Menu
Enterprise
Configuration reference
Grafana Enterprise Traces can be configured using a YAML file - specified using the -config.file flag - or CLI flags. In case you combine both, CLI flags take precedence over the YAML config file.
The current configuration of any GET component can be seen by visiting the /config HTTP path.
Passwords are filtered out of this endpoint.
To specify which configuration file to load, pass the -config.file flag at the command line. The file is written in YAML format, defined by the scheme below. Brackets indicate that a parameter is optional.
Generic placeholders
<boolean>: a boolean that can take the valuestrueorfalse<int>: any integer matching the regular expression[1-9]+[0-9]*<duration>: a duration matching the regular expression[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)where y = 365 days<string>: a regular string<url>: a URL<prefix>: a CLI flag prefix based on the context (look at the parent configuration block to see which CLI flags prefix should be used)<time>: a timestamp, with available formats:2006-01-20(midnight, local timezone),2006-01-20T15:04(local timezone), and RFC 3339 formats:2006-01-20T15:04:05Z(UTC) or2006-01-20T15:04:05+07:00(explicit timezone)
Use environment variables in the configuration
You can use environment variable references in the configuration file to set values that need to be configurable during deployment using --config.expand-env option.
To do this, use:
${VAR}Where VAR is the name of the environment variable.
Each variable reference is replaced at startup by the value of the environment variable. The replacement is case-sensitive and occurs before the YAML file is parsed. References to undefined variables are replaced by empty strings unless you specify a default value or custom error text.
To specify a default value, use:
${VAR:-default_value}where default_value is the value to use if the environment variable is undefined.
You can find more about other supported syntax here
Supported contents and default values
# target module
# CLI flag: -target
[target: <string> | default = "all"]
# Set to true to enable auth (deprecated: use multitenancy.enabled)
# CLI flag: -auth.enabled
[auth_enabled: <boolean> | default = false]
# Set to true to enable multitenancy.
# CLI flag: -multitenancy.enabled
[multitenancy_enabled: <boolean> | default = false]
# How long to wait between SIGTERM and shutdown. After receiving SIGTERM, GET
# will report not-ready status via /ready endpoint.
# CLI flag: -shutdown-delay
[shutdown_delay: <duration> | default = 0s]
# stream_over_http_enabled is not exposed as CLI flag.
[stream_over_http_enabled: <boolean> | default = false]
# String prefix for all http api endpoints.
# CLI flag: -http-api-prefix
[http_api_prefix: <string> | default = ""]
# Set to true to enable all Go runtime metrics
# CLI flag: -enable-go-runtime-metrics
[enable_go_runtime_metrics: <boolean> | default = false]
# The server_config block configures the HTTP and gRPC server of the launched
# services.
[server: <server_config>]
internal_server:
# http_listen_network is not exposed as CLI flag.
[http_listen_network: <string> | default = "tcp"]
# http_listen_address is not exposed as CLI flag.
[http_listen_address: <string> | default = ""]
# http_listen_port is not exposed as CLI flag.
[http_listen_port: <int> | default = 3101]
# http_listen_conn_limit is not exposed as CLI flag.
[http_listen_conn_limit: <int> | default = 0]
# grpc_listen_network is not exposed as CLI flag.
[grpc_listen_network: <string> | default = ""]
# grpc_listen_address is not exposed as CLI flag.
[grpc_listen_address: <string> | default = ""]
# grpc_listen_port is not exposed as CLI flag.
[grpc_listen_port: <int> | default = 0]
# grpc_listen_conn_limit is not exposed as CLI flag.
[grpc_listen_conn_limit: <int> | default = 0]
# proxy_protocol_enabled is not exposed as CLI flag.
[proxy_protocol_enabled: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
http_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
[cert: <string> | default = ""]
# Server TLS key. This configuration parameter is YAML only.
[key: <string> | default = ""]
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
[cert: <string> | default = ""]
# Server TLS key. This configuration parameter is YAML only.
[key: <string> | default = ""]
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
# register_instrumentation is not exposed as CLI flag.
[register_instrumentation: <boolean> | default = false]
# report_grpc_codes_in_instrumentation_label_enabled is not exposed as CLI
# flag.
[report_grpc_codes_in_instrumentation_label_enabled: <boolean> | default = false]
# graceful_shutdown_timeout is not exposed as CLI flag.
[graceful_shutdown_timeout: <duration> | default = 30s]
# http_server_read_timeout is not exposed as CLI flag.
[http_server_read_timeout: <duration> | default = 30s]
# http_server_read_header_timeout is not exposed as CLI flag.
[http_server_read_header_timeout: <duration> | default = 0s]
# http_server_write_timeout is not exposed as CLI flag.
[http_server_write_timeout: <duration> | default = 30s]
# http_server_idle_timeout is not exposed as CLI flag.
[http_server_idle_timeout: <duration> | default = 2m]
# http_log_closed_connections_without_response_enabled is not exposed as CLI
# flag.
[http_log_closed_connections_without_response_enabled: <boolean> | default = false]
# grpc_server_max_recv_msg_size is not exposed as CLI flag.
[grpc_server_max_recv_msg_size: <int> | default = 0]
# grpc_server_max_send_msg_size is not exposed as CLI flag.
[grpc_server_max_send_msg_size: <int> | default = 0]
# grpc_server_max_concurrent_streams is not exposed as CLI flag.
[grpc_server_max_concurrent_streams: <int> | default = 0]
# grpc_server_max_connection_idle is not exposed as CLI flag.
[grpc_server_max_connection_idle: <duration> | default = 0s]
# grpc_server_max_connection_age is not exposed as CLI flag.
[grpc_server_max_connection_age: <duration> | default = 0s]
# grpc_server_max_connection_age_grace is not exposed as CLI flag.
[grpc_server_max_connection_age_grace: <duration> | default = 0s]
# grpc_server_keepalive_time is not exposed as CLI flag.
[grpc_server_keepalive_time: <duration> | default = 0s]
# grpc_server_keepalive_timeout is not exposed as CLI flag.
[grpc_server_keepalive_timeout: <duration> | default = 0s]
# grpc_server_min_time_between_pings is not exposed as CLI flag.
[grpc_server_min_time_between_pings: <duration> | default = 0s]
# grpc_server_ping_without_stream_allowed is not exposed as CLI flag.
[grpc_server_ping_without_stream_allowed: <boolean> | default = false]
# grpc_server_num_workers is not exposed as CLI flag.
[grpc_server_num_workers: <int> | default = 0]
# grpc_server_stats_tracking_enabled is not exposed as CLI flag.
[grpc_server_stats_tracking_enabled: <boolean> | default = false]
# grpc_server_recv_buffer_pools_enabled is not exposed as CLI flag.
[grpc_server_recv_buffer_pools_enabled: <boolean> | default = false]
# log_format is not exposed as CLI flag.
[log_format: <string> | default = "logfmt"]
# log_level is not exposed as CLI flag.
[log_level: <string> | default = "info"]
# log_source_ips_enabled is not exposed as CLI flag.
[log_source_ips_enabled: <boolean> | default = false]
# log_source_ips_full is not exposed as CLI flag.
[log_source_ips_full: <boolean> | default = false]
# log_source_ips_header is not exposed as CLI flag.
[log_source_ips_header: <string> | default = ""]
# log_source_ips_regex is not exposed as CLI flag.
[log_source_ips_regex: <string> | default = ""]
# log_request_headers is not exposed as CLI flag.
[log_request_headers: <boolean> | default = false]
# log_request_at_info_level_enabled is not exposed as CLI flag.
[log_request_at_info_level_enabled: <boolean> | default = false]
# log_request_exclude_headers_list is not exposed as CLI flag.
[log_request_exclude_headers_list: <string> | default = ""]
# http_path_prefix is not exposed as CLI flag.
[http_path_prefix: <string> | default = ""]
cluster_validation:
# label is not exposed as CLI flag.
[label: <string> | default = ""]
grpc:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# soft_validation is not exposed as CLI flag.
[soft_validation: <boolean> | default = false]
http:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# soft_validation is not exposed as CLI flag.
[soft_validation: <boolean> | default = false]
# excluded_paths is not exposed as CLI flag.
[excluded_paths: <string> | default = ""]
# enable is not exposed as CLI flag.
[enable: <boolean> | default = false]
# The distributor_config block configures the distributor service.
[distributor: <distributor_config>]
# The ingester_client_config block configures how the distributor services
# connect to the ingester services.
[ingester_client: <ingester_client_config>]
metrics_generator_client:
pool_config:
# checkinterval is not exposed as CLI flag.
[checkinterval: <duration> | default = 15s]
# healthcheckenabled is not exposed as CLI flag.
[healthcheckenabled: <boolean> | default = true]
# healthchecktimeout is not exposed as CLI flag.
[healthchecktimeout: <duration> | default = 1s]
# maxconcurrenthealthchecks is not exposed as CLI flag.
[maxconcurrenthealthchecks: <int> | default = 0]
# remote_timeout is not exposed as CLI flag.
[remote_timeout: <duration> | default = 5s]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 104857600]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# initial_stream_window_size is not exposed as CLI flag.
[initial_stream_window_size: <int> | default = 65535]
# initial_connection_window_size is not exposed as CLI flag.
[initial_connection_window_size: <int> | default = 65535]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# connect_timeout is not exposed as CLI flag.
[connect_timeout: <duration> | default = 5s]
# connect_backoff_base_delay is not exposed as CLI flag.
[connect_backoff_base_delay: <duration> | default = 1s]
# connect_backoff_max_delay is not exposed as CLI flag.
[connect_backoff_max_delay: <duration> | default = 5s]
cluster_validation:
# label is not exposed as CLI flag.
[label: <string> | default = ""]
# The querier_config block configures the querier service.
[querier: <querier_config>]
# The query_frontend_config block configures the query frontend service.
[query_frontend: <query_frontend_config>]
# The compactor_config block configures the compactor service.
[compactor: <compactor_config>]
# The ingester_config block configures the ingester service.
[ingester: <ingester_config>]
metrics_generator:
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -generatorstore
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -generatorprefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -generatorconsul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -generatorconsul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -generatorconsul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -generatorconsul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -generatorconsul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -generatorconsul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -generatorconsul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -generatoretcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -generatoretcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -generatoretcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -generatoretcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -generatoretcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -generatoretcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -generatoretcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -generatoretcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -generatoretcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -generatoretcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -generatoretcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -generatoretcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -generatoretcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -generatormulti.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -generatormulti.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -generatormulti.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -generatormulti.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# instance_id is not exposed as CLI flag.
[instance_id: <string> | default = "hostname"]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# instance_addr is not exposed as CLI flag.
[instance_addr: <string> | default = ""]
# instance_port is not exposed as CLI flag.
[instance_port: <int> | default = 0]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
processor:
service_graphs:
# wait is not exposed as CLI flag.
[wait: <duration> | default = 10s]
# max_items is not exposed as CLI flag.
[max_items: <int> | default = 10000]
# workers is not exposed as CLI flag.
[workers: <int> | default = 10]
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = [0.1 0.2 0.4 0.8 1.6 3.2 6.4 12.8]]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
# enable_client_server_prefix is not exposed as CLI flag.
[enable_client_server_prefix: <boolean> | default = false]
# enable_messaging_system_latency_histogram is not exposed as CLI flag.
[enable_messaging_system_latency_histogram: <boolean> | default = false]
# peer_attributes is not exposed as CLI flag.
[peer_attributes: <list of string> | default = [peer.service db.name db.system]]
# span_multiplier_key is not exposed as CLI flag.
[span_multiplier_key: <string> | default = ""]
# enable_virtual_node_label is not exposed as CLI flag.
[enable_virtual_node_label: <boolean> | default = false]
span_metrics:
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = [0.002 0.004 0.008 0.016 0.032 0.064 0.128 0.256 0.512 1.024 2.048 4.096 8.192 16.384]]
intrinsic_dimensions:
# service is not exposed as CLI flag.
[service: <boolean> | default = true]
# span_name is not exposed as CLI flag.
[span_name: <boolean> | default = true]
# span_kind is not exposed as CLI flag.
[span_kind: <boolean> | default = true]
# status_code is not exposed as CLI flag.
[status_code: <boolean> | default = true]
# status_message is not exposed as CLI flag.
[status_message: <boolean> | default = false]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
dimension_mappings:
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# source_labels is not exposed as CLI flag.
[source_labels: <list of string> | default = []]
# join is not exposed as CLI flag.
[join: <string> | default = ""]
# enable_target_info is not exposed as CLI flag.
[enable_target_info: <boolean> | default = false]
# span_multiplier_key is not exposed as CLI flag.
[span_multiplier_key: <string> | default = ""]
# subprocessors is not exposed as CLI flag.
[subprocessors: <map of spanmetrics.Subprocessor to bool> | default = map[span-metrics-latency:true span-metrics-count:true span-metrics-size:true]]
filter_policies:
include:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
exclude:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
# target_info_excluded_dimensions is not exposed as CLI flag.
[target_info_excluded_dimensions: <list of string> | default = []]
local_blocks:
block:
# bloom_filter_false_positive is not exposed as CLI flag.
[bloom_filter_false_positive: <float> | default = 0]
# bloom_filter_shard_size_bytes is not exposed as CLI flag.
[bloom_filter_shard_size_bytes: <int> | default = 0]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# search_page_size_bytes is not exposed as CLI flag.
[search_page_size_bytes: <int> | default = 0]
# v2_index_downsample_bytes is not exposed as CLI flag.
[v2_index_downsample_bytes: <int> | default = 0]
# v2_index_page_size_bytes is not exposed as CLI flag.
[v2_index_page_size_bytes: <int> | default = 0]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# parquet_row_group_size_bytes is not exposed as CLI flag.
[parquet_row_group_size_bytes: <int> | default = 0]
parquet_dedicated_columns:
# scope is not exposed as CLI flag.
[scope: <string> | default = ""]
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# type is not exposed as CLI flag.
[type: <string> | default = ""]
search:
# chunk_size_bytes is not exposed as CLI flag.
[chunk_size_bytes: <int> | default = 0]
# prefetch_trace_count is not exposed as CLI flag.
[prefetch_trace_count: <int> | default = 0]
# read_buffer_count is not exposed as CLI flag.
[read_buffer_count: <int> | default = 0]
# read_buffer_size_bytes is not exposed as CLI flag.
[read_buffer_size_bytes: <int> | default = 0]
cache_control:
# footer is not exposed as CLI flag.
[footer: <boolean> | default = false]
# column_index is not exposed as CLI flag.
[column_index: <boolean> | default = false]
# offset_index is not exposed as CLI flag.
[offset_index: <boolean> | default = false]
# flush_check_period is not exposed as CLI flag.
[flush_check_period: <duration> | default = 10s]
# trace_idle_period is not exposed as CLI flag.
[trace_idle_period: <duration> | default = 10s]
# max_block_duration is not exposed as CLI flag.
[max_block_duration: <duration> | default = 1m]
# max_block_bytes is not exposed as CLI flag.
[max_block_bytes: <int> | default = 500000000]
# concurrency is not exposed as CLI flag.
[concurrency: <int> | default = 4]
# complete_block_timeout is not exposed as CLI flag.
[complete_block_timeout: <duration> | default = 1h]
# max_live_traces is not exposed as CLI flag.
[max_live_traces: <int> | default = 0]
# max_live_traces_bytes is not exposed as CLI flag.
[max_live_traces_bytes: <int> | default = 250000000]
# filter_server_spans is not exposed as CLI flag.
[filter_server_spans: <boolean> | default = true]
# flush_to_storage is not exposed as CLI flag.
[flush_to_storage: <boolean> | default = false]
# concurrent_blocks is not exposed as CLI flag.
[concurrent_blocks: <int> | default = 10]
# time_overlap_cutoff is not exposed as CLI flag.
[time_overlap_cutoff: <float> | default = 0.2]
host_info:
# host_identifiers is not exposed as CLI flag.
[host_identifiers: <list of string> | default = [k8s.node.name host.id]]
# metric_name is not exposed as CLI flag.
[metric_name: <string> | default = "traces_host_info"]
registry:
# collection_interval is not exposed as CLI flag.
[collection_interval: <duration> | default = 15s]
# stale_duration is not exposed as CLI flag.
[stale_duration: <duration> | default = 15m]
# external_labels is not exposed as CLI flag.
[external_labels: <map of string to string> | default = map[]]
# inject_tenant_id_as is not exposed as CLI flag.
[inject_tenant_id_as: <string> | default = ""]
# max_label_name_length is not exposed as CLI flag.
[max_label_name_length: <int> | default = 1024]
# max_label_value_length is not exposed as CLI flag.
[max_label_value_length: <int> | default = 2048]
storage:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
wal:
# wal_segment_size is not exposed as CLI flag.
[wal_segment_size: <int> | default = 134217728]
# wal_compression is not exposed as CLI flag.
[wal_compression: <string> | default = "none"]
# stripe_size is not exposed as CLI flag.
[stripe_size: <int> | default = 16384]
# truncate_frequency is not exposed as CLI flag.
[truncate_frequency: <duration> | default = 2h]
# min_wal_time is not exposed as CLI flag.
[min_wal_time: <int> | default = 300000]
# max_wal_time is not exposed as CLI flag.
[max_wal_time: <int> | default = 14400000]
# no_lockfile is not exposed as CLI flag.
[no_lockfile: <boolean> | default = false]
# remote_write_flush_deadline is not exposed as CLI flag.
[remote_write_flush_deadline: <duration> | default = 1m]
# remote_write_add_org_id_header is not exposed as CLI flag.
[remote_write_add_org_id_header: <boolean> | default = true]
# Remote-write client configuration to send rule samples to a Prometheus
# remote-write endpoint.
# See
# https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
[remote_write: <array> | default = none]
traces_storage:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 2m]
# version is not exposed as CLI flag.
[version: <string> | default = "vParquet4"]
traces_query_storage:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 2m]
# version is not exposed as CLI flag.
[version: <string> | default = "vParquet4"]
# metrics_ingestion_time_range_slack is not exposed as CLI flag.
[metrics_ingestion_time_range_slack: <duration> | default = 30s]
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 30s]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "metrics-generator"]
# codec is not exposed as CLI flag.
[codec: <string> | default = "push-bytes"]
# disable_local_blocks is not exposed as CLI flag.
[disable_local_blocks: <boolean> | default = false]
# disable_grpc is not exposed as CLI flag.
[disable_grpc: <boolean> | default = false]
# ingest_concurrency is not exposed as CLI flag.
[ingest_concurrency: <int> | default = 16]
# Instance id.
# CLI flag: -generator.instance-id
[instance_id: <string> | default = "hostname"]
ingest:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
kafka:
# The Kafka backend address.
# CLI flag: -ingest.address
[address: <string> | default = "localhost:9092"]
# The Kafka topic name.
# CLI flag: -ingest.topic
[topic: <string> | default = ""]
# The Kafka client ID.
# CLI flag: -ingest.client-id
[client_id: <string> | default = ""]
# The maximum time allowed to open a connection to a Kafka broker.
# CLI flag: -ingest.dial-timeout
[dial_timeout: <duration> | default = 2s]
# How long to wait for an incoming write request to be successfully
# committed to the Kafka backend.
# CLI flag: -ingest.write-timeout
[write_timeout: <duration> | default = 10s]
# The SASL username for authentication.
# CLI flag: -ingest.sasl-username
[sasl_username: <string> | default = ""]
# The SASL password for authentication.
# CLI flag: -ingest.sasl-password
[sasl_password: <string> | default = ""]
# The consumer group used by the consumer to track the last consumed offset.
# The consumer group must be different for each ingester. If the configured
# consumer group contains the '<partition>' placeholder, it is replaced with
# the actual partition ID owned by the ingester. When empty (recommended),
# GET uses the ingester instance ID to guarantee uniqueness.
# CLI flag: -ingest.consumer-group
[consumer_group: <string> | default = ""]
# How frequently a consumer should commit the consumed offset to Kafka. The
# last committed offset is used at startup to continue the consumption from
# where it was left.
# CLI flag: -ingest.consumer-group-offset-commit-interval
[consumer_group_offset_commit_interval: <duration> | default = 1s]
# How long to retry a failed request to get the last produced offset.
# CLI flag: -ingest.last-produced-offset-retry-timeout
[last_produced_offset_retry_timeout: <duration> | default = 10s]
# Enable auto-creation of Kafka topic if it doesn't exist.
# CLI flag: -ingest.auto-create-topic-enabled
[auto_create_topic_enabled: <boolean> | default = true]
# When auto-creation of Kafka topic is enabled and this value is positive,
# Kafka's num.partitions configuration option is set on Kafka brokers with
# this value when GET component that uses Kafka starts. This configuration
# option specifies the default number of partitions that the Kafka broker
# uses for auto-created topics. Note that this is a Kafka-cluster wide
# setting, and applies to any auto-created topic. If the setting of
# num.partitions fails, GET proceeds anyways, but auto-created topics could
# have an incorrect number of partitions.
# CLI flag: -ingest.auto-create-topic-default-partitions
[auto_create_topic_default_partitions: <int> | default = 1000]
# The maximum size of a Kafka record data that should be generated by the
# producer. An incoming write request larger than this size is split into
# multiple Kafka records. We strongly recommend to not change this setting
# unless for testing purposes.
# CLI flag: -ingest.producer-max-record-size-bytes
[producer_max_record_size_bytes: <int> | default = 15983616]
# The maximum size of (uncompressed) buffered and unacknowledged produced
# records sent to Kafka. The produce request fails once this limit is
# reached. This limit is per Kafka client. 0 to disable the limit.
# CLI flag: -ingest.producer-max-buffered-bytes
[producer_max_buffered_bytes: <int> | default = 1073741824]
# The best-effort maximum lag a consumer tries to achieve at startup. Set
# both -ingest.target-consumer-lag-at-startup and
# -ingest.max-consumer-lag-at-startup to 0 to disable waiting for maximum
# consumer lag being honored at startup.
# CLI flag: -ingest.target-consumer-lag-at-startup
[target_consumer_lag_at_startup: <duration> | default = 2s]
# The guaranteed maximum lag before a consumer is considered to have caught
# up reading from a partition at startup, becomes ACTIVE in the hash ring
# and passes the readiness check. Set both
# -ingest.target-consumer-lag-at-startup and
# -ingest.max-consumer-lag-at-startup to 0 to disable waiting for maximum
# consumer lag being honored at startup.
# CLI flag: -ingest.max-consumer-lag-at-startup
[max_consumer_lag_at_startup: <duration> | default = 15s]
block_builder:
# Instance id.
# CLI flag: -block-builder.instance-id
[instance_id: <string> | default = "hostname"]
# assigned_partitions is not exposed as CLI flag.
[assigned_partitions: <map of string to []int32> | default = map[]]
# Interval between consumption cycles.
# CLI flag: -block-builder.consume-cycle-duration
[consume_cycle_duration: <duration> | default = 5m]
# Maximum number of bytes that can be consumed in a single cycle. 0 to disable
# CLI flag: -block-builder.max-bytes-per-cycle
[max_consuming_bytes: <int> | default = 5000000000]
block:
# Maximum size of a block.
# CLI flag: -block-builder.block.max-block-bytes
[max_block_bytes: <int> | default = 20971520]
# Bloom Filter False Positive.
# CLI flag: -block-builder.block.trace.block.v2-bloom-filter-false-positive
[bloom_filter_false_positive: <float> | default = 0.01]
# Bloom Filter Shard Size in bytes.
# CLI flag: -block-builder.block.trace.block.v2-bloom-filter-shard-size-bytes
[bloom_filter_shard_size_bytes: <int> | default = 102400]
# version is not exposed as CLI flag.
[version: <string> | default = "vParquet4"]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = snappy]
# search_page_size_bytes is not exposed as CLI flag.
[search_page_size_bytes: <int> | default = 1048576]
# Number of bytes (before compression) per index record.
# CLI flag: -block-builder.block.trace.block.v2-index-downsample-bytes
[v2_index_downsample_bytes: <int> | default = 1048576]
# Number of bytes per index page.
# CLI flag: -block-builder.block.trace.block.v2-index-page-size-bytes
[v2_index_page_size_bytes: <int> | default = 256000]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = zstd]
# parquet_row_group_size_bytes is not exposed as CLI flag.
[parquet_row_group_size_bytes: <int> | default = 100000000]
parquet_dedicated_columns:
# scope is not exposed as CLI flag.
[scope: <string> | default = ""]
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# type is not exposed as CLI flag.
[type: <string> | default = ""]
wal:
# Path at which store WAL blocks.
# CLI flag: -block-builder.wal.path
[path: <string> | default = "/var/tempo/block-builder/traces"]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 2m]
# version is not exposed as CLI flag.
[version: <string> | default = "vParquet4"]
# The storage_config block configures how and where to store data.
[storage: <storage_config>]
# The overrides_config block configures the overrides module to set global or
# per-tenant override settings.
[overrides: <overrides_config>]
# The memberlist_config block configures how the gossip ring connects between
# distributors, ingesters and queriers.
[memberlist: <memberlist_config>]
usage_report:
backoff:
# Minimum delay when backing off.
# CLI flag: -reporting.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -reporting.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -reporting.backoff-retries
[max_retries: <int> | default = 10]
cache:
background:
# writeback_goroutines is not exposed as CLI flag.
[writeback_goroutines: <int> | default = 0]
# writeback_buffer is not exposed as CLI flag.
[writeback_buffer: <int> | default = 0]
caches:
# roles is not exposed as CLI flag.
[roles: <list of string> | default = []]
memcached:
# host is not exposed as CLI flag.
[host: <string> | default = ""]
# service is not exposed as CLI flag.
[service: <string> | default = ""]
# addresses is not exposed as CLI flag.
[addresses: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# max_idle_conns is not exposed as CLI flag.
[max_idle_conns: <int> | default = 0]
# max_item_size is not exposed as CLI flag.
[max_item_size: <int> | default = 0]
# update_interval is not exposed as CLI flag.
[update_interval: <duration> | default = 0s]
# consistent_hash is not exposed as CLI flag.
[consistent_hash: <boolean> | default = false]
# circuit_breaker_consecutive_failures is not exposed as CLI flag.
[circuit_breaker_consecutive_failures: <int> | default = 0]
# circuit_breaker_timeout is not exposed as CLI flag.
[circuit_breaker_timeout: <duration> | default = 0s]
# circuit_breaker_interval is not exposed as CLI flag.
[circuit_breaker_interval: <duration> | default = 0s]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]
redis:
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# master_name is not exposed as CLI flag.
[master_name: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# expiration is not exposed as CLI flag.
[expiration: <duration> | default = 0s]
# db is not exposed as CLI flag.
[db: <int> | default = 0]
# pool_size is not exposed as CLI flag.
[pool_size: <int> | default = 0]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
# sentinel_username is not exposed as CLI flag.
[sentinel_username: <string> | default = ""]
# sentinel_password is not exposed as CLI flag.
[sentinel_password: <string> | default = ""]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# idle_timeout is not exposed as CLI flag.
[idle_timeout: <duration> | default = 0s]
# max_connection_age is not exposed as CLI flag.
[max_connection_age: <duration> | default = 0s]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]
backend_scheduler:
# Interval at which to measure outstanding blocks
# CLI flag: -backend-schedulerbackend-scheduler.tenant-measurement-interval
[tenant_measurement_interval: <duration> | default = 1m]
work:
# Age at which to prune completed jobs
# CLI flag: -backend-scheduler.workprune-age
[prune_age: <duration> | default = 1h]
# Time after which a job is considered dead and marked as failed
# CLI flag: -backend-scheduler.workdead-job-timeout
[dead_job_timeout: <duration> | default = 24h]
# Interval at which to perform scheduler maintenance tasks
# CLI flag: -backend-schedulerbackend-scheduler.maintenance-interval
[maintenance_interval: <duration> | default = 1m]
provider:
retention:
# Interval at which to perform tenant retention
# CLI flag: -backend-scheduler.provider.workbackend-scheduler.retention-interval
[interval: <duration> | default = 1h]
compaction:
# Interval at which to metric tenant blocklist
# CLI flag: -backend-scheduler.provider.workbackend-scheduler.compaction-provider.measure-interval
[measure_interval: <duration> | default = 1m]
compaction:
# v2_in_buffer_bytes is not exposed as CLI flag.
[v2_in_buffer_bytes: <int> | default = 5242880]
# v2_out_buffer_bytes is not exposed as CLI flag.
[v2_out_buffer_bytes: <int> | default = 20971520]
# v2_prefetch_traces_count is not exposed as CLI flag.
[v2_prefetch_traces_count: <int> | default = 1000]
# Maximum time window across which to compact blocks.
# CLI flag: -backend-scheduler.provider.work.compaction.compaction.compaction-window
[compaction_window: <duration> | default = 1h]
# Maximum number of traces in a compacted block.
# CLI flag: -backend-scheduler.provider.work.compaction.compaction.max-objects-per-block
[max_compaction_objects: <int> | default = 6000000]
# Maximum size of a compacted block.
# CLI flag: -backend-scheduler.provider.work.compaction.compaction.max-block-bytes
[max_block_bytes: <int> | default = 107374182400]
# Duration to keep blocks/traces.
# CLI flag: -backend-scheduler.provider.work.compaction.compaction.block-retention
[block_retention: <duration> | default = 336h]
# compacted_block_retention is not exposed as CLI flag.
[compacted_block_retention: <duration> | default = 1h]
# retention_concurrency is not exposed as CLI flag.
[retention_concurrency: <int> | default = 10]
# max_time_per_tenant is not exposed as CLI flag.
[max_time_per_tenant: <duration> | default = 5m]
# compaction_cycle is not exposed as CLI flag.
[compaction_cycle: <duration> | default = 30s]
# Maximum number of jobs to run per tenant before moving on to the next
# tenant
# CLI flag: -backend-scheduler.provider.workbackend-scheduler.max-jobs-per-tenant
[max_jobs_per_tenant: <int> | default = 1000]
backoff:
# Minimum delay when backing off.
# CLI flag: -backend-scheduler.provider.work.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -backend-scheduler.provider.work.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -backend-scheduler.provider.work.backoff-retries
[max_retries: <int> | default = 0]
# Internal duration to wait for a job before telling the worker to try again
# CLI flag: -backend-schedulerbackend-scheduler.job-timeout
[job_timeout: <duration> | default = 15s]
backend_scheduler_client:
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 104857600]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# initial_stream_window_size is not exposed as CLI flag.
[initial_stream_window_size: <int> | default = 65535]
# initial_connection_window_size is not exposed as CLI flag.
[initial_connection_window_size: <int> | default = 65535]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# connect_timeout is not exposed as CLI flag.
[connect_timeout: <duration> | default = 5s]
# connect_backoff_base_delay is not exposed as CLI flag.
[connect_backoff_base_delay: <duration> | default = 1s]
# connect_backoff_max_delay is not exposed as CLI flag.
[connect_backoff_max_delay: <duration> | default = 5s]
cluster_validation:
# label is not exposed as CLI flag.
[label: <string> | default = ""]
backend_worker:
# backend_scheduler_addr is not exposed as CLI flag.
[backend_scheduler_addr: <string> | default = ""]
backoff:
# Minimum delay when backing off.
# CLI flag: -backend-worker.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -backend-worker.backoff-max-period
[max_period: <duration> | default = 1m]
# Number of times to backoff and retry before failing.
# CLI flag: -backend-worker.backoff-retries
[max_retries: <int> | default = 0]
compaction:
# v2_in_buffer_bytes is not exposed as CLI flag.
[v2_in_buffer_bytes: <int> | default = 5242880]
# v2_out_buffer_bytes is not exposed as CLI flag.
[v2_out_buffer_bytes: <int> | default = 20971520]
# v2_prefetch_traces_count is not exposed as CLI flag.
[v2_prefetch_traces_count: <int> | default = 1000]
# Maximum time window across which to compact blocks.
# CLI flag: -backend-worker.compaction.compaction.compaction-window
[compaction_window: <duration> | default = 1h]
# Maximum number of traces in a compacted block.
# CLI flag: -backend-worker.compaction.compaction.max-objects-per-block
[max_compaction_objects: <int> | default = 6000000]
# Maximum size of a compacted block.
# CLI flag: -backend-worker.compaction.compaction.max-block-bytes
[max_block_bytes: <int> | default = 107374182400]
# Duration to keep blocks/traces.
# CLI flag: -backend-worker.compaction.compaction.block-retention
[block_retention: <duration> | default = 336h]
# compacted_block_retention is not exposed as CLI flag.
[compacted_block_retention: <duration> | default = 1h]
# retention_concurrency is not exposed as CLI flag.
[retention_concurrency: <int> | default = 10]
# max_time_per_tenant is not exposed as CLI flag.
[max_time_per_tenant: <duration> | default = 5m]
# compaction_cycle is not exposed as CLI flag.
[compaction_cycle: <duration> | default = 30s]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "backend-worker"]
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# wait_stability_min_duration is not exposed as CLI flag.
[wait_stability_min_duration: <duration> | default = 1m]
# wait_stability_max_duration is not exposed as CLI flag.
[wait_stability_max_duration: <duration> | default = 5m]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
# wait_active_instance_timeout is not exposed as CLI flag.
[wait_active_instance_timeout: <duration> | default = 10m]
# The admin_api_config block configures the Admin API service.
[admin_api: <admin_api_config>]
# The admin_client_config block configures how the Admin API service connects to
# the storage backend.
[admin_client: <admin_client_config>]
# The auth_config block configures the authentication type to use.
[auth: <auth_config>]
# Unique ID of this GET cluster. If undefined the name in the license is used.
# CLI flag: -cluster-name
[cluster_name: <string> | default = ""]
# The tokengen_config block configures the tokengen service.
[tokengen: <tokengen_config>]
# The federation_config block configures the cross-cluster query federation
# service.
[federation: <federation_config>]
# The gateway_config block configures the gateway service.
[gateway: <gateway_config>]
# The license_config block configures the license validation module.
[license: <license_config>]server_config
The server_config block configures the HTTP and gRPC server of the launched services.
# http_listen_network is not exposed as CLI flag.
[http_listen_network: <string> | default = "tcp"]
# http_listen_address is not exposed as CLI flag.
[http_listen_address: <string> | default = ""]
# HTTP server listen port.
# CLI flag: -server.http-listen-port
[http_listen_port: <int> | default = 3200]
# http_listen_conn_limit is not exposed as CLI flag.
[http_listen_conn_limit: <int> | default = 0]
# grpc_listen_network is not exposed as CLI flag.
[grpc_listen_network: <string> | default = "tcp"]
# grpc_listen_address is not exposed as CLI flag.
[grpc_listen_address: <string> | default = ""]
# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
[grpc_listen_port: <int> | default = 9095]
# grpc_listen_conn_limit is not exposed as CLI flag.
[grpc_listen_conn_limit: <int> | default = 0]
# proxy_protocol_enabled is not exposed as CLI flag.
[proxy_protocol_enabled: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
http_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
[cert: <string> | default = ""]
# Server TLS key. This configuration parameter is YAML only.
[key: <string> | default = ""]
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
grpc_tls_config:
# Server TLS certificate. This configuration parameter is YAML only.
[cert: <string> | default = ""]
# Server TLS key. This configuration parameter is YAML only.
[key: <string> | default = ""]
# Root certificate authority used to verify client certificates. This
# configuration parameter is YAML only.
[client_ca: <string> | default = ""]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
# key_file is not exposed as CLI flag.
[key_file: <string> | default = ""]
# client_auth_type is not exposed as CLI flag.
[client_auth_type: <string> | default = ""]
# client_ca_file is not exposed as CLI flag.
[client_ca_file: <string> | default = ""]
# register_instrumentation is not exposed as CLI flag.
[register_instrumentation: <boolean> | default = true]
# report_grpc_codes_in_instrumentation_label_enabled is not exposed as CLI flag.
[report_grpc_codes_in_instrumentation_label_enabled: <boolean> | default = false]
# graceful_shutdown_timeout is not exposed as CLI flag.
[graceful_shutdown_timeout: <duration> | default = 30s]
# http_server_read_timeout is not exposed as CLI flag.
[http_server_read_timeout: <duration> | default = 30s]
# http_server_read_header_timeout is not exposed as CLI flag.
[http_server_read_header_timeout: <duration> | default = 0s]
# http_server_write_timeout is not exposed as CLI flag.
[http_server_write_timeout: <duration> | default = 30s]
# http_server_idle_timeout is not exposed as CLI flag.
[http_server_idle_timeout: <duration> | default = 2m]
# http_log_closed_connections_without_response_enabled is not exposed as CLI
# flag.
[http_log_closed_connections_without_response_enabled: <boolean> | default = false]
# grpc_server_max_recv_msg_size is not exposed as CLI flag.
[grpc_server_max_recv_msg_size: <int> | default = 16777216]
# grpc_server_max_send_msg_size is not exposed as CLI flag.
[grpc_server_max_send_msg_size: <int> | default = 16777216]
# grpc_server_max_concurrent_streams is not exposed as CLI flag.
[grpc_server_max_concurrent_streams: <int> | default = 100]
# grpc_server_max_connection_idle is not exposed as CLI flag.
[grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_max_connection_age is not exposed as CLI flag.
[grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_max_connection_age_grace is not exposed as CLI flag.
[grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s]
# grpc_server_keepalive_time is not exposed as CLI flag.
[grpc_server_keepalive_time: <duration> | default = 2h]
# grpc_server_keepalive_timeout is not exposed as CLI flag.
[grpc_server_keepalive_timeout: <duration> | default = 20s]
# grpc_server_min_time_between_pings is not exposed as CLI flag.
[grpc_server_min_time_between_pings: <duration> | default = 10s]
# grpc_server_ping_without_stream_allowed is not exposed as CLI flag.
[grpc_server_ping_without_stream_allowed: <boolean> | default = true]
# grpc_server_num_workers is not exposed as CLI flag.
[grpc_server_num_workers: <int> | default = 0]
# grpc_server_stats_tracking_enabled is not exposed as CLI flag.
[grpc_server_stats_tracking_enabled: <boolean> | default = true]
# grpc_server_recv_buffer_pools_enabled is not exposed as CLI flag.
[grpc_server_recv_buffer_pools_enabled: <boolean> | default = false]
# log_format is not exposed as CLI flag.
[log_format: <string> | default = "logfmt"]
# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
[log_level: <string> | default = "info"]
# log_source_ips_enabled is not exposed as CLI flag.
[log_source_ips_enabled: <boolean> | default = false]
# log_source_ips_full is not exposed as CLI flag.
[log_source_ips_full: <boolean> | default = false]
# log_source_ips_header is not exposed as CLI flag.
[log_source_ips_header: <string> | default = ""]
# log_source_ips_regex is not exposed as CLI flag.
[log_source_ips_regex: <string> | default = ""]
# log_request_headers is not exposed as CLI flag.
[log_request_headers: <boolean> | default = false]
# log_request_at_info_level_enabled is not exposed as CLI flag.
[log_request_at_info_level_enabled: <boolean> | default = false]
# log_request_exclude_headers_list is not exposed as CLI flag.
[log_request_exclude_headers_list: <string> | default = ""]
# http_path_prefix is not exposed as CLI flag.
[http_path_prefix: <string> | default = ""]
cluster_validation:
# label is not exposed as CLI flag.
[label: <string> | default = ""]
grpc:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# soft_validation is not exposed as CLI flag.
[soft_validation: <boolean> | default = false]
http:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# soft_validation is not exposed as CLI flag.
[soft_validation: <boolean> | default = false]
# excluded_paths is not exposed as CLI flag.
[excluded_paths: <string> | default = ""]distributor_config
The distributor_config block configures the distributor service.
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = "memberlist"]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 5m]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
# receivers is not exposed as CLI flag.
[receivers: <map of string to interface {}> | default = map[]]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "distributor"]
log_received_spans:
# Enable to log every received span to help debug ingestion or calculate span
# error distributions using the logs.
# CLI flag: -distributor.log-received-spans.enabled
[enabled: <boolean> | default = false]
# Enable to include span attributes in the logs.
# CLI flag: -distributor.log-received-spans.include-attributes
[include_all_attributes: <boolean> | default = false]
# Enable to filter out spans without status error.
# CLI flag: -distributor.log-received-spans.filter-by-status-error
[filter_by_status_error: <boolean> | default = false]
log_discarded_spans:
# Enable to log every discarded span to help debug ingestion or calculate span
# error distributions using the logs.
# CLI flag: -distributor.log-discarded-spans.enabled
[enabled: <boolean> | default = false]
# Enable to include span attributes in the logs.
# CLI flag: -distributor.log-discarded-spans.include-attributes
[include_all_attributes: <boolean> | default = false]
# Enable to filter out spans without status error.
# CLI flag: -distributor.log-discarded-spans.filter-by-status-error
[filter_by_status_error: <boolean> | default = false]
metric_received_spans:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# root_only is not exposed as CLI flag.
[root_only: <boolean> | default = false]
forwarders:
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# backend is not exposed as CLI flag.
[backend: <string> | default = ""]
otlpgrpc:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
tls:
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# cert_file is not exposed as CLI flag.
[cert_file: <string> | default = ""]
filter:
traces:
# span is not exposed as CLI flag.
[span: <list of string> | default = []]
# spanevent is not exposed as CLI flag.
[spanevent: <list of string> | default = []]
usage:
cost_attribution:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# max_cardinality is not exposed as CLI flag.
[max_cardinality: <int> | default = 10000]
# stale_duration is not exposed as CLI flag.
[stale_duration: <duration> | default = 15m]
# kafka_write_path_enabled is not exposed as CLI flag.
[kafka_write_path_enabled: <boolean> | default = false]
kafka_config:
# address is not exposed as CLI flag.
[address: <string> | default = ""]
# topic is not exposed as CLI flag.
[topic: <string> | default = ""]
# client_id is not exposed as CLI flag.
[client_id: <string> | default = ""]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 0s]
# write_timeout is not exposed as CLI flag.
[write_timeout: <duration> | default = 0s]
# sasl_username is not exposed as CLI flag.
[sasl_username: <string> | default = ""]
# sasl_password is not exposed as CLI flag.
[sasl_password: <string> | default = ""]
# consumer_group is not exposed as CLI flag.
[consumer_group: <string> | default = ""]
# consumer_group_offset_commit_interval is not exposed as CLI flag.
[consumer_group_offset_commit_interval: <duration> | default = 0s]
# last_produced_offset_retry_timeout is not exposed as CLI flag.
[last_produced_offset_retry_timeout: <duration> | default = 0s]
# auto_create_topic_enabled is not exposed as CLI flag.
[auto_create_topic_enabled: <boolean> | default = false]
# auto_create_topic_default_partitions is not exposed as CLI flag.
[auto_create_topic_default_partitions: <int> | default = 0]
# producer_max_record_size_bytes is not exposed as CLI flag.
[producer_max_record_size_bytes: <int> | default = 0]
# producer_max_buffered_bytes is not exposed as CLI flag.
[producer_max_buffered_bytes: <int> | default = 0]
# target_consumer_lag_at_startup is not exposed as CLI flag.
[target_consumer_lag_at_startup: <duration> | default = 0s]
# max_consumer_lag_at_startup is not exposed as CLI flag.
[max_consumer_lag_at_startup: <duration> | default = 0s]
# extend_writes is not exposed as CLI flag.
[extend_writes: <boolean> | default = true]
# retry_after_on_resource_exhausted is not exposed as CLI flag.
[retry_after_on_resource_exhausted: <duration> | default = 0s]
# max_attribute_bytes is not exposed as CLI flag.
[max_attribute_bytes: <int> | default = 2048]
# artificial_delay is not exposed as CLI flag.
[artificial_delay: <duration> | default = 0s]query_frontend_config
The query_frontend_config block configures the query frontend service.
# max_outstanding_per_tenant is not exposed as CLI flag.
[max_outstanding_per_tenant: <int> | default = 2000]
# max_batch_size is not exposed as CLI flag.
[max_batch_size: <int> | default = 7]
# log_query_request_headers is not exposed as CLI flag.
[log_query_request_headers: <string> | default = ""]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 2]
search:
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# concurrent_jobs is not exposed as CLI flag.
[concurrent_jobs: <int> | default = 1000]
# target_bytes_per_job is not exposed as CLI flag.
[target_bytes_per_job: <int> | default = 104857600]
# default_result_limit is not exposed as CLI flag.
[default_result_limit: <int> | default = 20]
# max_result_limit is not exposed as CLI flag.
[max_result_limit: <int> | default = 0]
# max_duration is not exposed as CLI flag.
[max_duration: <duration> | default = 168h]
# query_backend_after is not exposed as CLI flag.
[query_backend_after: <duration> | default = 15m]
# query_ingesters_until is not exposed as CLI flag.
[query_ingesters_until: <duration> | default = 30m]
# ingester_shards is not exposed as CLI flag.
[ingester_shards: <int> | default = 3]
# most_recent_shards is not exposed as CLI flag.
[most_recent_shards: <int> | default = 200]
# max_spans_per_span_set is not exposed as CLI flag.
[max_spans_per_span_set: <int> | default = 100]
# duration_slo is not exposed as CLI flag.
[duration_slo: <duration> | default = 0s]
# throughput_bytes_slo is not exposed as CLI flag.
[throughput_bytes_slo: <float> | default = 0]
metadata_slo:
# duration_slo is not exposed as CLI flag.
[duration_slo: <duration> | default = 0s]
# throughput_bytes_slo is not exposed as CLI flag.
[throughput_bytes_slo: <float> | default = 0]
trace_by_id:
# query_shards is not exposed as CLI flag.
[query_shards: <int> | default = 50]
# concurrent_shards is not exposed as CLI flag.
[concurrent_shards: <int> | default = 0]
# duration_slo is not exposed as CLI flag.
[duration_slo: <duration> | default = 0s]
# throughput_bytes_slo is not exposed as CLI flag.
[throughput_bytes_slo: <float> | default = 0]
metrics:
# concurrent_jobs is not exposed as CLI flag.
[concurrent_jobs: <int> | default = 1000]
# target_bytes_per_job is not exposed as CLI flag.
[target_bytes_per_job: <int> | default = 104857600]
# max_duration is not exposed as CLI flag.
[max_duration: <duration> | default = 3h]
# query_backend_after is not exposed as CLI flag.
[query_backend_after: <duration> | default = 30m]
# interval is not exposed as CLI flag.
[interval: <duration> | default = 5m]
# max_exemplars is not exposed as CLI flag.
[max_exemplars: <int> | default = 100]
# max_response_series is not exposed as CLI flag.
[max_response_series: <int> | default = 0]
# duration_slo is not exposed as CLI flag.
[duration_slo: <duration> | default = 0s]
# throughput_bytes_slo is not exposed as CLI flag.
[throughput_bytes_slo: <float> | default = 0]
# multi_tenant_queries_enabled is not exposed as CLI flag.
[multi_tenant_queries_enabled: <boolean> | default = true]
# response_consumers is not exposed as CLI flag.
[response_consumers: <int> | default = 10]
weights:
# request_with_weights is not exposed as CLI flag.
[request_with_weights: <boolean> | default = true]
# retry_with_weights is not exposed as CLI flag.
[retry_with_weights: <boolean> | default = true]
# max_traceql_conditions is not exposed as CLI flag.
[max_traceql_conditions: <int> | default = 4]
# max_regex_conditions is not exposed as CLI flag.
[max_regex_conditions: <int> | default = 1]
# api_timeout is not exposed as CLI flag.
[api_timeout: <duration> | default = 0s]
# url_deny_list is not exposed as CLI flag.
[url_deny_list: <list of string> | default = []]
# max_query_expression_size_bytes is not exposed as CLI flag.
[max_query_expression_size_bytes: <int> | default = 131072]
rf1_after:querier_config
The querier_config block configures the querier service.
search:
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 30s]
trace_by_id:
# query_timeout is not exposed as CLI flag.
[query_timeout: <duration> | default = 10s]
metrics:
# concurrent_blocks is not exposed as CLI flag.
[concurrent_blocks: <int> | default = 2]
# time_overlap_cutoff is not exposed as CLI flag.
[time_overlap_cutoff: <float> | default = 0.2]
# extra_query_delay is not exposed as CLI flag.
[extra_query_delay: <duration> | default = 0s]
# max_concurrent_queries is not exposed as CLI flag.
[max_concurrent_queries: <int> | default = 20]
frontend_worker:
# Address of query frontend service, in host:port format.
# CLI flag: -querier.frontend-address
[frontend_address: <string> | default = ""]
# dns_lookup_duration is not exposed as CLI flag.
[dns_lookup_duration: <duration> | default = 10s]
# parallelism is not exposed as CLI flag.
[parallelism: <int> | default = 2]
# match_max_concurrent is not exposed as CLI flag.
[match_max_concurrent: <boolean> | default = true]
# id is not exposed as CLI flag.
[id: <string> | default = ""]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 16777216]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 1s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 5]
# initial_stream_window_size is not exposed as CLI flag.
[initial_stream_window_size: <int> | default = 0]
# initial_connection_window_size is not exposed as CLI flag.
[initial_connection_window_size: <int> | default = 0]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# connect_timeout is not exposed as CLI flag.
[connect_timeout: <duration> | default = 0s]
# connect_backoff_base_delay is not exposed as CLI flag.
[connect_backoff_base_delay: <duration> | default = 0s]
# connect_backoff_max_delay is not exposed as CLI flag.
[connect_backoff_max_delay: <duration> | default = 0s]
cluster_validation:
# label is not exposed as CLI flag.
[label: <string> | default = ""]
# shuffle_sharding_ingesters_enabled is not exposed as CLI flag.
[shuffle_sharding_ingesters_enabled: <boolean> | default = false]
# shuffle_sharding_ingesters_lookback_period is not exposed as CLI flag.
[shuffle_sharding_ingesters_lookback_period: <duration> | default = 1h]
# query_relevant_ingesters is not exposed as CLI flag.
[query_relevant_ingesters: <boolean> | default = false]
# secondary_ingester_ring is not exposed as CLI flag.
[secondary_ingester_ring: <string> | default = ""]ingester_client_config
The ingester_client_config block configures how the distributor services connect to the ingester services.
pool_config:
# checkinterval is not exposed as CLI flag.
[checkinterval: <duration> | default = 15s]
# healthcheckenabled is not exposed as CLI flag.
[healthcheckenabled: <boolean> | default = true]
# healthchecktimeout is not exposed as CLI flag.
[healthchecktimeout: <duration> | default = 1s]
# maxconcurrenthealthchecks is not exposed as CLI flag.
[maxconcurrenthealthchecks: <int> | default = 0]
# remote_timeout is not exposed as CLI flag.
[remote_timeout: <duration> | default = 5s]
grpc_client_config:
# max_recv_msg_size is not exposed as CLI flag.
[max_recv_msg_size: <int> | default = 104857600]
# max_send_msg_size is not exposed as CLI flag.
[max_send_msg_size: <int> | default = 104857600]
# grpc_compression is not exposed as CLI flag.
[grpc_compression: <string> | default = "snappy"]
# rate_limit is not exposed as CLI flag.
[rate_limit: <float> | default = 0]
# rate_limit_burst is not exposed as CLI flag.
[rate_limit_burst: <int> | default = 0]
# backoff_on_ratelimits is not exposed as CLI flag.
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# min_period is not exposed as CLI flag.
[min_period: <duration> | default = 100ms]
# max_period is not exposed as CLI flag.
[max_period: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# initial_stream_window_size is not exposed as CLI flag.
[initial_stream_window_size: <int> | default = 65535]
# initial_connection_window_size is not exposed as CLI flag.
[initial_connection_window_size: <int> | default = 65535]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# connect_timeout is not exposed as CLI flag.
[connect_timeout: <duration> | default = 5s]
# connect_backoff_base_delay is not exposed as CLI flag.
[connect_backoff_base_delay: <duration> | default = 1s]
# connect_backoff_max_delay is not exposed as CLI flag.
[connect_backoff_max_delay: <duration> | default = 5s]
cluster_validation:
# label is not exposed as CLI flag.
[label: <string> | default = ""]ingester_config
The ingester_config block configures the ingester service.
lifecycler:
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = "memberlist"]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 5m]
# replication_factor is not exposed as CLI flag.
[replication_factor: <int> | default = 1]
# zone_awareness_enabled is not exposed as CLI flag.
[zone_awareness_enabled: <boolean> | default = false]
# excluded_zones is not exposed as CLI flag.
[excluded_zones: <string> | default = ""]
# num_tokens is not exposed as CLI flag.
[num_tokens: <int> | default = 128]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# observe_period is not exposed as CLI flag.
[observe_period: <duration> | default = 0s]
# join_after is not exposed as CLI flag.
[join_after: <duration> | default = 0s]
# min_ready_duration is not exposed as CLI flag.
[min_ready_duration: <duration> | default = 15s]
# interface_names is not exposed as CLI flag.
[interface_names: <list of string> | default = [eth0 en0]]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
# final_sleep is not exposed as CLI flag.
[final_sleep: <duration> | default = 0s]
# tokens_file_path is not exposed as CLI flag.
[tokens_file_path: <string> | default = ""]
# Define Availability Zone in which this ingester is running.
# CLI flag: -ingester.availability-zone
[availability_zone: <string> | default = ""]
# unregister_on_shutdown is not exposed as CLI flag.
[unregister_on_shutdown: <boolean> | default = true]
# readiness_check_ring_health is not exposed as CLI flag.
[readiness_check_ring_health: <boolean> | default = true]
# address is not exposed as CLI flag.
[address: <string> | default = ""]
# port is not exposed as CLI flag.
[port: <int> | default = 0]
# ID to register in the ring.
# CLI flag: -ingester.lifecycler.ID
[id: <string> | default = "hostname"]
partition_ring:
# The key-value store used to share the hash ring across multiple instances.
# This option needs be set on ingesters, distributors, queriers, and rulers
# when running in microservices mode.
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -ingester.partition-ring.store
[store: <string> | default = "memberlist"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -ingester.partition-ring.prefix
[prefix: <string> | default = "collectors/"]
consul:
# Hostname and port of Consul.
# CLI flag: -ingester.partition-ring.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -ingester.partition-ring.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -ingester.partition-ring.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -ingester.partition-ring.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -ingester.partition-ring.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -ingester.partition-ring.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -ingester.partition-ring.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -ingester.partition-ring.etcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -ingester.partition-ring.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -ingester.partition-ring.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -ingester.partition-ring.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -ingester.partition-ring.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -ingester.partition-ring.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -ingester.partition-ring.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -ingester.partition-ring.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -ingester.partition-ring.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -ingester.partition-ring.etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -ingester.partition-ring.etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -ingester.partition-ring.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -ingester.partition-ring.etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -ingester.partition-ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -ingester.partition-ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -ingester.partition-ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -ingester.partition-ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Minimum number of owners to wait before a PENDING partition gets switched to
# ACTIVE.
# CLI flag: -ingester.partition-ring.min-partition-owners-count
[min_partition_owners_count: <int> | default = 1]
# How long the minimum number of owners are enforced before a PENDING
# partition gets switched to ACTIVE.
# CLI flag: -ingester.partition-ring.min-partition-owners-duration
[min_partition_owners_duration: <duration> | default = 10s]
# How long to wait before an INACTIVE partition is eligible for deletion. The
# partition is deleted only if it has been in INACTIVE state for at least the
# configured duration and it has no owners registered. A value of 0 disables
# partitions deletion.
# CLI flag: -ingester.partition-ring.delete-inactive-partition-after
[delete_inactive_partition_after: <duration> | default = 13h]
# concurrent_flushes is not exposed as CLI flag.
[concurrent_flushes: <int> | default = 4]
# flush_check_period is not exposed as CLI flag.
[flush_check_period: <duration> | default = 10s]
# flush_op_timeout is not exposed as CLI flag.
[flush_op_timeout: <duration> | default = 5m]
# Duration after which to consider a trace complete if no spans have been
# received
# CLI flag: -ingester.trace-idle-period
[trace_idle_period: <duration> | default = 10s]
# Maximum duration which the head block can be appended to before cutting it.
# CLI flag: -ingester.max-block-duration
[max_block_duration: <duration> | default = 30m]
# Maximum size of the head block before cutting it.
# CLI flag: -ingester.max-block-bytes
[max_block_bytes: <int> | default = 524288000]
# Duration to keep blocks in the ingester after they have been flushed.
# CLI flag: -ingester.complete-block-timeout
[complete_block_timeout: <duration> | default = 15m]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "ring"]
# flush_all_on_shutdown is not exposed as CLI flag.
[flush_all_on_shutdown: <boolean> | default = false]
# flush_object_storage is not exposed as CLI flag.
[flush_object_storage: <boolean> | default = true]compactor_config
The compactor_config block configures the compactor service.
# Disable compaction.
# CLI flag: -compactor.disabled
[disabled: <boolean> | default = false]
ring:
kvstore:
# store is not exposed as CLI flag.
[store: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = "collectors/"]
consul:
# host is not exposed as CLI flag.
[host: <string> | default = "localhost:8500"]
# acl_token is not exposed as CLI flag.
[acl_token: <string> | default = ""]
# http_client_timeout is not exposed as CLI flag.
[http_client_timeout: <duration> | default = 20s]
# consistent_reads is not exposed as CLI flag.
[consistent_reads: <boolean> | default = false]
# watch_rate_limit is not exposed as CLI flag.
[watch_rate_limit: <float> | default = 1]
# watch_burst_size is not exposed as CLI flag.
[watch_burst_size: <int> | default = 1]
# cas_retry_delay is not exposed as CLI flag.
[cas_retry_delay: <duration> | default = 1s]
etcd:
# endpoints is not exposed as CLI flag.
[endpoints: <list of string> | default = []]
# dial_timeout is not exposed as CLI flag.
[dial_timeout: <duration> | default = 10s]
# max_retries is not exposed as CLI flag.
[max_retries: <int> | default = 10]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
multi:
# primary is not exposed as CLI flag.
[primary: <string> | default = ""]
# secondary is not exposed as CLI flag.
[secondary: <string> | default = ""]
# mirror_enabled is not exposed as CLI flag.
[mirror_enabled: <boolean> | default = false]
# mirror_timeout is not exposed as CLI flag.
[mirror_timeout: <duration> | default = 2s]
# heartbeat_period is not exposed as CLI flag.
[heartbeat_period: <duration> | default = 5s]
# heartbeat_timeout is not exposed as CLI flag.
[heartbeat_timeout: <duration> | default = 1m]
# wait_stability_min_duration is not exposed as CLI flag.
[wait_stability_min_duration: <duration> | default = 1m]
# wait_stability_max_duration is not exposed as CLI flag.
[wait_stability_max_duration: <duration> | default = 5m]
# instance_interface_names is not exposed as CLI flag.
[instance_interface_names: <list of string> | default = [eth0 en0]]
# enable_inet6 is not exposed as CLI flag.
[enable_inet6: <boolean> | default = false]
# wait_active_instance_timeout is not exposed as CLI flag.
[wait_active_instance_timeout: <duration> | default = 10m]
compaction:
# v2_in_buffer_bytes is not exposed as CLI flag.
[v2_in_buffer_bytes: <int> | default = 5242880]
# v2_out_buffer_bytes is not exposed as CLI flag.
[v2_out_buffer_bytes: <int> | default = 20971520]
# v2_prefetch_traces_count is not exposed as CLI flag.
[v2_prefetch_traces_count: <int> | default = 1000]
# Maximum time window across which to compact blocks.
# CLI flag: -compactor.compaction.compaction.compaction-window
[compaction_window: <duration> | default = 1h]
# Maximum number of traces in a compacted block.
# CLI flag: -compactor.compaction.compaction.max-objects-per-block
[max_compaction_objects: <int> | default = 6000000]
# Maximum size of a compacted block.
# CLI flag: -compactor.compaction.compaction.max-block-bytes
[max_block_bytes: <int> | default = 107374182400]
# Duration to keep blocks/traces.
# CLI flag: -compactor.compaction.compaction.block-retention
[block_retention: <duration> | default = 336h]
# compacted_block_retention is not exposed as CLI flag.
[compacted_block_retention: <duration> | default = 1h]
# retention_concurrency is not exposed as CLI flag.
[retention_concurrency: <int> | default = 10]
# max_time_per_tenant is not exposed as CLI flag.
[max_time_per_tenant: <duration> | default = 5m]
# compaction_cycle is not exposed as CLI flag.
[compaction_cycle: <duration> | default = 30s]
# override_ring_key is not exposed as CLI flag.
[override_ring_key: <string> | default = "compactor"]storage_config
The storage_config block configures how and where to store data.
trace:
pool:
# max_workers is not exposed as CLI flag.
[max_workers: <int> | default = 0]
# queue_depth is not exposed as CLI flag.
[queue_depth: <int> | default = 0]
wal:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 0s]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
block:
# bloom_filter_false_positive is not exposed as CLI flag.
[bloom_filter_false_positive: <float> | default = 0]
# bloom_filter_shard_size_bytes is not exposed as CLI flag.
[bloom_filter_shard_size_bytes: <int> | default = 0]
# version is not exposed as CLI flag.
[version: <string> | default = ""]
# search_encoding is not exposed as CLI flag.
[search_encoding: <int> | default = none]
# search_page_size_bytes is not exposed as CLI flag.
[search_page_size_bytes: <int> | default = 0]
# v2_index_downsample_bytes is not exposed as CLI flag.
[v2_index_downsample_bytes: <int> | default = 0]
# v2_index_page_size_bytes is not exposed as CLI flag.
[v2_index_page_size_bytes: <int> | default = 0]
# v2_encoding is not exposed as CLI flag.
[v2_encoding: <int> | default = none]
# parquet_row_group_size_bytes is not exposed as CLI flag.
[parquet_row_group_size_bytes: <int> | default = 0]
parquet_dedicated_columns:
# scope is not exposed as CLI flag.
[scope: <string> | default = ""]
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# type is not exposed as CLI flag.
[type: <string> | default = ""]
search:
# chunk_size_bytes is not exposed as CLI flag.
[chunk_size_bytes: <int> | default = 0]
# prefetch_trace_count is not exposed as CLI flag.
[prefetch_trace_count: <int> | default = 0]
# read_buffer_count is not exposed as CLI flag.
[read_buffer_count: <int> | default = 0]
# read_buffer_size_bytes is not exposed as CLI flag.
[read_buffer_size_bytes: <int> | default = 0]
cache_control:
# footer is not exposed as CLI flag.
[footer: <boolean> | default = false]
# column_index is not exposed as CLI flag.
[column_index: <boolean> | default = false]
# offset_index is not exposed as CLI flag.
[offset_index: <boolean> | default = false]
# Period at which to run the maintenance cycle.
# CLI flag: -storage.trace.blocklist_poll
[blocklist_poll: <duration> | default = 5m]
# blocklist_poll_concurrency is not exposed as CLI flag.
[blocklist_poll_concurrency: <int> | default = 50]
# blocklist_poll_tenant_concurrency is not exposed as CLI flag.
[blocklist_poll_tenant_concurrency: <int> | default = 0]
# blocklist_poll_fallback is not exposed as CLI flag.
[blocklist_poll_fallback: <boolean> | default = true]
# blocklist_poll_tenant_index_builders is not exposed as CLI flag.
[blocklist_poll_tenant_index_builders: <int> | default = 2]
# blocklist_poll_stale_tenant_index is not exposed as CLI flag.
[blocklist_poll_stale_tenant_index: <duration> | default = 0s]
# blocklist_poll_jitter_ms is not exposed as CLI flag.
[blocklist_poll_jitter_ms: <int> | default = 0]
# blocklist_poll_tolerate_consecutive_errors is not exposed as CLI flag.
[blocklist_poll_tolerate_consecutive_errors: <int> | default = 1]
# blocklist_poll_tolerate_tenant_failures is not exposed as CLI flag.
[blocklist_poll_tolerate_tenant_failures: <int> | default = 1]
# empty_tenant_deletion_enabled is not exposed as CLI flag.
[empty_tenant_deletion_enabled: <boolean> | default = false]
# empty_tenant_deletion_age is not exposed as CLI flag.
[empty_tenant_deletion_age: <duration> | default = 0s]
# Trace backend (s3, azure, gcs, local)
# CLI flag: -storage.trace.backend
[backend: <string> | default = ""]
local:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
gcs:
# bucket_name is not exposed as CLI flag.
[bucket_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# chunk_buffer_size is not exposed as CLI flag.
[chunk_buffer_size: <int> | default = 0]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# object_cache_control is not exposed as CLI flag.
[object_cache_control: <string> | default = ""]
# object_metadata is not exposed as CLI flag.
[object_metadata: <map of string to string> | default = map[]]
# list_blocks_concurrency is not exposed as CLI flag.
[list_blocks_concurrency: <int> | default = 0]
s3:
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# bucket is not exposed as CLI flag.
[bucket: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# region is not exposed as CLI flag.
[region: <string> | default = ""]
# access_key is not exposed as CLI flag.
[access_key: <string> | default = ""]
# secret_key is not exposed as CLI flag.
[secret_key: <string> | default = ""]
# session_token is not exposed as CLI flag.
[session_token: <string> | default = ""]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# part_size is not exposed as CLI flag.
[part_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# signature_v2 is not exposed as CLI flag.
[signature_v2: <boolean> | default = false]
# forcepathstyle is not exposed as CLI flag.
[forcepathstyle: <boolean> | default = false]
# enable_dual_stack is not exposed as CLI flag.
[enable_dual_stack: <boolean> | default = false]
# bucket_lookup_type is not exposed as CLI flag.
[bucket_lookup_type: <int> | default = 0]
# tags is not exposed as CLI flag.
[tags: <map of string to string> | default = map[]]
# storage_class is not exposed as CLI flag.
[storage_class: <string> | default = ""]
# metadata is not exposed as CLI flag.
[metadata: <map of string to string> | default = map[]]
# native_aws_auth_enabled is not exposed as CLI flag.
[native_aws_auth_enabled: <boolean> | default = false]
# list_blocks_concurrency is not exposed as CLI flag.
[list_blocks_concurrency: <int> | default = 0]
sse:
# type is not exposed as CLI flag.
[type: <string> | default = ""]
# kms_key_id is not exposed as CLI flag.
[kms_key_id: <string> | default = ""]
# kms_encryption_context is not exposed as CLI flag.
[kms_encryption_context: <string> | default = ""]
azure:
# storage_account_name is not exposed as CLI flag.
[storage_account_name: <string> | default = ""]
# storage_account_key is not exposed as CLI flag.
[storage_account_key: <string> | default = ""]
# use_managed_identity is not exposed as CLI flag.
[use_managed_identity: <boolean> | default = false]
# use_federated_token is not exposed as CLI flag.
[use_federated_token: <boolean> | default = false]
# user_assigned_id is not exposed as CLI flag.
[user_assigned_id: <string> | default = ""]
# container_name is not exposed as CLI flag.
[container_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint_suffix is not exposed as CLI flag.
[endpoint_suffix: <string> | default = ""]
# max_buffers is not exposed as CLI flag.
[max_buffers: <int> | default = 0]
# buffer_size is not exposed as CLI flag.
[buffer_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# cache is not exposed as CLI flag.
[cache: <string> | default = ""]
background_cache:
# writeback_goroutines is not exposed as CLI flag.
[writeback_goroutines: <int> | default = 0]
# writeback_buffer is not exposed as CLI flag.
[writeback_buffer: <int> | default = 0]
memcached:
# host is not exposed as CLI flag.
[host: <string> | default = ""]
# service is not exposed as CLI flag.
[service: <string> | default = ""]
# addresses is not exposed as CLI flag.
[addresses: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# max_idle_conns is not exposed as CLI flag.
[max_idle_conns: <int> | default = 0]
# max_item_size is not exposed as CLI flag.
[max_item_size: <int> | default = 0]
# update_interval is not exposed as CLI flag.
[update_interval: <duration> | default = 0s]
# consistent_hash is not exposed as CLI flag.
[consistent_hash: <boolean> | default = false]
# circuit_breaker_consecutive_failures is not exposed as CLI flag.
[circuit_breaker_consecutive_failures: <int> | default = 0]
# circuit_breaker_timeout is not exposed as CLI flag.
[circuit_breaker_timeout: <duration> | default = 0s]
# circuit_breaker_interval is not exposed as CLI flag.
[circuit_breaker_interval: <duration> | default = 0s]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]
redis:
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# master_name is not exposed as CLI flag.
[master_name: <string> | default = ""]
# timeout is not exposed as CLI flag.
[timeout: <duration> | default = 0s]
# expiration is not exposed as CLI flag.
[expiration: <duration> | default = 0s]
# db is not exposed as CLI flag.
[db: <int> | default = 0]
# pool_size is not exposed as CLI flag.
[pool_size: <int> | default = 0]
# username is not exposed as CLI flag.
[username: <string> | default = ""]
# password is not exposed as CLI flag.
[password: <string> | default = ""]
# sentinel_username is not exposed as CLI flag.
[sentinel_username: <string> | default = ""]
# sentinel_password is not exposed as CLI flag.
[sentinel_password: <string> | default = ""]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# idle_timeout is not exposed as CLI flag.
[idle_timeout: <duration> | default = 0s]
# max_connection_age is not exposed as CLI flag.
[max_connection_age: <duration> | default = 0s]
# ttl is not exposed as CLI flag.
[ttl: <duration> | default = 0s]
# cache_min_compaction_level is not exposed as CLI flag.
[cache_min_compaction_level: <int> | default = 0]
# cache_max_block_age is not exposed as CLI flag.
[cache_max_block_age: <duration> | default = 0s]overrides_config
The overrides_config block configures the overrides module to set global or per-tenant override settings.
defaults:
ingestion:
# Whether the various ingestion rate limits should be applied individually
# to each distributor instance (local), or evenly shared across the cluster
# (global).
# CLI flag: -distributor.rate-limit-strategy
[rate_strategy: <string> | default = "local"]
# Per-user ingestion rate limit in bytes per second.
# CLI flag: -distributor.ingestion-rate-limit-bytes
[rate_limit_bytes: <int> | default = 15000000]
# Per-user ingestion burst size in bytes. Should be set to the expected size
# (in bytes) of a single push request.
# CLI flag: -distributor.ingestion-burst-size-bytes
[burst_size_bytes: <int> | default = 20000000]
# Maximum number of active traces per user, per ingester. 0 to disable.
# CLI flag: -ingester.max-traces-per-user
[max_traces_per_user: <int> | default = 10000]
# Maximum number of active traces per user, across the cluster. 0 to
# disable.
# CLI flag: -ingester.max-global-traces-per-user
[max_global_traces_per_user: <int> | default = 0]
# tenant_shard_size is not exposed as CLI flag.
[tenant_shard_size: <int> | default = 0]
# max_attribute_bytes is not exposed as CLI flag.
[max_attribute_bytes: <int> | default = 0]
# artificial_delay is not exposed as CLI flag.
[artificial_delay: <duration> | default = <nil>]
read:
# Maximum size of response for a tag-values query. Used mainly to limit
# large the number of values associated with a particular tag
# CLI flag: -querier.max-bytes-per-tag-values-query
[max_bytes_per_tag_values_query: <int> | default = 1000000]
# Maximum number of blocks to query for a tag-values query. 0 to disable.
# CLI flag: -querier.max-blocks-per-tag-values-query
[max_blocks_per_tag_values_query: <int> | default = 0]
# max_search_duration is not exposed as CLI flag.
[max_search_duration: <duration> | default = 0s]
# max_metrics_duration is not exposed as CLI flag.
[max_metrics_duration: <duration> | default = 0s]
# unsafe_query_hints is not exposed as CLI flag.
[unsafe_query_hints: <boolean> | default = false]
compaction:
# block_retention is not exposed as CLI flag.
[block_retention: <duration> | default = 0s]
# compaction_window is not exposed as CLI flag.
[compaction_window: <duration> | default = 0s]
# compaction_disabled is not exposed as CLI flag.
[compaction_disabled: <boolean> | default = false]
metrics_generator:
# ring_size is not exposed as CLI flag.
[ring_size: <int> | default = 0]
# processors is not exposed as CLI flag.
[processors: <map of string to struct {}> | default = map[]]
# max_active_series is not exposed as CLI flag.
[max_active_series: <int> | default = 0]
# collection_interval is not exposed as CLI flag.
[collection_interval: <duration> | default = 0s]
# disable_collection is not exposed as CLI flag.
[disable_collection: <boolean> | default = false]
# generate_native_histograms is not exposed as CLI flag.
[generate_native_histograms: <string> | default = "classic"]
# trace_id_label_name is not exposed as CLI flag.
[trace_id_label_name: <string> | default = ""]
# remote_write_headers is not exposed as CLI flag.
[remote_write_headers: <map of string to config.Secret> | default = map[]]
forwarder:
# queue_size is not exposed as CLI flag.
[queue_size: <int> | default = 0]
# workers is not exposed as CLI flag.
[workers: <int> | default = 0]
processor:
service_graphs:
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = []]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
# peer_attributes is not exposed as CLI flag.
[peer_attributes: <list of string> | default = []]
# enable_client_server_prefix is not exposed as CLI flag.
[enable_client_server_prefix: <boolean> | default = false]
# enable_messaging_system_latency_histogram is not exposed as CLI flag.
[enable_messaging_system_latency_histogram: <boolean> | default = false]
# enable_virtual_node_label is not exposed as CLI flag.
[enable_virtual_node_label: <boolean> | default = false]
span_metrics:
# histogram_buckets is not exposed as CLI flag.
[histogram_buckets: <list of float> | default = []]
# dimensions is not exposed as CLI flag.
[dimensions: <list of string> | default = []]
# intrinsic_dimensions is not exposed as CLI flag.
[intrinsic_dimensions: <map of string to bool> | default = map[]]
filter_policies:
include:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
exclude:
# match_type is not exposed as CLI flag.
[match_type: <string> | default = ""]
# policy match condition
[attributes: <struct> | default = none]
dimension_mappings:
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# source_labels is not exposed as CLI flag.
[source_labels: <list of string> | default = []]
# join is not exposed as CLI flag.
[join: <string> | default = ""]
# enable_target_info is not exposed as CLI flag.
[enable_target_info: <boolean> | default = false]
# target_info_excluded_dimensions is not exposed as CLI flag.
[target_info_excluded_dimensions: <list of string> | default = []]
local_blocks:
# max_live_traces is not exposed as CLI flag.
[max_live_traces: <int> | default = 0]
# max_block_duration is not exposed as CLI flag.
[max_block_duration: <duration> | default = 0s]
# max_block_bytes is not exposed as CLI flag.
[max_block_bytes: <int> | default = 0]
# flush_check_period is not exposed as CLI flag.
[flush_check_period: <duration> | default = 0s]
# trace_idle_period is not exposed as CLI flag.
[trace_idle_period: <duration> | default = 0s]
# complete_block_timeout is not exposed as CLI flag.
[complete_block_timeout: <duration> | default = 0s]
host_info:
# host_identifiers is not exposed as CLI flag.
[host_identifiers: <list of string> | default = []]
# metric_name is not exposed as CLI flag.
[metric_name: <string> | default = ""]
# ingestion_time_range_slack is not exposed as CLI flag.
[ingestion_time_range_slack: <duration> | default = 0s]
# forwarders is not exposed as CLI flag.
[forwarders: <list of string> | default = []]
global:
# Maximum size of a trace in bytes. 0 to disable.
# CLI flag: -ingester.max-bytes-per-trace
[max_bytes_per_trace: <int> | default = 5000000]
storage:
parquet_dedicated_columns:
# scope is not exposed as CLI flag.
[scope: <string> | default = ""]
# name is not exposed as CLI flag.
[name: <string> | default = ""]
# type is not exposed as CLI flag.
[type: <string> | default = ""]
cost_attribution:
# max_cardinality is not exposed as CLI flag.
[max_cardinality: <int> | default = 0]
# dimensions is not exposed as CLI flag.
[dimensions: <map of string to string> | default = map[]]
# File name of per-user Overrides.
# CLI flag: -config.per-user-override-config
[per_tenant_override_config: <string> | default = ""]
# Period with this to reload the Overrides.
# CLI flag: -config.per-user-override-period
[per_tenant_override_period: <duration> | default = 10s]
user_configurable_overrides:
# enabled is not exposed as CLI flag.
[enabled: <boolean> | default = false]
# poll_interval is not exposed as CLI flag.
[poll_interval: <duration> | default = 1m]
client:
# backend is not exposed as CLI flag.
[backend: <string> | default = ""]
# confirm_versioning is not exposed as CLI flag.
[confirm_versioning: <boolean> | default = true]
local:
# path is not exposed as CLI flag.
[path: <string> | default = ""]
gcs:
# bucket_name is not exposed as CLI flag.
[bucket_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# chunk_buffer_size is not exposed as CLI flag.
[chunk_buffer_size: <int> | default = 0]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# object_cache_control is not exposed as CLI flag.
[object_cache_control: <string> | default = ""]
# object_metadata is not exposed as CLI flag.
[object_metadata: <map of string to string> | default = map[]]
# list_blocks_concurrency is not exposed as CLI flag.
[list_blocks_concurrency: <int> | default = 0]
s3:
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# bucket is not exposed as CLI flag.
[bucket: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint is not exposed as CLI flag.
[endpoint: <string> | default = ""]
# region is not exposed as CLI flag.
[region: <string> | default = ""]
# access_key is not exposed as CLI flag.
[access_key: <string> | default = ""]
# secret_key is not exposed as CLI flag.
[secret_key: <string> | default = ""]
# session_token is not exposed as CLI flag.
[session_token: <string> | default = ""]
# insecure is not exposed as CLI flag.
[insecure: <boolean> | default = false]
# part_size is not exposed as CLI flag.
[part_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
# signature_v2 is not exposed as CLI flag.
[signature_v2: <boolean> | default = false]
# forcepathstyle is not exposed as CLI flag.
[forcepathstyle: <boolean> | default = false]
# enable_dual_stack is not exposed as CLI flag.
[enable_dual_stack: <boolean> | default = false]
# bucket_lookup_type is not exposed as CLI flag.
[bucket_lookup_type: <int> | default = 0]
# tags is not exposed as CLI flag.
[tags: <map of string to string> | default = map[]]
# storage_class is not exposed as CLI flag.
[storage_class: <string> | default = ""]
# metadata is not exposed as CLI flag.
[metadata: <map of string to string> | default = map[]]
# native_aws_auth_enabled is not exposed as CLI flag.
[native_aws_auth_enabled: <boolean> | default = false]
# list_blocks_concurrency is not exposed as CLI flag.
[list_blocks_concurrency: <int> | default = 0]
sse:
# type is not exposed as CLI flag.
[type: <string> | default = ""]
# kms_key_id is not exposed as CLI flag.
[kms_key_id: <string> | default = ""]
# kms_encryption_context is not exposed as CLI flag.
[kms_encryption_context: <string> | default = ""]
azure:
# storage_account_name is not exposed as CLI flag.
[storage_account_name: <string> | default = ""]
# storage_account_key is not exposed as CLI flag.
[storage_account_key: <string> | default = ""]
# use_managed_identity is not exposed as CLI flag.
[use_managed_identity: <boolean> | default = false]
# use_federated_token is not exposed as CLI flag.
[use_federated_token: <boolean> | default = false]
# user_assigned_id is not exposed as CLI flag.
[user_assigned_id: <string> | default = ""]
# container_name is not exposed as CLI flag.
[container_name: <string> | default = ""]
# prefix is not exposed as CLI flag.
[prefix: <string> | default = ""]
# endpoint_suffix is not exposed as CLI flag.
[endpoint_suffix: <string> | default = ""]
# max_buffers is not exposed as CLI flag.
[max_buffers: <int> | default = 0]
# buffer_size is not exposed as CLI flag.
[buffer_size: <int> | default = 0]
# hedge_requests_at is not exposed as CLI flag.
[hedge_requests_at: <duration> | default = 0s]
# hedge_requests_up_to is not exposed as CLI flag.
[hedge_requests_up_to: <int> | default = 0]
api:
# check_for_conflicting_runtime_overrides is not exposed as CLI flag.
[check_for_conflicting_runtime_overrides: <boolean> | default = false]memberlist_config
The memberlist_config block configures how the gossip ring connects between distributors, ingesters and queriers.
# node_name is not exposed as CLI flag.
[node_name: <string> | default = ""]
# randomize_node_name is not exposed as CLI flag.
[randomize_node_name: <boolean> | default = true]
# stream_timeout is not exposed as CLI flag.
[stream_timeout: <duration> | default = 2s]
# retransmit_factor is not exposed as CLI flag.
[retransmit_factor: <int> | default = 2]
# pull_push_interval is not exposed as CLI flag.
[pull_push_interval: <duration> | default = 30s]
# gossip_interval is not exposed as CLI flag.
[gossip_interval: <duration> | default = 1s]
# gossip_nodes is not exposed as CLI flag.
[gossip_nodes: <int> | default = 2]
# gossip_to_dead_nodes_time is not exposed as CLI flag.
[gossip_to_dead_nodes_time: <duration> | default = 30s]
# dead_node_reclaim_time is not exposed as CLI flag.
[dead_node_reclaim_time: <duration> | default = 0s]
# compression_enabled is not exposed as CLI flag.
[compression_enabled: <boolean> | default = false]
# notify_interval is not exposed as CLI flag.
[notify_interval: <duration> | default = 0s]
# advertise_addr is not exposed as CLI flag.
[advertise_addr: <string> | default = ""]
# advertise_port is not exposed as CLI flag.
[advertise_port: <int> | default = 7946]
# cluster_label is not exposed as CLI flag.
[cluster_label: <string> | default = ""]
# cluster_label_verification_disabled is not exposed as CLI flag.
[cluster_label_verification_disabled: <boolean> | default = false]
# Host port to connect to memberlist cluster.
# CLI flag: -memberlist.host-port
[join_members: <list of string> | default = []]
# min_join_backoff is not exposed as CLI flag.
[min_join_backoff: <duration> | default = 1s]
# max_join_backoff is not exposed as CLI flag.
[max_join_backoff: <duration> | default = 1m]
# max_join_retries is not exposed as CLI flag.
[max_join_retries: <int> | default = 10]
# abort_if_cluster_fast_join_fails is not exposed as CLI flag.
[abort_if_cluster_fast_join_fails: <boolean> | default = false]
# abort_if_cluster_join_fails is not exposed as CLI flag.
[abort_if_cluster_join_fails: <boolean> | default = false]
# rejoin_interval is not exposed as CLI flag.
[rejoin_interval: <duration> | default = 0s]
# left_ingesters_timeout is not exposed as CLI flag.
[left_ingesters_timeout: <duration> | default = 5m]
# obsolete_entries_timeout is not exposed as CLI flag.
[obsolete_entries_timeout: <duration> | default = 30s]
# leave_timeout is not exposed as CLI flag.
[leave_timeout: <duration> | default = 20s]
# broadcast_timeout_for_local_updates_on_shutdown is not exposed as CLI flag.
[broadcast_timeout_for_local_updates_on_shutdown: <duration> | default = 10s]
# CLI flag: -memberlist.message-history-buffer-bytes
[message_history_buffer_bytes: <int> | default = 0]
# watch_prefix_buffer_size is not exposed as CLI flag.
[watch_prefix_buffer_size: <int> | default = 128]
# bind_addr is not exposed as CLI flag.
[bind_addr: <list of string> | default = []]
# Port for memberlist to communicate on
# CLI flag: -memberlist.bind-port
[bind_port: <int> | default = 7946]
# packet_dial_timeout is not exposed as CLI flag.
[packet_dial_timeout: <duration> | default = 2s]
# packet_write_timeout is not exposed as CLI flag.
[packet_write_timeout: <duration> | default = 5s]
# max_concurrent_writes is not exposed as CLI flag.
[max_concurrent_writes: <int> | default = 3]
# acquire_writer_timeout is not exposed as CLI flag.
[acquire_writer_timeout: <duration> | default = 250ms]
# tls_enabled is not exposed as CLI flag.
[tls_enabled: <boolean> | default = false]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]admin_api_config
The admin_api_config block configures the Admin API service.
# Designated header to parse when searching for the grafana user ID of the user
# accessing the API.
# CLI flag: -admin.api.user-header-name
[user_header_name: <string> | default = "X-WEBAUTH-USER"]
leader_election:
# This flag enables leader election for the admin api.
# CLI flag: -admin-api.leader-election.enabled
[enabled: <boolean> | default = true]
ring:
kvstore:
# Backend storage to use for the ring. Supported values are: consul, etcd,
# inmemory, memberlist, multi.
# CLI flag: -admin-api.leader-election.ring.store
[store: <string> | default = "consul"]
# The prefix for the keys in the store. Should end with a /.
# CLI flag: -admin-api.leader-election.ring.prefix
[prefix: <string> | default = "leader-election/"]
consul:
# Hostname and port of Consul.
# CLI flag: -admin-api.leader-election.ring.consul.hostname
[host: <string> | default = "localhost:8500"]
# ACL Token used to interact with Consul.
# CLI flag: -admin-api.leader-election.ring.consul.acl-token
[acl_token: <string> | default = ""]
# HTTP timeout when talking to Consul
# CLI flag: -admin-api.leader-election.ring.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]
# Enable consistent reads to Consul.
# CLI flag: -admin-api.leader-election.ring.consul.consistent-reads
[consistent_reads: <boolean> | default = false]
# Rate limit when watching key or prefix in Consul, in requests per
# second. 0 disables the rate limit.
# CLI flag: -admin-api.leader-election.ring.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]
# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -admin-api.leader-election.ring.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]
# Maximum duration to wait before retrying a Compare And Swap (CAS)
# operation.
# CLI flag: -admin-api.leader-election.ring.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]
etcd:
# The etcd endpoints to connect to.
# CLI flag: -admin-api.leader-election.ring.etcd.endpoints
[endpoints: <list of string> | default = []]
# The dial timeout for the etcd connection.
# CLI flag: -admin-api.leader-election.ring.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]
# The maximum number of retries to do for failed ops.
# CLI flag: -admin-api.leader-election.ring.etcd.max-retries
[max_retries: <int> | default = 10]
# Enable TLS.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin-api.leader-election.ring.etcd.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin-api.leader-election.ring.etcd.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values:
# VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin-api.leader-election.ring.etcd.tls-min-version
[tls_min_version: <string> | default = ""]
# Etcd username.
# CLI flag: -admin-api.leader-election.ring.etcd.username
[username: <string> | default = ""]
# Etcd password.
# CLI flag: -admin-api.leader-election.ring.etcd.password
[password: <string> | default = ""]
multi:
# Primary backend storage used by multi-client.
# CLI flag: -admin-api.leader-election.ring.multi.primary
[primary: <string> | default = ""]
# Secondary backend storage used by multi-client.
# CLI flag: -admin-api.leader-election.ring.multi.secondary
[secondary: <string> | default = ""]
# Mirror writes to secondary store.
# CLI flag: -admin-api.leader-election.ring.multi.mirror-enabled
[mirror_enabled: <boolean> | default = false]
# Timeout for storing value to secondary store.
# CLI flag: -admin-api.leader-election.ring.multi.mirror-timeout
[mirror_timeout: <duration> | default = 2s]
# Period at which to heartbeat to the ring.
# CLI flag: -admin-api.leader-election.ring.heartbeat-period
[heartbeat_period: <duration> | default = 15s]
# The heartbeat timeout after which admin-api instances are considered
# unhealthy within the ring.
# CLI flag: -admin-api.leader-election.ring.heartbeat-timeout
[heartbeat_timeout: <duration> | default = 1m]
# Period to wait after generating tokens to resolve collisions. Required
# when using a gossip ring KV store.
# CLI flag: -admin-api.leader-election.ring.tokens-observe-period
[tokens_observe_period: <duration> | default = 1m]
# Instance ID to register in the ring.
# CLI flag: -admin-api.leader-election.ring.instance-id
[instance_id: <string> | default = "hostname"]
# Name of network interface to read address from.
# CLI flag: -admin-api.leader-election.ring.instance-interface-names
[instance_interface_names: <list of string> | default = [ eth0 en0 ]]
# Port to advertize in the ring (defaults to server.grpc-listen-port).
# CLI flag: -admin-api.leader-election.ring.instance-port
[instance_port: <int> | default = 0]
# IP address to advertize in the ring.
# CLI flag: -admin-api.leader-election.ring.instance-addr
[instance_addr: <string> | default = ""]
# Enable using a IPv6 instance address.
# CLI flag: -admin-api.leader-election.ring.instance-enable-ipv6
[instance_enable_ipv6: <boolean> | default = false]
client_config:
# gRPC client max receive message size (bytes).
# CLI flag: -admin-api.leader-election.client.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -admin-api.leader-election.client.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 104857600]
# Use compression when sending messages. Supported values are: 'gzip',
# 'snappy' and '' (disable compression)
# CLI flag: -admin-api.leader-election.client.grpc-compression
[grpc_compression: <string> | default = ""]
# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -admin-api.leader-election.client.grpc-client-rate-limit
[rate_limit: <float> | default = 0]
# Rate limit burst for gRPC client.
# CLI flag: -admin-api.leader-election.client.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]
# Enable backoff and retry when we hit rate limits.
# CLI flag: -admin-api.leader-election.client.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]
backoff_config:
# Minimum delay when backing off.
# CLI flag: -admin-api.leader-election.client.backoff-min-period
[min_period: <duration> | default = 100ms]
# Maximum delay when backing off.
# CLI flag: -admin-api.leader-election.client.backoff-max-period
[max_period: <duration> | default = 10s]
# Number of times to backoff and retry before failing.
# CLI flag: -admin-api.leader-election.client.backoff-retries
[max_retries: <int> | default = 10]
# Initial stream window size. Values less than the default are not supported
# and are ignored. Setting this to a value other than the default disables
# the BDP estimator.
# CLI flag: -admin-api.leader-election.client.initial-stream-window-size
[initial_stream_window_size: <int> | default = 63KiB1023B]
# Initial connection window size. Values less than the default are not
# supported and are ignored. Setting this to a value other than the default
# disables the BDP estimator.
# CLI flag: -admin-api.leader-election.client.initial-connection-window-size
[initial_connection_window_size: <int> | default = 63KiB1023B]
# Enable TLS in the gRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -admin-api.leader-election.client.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -admin-api.leader-election.client.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin-api.leader-election.client.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -admin-api.leader-election.client.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin-api.leader-election.client.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin-api.leader-election.client.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin-api.leader-election.client.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin-api.leader-election.client.tls-min-version
[tls_min_version: <string> | default = ""]
# The maximum amount of time to establish a connection. A value of 0 means
# default gRPC client connect timeout and backoff.
# CLI flag: -admin-api.leader-election.client.connect-timeout
[connect_timeout: <duration> | default = 5s]
# Initial backoff delay after first connection failure. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -admin-api.leader-election.client.connect-backoff-base-delay
[connect_backoff_base_delay: <duration> | default = 1s]
# Maximum backoff delay when establishing a connection. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -admin-api.leader-election.client.connect-backoff-max-delay
[connect_backoff_max_delay: <duration> | default = 5s]
cluster_validation:
# Optionally define the cluster validation label.
# CLI flag: -admin-api.leader-election.client.cluster-validation.label
[label: <string> | default = ""]
limits:
# Enable API-based limits per-tenant.
# CLI flag: -admin-api.limits.enabled
[enabled: <boolean> | default = false]
# Refresh period for per-tenant limits.
# CLI flag: -admin-api.limits.refresh-period
[refresh_period: <duration> | default = 1m]
auditlogging:
# When set to true, audit logging is enabled.
# CLI flag: -admin-api.auditlogging.enabled
[enabled: <boolean> | default = false]
# When set to true, audit records will be generated for non-mutating
# operations, such as GET.
# CLI flag: -admin-api.auditlogging.non-mutating-enabled
[non_mutating_enabled: <boolean> | default = false]
# Percentage of the total non-mutating API calls that shall result in an audit
# record being generated (between 0.0 and 100.0)
# CLI flag: -admin-api.auditlogging.sample-rate
[sample_rate: <float> | default = 100]
# Whether to include the request body in the audit log.
# CLI flag: -admin-api.auditlogging.log-request-body
[log_request_body: <boolean> | default = true]
# Maximum size in bytes allowed for the body of any request on the admin-api
# path. Only applies if `log-request-body` is `true`.
# CLI flag: -admin-api.auditlogging.max-request-body-size-bytes
[max_request_body_size_bytes: <int> | default = 10MiB]admin_client_config
The admin_client_config block configures how the Admin API service connects to the storage backend.
storage:
# Enable caching on the versioned client.
# CLI flag: -admin.client.cache.enabled
[enable_cache: <boolean> | default = true]
cache:
# Cache backend type. Supported values are: memcached, redis, inmemory.
# CLI flag: -admin.client.cache.backend
[backend: <string> | default = "inmemory"]
memcached:
# Comma-separated list of memcached addresses. Each address can be an IP
# address, hostname, or an entry specified in the DNS Service Discovery
# format.
# CLI flag: -admin.client.cache.memcached.addresses
[addresses: <string> | default = ""]
# DNS provider used for resolving memcached addresses. Available providers
# golang, miekgdns, miekgdns2
# CLI flag: -admin.client.cache.memcached.addresses-provider
[addresses_provider: <string> | default = "miekgdns"]
# The socket read/write timeout.
# CLI flag: -admin.client.cache.memcached.timeout
[timeout: <duration> | default = 200ms]
# The connection timeout.
# CLI flag: -admin.client.cache.memcached.connect-timeout
[connect_timeout: <duration> | default = 200ms]
# The minimum number of idle connections to keep open as a percentage
# (0-100) of the number of recently used idle connections. If negative,
# idle connections are kept open indefinitely.
# CLI flag: -admin.client.cache.memcached.min-idle-connections-headroom-percentage
[min_idle_connections_headroom_percentage: <float> | default = -1]
# The maximum number of idle connections that will be maintained per
# address.
# CLI flag: -admin.client.cache.memcached.max-idle-connections
[max_idle_connections: <int> | default = 100]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -admin.client.cache.memcached.max-async-concurrency
[max_async_concurrency: <int> | default = 50]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -admin.client.cache.memcached.max-async-buffer-size
[max_async_buffer_size: <int> | default = 25000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -admin.client.cache.memcached.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum number of keys a single underlying get operation should run.
# If more keys are specified, internally keys are split into multiple
# batches and fetched concurrently, honoring the max concurrency. If set
# to 0, the max batch size is unlimited.
# CLI flag: -admin.client.cache.memcached.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 100]
# The maximum size of an item stored in memcached, in bytes. Bigger items
# are not stored. If set to 0, no maximum size is enforced.
# CLI flag: -admin.client.cache.memcached.max-item-size
[max_item_size: <int> | default = 1048576]
# Enable connecting to Memcached with TLS.
# CLI flag: -admin.client.cache.memcached.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin.client.cache.memcached.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin.client.cache.memcached.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin.client.cache.memcached.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin.client.cache.memcached.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin.client.cache.memcached.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin.client.cache.memcached.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin.client.cache.memcached.tls-min-version
[tls_min_version: <string> | default = ""]
# Allow client creation even if initial DNS resolution fails.
# CLI flag: -admin.client.cache.memcached.dns-ignore-startup-failures
[dns_ignore_startup_failures: <boolean> | default = false]
redis:
# Redis Server or Cluster configuration endpoint to use for caching. A
# comma-separated list of endpoints for Redis Cluster or Redis Sentinel.
# CLI flag: -admin.client.cache.redis.endpoint
[endpoint: <string> | default = ""]
# Username to use when connecting to Redis.
# CLI flag: -admin.client.cache.redis.username
[username: <string> | default = ""]
# Password to use when connecting to Redis.
# CLI flag: -admin.client.cache.redis.password
[password: <string> | default = ""]
# Database index.
# CLI flag: -admin.client.cache.redis.db
[db: <int> | default = 0]
# Redis Sentinel master name. An empty string for Redis Server or Redis
# Cluster.
# CLI flag: -admin.client.cache.redis.master-name
[master_name: <string> | default = ""]
# Client dial timeout.
# CLI flag: -admin.client.cache.redis.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Client read timeout.
# CLI flag: -admin.client.cache.redis.read-timeout
[read_timeout: <duration> | default = 3s]
# Client write timeout.
# CLI flag: -admin.client.cache.redis.write-timeout
[write_timeout: <duration> | default = 3s]
# Maximum number of connections in the pool.
# CLI flag: -admin.client.cache.redis.connection-pool-size
[connection_pool_size: <int> | default = 100]
# Maximum duration to wait to get a connection from pool.
# CLI flag: -admin.client.cache.redis.connection-pool-timeout
[connection_pool_timeout: <duration> | default = 4s]
# Minimum number of idle connections.
# CLI flag: -admin.client.cache.redis.min-idle-connections
[min_idle_connections: <int> | default = 10]
# Amount of time after which client closes idle connections.
# CLI flag: -admin.client.cache.redis.idle-timeout
[idle_timeout: <duration> | default = 5m]
# Close connections older than this duration. If the value is zero, then
# the pool does not close connections based on age.
# CLI flag: -admin.client.cache.redis.max-connection-age
[max_connection_age: <duration> | default = 0s]
# The maximum size of an item stored in Redis. Bigger items are not
# stored. If set to 0, no maximum size is enforced.
# CLI flag: -admin.client.cache.redis.max-item-size
[max_item_size: <int> | default = 16777216]
# The maximum number of concurrent asynchronous operations can occur.
# CLI flag: -admin.client.cache.redis.max-async-concurrency
[max_async_concurrency: <int> | default = 50]
# The maximum number of enqueued asynchronous operations allowed.
# CLI flag: -admin.client.cache.redis.max-async-buffer-size
[max_async_buffer_size: <int> | default = 25000]
# The maximum number of concurrent connections running get operations. If
# set to 0, concurrency is unlimited.
# CLI flag: -admin.client.cache.redis.max-get-multi-concurrency
[max_get_multi_concurrency: <int> | default = 100]
# The maximum size per batch for mget operations.
# CLI flag: -admin.client.cache.redis.max-get-multi-batch-size
[max_get_multi_batch_size: <int> | default = 100]
# Enable connecting to Redis with TLS.
# CLI flag: -admin.client.cache.redis.tls-enabled
[tls_enabled: <boolean> | default = false]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin.client.cache.redis.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin.client.cache.redis.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin.client.cache.redis.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin.client.cache.redis.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -admin.client.cache.redis.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -admin.client.cache.redis.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -admin.client.cache.redis.tls-min-version
[tls_min_version: <string> | default = ""]
# How long an item should be cached before being evicted. Only available for
# remote cache types (memcached, redis), for inmemory it is capped at 1
# minute.
# CLI flag: -admin.client.cache.expiration
[expiration: <duration> | default = 24h]
# How frequently to reload tokens from storage to keep the cache warm.
# Default disabled.
# CLI flag: -admin.client.cache.refresh-interval
[refresh_interval: <duration> | default = 0s]
# The storage backend to use
# CLI flag: -admin.client.backend
[backend: <string> | default = "filesystem"]
s3:
# The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
# https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
# S3-compatible service in hostname:port format.
# CLI flag: -admin.client.s3.endpoint
[endpoint: <string> | default = ""]
# S3 region. If unset, the client will issue a S3 GetBucketLocation API call
# to autodetect it.
# CLI flag: -admin.client.s3.region
[region: <string> | default = ""]
# S3 bucket name
# CLI flag: -admin.client.s3.bucket-name
[bucket_name: <string> | default = ""]
# S3 secret access key
# CLI flag: -admin.client.s3.secret-access-key
[secret_access_key: <string> | default = ""]
# S3 access key ID
# CLI flag: -admin.client.s3.access-key-id
[access_key_id: <string> | default = ""]
# S3 session token
# CLI flag: -admin.client.s3.session-token
[session_token: <string> | default = ""]
# If enabled, use http:// for the S3 endpoint instead of https://. This
# could be useful in local dev/test environments while using an
# S3-compatible backend storage, like Minio.
# CLI flag: -admin.client.s3.insecure
[insecure: <boolean> | default = false]
# Use a specific version of the S3 list object API. Supported values are v1
# or v2. Default is unset.
# CLI flag: -admin.client.s3.list-objects-version
[list_objects_version: <string> | default = ""]
# Bucket lookup style type, used to access bucket in S3-compatible service.
# Default is auto. Supported values are: auto, path, virtual-hosted.
# CLI flag: -admin.client.s3.bucket-lookup-type
[bucket_lookup_type: <int> | default = auto]
# When enabled, direct all AWS S3 requests to the dual-stack IPv4/IPv6
# endpoint for the configured region.
# CLI flag: -admin.client.s3.dualstack-enabled
[dualstack_enabled: <boolean> | default = true]
# The S3 storage class to use, not set by default. Details can be found at
# https://aws.amazon.com/s3/storage-classes/. Supported values are:
# STANDARD, REDUCED_REDUNDANCY, GLACIER, STANDARD_IA, ONEZONE_IA,
# INTELLIGENT_TIERING, DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW,
# EXPRESS_ONEZONE
# CLI flag: -admin.client.s3.storage-class
[storage_class: <string> | default = ""]
# If enabled, it will use the default authentication methods of the AWS SDK
# for go based on known environment variables and known AWS config files.
# CLI flag: -admin.client.s3.native-aws-auth-enabled
[native_aws_auth_enabled: <boolean> | default = false]
# The minimum file size in bytes used for multipart uploads. If 0, the value
# is optimally computed for each object.
# CLI flag: -admin.client.s3.part-size
[part_size: <int> | default = 0]
# If enabled, a Content-MD5 header is sent with S3 Put Object requests.
# Consumes more resources to compute the MD5, but may improve compatibility
# with object storage services that do not support checksums.
# CLI flag: -admin.client.s3.send-content-md5
[send_content_md5: <boolean> | default = false]
# Accessing S3 resources using temporary, secure credentials provided by AWS
# Security Token Service.
# CLI flag: -admin.client.s3.sts-endpoint
[sts_endpoint: <string> | default = ""]
# The maximum number of retries for S3 requests that are retryable. Default
# is 10, set this to 1 to disable retries.
# CLI flag: -admin.client.s3.max-retries
[max_retries: <int> | default = 10]
sse:
# Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
# CLI flag: -admin.client.s3.sse.type
[type: <string> | default = ""]
# KMS Key ID used to encrypt objects in S3
# CLI flag: -admin.client.s3.sse.kms-key-id
[kms_key_id: <string> | default = ""]
# KMS Encryption Context used for object encryption. It expects JSON
# formatted string.
# CLI flag: -admin.client.s3.sse.kms-encryption-context
[kms_encryption_context: <string> | default = ""]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -admin.client.s3.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -admin.client.s3.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -admin.client.s3.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -admin.client.s3.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully
# writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -admin.client.s3.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0
# means no limit.
# CLI flag: -admin.client.s3.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0,
# a built-in default value is used.
# CLI flag: -admin.client.s3.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -admin.client.s3.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin.client.s3.http.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin.client.s3.http.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin.client.s3.http.tls-key-path
[tls_key_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin.client.s3.http.tls-server-name
[tls_server_name: <string> | default = ""]
trace:
# When enabled, low-level S3 HTTP operation information is logged at the
# debug level.
# CLI flag: -admin.client.s3.trace.enabled
[enabled: <boolean> | default = false]
gcs:
# GCS bucket name
# CLI flag: -admin.client.gcs.bucket-name
[bucket_name: <string> | default = ""]
# JSON either from a Google Developers Console client_credentials.json file,
# or a Google Developers service account key. Needs to be valid JSON, not a
# filesystem path.
# CLI flag: -admin.client.gcs.service-account
[service_account: <string> | default = ""]
# The maximum size of the buffer that GCS client for a single PUT request. 0
# to disable buffering.
# CLI flag: -admin.client.gcs.chunk-buffer-size
[chunk_buffer_size: <int> | default = 0]
# The maximum number of retries for idempotent operations. Overrides the
# default gcs storage client behavior if this value is greater than 0. Set
# this to 1 to disable retries.
# CLI flag: -admin.client.gcs.max-retries
[max_retries: <int> | default = 10]
azure:
# Azure storage account name
# CLI flag: -admin.client.azure.account-name
[account_name: <string> | default = ""]
# Azure storage account key. If unset, Azure managed identities will be used
# for authentication instead.
# CLI flag: -admin.client.azure.account-key
[account_key: <string> | default = ""]
# If `connection-string` is set, the value of `endpoint-suffix` will not be
# used. Use this method over `account-key` if you need to authenticate via a
# SAS token. Or if you use the Azurite emulator.
# CLI flag: -admin.client.azure.connection-string
[connection_string: <string> | default = ""]
# Azure storage container name
# CLI flag: -admin.client.azure.container-name
[container_name: <string> | default = ""]
# Azure storage endpoint suffix without schema. The account name will be
# prefixed to this value to create the FQDN. If set to empty string, default
# endpoint suffix is used.
# CLI flag: -admin.client.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]
# Number of retries for recoverable errors
# CLI flag: -admin.client.azure.max-retries
[max_retries: <int> | default = 20]
# User assigned managed identity. If empty, then System assigned identity is
# used.
# CLI flag: -admin.client.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]
# Delimiter used to replace ':' in chunk IDs when storing chunks
# CLI flag: -admin.client.azure.chunk-delimiter
[chunk_delimiter: <string> | default = "-"]
swift:
# OpenStack Swift application credential id
# CLI flag: -admin.client.swift.application-credential-id
[application_credential_id: <string> | default = ""]
# OpenStack Swift application credential name
# CLI flag: -admin.client.swift.application-credential-name
[application_credential_name: <string> | default = ""]
# OpenStack Swift application credential secret
# CLI flag: -admin.client.swift.application-credential-secret
[application_credential_secret: <string> | default = ""]
# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -admin.client.swift.auth-version
[auth_version: <int> | default = 0]
# OpenStack Swift authentication URL
# CLI flag: -admin.client.swift.auth-url
[auth_url: <string> | default = ""]
# OpenStack Swift username.
# CLI flag: -admin.client.swift.username
[username: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -admin.client.swift.user-domain-name
[user_domain_name: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -admin.client.swift.user-domain-id
[user_domain_id: <string> | default = ""]
# OpenStack Swift user ID.
# CLI flag: -admin.client.swift.user-id
[user_id: <string> | default = ""]
# OpenStack Swift API key.
# CLI flag: -admin.client.swift.password
[password: <string> | default = ""]
# OpenStack Swift user's domain ID.
# CLI flag: -admin.client.swift.domain-id
[domain_id: <string> | default = ""]
# OpenStack Swift user's domain name.
# CLI flag: -admin.client.swift.domain-name
[domain_name: <string> | default = ""]
# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -admin.client.swift.project-id
[project_id: <string> | default = ""]
# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -admin.client.swift.project-name
[project_name: <string> | default = ""]
# ID of the OpenStack Swift project's domain (v3 auth only), only needed if
# it differs the from user domain.
# CLI flag: -admin.client.swift.project-domain-id
[project_domain_id: <string> | default = ""]
# Name of the OpenStack Swift project's domain (v3 auth only), only needed
# if it differs from the user domain.
# CLI flag: -admin.client.swift.project-domain-name
[project_domain_name: <string> | default = ""]
# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -admin.client.swift.region-name
[region_name: <string> | default = ""]
# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -admin.client.swift.container-name
[container_name: <string> | default = ""]
# Max retries on requests error.
# CLI flag: -admin.client.swift.max-retries
[max_retries: <int> | default = 3]
# Time after which a connection attempt is aborted.
# CLI flag: -admin.client.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]
# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no
# data is received on a request.
# CLI flag: -admin.client.swift.request-timeout
[request_timeout: <duration> | default = 5s]
http:
# The time an idle connection will remain idle before closing.
# CLI flag: -admin.client.swift.http.idle-conn-timeout
[idle_conn_timeout: <duration> | default = 1m30s]
# The amount of time the client will wait for a servers response headers.
# CLI flag: -admin.client.swift.http.response-header-timeout
[response_header_timeout: <duration> | default = 2m]
# If the client connects via HTTPS and this option is enabled, the client
# will accept any certificate and hostname.
# CLI flag: -admin.client.swift.http.insecure-skip-verify
[insecure_skip_verify: <boolean> | default = false]
# Maximum time to wait for a TLS handshake. 0 means no limit.
# CLI flag: -admin.client.swift.tls-handshake-timeout
[tls_handshake_timeout: <duration> | default = 10s]
# The time to wait for a server's first response headers after fully
# writing the request headers if the request has an Expect header. 0 to
# send the request body immediately.
# CLI flag: -admin.client.swift.expect-continue-timeout
[expect_continue_timeout: <duration> | default = 1s]
# Maximum number of idle (keep-alive) connections across all hosts. 0
# means no limit.
# CLI flag: -admin.client.swift.max-idle-connections
[max_idle_connections: <int> | default = 100]
# Maximum number of idle (keep-alive) connections to keep per-host. If 0,
# a built-in default value is used.
# CLI flag: -admin.client.swift.max-idle-connections-per-host
[max_idle_connections_per_host: <int> | default = 100]
# Maximum number of connections per host. 0 means no limit.
# CLI flag: -admin.client.swift.max-connections-per-host
[max_connections_per_host: <int> | default = 0]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -admin.client.swift.http.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -admin.client.swift.http.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -admin.client.swift.http.tls-key-path
[tls_key_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -admin.client.swift.http.tls-server-name
[tls_server_name: <string> | default = ""]
filesystem:
# Local filesystem storage directory.
# CLI flag: -admin.client.filesystem.dir
[dir: <string> | default = ""]
alibaba:
# Endpoint to connect to.
# CLI flag: -admin.client.oss.endpoint
[endpoint: <string> | default = ""]
# Name of OSS bucket.
# CLI flag: -admin.client.oss.bucketname
[bucket: <string> | default = ""]
# alibabacloud Access Key ID
# CLI flag: -admin.client.oss.access-key-id
[access_key_id: <string> | default = ""]
# alibabacloud Secret Access Key
# CLI flag: -admin.client.oss.access-key-secret
[access_key_secret: <string> | default = ""]
bos:
# Name of BOS bucket.
# CLI flag: -admin.client.bos.bucket
[bucket: <string> | default = ""]
# BOS endpoint to connect to.
# CLI flag: -admin.client.bos.endpoint
[endpoint: <string> | default = ""]
# Baidu Cloud Engine (BCE) Access Key ID.
# CLI flag: -admin.client.bos.access-key
[access_key: <string> | default = ""]
# Baidu Cloud Engine (BCE) Secret Access Key.
# CLI flag: -admin.client.bos.secret-key
[secret_key: <string> | default = ""]
# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits, English alphabet letters and dashes.
# CLI flag: -admin.client.storage-prefix
[storage_prefix: <string> | default = ""]
# Set a backend to use, (gcs, s3, azure). Deprecated, please use
# '-admin.client.backend' instead.
# CLI flag: -admin.client.backend-type
[type: <string> | default = ""]
# If set to true, the built-in __admin__ access policy will not be active.
# CLI flag: -admin.client.disable-default-admin-policy
[disable_default_admin_policy: <boolean> | default = false]auth_config
The auth_config block configures the authentication type to use.
# method for authenticating incoming HTTP requests, (trust, enterprise).
# CLI flag: -auth.type
[type: <string> | default = "enterprise"]
# requires admin level auth for the /metrics endpoint.
# CLI flag: -auth.required-for-metrics
[required_for_metrics: <boolean> | default = false]
# requires admin level auth for the /debug endpoints.
# CLI flag: -auth.required-for-debug
[required_for_debug: <boolean> | default = true]
override:
# Override admin token. If set, this string will always be accepted as a token
# with admin level scope.
# CLI flag: -auth.override.token
[token: <string> | default = ""]
# If set, this file will be read at startup and the string from that file will
# be used as a admin scoped token.
# CLI flag: -auth.override.token-file
[token_file: <string> | default = ""]
admin:
# when set, the name of the used access policy will be passed to the backend
# service as a header.
# CLI flag: -auth.pass-access-policy-name
[pass_access_policy_name: <boolean> | default = false]
# when set, the name of the used token will be passed to the backend service
# as a header.
# CLI flag: -auth.pass-token-name
[pass_token_name: <boolean> | default = false]
# how long auth responses should be cached
# CLI flag: -auth.cache.ttl
[cache_ttl: <duration> | default = 10m]
cache_refresh:
# Whether asynchronous background refreshes are enabled.
# CLI flag: -auth.cache.refresh.enabled
[enabled: <boolean> | default = false]
# Number of workers for background asynchronous refresh.
# CLI flag: -auth.cache.refresh.concurrency
[concurrency: <int> | default = 2]
# Maximum number of pending background refreshes.
# CLI flag: -auth.cache.refresh.buffer
[buffer: <int> | default = 256]
# Remaining time to live of an item when background refreshes may begin to
# occur.
# CLI flag: -auth.cache.refresh.refresh-ttl
[refresh_ttl: <duration> | default = 3m]
# Minimum time distance between retries if a refresh attempt fails, 0 means
# that every sub-sequent get operation will result in a retry.
# CLI flag: -auth.cache.refresh.retry-interval
[retry_interval: <duration> | default = 30s]
oidc:
# JWT token issuer URL (example "https://accounts.google.com")
# CLI flag: -auth.admin.oidc.issuer-url
[issuer_url: <string> | default = ""]
# claim in the JWT token containing the access policy
# CLI flag: -auth.admin.oidc.access-policy-claim
[access_policy_claim: <string> | default = ""]
# regex to extract the access policy from the JWT token. The first submatch
# of the provided regex expression will be used.
# CLI flag: -auth.admin.oidc.access-policy-regex
[access_policy_regex: <string> | default = ""]
# optional audience to check in JWT token
# CLI flag: -auth.admin.oidc.audience
[audience: <string> | default = ""]
# name of the access policy to use when the token doesn't contain an access
# policy
# CLI flag: -auth.admin.oidc.default-access-policy
[default_access_policy: <string> | default = ""]
# enable ADFS compatibility
# CLI flag: -auth.admin.oidc.adfs-compatibility
[adfs_compatibility: <boolean> | default = false]federation_config
The federation_config block configures the cross-cluster query federation service.
proxy_targets:
# Name contains the name of the proxy target, it will be used for the
# __cluster__ label.
[name: <string> | default = ""]
# URL is the URL to the GET API endpoints.
[url: <string> | default = ""]
# tls_cert_path is not exposed as CLI flag.
[tls_cert_path: <string> | default = ""]
# tls_key_path is not exposed as CLI flag.
[tls_key_path: <string> | default = ""]
# tls_ca_path is not exposed as CLI flag.
[tls_ca_path: <string> | default = ""]
# tls_server_name is not exposed as CLI flag.
[tls_server_name: <string> | default = ""]
# tls_insecure_skip_verify is not exposed as CLI flag.
[tls_insecure_skip_verify: <boolean> | default = false]
# tls_cipher_suites is not exposed as CLI flag.
[tls_cipher_suites: <string> | default = ""]
# tls_min_version is not exposed as CLI flag.
[tls_min_version: <string> | default = ""]
# Those optional Basic Auth parameters allow to override the client provided
# credentials.
basic_auth:
# Basic Auth username
[username: <string> | default = ""]
# Basic Auth password
[password: <string> | default = ""]
# Maximum number of concurrent requests to federation targets.
# CLI flag: -federation.max-concurrency
[max_concurrency: <int> | default = 20]
# Timeout for hedging requests to federation targets.
# CLI flag: -federation.hedge-requests-at
[hedge_requests_at: <duration> | default = 0s]
# Timeout for requests to federation targets.
# CLI flag: -federation.read-timeout
[read_timeout: <duration> | default = 5s]gateway_config
The gateway_config block configures the gateway service.
proxy:
default:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.default.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.default.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.default.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.default.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.default.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.default.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.default.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.default.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.default.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.default.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.default.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.default.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.default.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.default.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.default.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.default.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.default.read-timeout
[read_timeout: <duration> | default = 2m]
admin_api:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.admin-api.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.admin-api.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.admin-api.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.admin-api.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.admin-api.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.admin-api.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.admin-api.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.admin-api.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.admin-api.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.admin-api.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.admin-api.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.admin-api.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.admin-api.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.admin-api.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.admin-api.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.admin-api.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.admin-api.read-timeout
[read_timeout: <duration> | default = 2m]
compactor:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.compactor.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.compactor.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.compactor.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.compactor.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.compactor.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.compactor.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.compactor.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.compactor.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.compactor.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.compactor.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.compactor.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.compactor.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.compactor.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.compactor.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.compactor.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.compactor.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.compactor.read-timeout
[read_timeout: <duration> | default = 2m]
distributor:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.distributor.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.distributor.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.distributor.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.distributor.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.distributor.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.distributor.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.distributor.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.distributor.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.distributor.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.distributor.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.distributor.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.distributor.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.distributor.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.distributor.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.distributor.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributor.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributor.read-timeout
[read_timeout: <duration> | default = 2m]
otlp/grpc:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.distributorotlp-grpc.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.distributorotlp-grpc.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC
# server will be used.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-grpc.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.distributorotlp-grpc.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.distributorotlp-grpc.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the
# balancer will attempt to not send to each backend a number of inflight
# requests higher than the average inflight requests across all backends
# multiplied by the overloaded factor.
# CLI flag: -gateway.proxy.distributorotlp-grpc.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.distributorotlp-grpc.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.distributorotlp-grpc.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-grpc.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-grpc.read-timeout
[read_timeout: <duration> | default = 2m]
otlp/http:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.distributorotlp-http.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.distributorotlp-http.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC
# server will be used.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-http.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating
# with the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If
# not set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.distributorotlp-http.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.distributorotlp-http.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.distributorotlp-http.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.distributorotlp-http.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the
# balancer will attempt to not send to each backend a number of inflight
# requests higher than the average inflight requests across all backends
# multiplied by the overloaded factor.
# CLI flag: -gateway.proxy.distributorotlp-http.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.distributorotlp-http.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.distributorotlp-http.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-http.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.distributorotlp-http.read-timeout
[read_timeout: <duration> | default = 2m]
ingester:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.ingester.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.ingester.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.ingester.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.ingester.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.ingester.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.ingester.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.ingester.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.ingester.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.ingester.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.ingester.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.ingester.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.ingester.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.ingester.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.ingester.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.ingester.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.ingester.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.ingester.read-timeout
[read_timeout: <duration> | default = 2m]
querier:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.querier.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.querier.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.querier.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.querier.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.querier.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.querier.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.querier.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.querier.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.querier.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.querier.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.querier.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.querier.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.querier.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.querier.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.querier.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.querier.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.querier.read-timeout
[read_timeout: <duration> | default = 2m]
query_frontend:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.query-frontend.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.query-frontend.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.query-frontend.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.query-frontend.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.query-frontend.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.query-frontend.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.query-frontend.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.query-frontend.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.query-frontend.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.query-frontend.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.query-frontend.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.query-frontend.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.query-frontend.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.query-frontend.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.query-frontend.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.query-frontend.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.query-frontend.read-timeout
[read_timeout: <duration> | default = 2m]
metrics_generator:
# URL for the backend. Use the scheme dns:// for HTTP over gRPC and the
# scheme h2c:// for HTTP2 proxying.
# CLI flag: -gateway.proxy.metrics-generator.url
[url: <string> | default = ""]
# Enable keep alive for the backend.
# CLI flag: -gateway.proxy.metrics-generator.enable-keepalive
[enable_keepalive: <boolean> | default = true]
# Enable TLS in the GRPC client. This flag needs to be enabled when any
# other TLS flag is set. If set to false, insecure connection to gRPC server
# will be used.
# CLI flag: -gateway.proxy.metrics-generator.tls-enabled
[tls_enabled: <boolean> | default = false]
# Timeout when dialing backend. For proxying over GRPC, this will be used
# only during the initial dial at startup. For proxying over HTTP this is
# the connection timeout. Set to 0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.dial-timeout
[dial_timeout: <duration> | default = 5s]
# Path to the client certificate, which will be used for authenticating with
# the server. Also requires the key path to be configured.
# CLI flag: -gateway.proxy.metrics-generator.tls-cert-path
[tls_cert_path: <string> | default = ""]
# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -gateway.proxy.metrics-generator.tls-key-path
[tls_key_path: <string> | default = ""]
# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -gateway.proxy.metrics-generator.tls-ca-path
[tls_ca_path: <string> | default = ""]
# Override the expected name on the server certificate.
# CLI flag: -gateway.proxy.metrics-generator.tls-server-name
[tls_server_name: <string> | default = ""]
# Skip validating server certificate.
# CLI flag: -gateway.proxy.metrics-generator.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]
# Override the default cipher suite list (separated by commas).
# CLI flag: -gateway.proxy.metrics-generator.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]
# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -gateway.proxy.metrics-generator.tls-min-version
[tls_min_version: <string> | default = ""]
# gRPC load balancing policy. Supported values: round_robin, bounded_load.
# CLI flag: -gateway.proxy.metrics-generator.grpc-load-balancing-policy
[grpc_load_balancing_policy: <string> | default = "round_robin"]
# When the gRPC load balancing policy is set to "bounded_load", the balancer
# will attempt to not send to each backend a number of inflight requests
# higher than the average inflight requests across all backends multiplied
# by the overloaded factor.
# CLI flag: -gateway.proxy.metrics-generator.grpc-load-balancing-overloaded-factor
[grpc_load_balancing_overloaded_factor: <float> | default = 2]
# gRPC client max receive message size (bytes).
# CLI flag: -gateway.proxy.metrics-generator.grpc-max-recv-msg-size
[grpc_max_recv_msg_size: <int> | default = 104857600]
# gRPC client max send message size (bytes).
# CLI flag: -gateway.proxy.metrics-generator.grpc-max-send-msg-size
[grpc_max_send_msg_size: <int> | default = 2147483647]
# Timeout for write requests to the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.write-timeout
[write_timeout: <duration> | default = 30s]
# Timeout for read requests the backend, set to <=0 to disable.
# CLI flag: -gateway.proxy.metrics-generator.read-timeout
[read_timeout: <duration> | default = 2m]license_config
The license_config block configures the license validation module.
# Filepath to license jwt file.
# CLI flag: -license.path
[path: <string> | default = "./license.jwt"]
# Interval to check for new or existing licenses.
# CLI flag: -license.sync-interval
[sync_interval: <duration> | default = 1h]tokengen_config
The tokengen_config block configures the tokengen service.
# The name of the access policy to generate a token for. It defaults to the
# built-in admin policy.
# CLI flag: -tokengen.access-policy
[access_policy: <string> | default = "__admin__"]
# If set, the generated token will be written to a file at the provided path in
# addition to being logged. Note that if the file already exists, it will not be
# overwritten, and tokengen will fail with an error.
# CLI flag: -tokengen.token-file
[token_file: <string> | default = ""]
