to server.grpc-listen-port).
# CLI flag: -admin-api.leader-election.ring.instance-port
[instance_port: <int> | default = 0]
# IP address to advertize in the ring.
# CLI flag: -admin-api.leader-election.ring.instance-addr
[instance_addr: <string> | default = ""]
# Enable using a IPv6 instance address.
# CLI flag: -admin-api.leader-election.ring.instance-enable-ipv6
[instance_enable_ipv6: <boolean> | default = false]
client_config:
# gRPC client max receive message size (bytes).
# CLI flag: -admin-api.leader-election.client.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -admin-api.leader-election.client.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 104857600]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy' and '' (disable compression)
# CLI flag: -admin-api.leader-election.client.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -admin-api.leader-election.client.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -admin-api.leader-election.client.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit rate limits.
# CLI flag: -admin-api.leader-election.client.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -admin-api.leader-election.client.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -admin-api.leader-election.client.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -admin-api.leader-election.client.backoff-retries
[max_retries: <int> | default = 10]
# Initial stream window size. Values less than the default are not supported
# and are ignored. Setting this to a value other than the default disables
# the BDP estimator.
# CLI flag: -admin-api.leader-election.client.initial-stream-window-size
[initial_stream_window_size: <int> | default = 63KiB1023B]
# Initial connection window size. Values less than the default are not
# supported and are ignored. Setting this to a value other than the default
# disables the BDP estimator.
# CLI flag: -admin-api.leader-election.client.initial-connection-window-size
[initial_connection_window_size: <int> | default = 63KiB1023B]
# Enable TLS in the gRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -admin-api.leader-election.client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -admin-api.leader-election.client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin-api.leader-election.client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -admin-api.leader-election.client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin-api.leader-election.client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin-api.leader-election.client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin-api.leader-election.client.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin-api.leader-election.client.tls-min-version
[tls_min_version: <string> | default = ""]
# The maximum amount of time to establish a connection. A value of 0 means
# default gRPC client connect timeout and backoff.
# CLI flag: -admin-api.leader-election.client.connect-timeout
[connect_timeout: <duration> | default = 5s]
# Initial backoff delay after first connection failure. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -admin-api.leader-election.client.connect-backoff-base-delay
[connect_backoff_base_delay: <duration> | default = 1s]
# Maximum backoff delay when establishing a connection. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -admin-api.leader-election.client.connect-backoff-max-delay
[connect_backoff_max_delay: <duration> | default = 5s]
limits:
# Enable API based limits per-tenant.
# CLI flag: -admin-api.limits.enabled
[enabled: <boolean> | default = true]
# Period with which to refresh per-tenant limits.
# CLI flag: -admin-api.limits.refresh-period
[refresh_period: <duration> | default = 1m]
admin_client_config
The admin_client_config
block configures how the Admin API service connects to the storage backend.
storage:
# Enable caching on the versioned client.
# CLI flag: -admin.client.cache.enabled
[enable_cache: <boolean> | default = true]
cache:
# Cache backend type. Supported values are: memcached, redis, inmemory.
# CLI flag: -admin.client.cache.backend
[backend: <string> | default = "inmemory"]
memcached:
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery
# format.
# CLI flag: -admin.client.cache.memcached.addresses
[addresses: <string> | default = ""]
# The socket read/write timeout.
# CLI flag: -admin.client.cache.memcached.timeout
[timeout: <duration> | default = 200ms]
# The connection timeout.
# CLI flag: -admin.client.cache.memcached.connect-timeout
[connect_timeout: <duration> | default = 200ms]
# The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative,
# idle connections are kept open indefinitely.
# CLI flag: -admin.client.cache.memcached.min-idle-connections-headroom-percentage
[min_idle_connections_headroom_percentage: <float> | default = -1]
# The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -admin.client.cache.memcached.max-idle-connections
[max_idle_connections: <int> | default = 100]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -admin.client.cache.memcached.max-async-concurrency
[max_async_concurrency: <int> | default = 50]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -admin.client.cache.memcached.max-async-buffer-size
[max_async_buffer_size: <int> | default = 25000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -admin.client.cache.memcached.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum number of keys a single underlying get operation should run.
# If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set
# to 0, the max batch size is unlimited.
# CLI flag: -admin.client.cache.memcached.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 100]
# The maximum size of an item stored in memcached, in bytes. Bigger items
# are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -admin.client.cache.memcached.max-item-size
[max_item_size: <int> | default = 1048576]
# Enable connecting to Memcached with TLS.
# CLI flag: -admin.client.cache.memcached.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin.client.cache.memcached.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin.client.cache.memcached.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin.client.cache.memcached.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin.client.cache.memcached.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin.client.cache.memcached.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin.client.cache.memcached.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin.client.cache.memcached.tls-min-version
[tls_min_version: <string> | default = ""]
redis:
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -admin.client.cache.redis.endpoint
[endpoint: <string> | default = ""]
# Username to use when connecting to Redis.
# CLI flag: -admin.client.cache.redis.username
[username: <string> | default = ""]
# Password to use when connecting to Redis.
# CLI flag: -admin.client.cache.redis.password
[password: <string> | default = ""]
# Database index.
# CLI flag: -admin.client.cache.redis.db
[db: <int> | default = 0]
# Redis Sentinel master name. An empty string for Redis Server or Redis
# Cluster.
# CLI flag: -admin.client.cache.redis.master-name
[master_name: <string> | default = ""]
# Client dial timeout.
# CLI flag: -admin.client.cache.redis.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Client read timeout.
# CLI flag: -admin.client.cache.redis.read-timeout
[read_timeout: <duration> | default = 3s]
# Client write timeout.
# CLI flag: -admin.client.cache.redis.write-timeout
[write_timeout: <duration> | default = 3s]
# Maximum number of connections in the pool.
# CLI flag: -admin.client.cache.redis.connection-pool-size
[connection_pool_size: <int> | default = 100]
# Minimum number of idle connections.
# CLI flag: -admin.client.cache.redis.min-idle-connections
[min_idle_connections: <int> | default = 10]
# Amount of time after which client closes idle connections.
# CLI flag: -admin.client.cache.redis.idle-timeout
[idle_timeout: <duration> | default = 5m]
# Close connections older than this duration. If the value is zero, then
# the pool does not close connections based on age.
# CLI flag: -admin.client.cache.redis.max-connection-age
[max_connection_age: <duration> | default = 0s]
# The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -admin.client.cache.redis.max-item-size
[max_item_size: <int> | default = 16777216]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -admin.client.cache.redis.max-async-concurrency
[max_async_concurrency: <int> | default = 50]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -admin.client.cache.redis.max-async-buffer-size
[max_async_buffer_size: <int> | default = 25000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -admin.client.cache.redis.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum size per batch for mget operations.
# CLI flag: -admin.client.cache.redis.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 100]
# Enable connecting to Redis with TLS.
# CLI flag: -admin.client.cache.redis.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin.client.cache.redis.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin.client.cache.redis.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin.client.cache.redis.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin.client.cache.redis.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin.client.cache.redis.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin.client.cache.redis.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin.client.cache.redis.tls-min-version
[tls_min_version: <string> | default = ""]
# How long an item should be cached before being evicted. Only available for
# remote cache types (memcached, redis).
# CLI flag: -admin.client.cache.expiration
[expiration: <duration> | default = 24h]
# How frequently to reload tokens from storage to keep the cache warm.
# Default disabled.
# CLI flag: -admin.client.cache.refresh-interval
[refresh_interval: <duration> | default = 0s]
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem.
# CLI flag: -admin.client.backend
[backend: <string> | default = "filesystem"]
s3:
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -admin.client.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call
# to autodetect it.
# CLI flag: -admin.client.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -admin.client.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -admin.client.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -admin.client.s3.access-key-id
[access_key_id: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This
# could be useful in local dev/test environments while using an
# S3-compatible backend storage, like Minio.
# CLI flag: -admin.client.s3.insecure
[insecure: <boolean> | default = false]
# The signature version to use for authenticating against S3. Supported
# values are: v4, v2.
# CLI flag: -admin.client.s3.signature-version
[signature_version: <string> | default = "v4"]
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -admin.client.s3.sse.type
[type: <string> | default = ""]
# KMS Key ID used to encrypt objects in S3
# CLI flag: -admin.client.s3.sse.kms-key-id
[kms_key_id: <string> | default = ""]
# KMS Encryption Context used for object encryption. It expects JSON
# formatted string.
# CLI flag: -admin.client.s3.sse.kms-encryption-context
[kms_encryption_context: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -admin.client.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -admin.client.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects to S3 via HTTPS and this option is enabled, the
# client will accept any certificate and hostname.
# CLI flag: -admin.client.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -admin.client.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully
# writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -admin.client.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0
# means no limit.
# CLI flag: -admin.client.s3.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0,
# a built-in default value is used.
# CLI flag: -admin.client.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -admin.client.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
gcs:
# GCS bucket name
# CLI flag: -admin.client.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON either from a Google Developers Console client_credentials.json file,
# or a Google Developers service account key. Needs to be valid JSON, not a
# filesystem path.
# CLI flag: -admin.client.gcs.service-account
[service_account: <string> | default = ""]
azure:
# Azure storage account name
# CLI flag: -admin.client.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key
# CLI flag: -admin.client.azure.account-key
[account_key: <string> | default = ""]
# Azure storage container name
# CLI flag: -admin.client.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN. If set to empty string, default
# endpoint suffix is used.
# CLI flag: -admin.client.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -admin.client.azure.max-retries
[max_retries: <int> | default = 20]
# User assigned identity. If empty, then System assigned identity is used.
# CLI flag: -admin.client.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]
swift:
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -admin.client.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -admin.client.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -admin.client.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -admin.client.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -admin.client.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -admin.client.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -admin.client.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -admin.client.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -admin.client.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -admin.client.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -admin.client.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if
# it differs the from user domain.
# CLI flag: -admin.client.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed
# if it differs from the user domain.
# CLI flag: -admin.client.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -admin.client.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -admin.client.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -admin.client.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -admin.client.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no
# data is received on a request.
# CLI flag: -admin.client.swift.request-timeout
[request_timeout: <duration> | default = 5s]
filesystem:
# Local filesystem storage directory.
# CLI flag: -admin.client.filesystem.dir
[dir: <string> | default = ""]
# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits and English alphabet letters.
# CLI flag: -admin.client.storage-prefix
[storage_prefix: <string> | default = ""]
# Set a backend to use, (gcs, s3, azure). Deprecated, please use
# '-admin.client.backend' instead.
# CLI flag: -admin.client.backend-type
[type: <string> | default = ""]
# If set to true, the built-in __admin__ access policy will not be active.
# CLI flag: -admin.client.disable-default-admin-policy
[disable_default_admin_policy: <boolean> | default = false]
auth_config
The auth_config
block configures the authentication type to use.
# method for authenticating incoming HTTP requests, (trust, enterprise).
# CLI flag: -auth.type
[type: <string> | default = "enterprise"]
# requires admin level auth for the /metrics endpoint.
# CLI flag: -auth.required-for-metrics
[required_for_metrics: <boolean> | default = false]
override:
# Override admin token. If set, this string will always be accepted as a token
# with admin level scope.
# CLI flag: -auth.override.token
[token: <string> | default = ""]
# If set, this file will be read at startup and the string from that file will
# be used as a admin scoped token.
# CLI flag: -auth.override.token-file
[token_file: <string> | default = ""]
admin:
# how long auth responses should be cached
# CLI flag: -auth.cache.ttl
[cache_ttl: <duration> | default = 10m]
cache_refresh:
# Whether asynchronous background refreshes are enabled.
# CLI flag: -auth.cache.refresh.enabled
[enabled: <boolean> | default = false]
# Number of workers for background asynchronous refresh.
# CLI flag: -auth.cache.refresh.concurrency
[concurrency: <int> | default = 2]
# Maximum number of pending background refreshes.
# CLI flag: -auth.cache.refresh.buffer
[buffer: <int> | default = 256]
# Remaining time to live of an item when background refreshes may begin to
# occur.
# CLI flag: -auth.cache.refresh.refresh-ttl
[refresh_ttl: <duration> | default = 3m]
# Minimum time distance between retries if a refresh attempt fails, 0 means
# that every sub-sequent get operation will result in a retry.
# CLI flag: -auth.cache.refresh.retry-interval
[retry_interval: <duration> | default = 30s]
oidc:
# JWT token issuer URL (example "https://accounts.google.com")
# CLI flag: -auth.admin.oidc.issuer-url
[issuer_url: <string> | default = ""]
# claim in the JWT token containing the access policy
# CLI flag: -auth.admin.oidc.access-policy-claim
[access_policy_claim: <string> | default = ""]
# regex to extract the access policy from the JWT token. The first submatch
# of the provided regex expression will be used.
# CLI flag: -auth.admin.oidc.access-policy-regex
[access_policy_regex: <string> | default = ""]
# optional audience to check in JWT token
# CLI flag: -auth.admin.oidc.audience
[audience: <string> | default = ""]
# name of the access policy to use when the token doesn't contain an access
# policy
# CLI flag: -auth.admin.oidc.default-access-policy
[default_access_policy: <string> | default = ""]
# enable ADFS compatibility
# CLI flag: -auth.admin.oidc.adfs-compatibility
[adfs_compatibility: <boolean> | default = false]
federation_config
The federation_config
block configures the cross-cluster query federation service.
proxy_targets:
# Name contains the name of the proxy target, it will be used for the
# __cluster__ label.
[name: <string> | default = ""]
# URL is the URL to the GET API endpoints.
[url: <string> | default = ""]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# Those optional Basic Auth parameters allow to override the client provided
# credentials.
basic_auth:
# Basic Auth username
[username: <string> | default = ""]
# Basic Auth password
[password: <string> | default = ""]
# Maximum number of concurrent requests to federation targets.
# CLI flag: -federation.max-concurrency
[max_concurrency: <int> | default = 20]
# Timeout for hedging requests to federation targets.
# CLI flag: -federation.hedge-requests-at
[hedge_requests_at: <duration> | default = 0s]
# Timeout for requests to federation targets.
# CLI flag: -federation.read-timeout
[read_timeout: <duration> | default = 5s]
gateway_config
The gateway_config
block configures the gateway service.
proxy:
default:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.default.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.default.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.default.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.default.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.default.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.default.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.default.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.default.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.default.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.default.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.default.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.default.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.default.read-timeout
[read_timeout: <duration> | default = 2m]
admin_api:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.admin-api.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.admin-api.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.admin-api.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.admin-api.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.admin-api.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.admin-api.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.admin-api.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.admin-api.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.admin-api.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.admin-api.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.admin-api.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.admin-api.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.admin-api.read-timeout
[read_timeout: <duration> | default = 2m]
compactor:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.compactor.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.compactor.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.compactor.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.compactor.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.compactor.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.compactor.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.compactor.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.compactor.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.compactor.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.compactor.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.compactor.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.compactor.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.compactor.read-timeout
[read_timeout: <duration> | default = 2m]
distributor:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.distributor.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.distributor.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.distributor.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.distributor.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.distributor.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.distributor.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.distributor.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.distributor.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.distributor.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.distributor.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.distributor.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributor.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributor.read-timeout
[read_timeout: <duration> | default = 2m]
otlp/grpc:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.distributorotlp-grpc.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.distributorotlp-grpc.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC
# server will be used.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-grpc.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-grpc.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-grpc.read-timeout
[read_timeout: <duration> | default = 2m]
otlp/http:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.distributorotlp-http.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.distributorotlp-http.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC
# server will be used.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-http.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.distributorotlp-http.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.distributorotlp-http.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-http.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-http.read-timeout
[read_timeout: <duration> | default = 2m]
ingester:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.ingester.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.ingester.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.ingester.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.ingester.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.ingester.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.ingester.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.ingester.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.ingester.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.ingester.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.ingester.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.ingester.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.ingester.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.ingester.read-timeout
[read_timeout: <duration> | default = 2m]
querier:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.querier.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.querier.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.querier.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.querier.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.querier.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.querier.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.querier.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.querier.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.querier.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.querier.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.querier.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.querier.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.querier.read-timeout
[read_timeout: <duration> | default = 2m]
query_frontend:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.query-frontend.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.query-frontend.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.query-frontend.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.query-frontend.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.query-frontend.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.query-frontend.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.query-frontend.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.query-frontend.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.query-frontend.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.query-frontend.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.query-frontend.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.query-frontend.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.query-frontend.read-timeout
[read_timeout: <duration> | default = 2m]
metrics_generator:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.metrics-generator.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.metrics-generator.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.metrics-generator.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.metrics-generator.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.metrics-generator.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.metrics-generator.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.metrics-generator.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.metrics-generator.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.metrics-generator.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.metrics-generator.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.read-timeout
[read_timeout: <duration> | default = 2m]
license_config
The license_config
block configures the license validation module.
# Filepath to license jwt file.
# CLI flag: -license.path
[path: <string> | default = "./license.jwt"]
# Interval to check for new or existing licenses.
# CLI flag: -license.sync-interval
[sync_interval: <duration> | default = 1h]
tokengen_config
The tokengen_config
block configures the tokengen service.
# The name of the access policy to generate a token for. It defaults to the
# built-in admin policy.
# CLI flag: -tokengen.access-policy
[access_policy: <string> | default = "__admin__"]
# If set, the generated token will be written to a file at the provided path in
# addition to being logged. Note that if the file already exists, it will not be
# overwritten, and tokengen will fail with an error.
# CLI flag: -tokengen.token-file
[token_file: <string> | default = ""]