Menu
Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Enterprise
Configuration reference
Grafana Enterprise Traces can be configured using a YAML file - specified using the -config.file flag - or CLI flags. In case you combine both, CLI flags take precedence over the YAML config file.
The current configuration of any GET component can be seen by visiting the /config HTTP path.
Passwords are filtered out of this endpoint.
To specify which configuration file to load, pass the -config.file flag at the command line. The file is written in YAML format, defined by the scheme below. Brackets indicate that a parameter is optional.
Generic placeholders
<boolean>: a boolean that can take the valuestrueorfalse<int>: any integer matching the regular expression[1-9]+[0-9]*<duration>: a duration matching the regular expression[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)where y = 365 days<string>: a regular string<url>: a URL<prefix>: a CLI flag prefix based on the context (look at the parent configuration block to see which CLI flags prefix should be used)<time>: a timestamp, with available formats:2006-01-20(midnight, local timezone),2006-01-20T15:04(local timezone), and RFC 3339 formats:2006-01-20T15:04:05Z(UTC) or2006-01-20T15:04:05+07:00(explicit timezone)
Use environment variables in the configuration
You can use environment variable references in the configuration file to set values that need to be configurable during deployment using --config.expand-env option.
To do this, use:
${VAR}Where VAR is the name of the environment variable.
Each variable reference is replaced at startup by the value of the environment variable. The replacement is case-sensitive and occurs before the YAML file is parsed. References to undefined variables are replaced by empty strings unless you specify a default value or custom error text.
To specify a default value, use:
${VAR:-default_value}where default_value is the value to use if the environment variable is undefined.
You can find more about other supported syntax here
Supported contents and default values
# target module
# CLI flag: -target
[target: <string> | default = "all"]
# Set to true to enable auth (deprecated: use multitenancy.enabled)
# CLI flag: -auth.enabled
[auth_enabled: <boolean> | default = false]
# Set to true to enable multitenancy.
# CLI flag: -multitenancy.enabled
[multitenancy_enabled: <boolean> | default = false]
# String prefix for all http api endpoints.
# CLI flag: -http-api-prefix
[http_api_prefix: <string> | default = ""]
# Set to true to replace the OpenTracing tracer with the OpenTelemetry tracer
# CLI flag: -use-otel-tracer
[use_otel_tracer: <boolean> | default = false]
# Set to true to enable all Go runtime metrics
# CLI flag: -enable-go-runtime-metrics
[enable_go_runtime_metrics: <boolean> | default = false]
# The server_config block configures the HTTP and gRPC server of the launched
# services.
[server: <server_config>]
internal_server:
# http_listen_network is not exposed as CLI flag.
[http_listen_network: <string> | default = "tcp"]
# http_listen_address is not exposed as CLI flag.
[http_listen_address: <string> | default = "localhost"]
# http_listen_port is not exposed as CLI flag.
[http_listen_port: <int> | default = 3101]
# http_listen_conn_limit is not exposed as CLI flag.
[http_listen_conn_limit: <int> | default = 0]
# grpc_listen_network is not exposed as CLI flag.
[grpc_listen_network: <string> | default = ""]
# grpc_listen_address is not exposed as CLI flag.
[grpc_listen_address: <string> | default = ""]
# grpc_listen_port is not exposed as CLI flag.
[grpc_listen_port: <int> | default = 0]
# grpc_listen_conn_limit is not exposed as CLI flag.
[grpc_listen_conn_limit: <int> | default = 0]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
http_tls_config:
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
# register_instrumentation is not exposed as CLI flag.
[register_instrumentation: <boolean> | default = false]
# graceful_shutdown_timeout is not exposed as CLI flag.
[graceful_shutdown_timeout: <duration> | default = 30s]
# http_server_read_timeout is not exposed as CLI flag.
[http_server_read_timeout: <duration> | default = 30s]
# http_server_write_timeout is not exposed as CLI flag.
[http_server_write_timeout: <duration> | default = 30s]
# http_server_idle_timeout is not exposed as CLI flag.
[http_server_idle_timeout: <duration> | default = 2m]
# grpc_server_max_recv_msg_size is not exposed as CLI flag.
[grpc_server_max_recv_msg_size: <int> | default = 0]
# grpc_server_max_send_msg_size is not exposed as CLI flag.
[grpc_server_max_send_msg_size: <int> | default = 0]
# grpc_server_max_concurrent_streams is not exposed as CLI flag.
[grpc_server_max_concurrent_streams: <int> | default = 0]
# grpc_server_max_connection_idle is not exposed as CLI flag.
[grpc_server_max_connection_idle: <duration> | default = 0s]
# grpc_server_max_connection_age is not exposed as CLI flag.
[grpc_server_max_connection_age: <duration> | default = 0s]
# grpc_server_max_connection_age_grace is not exposed as CLI flag.
[grpc_server_max_connection_age_grace: <duration> | default = 0s]
# grpc_server_keepalive_time is not exposed as CLI flag.
[grpc_server_keepalive_time: <duration> | default = 0s]
# grpc_server_keepalive_timeout is not exposed as CLI flag.
[grpc_server_keepalive_timeout: <duration> | default = 0s]
# grpc_server_min_time_between_pings is not exposed as CLI flag.
[grpc_server_min_time_between_pings: <duration> | default = 0s]
# grpc_server_ping_without_stream_allowed is not exposed as CLI flag.
[grpc_server_ping_without_stream_allowed: <boolean> | default = false]
# log_format is not exposed as CLI flag.
[log_format: <string> | default = ""]
# log_level is not exposed as CLI flag.
[log_level: <string> | default = "{ panic <nil>}"]
# log_source_ips_enabled is not exposed as CLI flag.
[log_source_ips_enabled: <boolean> | default = false]
# log_source_ips_header is not exposed as CLI flag.
[log_source_ips_header: <string> | default = ""]
# log_source_ips_regex is not exposed as CLI flag.
[log_source_ips_regex: <string> | default = ""]
# log_request_headers is not exposed as CLI flag.
[log_request_headers: <boolean> | default = false]
# log_request_at_info_level_enabled is not exposed as CLI flag.
[log_request_at_info_level_enabled: <boolean> | default = false]
# log_request_exclude_headers_list is not exposed as CLI flag.
[log_request_exclude_headers_list: <string> | default = ""]
# http_path_prefix is not exposed as CLI flag.
[http_path_prefix: <string> | default = ""]
# enable is not exposed as CLI flag.
[enable: <boolean> | default = false]
# The distributor_config block configures the distributor service.
[distributor: <distributor_config>]
# The ingester_client_config block configures how the distributor services
# connect to the ingester services.
[ingester_client: <ingester_client_config>]
metrics_generator_client:
pool_config:
# checkinterval is not exposed as CLI flag.
[checkinterval: <duration> | default = 15s]
# healthcheckenabled is not exposed as CLI flag.
[healthcheckenabled: <boolean> | default = true]
# healthchecktimeout is not exposed as CLI flag.
[healthchecktimeout: <duration> | default = 1s]
# maxconcurrenthealthchecks is not exposed as CLI flag.
[maxconcurrenthealthchecks: <int> | default = 0]
# remote_timeout is not exposed as CLI flag.
[remote_timeout: <duration> | default = 5s]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 104857600]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# The querier_config block configures the querier service.
[querier: <querier_config>]
# The query_frontend_config block configures the query frontend service.
[query_frontend: <query_frontend_config>]
# The compactor_config block configures the compactor service.
[compactor: <compactor_config>]
# The ingester_config block configures the ingester service.
[ingester: <ingester_config>]
metrics_generator:
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -generatorstore
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -generatorprefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -generatorconsul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -generatorconsul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -generatorconsul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -generatorconsul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -generatorconsul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -generatorconsul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -generatorconsul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -generatoretcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -generatoretcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -generatoretcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -generatoretcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -generatoretcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -generatoretcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -generatoretcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -generatoretcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -generatoretcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -generatoretcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -generatoretcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -generatoretcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -generatoretcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -generatormulti.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -generatormulti.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -generatormulti.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -generatormulti.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# instance_id is not exposed as CLI flag.
[instance_id: <string> | default = "Martins-MacBook-Pro.local"]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# instance_addr is not exposed as CLI flag.
[instance_addr: <string> | default = ""]
processor:
service_graphs:
# wait is not exposed as CLI flag.
[wait: <duration> | default = 10s]
# max_items is not exposed as CLI flag.
[max_items: <int> | default = 10000]
# workers is not exposed as CLI flag.
[workers: <int> | default = 10]
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = [0.1 0.2 0.4 0.8 1.6 3.2 6.4 12.8]]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
span_metrics:
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = [0.002 0.004 0.008 0.016 0.032 0.064 0.128 0.256 0.512 1.024 2.048 4.096 8.192 16.384]]
intrinsic_dimensions:
# service is not exposed as CLI flag.
[service: <boolean> | default = true]
# span_name is not exposed as CLI flag.
[span_name: <boolean> | default = true]
# span_kind is not exposed as CLI flag.
[span_kind: <boolean> | default = true]
# status_code is not exposed as CLI flag.
[status_code: <boolean> | default = true]
# status_message is not exposed as CLI flag.
[status_message: <boolean> | default = false]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
registry:
# collection_interval is not exposed as CLI flag.
[collection_interval: <duration> | default = 15s]
# stale_duration is not exposed as CLI flag.
[stale_duration: <duration> | default = 15m]
# external_labels is not exposed as CLI flag.
[external_labels: <map of string to string> | default = map[]]
# max_label_name_length is not exposed as CLI flag.
[max_label_name_length: <int> | default = 1024]
# max_label_value_length is not exposed as CLI flag.
[max_label_value_length: <int> | default = 2048]
storage:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
wal:
# wal_segment_size is not exposed as CLI flag.
[wal_segment_size: <int> | default = 134217728]
# wal_compression is not exposed as CLI flag.
[wal_compression: <boolean> | default = false]
# stripe_size is not exposed as CLI flag.
[stripe_size: <int> | default = 16384]
# truncate_frequency is not exposed as CLI flag.
[truncate_frequency: <duration> | default = 2h]
# min_wal_time is not exposed as CLI flag.
[min_wal_time: <int> | default = 300000]
# max_wal_time is not exposed as CLI flag.
[max_wal_time: <int> | default = 14400000]
# no_lockfile is not exposed as CLI flag.
[no_lockfile: <boolean> | default = false]
# remote_write_flush_deadline is not exposed as CLI flag.
[remote_write_flush_deadline: <duration> | default = 1m]
# Remote-write client configuration to send rule samples to a Prometheus
# remote-write endpoint.
# See
# https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
[remote_write: <array> | default = none]
# metrics_ingestion_time_range_slack is not exposed as CLI flag.
[metrics_ingestion_time_range_slack: <duration> | default = 30s]
# The storage_config block configures how and where to store data.
[storage: <storage_config>]
# The overrides_config block configures the overrides module to set global or
# per-tenant override settings.
[overrides: <overrides_config>]
# The memberlist_config block configures how the gossip ring connects between
# distributors, ingesters and queriers.
[memberlist: <memberlist_config>]
usage_report:
# Enable anonymous usage reporting.
# CLI flag: -reporting.enabled
[reporting_enabled: <boolean> | default = true]
backoff:
# Minimum delay when backing off.
# CLI flag: -reporting.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -reporting.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -reporting.backoff-retries
[max_retries: <int> | default = 10]
# The admin_api_config block configures the Admin API service.
[admin_api: <admin_api_config>]
# The admin_client_config block configures how the Admin API service connects to
# the storage backend.
[admin_client: <admin_client_config>]
# The auth_config block configures the authentication type to use.
[auth: <auth_config>]
# Unique ID of this GET cluster. If undefined the name in the license is used.
# CLI flag: -cluster-name
[cluster_name: <string> | default = ""]
# The tokengen_config block configures the tokengen service.
[tokengen: <tokengen_config>]
# The federation_config block configures the cross-cluster query federation
# service.
[federation: <federation_config>]
# The gateway_config block configures the gateway service.
[gateway: <gateway_config>]
# The license_config block configures the license validation module.
[license: <license_config>]server_config
The server_config block configures the HTTP and gRPC server of the launched services.
# http_listen_network is not exposed as CLI flag.
[http_listen_network: <string> | default = "tcp"]
# http_listen_address is not exposed as CLI flag.
[http_listen_address: <string> | default = ""]
# HTTP server listen port.
# CLI flag: -server.http-listen-port
[http_listen_port: <int> | default = 80]
# http_listen_conn_limit is not exposed as CLI flag.
[http_listen_conn_limit: <int> | default = 0]
# grpc_listen_network is not exposed as CLI flag.
[grpc_listen_network: <string> | default = "tcp"]
# grpc_listen_address is not exposed as CLI flag.
[grpc_listen_address: <string> | default = ""]
# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
[grpc_listen_port: <int> | default = 9095]
# grpc_listen_conn_limit is not exposed as CLI flag.
[grpc_listen_conn_limit: <int> | default = 0]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
http_tls_config:
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
# register_instrumentation is not exposed as CLI flag.
[register_instrumentation: <boolean> | default = true]
# graceful_shutdown_timeout is not exposed as CLI flag.
[graceful_shutdown_timeout: <duration> | default = 30s]
# http_server_read_timeout is not exposed as CLI flag.
[http_server_read_timeout: <duration> | default = 30s]
# http_server_write_timeout is not exposed as CLI flag.
[http_server_write_timeout: <duration> | default = 30s]
# http_server_idle_timeout is not exposed as CLI flag.
[http_server_idle_timeout: <duration> | default = 2m]
# grpc_server_max_recv_msg_size is not exposed as CLI flag.
[grpc_server_max_recv_msg_size: <int> | default = 16777216]
# grpc_server_max_send_msg_size is not exposed as CLI flag.
[grpc_server_max_send_msg_size: <int> | default = 16777216]
# grpc_server_max_concurrent_streams is not exposed as CLI flag.
[grpc_server_max_concurrent_streams: <int> | default = 100]
# grpc_server_max_connection_idle is not exposed as CLI flag.
[grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_max_connection_age is not exposed as CLI flag.
[grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_max_connection_age_grace is not exposed as CLI flag.
[grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_keepalive_time is not exposed as CLI flag.
[grpc_server_keepalive_time: <duration> | default = 2h]
# grpc_server_keepalive_timeout is not exposed as CLI flag.
[grpc_server_keepalive_timeout: <duration> | default = 20s]
# grpc_server_min_time_between_pings is not exposed as CLI flag.
[grpc_server_min_time_between_pings: <duration> | default = 10s]
# grpc_server_ping_without_stream_allowed is not exposed as CLI flag.
[grpc_server_ping_without_stream_allowed: <boolean> | default = true]
# log_format is not exposed as CLI flag.
[log_format: <string> | default = "logfmt"]
# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
[log_level: <string> | default = "info"]
# log_source_ips_enabled is not exposed as CLI flag.
[log_source_ips_enabled: <boolean> | default = false]
# log_source_ips_header is not exposed as CLI flag.
[log_source_ips_header: <string> | default = ""]
# log_source_ips_regex is not exposed as CLI flag.
[log_source_ips_regex: <string> | default = ""]
# log_request_headers is not exposed as CLI flag.
[log_request_headers: <boolean> | default = false]
# log_request_at_info_level_enabled is not exposed as CLI flag.
[log_request_at_info_level_enabled: <boolean> | default = false]
# log_request_exclude_headers_list is not exposed as CLI flag.
[log_request_exclude_headers_list: <string> | default = ""]
# http_path_prefix is not exposed as CLI flag.
[http_path_prefix: <string> | default = ""]distributor_config
The distributor_config block configures the distributor service.
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = "memberlist"]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 5m]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# receivers is not exposed as CLI flag.
[receivers: <map of string to interface {}> | default = map[]]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "distributor"]
# Enable to log every received trace id to help debug ingestion.
# CLI flag: -distributor.log-received-traces
[log_received_traces: <boolean> | default = false]
log_received_spans:
# Enable to log every received span to help debug ingestion or calculate span
# error distributions using the logs.
# CLI flag: -distributor.log-received-spans.enabled
[enabled: <boolean> | default = false]
# Enable to include span attributes in the logs.
# CLI flag: -distributor.log-received-spans.include-attributes
[include_all_attributes: <boolean> | default = false]
# Enable to filter out spans without status error.
# CLI flag: -distributor.log-received-spans.filter-by-status-error
[filter_by_status_error: <boolean> | default = false]
forwarders:
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# backend is not exposed as CLI flag.
[backend: <string> | default = ""]
otlpgrpc:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
tls:
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# extend_writes is not exposed as CLI flag.
[extend_writes: <boolean> | default = true]query_frontend_config
The query_frontend_config block configures the query frontend service.
# max_outstanding_per_tenant is not exposed as CLI flag.
[max_outstanding_per_tenant: <int> | default = 2000]
# querier_forget_delay is not exposed as CLI flag.
[querier_forget_delay: <duration> | default = 0s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 2]
# tolerate_failed_blocks is not exposed as CLI flag.
[tolerate_failed_blocks: <int> | default = 0]
search:
# concurrent_jobs is not exposed as CLI flag.
[concurrent_jobs: <int> | default = 1000]
# target_bytes_per_job is not exposed as CLI flag.
[target_bytes_per_job: <int> | default = 104857600]
# default_result_limit is not exposed as CLI flag.
[default_result_limit: <int> | default = 20]
# max_result_limit is not exposed as CLI flag.
[max_result_limit: <int> | default = 0]
# max_duration is not exposed as CLI flag.
[max_duration: <duration> | default = 168h]
# query_backend_after is not exposed as CLI flag.
[query_backend_after: <duration> | default = 15m]
# query_ingesters_until is not exposed as CLI flag.
[query_ingesters_until: <duration> | default = 30m]
trace_by_id:
# query_shards is not exposed as CLI flag.
[query_shards: <int> | default = 50]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 2s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 2]querier_config
The querier_config block configures the querier service.
search:
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 30s]
# prefer_self is not exposed as CLI flag.
[prefer_self: <int> | default = 10]
# external_endpoints is not exposed as CLI flag.
[external_endpoints: <list of string> | default = []]
# external_hedge_requests_at is not exposed as CLI flag.
[external_hedge_requests_at: <duration> | default = 8s]
# external_hedge_requests_up_to is not exposed as CLI flag.
[external_hedge_requests_up_to: <int> | default = 2]
trace_by_id:
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 10s]
# extra_query_delay is not exposed as CLI flag.
[extra_query_delay: <duration> | default = 0s]
# max_concurrent_queries is not exposed as CLI flag.
[max_concurrent_queries: <int> | default = 20]
frontend_worker:
# Address of query frontend service, in host:port format.
# CLI flag: -querier.frontend-address
[frontend_address: <string> | default = ""]
# dns_lookup_duration is not exposed as CLI flag.
[dns_lookup_duration: <duration> | default = 10s]
# parallelism is not exposed as CLI flag.
[parallelism: <int> | default = 2]
# match_max_concurrent is not exposed as CLI flag.
[match_max_concurrent: <boolean> | default = true]
# id is not exposed as CLI flag.
[id: <string> | default = ""]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 16777216]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "gzip"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 1s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 5]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# query_relevant_ingesters is not exposed as CLI flag.
[query_relevant_ingesters: <boolean> | default = false]ingester_client_config
The ingester_client_config block configures how the distributor services connect to the ingester services.
pool_config:
# checkinterval is not exposed as CLI flag.
[checkinterval: <duration> | default = 15s]
# healthcheckenabled is not exposed as CLI flag.
[healthcheckenabled: <boolean> | default = true]
# healthchecktimeout is not exposed as CLI flag.
[healthchecktimeout: <duration> | default = 1s]
# maxconcurrenthealthchecks is not exposed as CLI flag.
[maxconcurrenthealthchecks: <int> | default = 0]
# remote_timeout is not exposed as CLI flag.
[remote_timeout: <duration> | default = 5s]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 104857600]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]ingester_config
The ingester_config block configures the ingester service.
lifecycler:
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = "memberlist"]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 5m]
# replication_factor is not exposed as CLI flag.
[replication_factor: <int> | default = 1]
# zone_awareness_enabled is not exposed as CLI flag.
[zone_awareness_enabled: <boolean> | default = false]
# excluded_zones is not exposed as CLI flag.
[excluded_zones: <string> | default = ""]
# num_tokens is not exposed as CLI flag.
[num_tokens: <int> | default = 128]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# observe_period is not exposed as CLI flag.
[observe_period: <duration> | default = 0s]
# join_after is not exposed as CLI flag.
[join_after: <duration> | default = 0s]
# min_ready_duration is not exposed as CLI flag.
[min_ready_duration: <duration> | default = 15s]
# interface_names is not exposed as CLI flag.
[interface_names: <list of string> | default = [en0]]
# final_sleep is not exposed as CLI flag.
[final_sleep: <duration> | default = 0s]
# tokens_file_path is not exposed as CLI flag.
[tokens_file_path: <string> | default = ""]
# availability_zone is not exposed as CLI flag.
[availability_zone: <string> | default = ""]
# unregister_on_shutdown is not exposed as CLI flag.
[unregister_on_shutdown: <boolean> | default = true]
# readiness_check_ring_health is not exposed as CLI flag.
[readiness_check_ring_health: <boolean> | default = true]
# address is not exposed as CLI flag.
[address: <string> | default = ""]
# port is not exposed as CLI flag.
[port: <int> | default = 0]
# ID to register in the ring.
# CLI flag: -ingester.lifecycler.ID
[id: <string> | default = "Martins-MacBook-Pro.local"]
# concurrent_flushes is not exposed as CLI flag.
[concurrent_flushes: <int> | default = 4]
# flush_check_period is not exposed as CLI flag.
[flush_check_period: <duration> | default = 10s]
# flush_op_timeout is not exposed as CLI flag.
[flush_op_timeout: <duration> | default = 5m]
# Duration after which to consider a trace complete if no spans have been
# received
# CLI flag: -ingester.trace-idle-period
[trace_idle_period: <duration> | default = 10s]
# Maximum duration which the head block can be appended to before cutting it.
# CLI flag: -ingester.max-block-duration
[max_block_duration: <duration> | default = 30m]
# Maximum size of the head block before cutting it.
# CLI flag: -ingester.max-block-bytes
[max_block_bytes: <int> | default = 524288000]
# Duration to keep blocks in the ingester after they have been flushed.
# CLI flag: -ingester.complete-block-timeout
[complete_block_timeout: <duration> | default = 15m]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "ring"]compactor_config
The compactor_config block configures the compactor service.
# Disable compaction.
# CLI flag: -compactor.disabled
[disabled: <boolean> | default = false]
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# wait_stability_min_duration is not exposed as CLI flag.
[wait_stability_min_duration: <duration> | default = 1m]
# wait_stability_max_duration is not exposed as CLI flag.
[wait_stability_max_duration: <duration> | default = 5m]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# wait_active_instance_timeout is not exposed as CLI flag.
[wait_active_instance_timeout: <duration> | default = 10m]
compaction:
# v2_in_buffer_bytes is not exposed as CLI flag.
[v2_in_buffer_bytes: <int> | default = 5242880]
# v2_out_buffer_bytes is not exposed as CLI flag.
[v2_out_buffer_bytes: <int> | default = 20971520]
# v2_prefetch_traces_count is not exposed as CLI flag.
[v2_prefetch_traces_count: <int> | default = 1000]
# Maximum time window across which to compact blocks.
# CLI flag: -compactor.compaction.compaction-window
[compaction_window: <duration> | default = 1h]
# Maximum number of traces in a compacted block.
# CLI flag: -compactor.compaction.max-objects-per-block
[max_compaction_objects: <int> | default = 6000000]
# Maximum size of a compacted block.
# CLI flag: -compactor.compaction.max-block-bytes
[max_block_bytes: <int> | default = 107374182400]
# Duration to keep blocks/traces.
# CLI flag: -compactor.compaction.block-retention
[block_retention: <duration> | default = 336h]
# compacted_block_retention is not exposed as CLI flag.
[compacted_block_retention: <duration> | default = 1h]
# retention_concurrency is not exposed as CLI flag.
[retention_concurrency: <int> | default = 10]
# max_time_per_tenant is not exposed as CLI flag.
[max_time_per_tenant: <duration> | default = 5m]
# compaction_cycle is not exposed as CLI flag.
[compaction_cycle: <duration> | default = 30s]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "compactor"]storage_config
The storage_config block configures how and where to store data.
trace:
pool:
# max_workers is not exposed as CLI flag.
[max_workers: <int> | default = 0]
# queue_depth is not exposed as CLI flag.
[queue_depth: <int> | default = 0]
wal:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
# completedfilepath is not exposed as CLI flag.
[completedfilepath: <string> | default = ""]
# blocksfilepath is not exposed as CLI flag.
[blocksfilepath: <string> | default = ""]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 0s]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
block:
# bloom_filter_false_positive is not exposed as CLI flag.
[bloom_filter_false_positive: <float> | default = 0]
# bloom_filter_shard_size_bytes is not exposed as CLI flag.
[bloom_filter_shard_size_bytes: <int> | default = 0]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# search_page_size_bytes is not exposed as CLI flag.
[search_page_size_bytes: <int> | default = 0]
# v2_index_downsample_bytes is not exposed as CLI flag.
[v2_index_downsample_bytes: <int> | default = 0]
# v2_index_page_size_bytes is not exposed as CLI flag.
[v2_index_page_size_bytes: <int> | default = 0]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# parquet_row_group_size_bytes is not exposed as CLI flag.
[parquet_row_group_size_bytes: <int> | default = 0]
search:
# chunk_size_bytes is not exposed as CLI flag.
[chunk_size_bytes: <int> | default = 0]
# prefetch_trace_count is not exposed as CLI flag.
[prefetch_trace_count: <int> | default = 0]
# read_buffer_count is not exposed as CLI flag.
[read_buffer_count: <int> | default = 0]
# read_buffer_size_bytes is not exposed as CLI flag.
[read_buffer_size_bytes: <int> | default = 0]
cache_control:
# footer is not exposed as CLI flag.
[footer: <boolean> | default = false]
# column_index is not exposed as CLI flag.
[column_index: <boolean> | default = false]
# offset_index is not exposed as CLI flag.
[offset_index: <boolean> | default = false]
# Period at which to run the maintenance cycle.
# CLI flag: -storage.trace.blocklist_poll
[blocklist_poll: <duration> | default = 5m]
# blocklist_poll_concurrency is not exposed as CLI flag.
[blocklist_poll_concurrency: <int> | default = 50]
# blocklist_poll_fallback is not exposed as CLI flag.
[blocklist_poll_fallback: <boolean> | default = true]
# blocklist_poll_tenant_index_builders is not exposed as CLI flag.
[blocklist_poll_tenant_index_builders: <int> | default = 2]
# blocklist_poll_stale_tenant_index is not exposed as CLI flag.
[blocklist_poll_stale_tenant_index: <duration> | default = 0s]
# blocklist_poll_jitter_ms is not exposed as CLI flag.
[blocklist_poll_jitter_ms: <int> | default = 0]
# Trace backend (s3, azure, gcs, local)
# CLI flag: -storage.trace.backend
[backend: <string> | default = ""]
local:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
gcs:
# bucket_name is not exposed as CLI flag.
[bucket_name: <string> | default = ""]
# chunk_buffer_size is not exposed as CLI flag.
[chunk_buffer_size: <int> | default = 0]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# object_cache_control is not exposed as CLI flag.
[object_cache_control: <string> | default = ""]
# object_metadata is not exposed as CLI flag.
[object_metadata: <map of string to string> | default = map[]]
s3:
# bucket is not exposed as CLI flag.
[bucket: <string> | default = ""]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# region is not exposed as CLI flag.
[region: <string> | default = ""]
# access_key is not exposed as CLI flag.
[access_key: <string> | default = ""]
# secret_key is not exposed as CLI flag.
[secret_key: <string> | default = ""]
# session_token is not exposed as CLI flag.
[session_token: <string> | default = ""]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# insecure_skip_verify is not exposed as CLI flag.
[insecure_skip_verify: <boolean> | default = false]
# part_size is not exposed as CLI flag.
[part_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# signature_v2 is not exposed as CLI flag.
[signature_v2: <boolean> | default = false]
# forcepathstyle is not exposed as CLI flag.
[forcepathstyle: <boolean> | default = false]
# bucket_lookup_type is not exposed as CLI flag.
[bucket_lookup_type: <int> | default = 0]
# tags is not exposed as CLI flag.
[tags: <map of string to string> | default = map[]]
# storage_class is not exposed as CLI flag.
[storage_class: <string> | default = ""]
# metadata is not exposed as CLI flag.
[metadata: <map of string to string> | default = map[]]
azure:
# storage_account_name is not exposed as CLI flag.
[storage_account_name: <string> | default = ""]
# storage_account_key is not exposed as CLI flag.
[storage_account_key: <string> | default = ""]
# use_managed_identity is not exposed as CLI flag.
[use_managed_identity: <boolean> | default = false]
# user_assigned_id is not exposed as CLI flag.
[user_assigned_id: <string> | default = ""]
# container_name is not exposed as CLI flag.
[container_name: <string> | default = ""]
# endpoint_suffix is not exposed as CLI flag.
[endpoint_suffix: <string> | default = ""]
# max_buffers is not exposed as CLI flag.
[max_buffers: <int> | default = 0]
# buffer_size is not exposed as CLI flag.
[buffer_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# cache is not exposed as CLI flag.
[cache: <string> | default = ""]
# cache_min_compaction_level is not exposed as CLI flag.
[cache_min_compaction_level: <int> | default = 0]
# cache_max_block_age is not exposed as CLI flag.
[cache_max_block_age: <duration> | default = 0s]
background_cache:
# writeback_goroutines is not exposed as CLI flag.
[writeback_goroutines: <int> | default = 0]
# writeback_buffer is not exposed as CLI flag.
[writeback_buffer: <int> | default = 0]
memcached:
# host is not exposed as CLI flag.
[host: <string> | default = ""]
# service is not exposed as CLI flag.
[service: <string> | default = ""]
# addresses is not exposed as CLI flag.
[addresses: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# max_idle_conns is not exposed as CLI flag.
[max_idle_conns: <int> | default = 0]
# max_item_size is not exposed as CLI flag.
[max_item_size: <int> | default = 0]
# update_interval is not exposed as CLI flag.
[update_interval: <duration> | default = 0s]
# consistent_hash is not exposed as CLI flag.
[consistent_hash: <boolean> | default = false]
# circuit_breaker_consecutive_failures is not exposed as CLI flag.
[circuit_breaker_consecutive_failures: <int> | default = 0]
# circuit_breaker_timeout is not exposed as CLI flag.
[circuit_breaker_timeout: <duration> | default = 0s]
# circuit_breaker_interval is not exposed as CLI flag.
[circuit_breaker_interval: <duration> | default = 0s]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]
redis:
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# master_name is not exposed as CLI flag.
[master_name: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# expiration is not exposed as CLI flag.
[expiration: <duration> | default = 0s]
# db is not exposed as CLI flag.
[db: <int> | default = 0]
# pool_size is not exposed as CLI flag.
[pool_size: <int> | default = 0]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
# sentinel_username is not exposed as CLI flag.
[sentinel_username: <string> | default = ""]
# sentinel_password is not exposed as CLI flag.
[sentinel_password: <string> | default = ""]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# idle_timeout is not exposed as CLI flag.
[idle_timeout: <duration> | default = 0s]
# max_connection_age is not exposed as CLI flag.
[max_connection_age: <duration> | default = 0s]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]overrides_config
The overrides_config block configures the overrides module to set global or per-tenant override settings.
# ingestion_rate_strategy is not exposed as CLI flag.
[ingestion_rate_strategy: <string> | default = "local"]
# ingestion_rate_limit_bytes is not exposed as CLI flag.
[ingestion_rate_limit_bytes: <int> | default = 15000000]
# ingestion_burst_size_bytes is not exposed as CLI flag.
[ingestion_burst_size_bytes: <int> | default = 20000000]
# max_traces_per_user is not exposed as CLI flag.
[max_traces_per_user: <int> | default = 10000]
# max_global_traces_per_user is not exposed as CLI flag.
[max_global_traces_per_user: <int> | default = 0]
# forwarders is not exposed as CLI flag.
[forwarders: <list of string> | default = []]
# metrics_generator_ring_size is not exposed as CLI flag.
[metrics_generator_ring_size: <int> | default = 0]
# metrics_generator_processors is not exposed as CLI flag.
[metrics_generator_processors: <map of string to struct {}> | default = map[]]
# metrics_generator_max_active_series is not exposed as CLI flag.
[metrics_generator_max_active_series: <int> | default = 0]
# metrics_generator_collection_interval is not exposed as CLI flag.
[metrics_generator_collection_interval: <duration> | default = 0s]
# metrics_generator_disable_collection is not exposed as CLI flag.
[metrics_generator_disable_collection: <boolean> | default = false]
# metrics_generator_forwarder_queue_size is not exposed as CLI flag.
[metrics_generator_forwarder_queue_size: <int> | default = 0]
# metrics_generator_forwarder_workers is not exposed as CLI flag.
[metrics_generator_forwarder_workers: <int> | default = 0]
# metrics_generator_processor_service_graphs_histogram_buckets is not exposed as
# CLI flag.
[metrics_generator_processor_service_graphs_histogram_buckets: <list of float> | default = []]
# metrics_generator_processor_service_graphs_dimensions is not exposed as CLI
# flag.
[metrics_generator_processor_service_graphs_dimensions: <list of string> | default = []]
# metrics_generator_processor_span_metrics_histogram_buckets is not exposed as
# CLI flag.
[metrics_generator_processor_span_metrics_histogram_buckets: <list of float> | default = []]
# metrics_generator_processor_span_metrics_dimensions is not exposed as CLI
# flag.
[metrics_generator_processor_span_metrics_dimensions: <list of string> | default = []]
# metrics_generator_processor_span_metrics_intrinsic_dimensions is not exposed
# as CLI flag.
[metrics_generator_processor_span_metrics_intrinsic_dimensions: <map of string to bool> | default = map[]]
# block_retention is not exposed as CLI flag.
[block_retention: <duration> | default = 0s]
# max_bytes_per_tag_values_query is not exposed as CLI flag.
[max_bytes_per_tag_values_query: <int> | default = 5000000]
# max_search_duration is not exposed as CLI flag.
[max_search_duration: <duration> | default = 0s]
# max_bytes_per_trace is not exposed as CLI flag.
[max_bytes_per_trace: <int> | default = 5000000]
# per_tenant_override_config is not exposed as CLI flag.
[per_tenant_override_config: <string> | default = ""]
# per_tenant_override_period is not exposed as CLI flag.
[per_tenant_override_period: <duration> | default = 10s]memberlist_config
The memberlist_config block configures how the gossip ring connects between distributors, ingesters and queriers.
# node_name is not exposed as CLI flag.
[node_name: <string> | default = ""]
# randomize_node_name is not exposed as CLI flag.
[randomize_node_name: <boolean> | default = true]
# stream_timeout is not exposed as CLI flag.
[stream_timeout: <duration> | default = 10s]
# retransmit_factor is not exposed as CLI flag.
[retransmit_factor: <int> | default = 2]
# pull_push_interval is not exposed as CLI flag.
[pull_push_interval: <duration> | default = 30s]
# gossip_interval is not exposed as CLI flag.
[gossip_interval: <duration> | default = 1s]
# gossip_nodes is not exposed as CLI flag.
[gossip_nodes: <int> | default = 2]
# gossip_to_dead_nodes_time is not exposed as CLI flag.
[gossip_to_dead_nodes_time: <duration> | default = 30s]
# dead_node_reclaim_time is not exposed as CLI flag.
[dead_node_reclaim_time: <duration> | default = 0s]
# compression_enabled is not exposed as CLI flag.
[compression_enabled: <boolean> | default = false]
# advertise_addr is not exposed as CLI flag.
[advertise_addr: <string> | default = ""]
# advertise_port is not exposed as CLI flag.
[advertise_port: <int> | default = 7946]
# cluster_label is not exposed as CLI flag.
[cluster_label: <string> | default = ""]
# cluster_label_verification_disabled is not exposed as CLI flag.
[cluster_label_verification_disabled: <boolean> | default = false]
# Host port to connect to memberlist cluster.
# CLI flag: -memberlist.host-port
[join_members: <list of string> | default = []]
# min_join_backoff is not exposed as CLI flag.
[min_join_backoff: <duration> | default = 1s]
# max_join_backoff is not exposed as CLI flag.
[max_join_backoff: <duration> | default = 1m]
# max_join_retries is not exposed as CLI flag.
[max_join_retries: <int> | default = 10]
# abort_if_cluster_join_fails is not exposed as CLI flag.
[abort_if_cluster_join_fails: <boolean> | default = false]
# rejoin_interval is not exposed as CLI flag.
[rejoin_interval: <duration> | default = 0s]
# left_ingesters_timeout is not exposed as CLI flag.
[left_ingesters_timeout: <duration> | default = 5m]
# leave_timeout is not exposed as CLI flag.
[leave_timeout: <duration> | default = 20s]
# message_history_buffer_bytes is not exposed as CLI flag.
[message_history_buffer_bytes: <int> | default = 0]
# bind_addr is not exposed as CLI flag.
[bind_addr: <list of string> | default = []]
# Port for memberlist to communicate on
# CLI flag: -memberlist.bind-port
[bind_port: <int> | default = 7946]
# packet_dial_timeout is not exposed as CLI flag.
[packet_dial_timeout: <duration> | default = 2s]
# packet_write_timeout is not exposed as CLI flag.
[packet_write_timeout: <duration> | default = 5s]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]admin_api_config
The admin_api_config block configures the Admin API service.
# Designated header to parse when searching for the grafana user ID of the user
# accessing the API.
# CLI flag: -admin.api.user-header-name
[user_header_name: <string> | default = "X-WEBAUTH-USER"]
leader_election:
# This flag enables leader election for the admin api.
# CLI flag: -admin-api.leader-election.enabled
[enabled: <boolean> | default = true]
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -admin-api.leader-election.ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -admin-api.leader-election.ring.prefix
[prefix: <string> | default = "leader-election/"]
consul:
# Hostname and port of Consul.
# CLI flag: -admin-api.leader-election.ring.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -admin-api.leader-election.ring.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -admin-api.leader-election.ring.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -admin-api.leader-election.ring.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -admin-api.leader-election.ring.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -admin-api.leader-election.ring.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -admin-api.leader-election.ring.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -admin-api.leader-election.ring.etcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -admin-api.leader-election.ring.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -admin-api.leader-election.ring.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin-api.leader-election.ring.etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin-api.leader-election.ring.etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -admin-api.leader-election.ring.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -admin-api.leader-election.ring.etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -admin-api.leader-election.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -admin-api.leader-election.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -admin-api.leader-election.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -admin-api.leader-election.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring.
# CLI flag: -admin-api.leader-election.ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which admin-api instances are considered
# unhealthy within the ring.
# CLI flag: -admin-api.leader-election.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Period to wait after generating tokens to resolve collisions. Required
# when using a gossip ring KV store.
# CLI flag: -admin-api.leader-election.ring.tokens-observe-period
[tokens_observe_period: <duration> | default = 1m]
# Instance ID to register in the ring.
# CLI flag: -admin-api.leader-election.ring.instance-id
[instance_id: <string> | default = "Martins-MacBook-Pro.local"]
# Name of network interface to read address from.
# CLI flag: -admin-api.leader-election.ring.instance-interface-names
[instance_interface_names: <list of string> | default = [en0]]
# Port to advertize in the ring (defaults to server.grpc-listen-port).
# CLI flag: -admin-api.leader-election.ring.instance-port
[instance_port: <int> | default = 0]
# IP address to advertize in the ring.
# CLI flag: -admin-api.leader-election.ring.instance-addr
[instance_addr: <string> | default = ""]
client_config:
# gRPC client max receive message size (bytes).
# CLI flag: -admin-api.leader-election.client.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -admin-api.leader-election.client.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 104857600]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy' and '' (disable compression)
# CLI flag: -admin-api.leader-election.client.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -admin-api.leader-election.client.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -admin-api.leader-election.client.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit ratelimits.
# CLI flag: -admin-api.leader-election.client.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -admin-api.leader-election.client.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -admin-api.leader-election.client.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -admin-api.leader-election.client.backoff-retries
[max_retries: <int> | default = 10]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -admin-api.leader-election.client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -admin-api.leader-election.client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin-api.leader-election.client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -admin-api.leader-election.client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin-api.leader-election.client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin-api.leader-election.client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin-api.leader-election.client.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin-api.leader-election.client.tls-min-version
[tls_min_version: <string> | default = ""]
limits:
# Enable API based limits per-tenant.
# CLI flag: -admin-api.limits.enabled
[enabled: <boolean> | default = true]
# Period with which to refresh per-tenant limits.
# CLI flag: -admin-api.limits.refresh-period
[refresh_period: <duration> | default = 1m]admin_client_config
The admin_client_config block configures how the Admin API service connects to the storage backend.
storage:
# Enable caching on the versioned client.
# CLI flag: -admin.client.cache.enabled
[enable_cache: <boolean> | default = true]
cache:
# Cache backend type. Supported values are: memcached, redis, inmemory.
# CLI flag: -admin.client.cache.backend
[backend: <string> | default = "inmemory"]
memcached:
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery
# format.
# CLI flag: -admin.client.cache.memcached.addresses
[addresses: <string> | default = ""]
# The socket read/write timeout.
# CLI flag: -admin.client.cache.memcached.timeout
[timeout: <duration> | default = 200ms]
# The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative,
# idle connections are kept open indefinitely.
# CLI flag: -admin.client.cache.memcached.min-idle-connections-headroom-percentage
[min_idle_connections_headroom_percentage: <float> | default = -1]
# The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -admin.client.cache.memcached.max-idle-connections
[max_idle_connections: <int> | default = 100]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -admin.client.cache.memcached.max-async-concurrency
[max_async_concurrency: <int> | default = 50]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -admin.client.cache.memcached.max-async-buffer-size
[max_async_buffer_size: <int> | default = 25000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -admin.client.cache.memcached.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum number of keys a single underlying get operation should run.
# If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set
# to 0, the max batch size is unlimited.
# CLI flag: -admin.client.cache.memcached.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 100]
# The maximum size of an item stored in memcached, in bytes. Bigger items
# are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -admin.client.cache.memcached.max-item-size
[max_item_size: <int> | default = 1048576]
redis:
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -admin.client.cache.redis.endpoint
[endpoint: <string> | default = ""]
# Username to use when connecting to Redis.
# CLI flag: -admin.client.cache.redis.username
[username: <string> | default = ""]
# Password to use when connecting to Redis.
# CLI flag: -admin.client.cache.redis.password
[password: <string> | default = ""]
# Database index.
# CLI flag: -admin.client.cache.redis.db
[db: <int> | default = 0]
# Redis Sentinel master name. An empty string for Redis Server or Redis
# Cluster.
# CLI flag: -admin.client.cache.redis.master-name
[master_name: <string> | default = ""]
# Client dial timeout.
# CLI flag: -admin.client.cache.redis.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Client read timeout.
# CLI flag: -admin.client.cache.redis.read-timeout
[read_timeout: <duration> | default = 3s]
# Client write timeout.
# CLI flag: -admin.client.cache.redis.write-timeout
[write_timeout: <duration> | default = 3s]
# Maximum number of connections in the pool.
# CLI flag: -admin.client.cache.redis.connection-pool-size
[connection_pool_size: <int> | default = 100]
# Minimum number of idle connections.
# CLI flag: -admin.client.cache.redis.min-idle-connections
[min_idle_connections: <int> | default = 10]
# Amount of time after which client closes idle connections.
# CLI flag: -admin.client.cache.redis.idle-timeout
[idle_timeout: <duration> | default = 5m]
# Close connections older than this duration. If the value is zero, then
# the pool does not close connections based on age.
# CLI flag: -admin.client.cache.redis.max-connection-age
[max_connection_age: <duration> | default = 0s]
# The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -admin.client.cache.redis.max-item-size
[max_item_size: <int> | default = 16777216]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -admin.client.cache.redis.max-async-concurrency
[max_async_concurrency: <int> | default = 50]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -admin.client.cache.redis.max-async-buffer-size
[max_async_buffer_size: <int> | default = 25000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -admin.client.cache.redis.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum size per batch for mget operations.
# CLI flag: -admin.client.cache.redis.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 100]
# Enable connecting to Redis with TLS.
# CLI flag: -admin.client.cache.redis.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin.client.cache.redis.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin.client.cache.redis.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin.client.cache.redis.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin.client.cache.redis.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin.client.cache.redis.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin.client.cache.redis.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin.client.cache.redis.tls-min-version
[tls_min_version: <string> | default = ""]
# How long an item should be cached before being evicted. Only available for
# remote cache types (memcached, redis).
# CLI flag: -admin.client.cache.expiration
[expiration: <duration> | default = 24h]
# How frequently to reload tokens from storage to keep the cache warm.
# Default disabled.
# CLI flag: -admin.client.cache.refresh-interval
[refresh_interval: <duration> | default = 0s]
# Backend storage to use. Supported backends are: s3, gcs, azure, swift,
# filesystem.
# CLI flag: -admin.client.backend
[backend: <string> | default = "filesystem"]
s3:
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -admin.client.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call
# to autodetect it.
# CLI flag: -admin.client.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -admin.client.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -admin.client.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -admin.client.s3.access-key-id
[access_key_id: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This
# could be useful in local dev/test environments while using an
# S3-compatible backend storage, like Minio.
# CLI flag: -admin.client.s3.insecure
[insecure: <boolean> | default = false]
# The signature version to use for authenticating against S3. Supported
# values are: v4, v2.
# CLI flag: -admin.client.s3.signature-version
[signature_version: <string> | default = "v4"]
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -admin.client.s3.sse.type
[type: <string> | default = ""]
# KMS Key ID used to encrypt objects in S3
# CLI flag: -admin.client.s3.sse.kms-key-id
[kms_key_id: <string> | default = ""]
# KMS Encryption Context used for object encryption. It expects JSON
# formatted string.
# CLI flag: -admin.client.s3.sse.kms-encryption-context
[kms_encryption_context: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -admin.client.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -admin.client.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects to S3 via HTTPS and this option is enabled, the
# client will accept any certificate and hostname.
# CLI flag: -admin.client.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -admin.client.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully
# writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -admin.client.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0
# means no limit.
# CLI flag: -admin.client.s3.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0,
# a built-in default value is used.
# CLI flag: -admin.client.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -admin.client.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
gcs:
# GCS bucket name
# CLI flag: -admin.client.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON either from a Google Developers Console client_credentials.json file,
# or a Google Developers service account key. Needs to be valid JSON, not a
# filesystem path.
# CLI flag: -admin.client.gcs.service-account
[service_account: <string> | default = ""]
azure:
# Azure storage account name
# CLI flag: -admin.client.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key
# CLI flag: -admin.client.azure.account-key
[account_key: <string> | default = ""]
# Azure storage container name
# CLI flag: -admin.client.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN. If set to empty string, default
# endpoint suffix is used.
# CLI flag: -admin.client.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -admin.client.azure.max-retries
[max_retries: <int> | default = 20]
# User assigned identity. If empty, then System assigned identity is used.
# CLI flag: -admin.client.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]
swift:
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -admin.client.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -admin.client.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -admin.client.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -admin.client.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -admin.client.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -admin.client.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -admin.client.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -admin.client.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -admin.client.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -admin.client.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -admin.client.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if
# it differs the from user domain.
# CLI flag: -admin.client.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed
# if it differs from the user domain.
# CLI flag: -admin.client.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -admin.client.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -admin.client.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -admin.client.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -admin.client.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no
# data is received on a request.
# CLI flag: -admin.client.swift.request-timeout
[request_timeout: <duration> | default = 5s]
filesystem:
# Local filesystem storage directory.
# CLI flag: -admin.client.filesystem.dir
[dir: <string> | default = ""]
# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits and English alphabet letters.
# CLI flag: -admin.client.storage-prefix
[storage_prefix: <string> | default = ""]
# Set a backend to use, (gcs, s3, azure). Deprecated, please use
# '-admin.client.backend' instead.
# CLI flag: -admin.client.backend-type
[type: <string> | default = ""]
# If set to true, the built-in __admin__ access policy will not be active.
# CLI flag: -admin.client.disable-default-admin-policy
[disable_default_admin_policy: <boolean> | default = false]auth_config
The auth_config block configures the authentication type to use.
# method for authenticating incoming HTTP requests, (trust, enterprise).
# CLI flag: -auth.type
[type: <string> | default = "enterprise"]
# requires admin level auth for the /metrics endpoint.
# CLI flag: -auth.required-for-metrics
[required_for_metrics: <boolean> | default = false]
override:
# Override admin token. If set, this string will always be accepted as a token
# with admin level scope.
# CLI flag: -auth.override.token
[token: <string> | default = ""]
# If set, this file will be read at startup and the string from that file will
# be used as a admin scoped token.
# CLI flag: -auth.override.token-file
[token_file: <string> | default = ""]
admin:
# how long auth responses should be cached
# CLI flag: -auth.cache.ttl
[cache_ttl: <duration> | default = 10m]
cache_refresh:
# Whether asynchronous background refreshes are enabled.
# CLI flag: -auth.cache.refresh.enabled
[enabled: <boolean> | default = false]
# Number of workers for background asynchronous refresh.
# CLI flag: -auth.cache.refresh.concurrency
[concurrency: <int> | default = 2]
# Maximum number of pending background refreshes.
# CLI flag: -auth.cache.refresh.buffer
[buffer: <int> | default = 256]
# Remaining time to live of an item when background refreshes may begin to
# occur.
# CLI flag: -auth.cache.refresh.refresh-ttl
[refresh_ttl: <duration> | default = 3m]
# Minimum time distance between retries if a refresh attempt fails, 0 means
# that every sub-sequent get operation will result in a retry.
# CLI flag: -auth.cache.refresh.retry-interval
[retry_interval: <duration> | default = 30s]
oidc:
# JWT token issuer URL (example "https://accounts.google.com")
# CLI flag: -auth.admin.oidc.issuer-url
[issuer_url: <string> | default = ""]
# claim in the JWT token containing the access policy
# CLI flag: -auth.admin.oidc.access-policy-claim
[access_policy_claim: <string> | default = ""]
# regex to extract the access policy from the JWT token. The first submatch
# of the provided regex expression will be used.
# CLI flag: -auth.admin.oidc.access-policy-regex
[access_policy_regex: <string> | default = ""]
# optional audience to check in JWT token
# CLI flag: -auth.admin.oidc.audience
[audience: <string> | default = ""]
# name of the access policy to use when the token doesn't contain an access
# policy
# CLI flag: -auth.admin.oidc.default-access-policy
[default_access_policy: <string> | default = ""]
# enable ADFS compatibility
# CLI flag: -auth.admin.oidc.adfs-compatibility
[adfs_compatibility: <boolean> | default = false]federation_config
The federation_config block configures the cross-cluster query federation service.
proxy_targets:
# Name contains the name of the proxy target, it will be used for the
# __cluster__ label.
[name: <string> | default = ""]
# URL is the URL to the GET API endpoints.
[url: <string> | default = ""]
# Those optional Basic Auth parameters allow to override the client provided
# credentials.
basic_auth:
# Basic Auth username
[username: <string> | default = ""]
# Basic Auth password
[password: <string> | default = ""]
# Maximum number of concurrent requests to federation targets.
# CLI flag: -federation.max-concurrency
[max_concurrency: <int> | default = 20]
# Timeout for hedging requests to federation targets.
# CLI flag: -federation.hedge-requests-at
[hedge_requests_at: <duration> | default = 0s]
# Timeout for requests to federation targets.
# CLI flag: -federation.read-timeout
[read_timeout: <duration> | default = 5s]gateway_config
The gateway_config block configures the gateway service.
proxy:
default:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.default.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.default.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.default.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.default.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.default.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.default.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.default.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.default.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.default.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.default.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.default.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.default.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.default.read-timeout
[read_timeout: <duration> | default = 2m]
admin_api:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.admin-api.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.admin-api.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.admin-api.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.admin-api.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.admin-api.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.admin-api.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.admin-api.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.admin-api.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.admin-api.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.admin-api.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.admin-api.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.admin-api.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.admin-api.read-timeout
[read_timeout: <duration> | default = 2m]
compactor:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.compactor.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.compactor.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.compactor.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.compactor.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.compactor.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.compactor.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.compactor.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.compactor.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.compactor.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.compactor.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.compactor.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.compactor.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.compactor.read-timeout
[read_timeout: <duration> | default = 2m]
distributor:
# url is not exposed as CLI flag.
[url: <string> | default = ""]
# enable_keepalive is not exposed as CLI flag.
[enable_keepalive: <boolean> | default = false]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 0s]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# write_timeout is not exposed as CLI flag.
[write_timeout: <duration> | default = 0s]
# read_timeout is not exposed as CLI flag.
[read_timeout: <duration> | default = 0s]
distributor_ingest:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.distributor.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.distributor.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.distributor.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.distributor.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.distributor.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.distributor.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.distributor.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.distributor.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.distributor.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.distributor.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.distributor.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributor.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributor.read-timeout
[read_timeout: <duration> | default = 2m]
ingester:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.ingester.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.ingester.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.ingester.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.ingester.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.ingester.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.ingester.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.ingester.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.ingester.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.ingester.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.ingester.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.ingester.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.ingester.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.ingester.read-timeout
[read_timeout: <duration> | default = 2m]
querier:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.querier.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.querier.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.querier.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.querier.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.querier.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.querier.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.querier.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.querier.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.querier.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.querier.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.querier.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.querier.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.querier.read-timeout
[read_timeout: <duration> | default = 2m]
query_frontend:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.query-frontend.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.query-frontend.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.query-frontend.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.query-frontend.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.query-frontend.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.query-frontend.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.query-frontend.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.query-frontend.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.query-frontend.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.query-frontend.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.query-frontend.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.query-frontend.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.query-frontend.read-timeout
[read_timeout: <duration> | default = 2m]
metrics_generator:
# URL for the backend. Use the scheme dns:// for HTTP over GPRC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.metrics-generator.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.metrics-generator.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.metrics-generator.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.metrics-generator.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.metrics-generator.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.metrics-generator.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.metrics-generator.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.metrics-generator.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.metrics-generator.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.metrics-generator.tls-min-version
[tls_min_version: <string> | default = ""]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.read-timeout
[read_timeout: <duration> | default = 2m]license_config
The license_config block configures the license validation module.
# Filepath to license jwt file.
# CLI flag: -license.path
[path: <string> | default = "./license.jwt"]
# Interval to check for new or existing licenses.
# CLI flag: -license.sync-interval
[sync_interval: <duration> | default = 1h]tokengen_config
The tokengen_config block configures the tokengen service.
# The name of the access policy to generate a token for. It defaults to the
# built-in admin policy.
# CLI flag: -tokengen.access-policy
[access_policy: <string> | default = "__admin__"]
# If set, the generated token will be written to a file at the provided path in
# addition to being logged. Note that if the file already exists, it will not be
# overwritten, and tokengen will fail with an error.
# CLI flag: -tokengen.token-file
[token_file: <string> | default = ""]Was this page helpful?
Related resources from Grafana Labs
Scaling your distributed tracing with Grafana Tempo
In this demo, we’ll show how Grafana Tempo allows you to scale tracing as far as possible with less operational cost and complexity than ever before.
Accelerate TraceQL queries at scale with dedicated attribute columns in Grafana Tempo
Dedicated attribute columns can have significant impact on query performance and memory usage in Grafana Tempo. Learn more about this new feature and see how to start using it today.
Traces to metrics: Ad hoc RED metrics in Grafana Tempo with 'Aggregate by'
Looking to get more value out of tracing? We’ve added the ability to compute RED metrics from recent trace data grouped by any attribute of your choice.