Loki reference topics on Grafana Labs

Grafana Loki configuration parameters

Thu, 09 Apr 2026 02:28:18 +0000

Grafana Loki configuration parameters

Grafana Loki is configured in a YAML file (usually referred to as loki.yaml ) which contains information on the Loki server and its individual components, depending on which mode Loki is launched in.

Configuration examples can be found in the Configuration Examples document.

Printing Loki config at runtime

If you pass Loki the flag -print-config-stderr or -log-config-reverse-order, (or -print-config-stderr=true) Loki will dump the entire config object it has created from the built-in defaults combined first with overrides from config file, and second by overrides from flags.

The result is the value for every config object in the Loki config struct, which is very large…

Many values will not be relevant to your install such as storage configs which you are not using and which you did not define, this is expected as every option has a default value if it is being used or not.

This config is what Loki will use to run, it can be invaluable for debugging issues related to configuration and is especially useful in making sure your config files and flags are being read and loaded properly.

-print-config-stderr is nice when running Loki directly e.g. ./loki as you can get a quick output of the entire Loki config.

-log-config-reverse-order is the flag we run Loki with in all our environments, the config entries are reversed so that the order of configs reads correctly top to bottom when viewed in Grafana’s Explore.

Configuration file reference

To specify which configuration file to load, pass the -config.file flag at the command line. The value can be a list of comma separated paths, then the first file that exists will be used. If no -config.file argument is specified, Loki will look up the config.yaml in the current working directory and the config/ subdirectory and try to use that.

The file is written in YAML format, defined by the scheme below. Brackets indicate that a parameter is optional. For non-list parameters the value is set to the specified default.

Use environment variables in the configuration

Note: This feature is only available in Loki 2.1+.

You can use environment variable references in the configuration file to set values that need to be configurable during deployment. To do this, pass -config.expand-env=true and use:

${VAR}

Where VAR is the name of the environment variable.

Each variable reference is replaced at startup by the value of the environment variable. The replacement is case-sensitive and occurs before the YAML file is parsed. References to undefined variables are replaced by empty strings unless you specify a default value or custom error text.

To specify a default value, use:

${VAR:-default_value}

Where default_value is the value to use if the environment variable is undefined.

Pass the -config.expand-env flag at the command line to enable this way of setting configs.

Generic placeholders

<boolean> : a boolean that can take the values true or false
<int> : A plain integer (for example, 0, 1024, 5000) or a size in bytes with optional unit suffix (for example, 1024, 256KB, 64MB, 4GB). Supported units: B, KB, MB, GB, TB, PB, EB.
<duration> : a duration with required unit suffix. Supported units: ms, s, m, h, d, w, y (for example, 30s, 5m, 1h, 1d, 1w). Note: 0 is allowed without a unit. Some fields using Go’s native duration type may also support ns and us/µs but not d, w, y.
<labelname> : a string matching the regular expression [a-zA-Z_][a-zA-Z0-9_]*
<labelvalue> : a string of unicode characters
<filename> : a valid path relative to current working directory or an absolute path.
<host> : a valid string consisting of a hostname or IP followed by an optional port number
<string> : a string
<secret> : a string that represents a secret, such as a password

Supported contents and default values of `loki.yaml`

# A comma-separated list of components to run. The default value 'all' runs Loki
# in single binary mode. The value 'read' is an alias to run only read-path
# related components such as the querier and query-frontend, but all in the same
# process. The value 'write' is an alias to run only write-path related
# components such as the distributor and compactor, but all in the same process.
# Supported values: all, compactor, distributor, ingester, querier,
# query-scheduler, ingester-querier, query-frontend, index-gateway, ruler,
# table-manager, read, write. A full list of available targets can be printed
# when running Loki with the '-list-targets' command line flag.
# CLI flag: -target
[target: <string> | default = "all"]

# Enables authentication through the X-Scope-OrgID header, which must be present
# if true. If false, the OrgID will always be set to 'fake'.
# CLI flag: -auth.enabled
[auth_enabled: <boolean> | default = true]

# The amount of virtual memory in bytes to reserve as ballast in order to
# optimize garbage collection. Larger ballasts result in fewer garbage
# collection passes, reducing CPU overhead at the cost of heap size. The ballast
# will not consume physical memory, because it is never read from. It will,
# however, distort metrics, because it is counted as live memory.
# CLI flag: -config.ballast-bytes
[ballast_bytes: <int> | default = 0]

# Configures the server of the launched module(s).
[server: <server>]

ui:
  # Enable the experimental Loki UI.
  # CLI flag: -ui.enabled
  [enabled: <boolean> | default = false]

  # Enable debug logging for the UI.
  # CLI flag: -ui.debug
  [debug: <boolean> | default = false]

  goldfish:
    # Enable the Goldfish query comparison feature.
    # CLI flag: -ui.goldfish.enable
    [enable: <boolean> | default = false]

    storage:
      # Storage backend type (cloudsql, rds, or empty for no storage)
      # CLI flag: -ui.goldfish.storage.type
      [type: <string> | default = ""]

      # CloudSQL host for Goldfish database.
      # CLI flag: -ui.goldfish.storage.cloudsql.host
      [cloudsql_host: <string> | default = "127.0.0.1"]

      # CloudSQL port for Goldfish database.
      # CLI flag: -ui.goldfish.storage.cloudsql.port
      [cloudsql_port: <int> | default = 3306]

      # CloudSQL database name for Goldfish.
      # CLI flag: -ui.goldfish.storage.cloudsql.database
      [cloudsql_database: <string> | default = "goldfish"]

      # CloudSQL username for Goldfish database.
      # CLI flag: -ui.goldfish.storage.cloudsql.user
      [cloudsql_user: <string> | default = ""]

      # RDS endpoint (host:port)
      # CLI flag: -ui.goldfish.storage.rds.endpoint
      [rds_endpoint: <string> | default = ""]

      # RDS database name
      # CLI flag: -ui.goldfish.storage.rds.database
      [rds_database: <string> | default = ""]

      # RDS database user
      # CLI flag: -ui.goldfish.storage.rds.user
      [rds_user: <string> | default = ""]

      # Maximum number of database connections for Goldfish.
      # CLI flag: -ui.goldfish.max-connections
      [max_connections: <int> | default = 10]

      # Maximum idle time for database connections in seconds.
      # CLI flag: -ui.goldfish.max-idle-time
      [max_idle_time_seconds: <int> | default = 300]

    # Base URL of Grafana instance for explore links.
    # CLI flag: -ui.goldfish.grafana-url
    [grafana_url: <string> | default = ""]

    # UID of the traces datasource in Grafana.
    # CLI flag: -ui.goldfish.traces-datasource-uid
    [traces_datasource_uid: <string> | default = ""]

    # UID of the Loki datasource in Grafana.
    # CLI flag: -ui.goldfish.logs-datasource-uid
    [logs_datasource_uid: <string> | default = ""]

    # Namespace for Cell A logs.
    # CLI flag: -ui.goldfish.cell-a-namespace
    [cell_a_namespace: <string> | default = ""]

    # Namespace for Cell B logs.
    # CLI flag: -ui.goldfish.cell-b-namespace
    [cell_b_namespace: <string> | default = ""]

    # Results storage backend (gcs, s3) for fetching stored query results.
    # CLI flag: -ui.goldfish.results-backend
    [results_backend: <string> | default = ""]

    # The thanos_object_store_config block configures the connection to object
    # storage backend using thanos-io/objstore clients. This will become the
    # default way of configuring object store clients in future releases.
    # Currently this is opt-in and takes effect only when `-use-thanos-objstore`
    # is set to true.
    # The CLI flags prefix for this block configuration is: ui.goldfish.results
    [results_bucket: <thanos_object_store_config>]

  ring:
    kvstore:
      # Backend storage to use for the ring. Supported values are: consul, etcd,
      # inmemory, memberlist, multi.
      # CLI flag: -ui.ring.store
      [store: <string> | default = "consul"]

      # The prefix for the keys in the store. Should end with a /.
      # CLI flag: -ui.ring.prefix
      [prefix: <string> | default = "collectors/"]

      # Configuration for a Consul client. Only applies if the selected kvstore
      # is consul.
      # The CLI flags prefix for this block configuration is: ui.ring
      [consul: <consul>]

      # Configuration for an ETCD v3 client. Only applies if the selected
      # kvstore is etcd.
      # The CLI flags prefix for this block configuration is: ui.ring
      [etcd: <etcd>]

      multi:
        # Primary backend storage used by multi-client.
        # CLI flag: -ui.ring.multi.primary
        [primary: <string> | default = ""]

        # Secondary backend storage used by multi-client.
        # CLI flag: -ui.ring.multi.secondary
        [secondary: <string> | default = ""]

        # Mirror writes to the secondary store.
        # CLI flag: -ui.ring.multi.mirror-enabled
        [mirror_enabled: <boolean> | default = false]

        # Timeout for storing a value to the secondary store.
        # CLI flag: -ui.ring.multi.mirror-timeout
        [mirror_timeout: <duration> | default = 2s]

    # Period at which to heartbeat to the ring.
    # CLI flag: -ui.ring.heartbeat-period
    [heartbeat_period: <duration> | default = 15s]

    # The heartbeat timeout after which compactors are considered unhealthy
    # within the ring. 0 = never (timeout disabled).
    # CLI flag: -ui.ring.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # File path where tokens are stored. If empty, tokens are not stored at
    # shutdown and restored at startup.
    # CLI flag: -ui.ring.tokens-file-path
    [tokens_file_path: <string> | default = ""]

    # True to enable zone-awareness and replicate blocks across different
    # availability zones.
    # CLI flag: -ui.ring.zone-awareness-enabled
    [zone_awareness_enabled: <boolean> | default = false]

    # Number of tokens to own in the ring.
    # CLI flag: -ui.ring.num-tokens
    [num_tokens: <int> | default = 128]

    # Factor for data replication.
    # CLI flag: -ui.ring.replication-factor
    [replication_factor: <int> | default = 3]

    # Instance ID to register in the ring.
    # CLI flag: -ui.ring.instance-id
    [instance_id: <string> | default = "<hostname>"]

    # Name of network interface to read address from.
    # CLI flag: -ui.ring.instance-interface-names
    [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

    # Port to advertise in the ring (defaults to server.grpc-listen-port).
    # CLI flag: -ui.ring.instance-port
    [instance_port: <int> | default = 0]

    # IP address to advertise in the ring.
    # CLI flag: -ui.ring.instance-addr
    [instance_addr: <string> | default = ""]

    # The availability zone where this instance is running. Required if
    # zone-awareness is enabled.
    # CLI flag: -ui.ring.instance-availability-zone
    [instance_availability_zone: <string> | default = ""]

    # Enable using a IPv6 instance address.
    # CLI flag: -ui.ring.instance-enable-ipv6
    [instance_enable_ipv6: <boolean> | default = false]

# Configures the distributor.
[distributor: <distributor>]

# Configures the querier. Only appropriate when running all modules or just the
# querier.
[querier: <querier>]

query_engine:
  # Experimental: Enable next generation query engine for supported queries.
  # CLI flag: -query-engine.enable
  [enable: <boolean> | default = false]

  # Experimental: Enable distributed query execution.
  # CLI flag: -query-engine.distributed
  [distributed: <boolean> | default = false]

  # Experimental: Name of network interface to read an advertise address from
  # for accepting incoming traffic from query-engine-worker instances when
  # distributed execution is enabled.
  # CLI flag: -query-engine.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Experimental: Batch size of the next generation query engine.
  # CLI flag: -query-engine.batch-size
  [batch_size: <int> | default = 100]

  # Experimental: Number of bytes to prefetch when opening a data object for
  # decoding metadata and overlapping section reads. Clamps to at least 16KiB.
  # CLI flag: -query-engine.prefetch-bytes
  [prefetch_bytes: <int> | default = 16KiB]

  # Experimental: The number of inputs that are prefetched simultaneously by any
  # Merge node. A value of 0 means that only the currently processed input is
  # prefetched, 1 means that only the next input is prefetched, and so on. A
  # negative value means that all inputs are be prefetched in parallel.
  # CLI flag: -query-engine.merge-prefetch-count
  [merge_prefetch_count: <int> | default = 0]

  # Configures how to read byte ranges from object storage when using the V2
  # engine.
  range_reads:
    # Experimental: maximum number of parallel reads
    # CLI flag: -query-engine.range-reads.max-parallelism
    [max_parallelism: <int> | default = 10]

    # Experimental: maximum distance (in bytes) between ranges that causes them
    # to be coalesced into a single range
    # CLI flag: -query-engine.range-reads.coalesce-size
    [coalesce_size: <int> | default = 1048576]

    # Experimental: maximum size of a byte range
    # CLI flag: -query-engine.range-reads.max-range-size
    [max_range_size: <int> | default = 8388608]

    # Experimental: minimum size of a byte range
    # CLI flag: -query-engine.range-reads.min-range-size
    [min_range_size: <int> | default = 1048576]

  # Experimental: Number of worker threads to spawn. Each worker thread runs one
  # task at a time. 0 means to use GOMAXPROCS value.
  # CLI flag: -query-engine.worker-threads
  [worker_threads: <int> | default = 0]

  # Experimental: Address holding DNS SRV records of schedulers to connect to.
  # CLI flag: -query-engine.scheduler-lookup-address
  [scheduler_lookup_address: <string> | default = ""]

  # Experimental: Interval at which to lookup new schedulers by DNS SRV records.
  # CLI flag: -query-engine.scheduler-lookup-interval
  [scheduler_lookup_interval: <duration> | default = 10s]

  # Amount of time until data objects are available.
  # CLI flag: -query-engine.storage-lag
  [storage_lag: <duration> | default = 1h]

  # Initial date when data objects became available. Format YYYY-MM-DD. If not
  # set, assume data objects are always available no matter how far back.
  # CLI flag: -query-engine.storage-start-date
  [storage_start_date: <time> | default = 0]

  # Lifecycle of data objects in days. If set, queries falling outside of the
  # retention period will not be supported. When both storage-start-date and
  # storage-retention-days are set, the more restrictive of the two will apply.
  # CLI flag: -query-engine.storage-retention-days
  [storage_retention_days: <int> | default = 0]

  # Enable routing of query splits in the query frontend to the next generation
  # engine when they fall within the configured time range.
  # CLI flag: -query-engine.enable-engine-router
  [enable_engine_router: <boolean> | default = false]

  # Downstream address to send query splits to. This is the HTTP handler address
  # of the query engine scheduler.
  # CLI flag: -query-engine.downstream-address
  [downstream_address: <string> | default = ""]

  # When enabled, query results exclude log lines that match overlapping delete
  # requests (not just pending requests). Disable to return all logs without
  # considering delete requests.
  # CLI flag: -query-engine.enable-delete-req-filtering
  [enable_delete_req_filtering: <boolean> | default = true]

  # Enforce tenant retention limits. Queries falling outside tenant's retention
  # period are either adjusted or rejected.
  # CLI flag: -query-engine.enforce-retention-period
  [enforce_retention_period: <boolean> | default = false]

  # Mutate incoming queries to align their start and end with their step.
  # CLI flag: -query-engine.align-queries-with-step
  [align_queries_with_step: <boolean> | default = false]

  # Experimental: When enabled, the tenant's MaxQuerySeries limit is applied.
  # Otherwise, no limit is enforced.
  # CLI flag: -query-engine.enforce-max-query-series-limit
  [enforce_max_query_series_limit: <boolean> | default = false]

  results_cache:
    # The cache_config block configures the cache backend for a specific Loki
    # component.
    # The CLI flags prefix for this block configuration is:
    # query-engine.results-cache
    [cache: <cache_config>]

    # Use compression in cache. The default is an empty value '', which disables
    # compression. Supported values are: 'snappy' and ''.
    # CLI flag: -query-engine.results-cache.compression
    [compression: <string> | default = ""]

# The query_scheduler block configures the Loki query scheduler. When configured
# it separates the tenant query queues from the query-frontend.
[query_scheduler: <query_scheduler>]

# The frontend block configures the Loki query-frontend.
[frontend: <frontend>]

# The query_range block configures the query splitting and caching in the Loki
# query-frontend.
[query_range: <query_range>]

# The ruler block configures the Loki ruler.
[ruler: <ruler>]

ruler_storage:
  # The thanos_object_store_config block configures the connection to object
  # storage backend using thanos-io/objstore clients. This will become the
  # default way of configuring object store clients in future releases.
  # Currently this is opt-in and takes effect only when `-use-thanos-objstore`
  # is set to true.
  # The CLI flags prefix for this block configuration is: ruler-storage
  [<thanos_object_store_config>]

  # Backend storage to use. Supported backends are: local, s3, gcs, azure,
  # swift, filesystem, alibabacloud, bos
  # CLI flag: -ruler-storage.backend
  [backend: <string> | default = "filesystem"]

  local:
    # Directory to scan for rules
    # CLI flag: -ruler-storage.local.directory
    [directory: <string> | default = ""]

# The ingester_client block configures how the distributor will connect to
# ingesters. Only appropriate when running all components, the distributor, or
# the querier.
[ingester_client: <ingester_client>]

# The ingester block configures the ingester and how the ingester will register
# itself to a key value store.
[ingester: <ingester>]

pattern_ingester:
  # Whether the pattern ingester is enabled.
  # CLI flag: -pattern-ingester.enabled
  [enabled: <boolean> | default = false]

  # Configures how the lifecycle of the pattern ingester will operate and where
  # it will register for discovery.
  lifecycler:
    ring:
      kvstore:
        # Backend storage to use for the ring. Supported values are: consul,
        # etcd, inmemory, memberlist, multi.
        # CLI flag: -pattern-ingester.store
        [store: <string> | default = "consul"]

        # The prefix for the keys in the store. Should end with a /.
        # CLI flag: -pattern-ingester.prefix
        [prefix: <string> | default = "collectors/"]

        # Configuration for a Consul client. Only applies if the selected
        # kvstore is consul.
        # The CLI flags prefix for this block configuration is: pattern-ingester
        [consul: <consul>]

        # Configuration for an ETCD v3 client. Only applies if the selected
        # kvstore is etcd.
        # The CLI flags prefix for this block configuration is: pattern-ingester
        [etcd: <etcd>]

        multi:
          # Primary backend storage used by multi-client.
          # CLI flag: -pattern-ingester.multi.primary
          [primary: <string> | default = ""]

          # Secondary backend storage used by multi-client.
          # CLI flag: -pattern-ingester.multi.secondary
          [secondary: <string> | default = ""]

          # Mirror writes to the secondary store.
          # CLI flag: -pattern-ingester.multi.mirror-enabled
          [mirror_enabled: <boolean> | default = false]

          # Timeout for storing a value to the secondary store.
          # CLI flag: -pattern-ingester.multi.mirror-timeout
          [mirror_timeout: <duration> | default = 2s]

      # The heartbeat timeout after which ingesters are skipped for
      # reads/writes.
      # CLI flag: -pattern-ingester.ring.heartbeat-timeout
      [heartbeat_timeout: <duration> | default = 1m]

      # The number of ingesters to write to and read from.
      # CLI flag: -pattern-ingester.distributor.replication-factor
      [replication_factor: <int> | default = 1]

      # True to enable the zone-awareness and replicate ingested samples across
      # different availability zones.
      # CLI flag: -pattern-ingester.distributor.zone-awareness-enabled
      [zone_awareness_enabled: <boolean> | default = false]

      # Comma-separated list of zones to exclude from the ring. Instances in
      # excluded zones will be filtered out from the ring.
      # CLI flag: -pattern-ingester.distributor.excluded-zones
      [excluded_zones: <string> | default = ""]

    # Number of tokens for each ingester.
    # CLI flag: -pattern-ingester.num-tokens
    [num_tokens: <int> | default = 128]

    # Period at which to heartbeat to consul.
    # CLI flag: -pattern-ingester.heartbeat-period
    [heartbeat_period: <duration> | default = 5s]

    # Heartbeat timeout after which instance is assumed to be unhealthy.
    # CLI flag: -pattern-ingester.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # Observe tokens after generating to resolve collisions. Useful when using
    # gossiping ring.
    # CLI flag: -pattern-ingester.observe-period
    [observe_period: <duration> | default = 0s]

    # Period to wait for a claim from another member; will join automatically
    # after this.
    # CLI flag: -pattern-ingester.join-after
    [join_after: <duration> | default = 0s]

    # Minimum duration to wait after the internal readiness checks have passed
    # but before succeeding the readiness endpoint. This is used to slowdown
    # deployment controllers (eg. Kubernetes) after an instance is ready and
    # before they proceed with a rolling update, to give the rest of the cluster
    # instances enough time to receive ring updates.
    # CLI flag: -pattern-ingester.min-ready-duration
    [min_ready_duration: <duration> | default = 15s]

    # Name of network interface to read address from.
    # CLI flag: -pattern-ingester.lifecycler.interface
    [interface_names: <list of strings> | default = [<private network interfaces>]]

    # Enable IPv6 support. Required to make use of IP addresses from IPv6
    # interfaces.
    # CLI flag: -pattern-ingester.enable-inet6
    [enable_inet6: <boolean> | default = false]

    # Duration to sleep for before exiting, to ensure metrics are scraped.
    # CLI flag: -pattern-ingester.final-sleep
    [final_sleep: <duration> | default = 0s]

    # File path where tokens are stored. If empty, tokens are not stored at
    # shutdown and restored at startup.
    # CLI flag: -pattern-ingester.tokens-file-path
    [tokens_file_path: <string> | default = ""]

    # The availability zone where this instance is running.
    # CLI flag: -pattern-ingester.availability-zone
    [availability_zone: <string> | default = ""]

    # Unregister from the ring upon clean shutdown. It can be useful to disable
    # for rolling restarts with consistent naming in conjunction with
    # -distributor.extend-writes=false.
    # CLI flag: -pattern-ingester.unregister-on-shutdown
    [unregister_on_shutdown: <boolean> | default = true]

    # When enabled the readiness probe succeeds only after all instances are
    # ACTIVE and healthy in the ring, otherwise only the instance itself is
    # checked. This option should be disabled if in your cluster multiple
    # instances can be rolled out simultaneously, otherwise rolling updates may
    # be slowed down.
    # CLI flag: -pattern-ingester.readiness-check-ring-health
    [readiness_check_ring_health: <boolean> | default = true]

    # IP address to advertise in the ring.
    # CLI flag: -pattern-ingester.lifecycler.addr
    [address: <string> | default = ""]

    # port to advertise in consul (defaults to server.grpc-listen-port).
    # CLI flag: -pattern-ingester.lifecycler.port
    [port: <int> | default = 0]

    # ID to register in the ring.
    # CLI flag: -pattern-ingester.lifecycler.ID
    [id: <string> | default = "<hostname>"]

  # Configures how the pattern ingester will connect to the ingesters.
  client_config:
    # Configures how connections are pooled.
    pool_config:
      # How frequently to clean up clients for ingesters that have gone away.
      # CLI flag: -pattern-ingester.client-cleanup-period
      [client_cleanup_period: <duration> | default = 15s]

      # Run a health check on each ingester client during periodic cleanup.
      # CLI flag: -pattern-ingester.health-check-ingesters
      [health_check_ingesters: <boolean> | default = true]

      # Timeout for the health check.
      # CLI flag: -pattern-ingester.remote-timeout
      [remote_timeout: <duration> | default = 1s]

    # The remote request timeout on the client side.
    # CLI flag: -pattern-ingester.client.timeout
    [remote_timeout: <duration> | default = 5s]

    # Configures how the gRPC connection to ingesters work as a client.
    # The CLI flags prefix for this block configuration is:
    # pattern-ingester.client
    [grpc_client_config: <grpc_client>]

  # How many flushes can happen concurrently from each stream.
  # CLI flag: -pattern-ingester.concurrent-flushes
  [concurrent_flushes: <int> | default = 32]

  # How often should the ingester see if there are any blocks to flush. The
  # first flush check is delayed by a random time up to 0.8x the flush check
  # period. Additionally, there is +/- 1% jitter added to the interval.
  # CLI flag: -pattern-ingester.flush-check-period
  [flush_check_period: <duration> | default = 1m]

  # The maximum number of detected pattern clusters that can be created by
  # streams.
  # CLI flag: -pattern-ingester.max-clusters
  [max_clusters: <int> | default = 300]

  # The maximum eviction ratio of patterns per stream. Once that ratio is
  # reached, the stream will throttled pattern detection.
  # CLI flag: -pattern-ingester.max-eviction-ratio
  [max_eviction_ratio: <float> | default = 0.25]

  # Configures the metric aggregation and storage behavior of the pattern
  # ingester.
  metric_aggregation:
    # How often to sample metrics and patterns from raw push observations.
    # CLI flag: -pattern-ingester.metric-aggregation.downsample-period
    [sample_period: <duration> | default = 10s]

    # The address of the Loki instance to push aggregated metrics to.
    # CLI flag: -pattern-ingester.metric-aggregation.loki-address
    [loki_address: <string> | default = ""]

    # The timeout for writing to Loki.
    # CLI flag: -pattern-ingester.metric-aggregation.timeout
    [timeout: <duration> | default = 10s]

    # How long to wait in between pushes to Loki.
    # CLI flag: -pattern-ingester.metric-aggregation.push-period
    [push_period: <duration> | default = 30s]

    # The HTTP client configuration for pushing metrics to Loki.
    http_client_config:
      basic_auth:
        [username: <string> | default = ""]

        [username_file: <string> | default = ""]

        [username_ref: <string> | default = ""]

        [password: <string> | default = ""]

        [password_file: <string> | default = ""]

        [password_ref: <string> | default = ""]

      authorization:
        [type: <string> | default = ""]

        [credentials: <string> | default = ""]

        [credentials_file: <string> | default = ""]

        [credentials_ref: <string> | default = ""]

      oauth2:
        [client_id: <string> | default = ""]

        [client_secret: <string> | default = ""]

        [client_secret_file: <string> | default = ""]

        [client_secret_ref: <string> | default = ""]

        [client_certificate_key_id: <string> | default = ""]

        [client_certificate_key: <string> | default = ""]

        [client_certificate_key_file: <string> | default = ""]

        [client_certificate_key_ref: <string> | default = ""]

        [grant_type: <string> | default = ""]

        [signature_algorithm: <string> | default = ""]

        [iss: <string> | default = ""]

        [audience: <string> | default = ""]

        [claims: <map of string to >]

        [scopes: <list of strings>]

        [token_url: <string> | default = ""]

        [endpoint_params: <map of string to string>]

        tls_config:
          [ca: <string> | default = ""]

          [cert: <string> | default = ""]

          [key: <string> | default = ""]

          [ca_file: <string> | default = ""]

          [cert_file: <string> | default = ""]

          [key_file: <string> | default = ""]

          [ca_ref: <string> | default = ""]

          [cert_ref: <string> | default = ""]

          [key_ref: <string> | default = ""]

          [server_name: <string> | default = ""]

          [insecure_skip_verify: <boolean>]

          [min_version: <int>]

          [max_version: <int>]

        proxy_url:
          [url: <url>]

        [no_proxy: <string> | default = ""]

        [proxy_from_environment: <boolean>]

        [proxy_connect_header: <map of string to list of strings>]

      [bearer_token: <string> | default = ""]

      [bearer_token_file: <string> | default = ""]

      tls_config:
        [ca: <string> | default = ""]

        [cert: <string> | default = ""]

        [key: <string> | default = ""]

        [ca_file: <string> | default = ""]

        [cert_file: <string> | default = ""]

        [key_file: <string> | default = ""]

        [ca_ref: <string> | default = ""]

        [cert_ref: <string> | default = ""]

        [key_ref: <string> | default = ""]

        [server_name: <string> | default = ""]

        [insecure_skip_verify: <boolean>]

        [min_version: <int>]

        [max_version: <int>]

      [follow_redirects: <boolean>]

      [enable_http2: <boolean>]

      proxy_url:
        [url: <url>]

      [no_proxy: <string> | default = ""]

      [proxy_from_environment: <boolean>]

      [proxy_connect_header: <map of string to list of strings>]

      http_headers:
        [: <map of string to Header>]

    # Whether to use TLS for pushing metrics to Loki.
    # CLI flag: -pattern-ingester.metric-aggregation.tls
    [use_tls: <boolean> | default = false]

    # The basic auth configuration for pushing metrics to Loki.
    basic_auth:
      # Basic auth username for sending aggregations back to Loki.
      # CLI flag: -pattern-ingester.metric-aggregation..basic-auth.username
      [username: <string> | default = ""]

      # Basic auth password for sending aggregations back to Loki.
      # CLI flag: -pattern-ingester.metric-aggregation..basic-auth.password
      [password: <string> | default = ""]

    # The backoff configuration for pushing metrics to Loki.
    backoff_config:
      # Minimum delay when backing off.
      # CLI flag: -pattern-ingester.metric-aggregation...backoff-min-period
      [min_period: <duration> | default = 100ms]

      # Maximum delay when backing off.
      # CLI flag: -pattern-ingester.metric-aggregation...backoff-max-period
      [max_period: <duration> | default = 10s]

      # Number of times to backoff and retry before failing.
      # CLI flag: -pattern-ingester.metric-aggregation...backoff-retries
      [max_retries: <int> | default = 10]

  # Configures how detected patterns are pushed back to Loki for persistence.
  pattern_persistence:
    # The address of the Loki instance to push patterns to.
    # CLI flag: -pattern-ingester.pattern-persistence.loki-address
    [loki_address: <string> | default = ""]

    # The timeout for writing patterns to Loki.
    # CLI flag: -pattern-ingester.pattern-persistence.timeout
    [timeout: <duration> | default = 10s]

    # How long to wait between pattern pushes to Loki.
    # CLI flag: -pattern-ingester.pattern-persistence.push-period
    [push_period: <duration> | default = 1m]

    # The HTTP client configuration for pushing patterns to Loki.
    http_client_config:
      basic_auth:
        [username: <string> | default = ""]

        [username_file: <string> | default = ""]

        [username_ref: <string> | default = ""]

        [password: <string> | default = ""]

        [password_file: <string> | default = ""]

        [password_ref: <string> | default = ""]

      authorization:
        [type: <string> | default = ""]

        [credentials: <string> | default = ""]

        [credentials_file: <string> | default = ""]

        [credentials_ref: <string> | default = ""]

      oauth2:
        [client_id: <string> | default = ""]

        [client_secret: <string> | default = ""]

        [client_secret_file: <string> | default = ""]

        [client_secret_ref: <string> | default = ""]

        [client_certificate_key_id: <string> | default = ""]

        [client_certificate_key: <string> | default = ""]

        [client_certificate_key_file: <string> | default = ""]

        [client_certificate_key_ref: <string> | default = ""]

        [grant_type: <string> | default = ""]

        [signature_algorithm: <string> | default = ""]

        [iss: <string> | default = ""]

        [audience: <string> | default = ""]

        [claims: <map of string to >]

        [scopes: <list of strings>]

        [token_url: <string> | default = ""]

        [endpoint_params: <map of string to string>]

        tls_config:
          [ca: <string> | default = ""]

          [cert: <string> | default = ""]

          [key: <string> | default = ""]

          [ca_file: <string> | default = ""]

          [cert_file: <string> | default = ""]

          [key_file: <string> | default = ""]

          [ca_ref: <string> | default = ""]

          [cert_ref: <string> | default = ""]

          [key_ref: <string> | default = ""]

          [server_name: <string> | default = ""]

          [insecure_skip_verify: <boolean>]

          [min_version: <int>]

          [max_version: <int>]

        proxy_url:
          [url: <url>]

        [no_proxy: <string> | default = ""]

        [proxy_from_environment: <boolean>]

        [proxy_connect_header: <map of string to list of strings>]

      [bearer_token: <string> | default = ""]

      [bearer_token_file: <string> | default = ""]

      tls_config:
        [ca: <string> | default = ""]

        [cert: <string> | default = ""]

        [key: <string> | default = ""]

        [ca_file: <string> | default = ""]

        [cert_file: <string> | default = ""]

        [key_file: <string> | default = ""]

        [ca_ref: <string> | default = ""]

        [cert_ref: <string> | default = ""]

        [key_ref: <string> | default = ""]

        [server_name: <string> | default = ""]

        [insecure_skip_verify: <boolean>]

        [min_version: <int>]

        [max_version: <int>]

      [follow_redirects: <boolean>]

      [enable_http2: <boolean>]

      proxy_url:
        [url: <url>]

      [no_proxy: <string> | default = ""]

      [proxy_from_environment: <boolean>]

      [proxy_connect_header: <map of string to list of strings>]

      http_headers:
        [: <map of string to Header>]

    # Whether to use TLS for pushing patterns to Loki.
    # CLI flag: -pattern-ingester.pattern-persistence.tls
    [use_tls: <boolean> | default = false]

    # The basic auth configuration for pushing patterns to Loki.
    basic_auth:
      # Basic auth username for sending patterns back to Loki.
      # CLI flag: -pattern-ingester.pattern-persistence..basic-auth.username
      [username: <string> | default = ""]

      # Basic auth password for sending patterns back to Loki.
      # CLI flag: -pattern-ingester.pattern-persistence..basic-auth.password
      [password: <string> | default = ""]

    # The backoff configuration for pushing patterns to Loki.
    backoff_config:
      # Minimum delay when backing off.
      # CLI flag: -pattern-ingester.pattern-persistence...backoff-min-period
      [min_period: <duration> | default = 100ms]

      # Maximum delay when backing off.
      # CLI flag: -pattern-ingester.pattern-persistence...backoff-max-period
      [max_period: <duration> | default = 10s]

      # Number of times to backoff and retry before failing.
      # CLI flag: -pattern-ingester.pattern-persistence...backoff-retries
      [max_retries: <int> | default = 10]

    # The maximum number of patterns to accumulate before pushing.
    # CLI flag: -pattern-ingester.pattern-persistence.batch-size
    [batch_size: <int> | default = 1000]

  # Configures the pattern tee which forwards requests to the pattern ingester.
  tee_config:
    # The size of the batch of raw logs to send for template mining
    # CLI flag: -pattern-ingester.tee.batch-size
    [batch_size: <int> | default = 5000]

    # The max time between batches of raw logs to send for template mining
    # CLI flag: -pattern-ingester.tee.batch-flush-interval
    [batch_flush_interval: <duration> | default = 1s]

    # The number of log flushes to queue before dropping
    # CLI flag: -pattern-ingester.tee.flush-queue-size
    [flush_queue_size: <int> | default = 1000]

    # the number of concurrent workers sending logs to the template service
    # CLI flag: -pattern-ingester.tee.flush-worker-count
    [flush_worker_count: <int> | default = 100]

    # The max time we will try to flush any remaining logs to be mined when the
    # service is stopped
    # CLI flag: -pattern-ingester.tee.stop-flush-timeout
    [stop_flush_timeout: <duration> | default = 30s]

  # Timeout for connections between the Loki and the pattern ingester.
  # CLI flag: -pattern-ingester.connection-timeout
  [connection_timeout: <duration> | default = 2s]

  # The maximum length of log lines that can be used for pattern detection.
  # CLI flag: -pattern-ingester.max-allowed-line-length
  [max_allowed_line_length: <int> | default = 3000]

  # How long to retain patterns in the pattern ingester after they are pushed.
  # CLI flag: -pattern-ingester.retain-for
  [retain_for: <duration> | default = 3h]

  # The maximum time span for a single pattern chunk.
  # CLI flag: -pattern-ingester.max-chunk-age
  [max_chunk_age: <duration> | default = 1h]

  # The time resolution for pattern samples within chunks.
  # CLI flag: -pattern-ingester.sample-interval
  [pattern_sample_interval: <duration> | default = 10s]

  # The threshold for filtering patterns by volume. Only patterns representing
  # the top X% of log volume will be persisted (0-1).
  # CLI flag: -pattern-ingester.volume-threshold
  [volume_threshold: <float> | default = 0.99]

# The index_gateway block configures the Loki index gateway server, responsible
# for serving index queries without the need to constantly interact with the
# object store.
[index_gateway: <index_gateway>]

# Experimental: The bloom_build block configures the Loki bloom planner and
# builder servers, responsible for building bloom filters.
[bloom_build: <bloom_build>]

# Experimental: The bloom_gateway block configures the Loki bloom gateway
# server, responsible for serving queries for filtering chunks based on filter
# expressions.
[bloom_gateway: <bloom_gateway>]

# The storage_config block configures one of many possible stores for both the
# index and chunks. Which configuration to be picked should be defined in
# schema_config block.
[storage_config: <storage_config>]

# The chunk_store_config block configures how chunks will be cached and how long
# to wait before saving them to the backing store.
[chunk_store_config: <chunk_store_config>]

# Configures the chunk index schema and where it is stored.
[schema_config: <schema_config>]

# The compactor block configures the compactor component, which compacts index
# shards for performance.
[compactor: <compactor>]

compactor_grpc_client:
  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is: compactor.grpc-client
  [<grpc_client>]

# The limits_config block configures global and per-tenant limits in Loki. The
# values here can be overridden in the `overrides` section of the runtime_config
# file
[limits_config: <limits_config>]

# The frontend_worker configures the worker - running within the Loki querier -
# picking up and executing queries enqueued by the query-frontend.
[frontend_worker: <frontend_worker>]

# The table_manager block configures the table manager for retention.
[table_manager: <table_manager>]

# Configuration for memberlist client. Only applies if the selected kvstore is
# memberlist.
# 
# When a memberlist config with atleast 1 join_members is defined, kvstore of
# type memberlist is automatically selected for all the components that require
# a ring unless otherwise specified in the component's configuration section.
[memberlist: <memberlist>]

kafka_config:
  # The Kafka topic name.
  # CLI flag: -kafka.topic
  [topic: <string> | default = ""]

  # The maximum time allowed to open a connection to a Kafka broker.
  # CLI flag: -kafka.dial-timeout
  [dial_timeout: <duration> | default = 2s]

  # How long to wait for an incoming write request to be successfully committed
  # to the Kafka backend.
  # CLI flag: -kafka.write-timeout
  [write_timeout: <duration> | default = 10s]

  reader_config:
    # The Kafka backend address.
    # CLI flag: -kafka.reader.address
    [address: <string> | default = "localhost:9092"]

    # The Kafka client ID.
    # CLI flag: -kafka.reader.client-id
    [client_id: <string> | default = ""]

  writer_config:
    # The Kafka backend address.
    # CLI flag: -kafka.writer.address
    [address: <string> | default = "localhost:9092"]

    # The Kafka client ID.
    # CLI flag: -kafka.writer.client-id
    [client_id: <string> | default = ""]

  # The SASL username for authentication to Kafka using the PLAIN mechanism.
  # Both username and password must be set.
  # CLI flag: -kafka.sasl-username
  [sasl_username: <string> | default = ""]

  # The SASL password for authentication to Kafka using the PLAIN mechanism.
  # Both username and password must be set.
  # CLI flag: -kafka.sasl-password
  [sasl_password: <string> | default = ""]

  # The consumer group used by the consumer to track the last consumed offset.
  # The consumer group must be different for each ingester zone.When empty, Loki
  # uses the ingester instance ID.
  # CLI flag: -kafka.consumer-group
  [consumer_group: <string> | default = ""]

  # How frequently a consumer should commit the consumed offset to Kafka. The
  # last committed offset is used at startup to continue the consumption from
  # where it was left.
  # CLI flag: -kafka.consumer-group-offset-commit-interval
  [consumer_group_offset_commit_interval: <duration> | default = 1s]

  # How long to retry a failed request to get the last produced offset.
  # CLI flag: -kafka.last-produced-offset-retry-timeout
  [last_produced_offset_retry_timeout: <duration> | default = 10s]

  # Enable auto-creation of Kafka topic if it doesn't exist.
  # CLI flag: -kafka.auto-create-topic-enabled
  [auto_create_topic_enabled: <boolean> | default = true]

  # When auto-creation of Kafka topic is enabled and this value is positive,
  # Kafka's num.partitions configuration option is set on Kafka brokers with
  # this value when Loki component that uses Kafka starts. This configuration
  # option specifies the default number of partitions that the Kafka broker uses
  # for auto-created topics. Note that this is a Kafka-cluster wide setting, and
  # applies to any auto-created topic. If the setting of num.partitions fails,
  # Loki proceeds anyways, but auto-created topics could have an incorrect
  # number of partitions.
  # CLI flag: -kafka.auto-create-topic-default-partitions
  [auto_create_topic_default_partitions: <int> | default = 1000]

  # The maximum size of a Kafka record data that should be generated by the
  # producer. An incoming write request larger than this size is split into
  # multiple Kafka records. We strongly recommend to not change this setting
  # unless for testing purposes.
  # CLI flag: -kafka.producer-max-record-size-bytes
  [producer_max_record_size_bytes: <int> | default = 15983616]

  # The maximum size of (uncompressed) buffered and unacknowledged produced
  # records sent to Kafka. The produce request fails once this limit is reached.
  # This limit is per Kafka client. 0 to disable the limit.
  # CLI flag: -kafka.producer-max-buffered-bytes
  [producer_max_buffered_bytes: <int> | default = 1073741824]

  # The guaranteed maximum lag before a consumer is considered to have caught up
  # reading from a partition at startup, becomes ACTIVE in the hash ring and
  # passes the readiness check. Set -kafka.max-consumer-lag-at-startup to 0 to
  # disable waiting for maximum consumer lag being honored at startup.
  # CLI flag: -kafka.max-consumer-lag-at-startup
  [max_consumer_lag_at_startup: <duration> | default = 15s]

  # The maximum number of workers to use for processing records from Kafka.
  # CLI flag: -kafka.max-consumer-workers
  [max_consumer_workers: <int> | default = 1]

  # Enable collection of the following kafka latency histograms: read-wait,
  # read-timing, write-wait, write-timing
  # CLI flag: -kafka.enable-kafka-histograms
  [enable_kafka_histograms: <boolean> | default = false]

  # Enable tracing.
  # CLI flag: -kafka.tracing-enabled
  [tracing_enabled: <boolean> | default = false]

dataobj:
  consumer:
    builderconfig:
      # The target maximum amount of uncompressed data to hold in data pages
      # (for columnar sections). Uncompressed size is used for consistent I/O
      # and planning.
      # CLI flag: -dataobj-consumer.target-page-size
      [target_page_size: <int> | default = 2MiB]

      # The maximum row count for pages to use for the data object builder. A
      # value of 0 means no limit.
      # CLI flag: -dataobj-consumer.max-page-rows
      [max_page_rows: <int> | default = 0]

      # The target maximum size of the encoded object and all of its encoded
      # sections (after compression), to limit memory usage of a builder.
      # CLI flag: -dataobj-consumer.target-builder-memory-limit
      [target_object_size: <int> | default = 1GiB]

      # The target maximum amount of uncompressed data to hold in sections, for
      # sections that support being limited by size. Uncompressed size is used
      # for consistent I/O and planning.
      # CLI flag: -dataobj-consumer.target-section-size
      [target_section_size: <int> | default = 128MiB]

      # The size of logs to buffer in memory before adding into columnar
      # builders, used to reduce CPU load of sorting.
      # CLI flag: -dataobj-consumer.buffer-size
      [buffer_size: <int> | default = 16MiB]

      # The maximum number of dataobj section stripes to merge into a section at
      # once. Must be greater than 1.
      # CLI flag: -dataobj-consumer.section-stripe-merge-limit
      [section_stripe_merge_limit: <int> | default = 2]

    lifecycler:
      ring:
        kvstore:
          # Backend storage to use for the ring. Supported values are: consul,
          # etcd, inmemory, memberlist, multi.
          # CLI flag: -dataobj-consumer.store
          [store: <string> | default = "consul"]

          # The prefix for the keys in the store. Should end with a /.
          # CLI flag: -dataobj-consumer.prefix
          [prefix: <string> | default = "collectors/"]

          # Configuration for a Consul client. Only applies if the selected
          # kvstore is consul.
          # The CLI flags prefix for this block configuration is:
          # dataobj-consumer
          [consul: <consul>]

          # Configuration for an ETCD v3 client. Only applies if the selected
          # kvstore is etcd.
          # The CLI flags prefix for this block configuration is:
          # dataobj-consumer
          [etcd: <etcd>]

          multi:
            # Primary backend storage used by multi-client.
            # CLI flag: -dataobj-consumer.multi.primary
            [primary: <string> | default = ""]

            # Secondary backend storage used by multi-client.
            # CLI flag: -dataobj-consumer.multi.secondary
            [secondary: <string> | default = ""]

            # Mirror writes to the secondary store.
            # CLI flag: -dataobj-consumer.multi.mirror-enabled
            [mirror_enabled: <boolean> | default = false]

            # Timeout for storing a value to the secondary store.
            # CLI flag: -dataobj-consumer.multi.mirror-timeout
            [mirror_timeout: <duration> | default = 2s]

        # The heartbeat timeout after which ingesters are skipped for
        # reads/writes.
        # CLI flag: -dataobj-consumer.ring.heartbeat-timeout
        [heartbeat_timeout: <duration> | default = 1m]

        # The number of ingesters to write to and read from.
        # CLI flag: -dataobj-consumer.distributor.replication-factor
        [replication_factor: <int> | default = 3]

        # True to enable the zone-awareness and replicate ingested samples
        # across different availability zones.
        # CLI flag: -dataobj-consumer.distributor.zone-awareness-enabled
        [zone_awareness_enabled: <boolean> | default = false]

        # Comma-separated list of zones to exclude from the ring. Instances in
        # excluded zones will be filtered out from the ring.
        # CLI flag: -dataobj-consumer.distributor.excluded-zones
        [excluded_zones: <string> | default = ""]

      # Number of tokens for each ingester.
      # CLI flag: -dataobj-consumer.num-tokens
      [num_tokens: <int> | default = 128]

      # Period at which to heartbeat to consul.
      # CLI flag: -dataobj-consumer.heartbeat-period
      [heartbeat_period: <duration> | default = 5s]

      # Heartbeat timeout after which instance is assumed to be unhealthy.
      # CLI flag: -dataobj-consumer.heartbeat-timeout
      [heartbeat_timeout: <duration> | default = 1m]

      # Observe tokens after generating to resolve collisions. Useful when using
      # gossiping ring.
      # CLI flag: -dataobj-consumer.observe-period
      [observe_period: <duration> | default = 0s]

      # Period to wait for a claim from another member; will join automatically
      # after this.
      # CLI flag: -dataobj-consumer.join-after
      [join_after: <duration> | default = 0s]

      # Minimum duration to wait after the internal readiness checks have passed
      # but before succeeding the readiness endpoint. This is used to slowdown
      # deployment controllers (eg. Kubernetes) after an instance is ready and
      # before they proceed with a rolling update, to give the rest of the
      # cluster instances enough time to receive ring updates.
      # CLI flag: -dataobj-consumer.min-ready-duration
      [min_ready_duration: <duration> | default = 15s]

      # Name of network interface to read address from.
      # CLI flag: -dataobj-consumer.lifecycler.interface
      [interface_names: <list of strings> | default = [<private network interfaces>]]

      # Enable IPv6 support. Required to make use of IP addresses from IPv6
      # interfaces.
      # CLI flag: -dataobj-consumer.enable-inet6
      [enable_inet6: <boolean> | default = false]

      # Duration to sleep for before exiting, to ensure metrics are scraped.
      # CLI flag: -dataobj-consumer.final-sleep
      [final_sleep: <duration> | default = 0s]

      # File path where tokens are stored. If empty, tokens are not stored at
      # shutdown and restored at startup.
      # CLI flag: -dataobj-consumer.tokens-file-path
      [tokens_file_path: <string> | default = ""]

      # The availability zone where this instance is running.
      # CLI flag: -dataobj-consumer.availability-zone
      [availability_zone: <string> | default = ""]

      # Unregister from the ring upon clean shutdown. It can be useful to
      # disable for rolling restarts with consistent naming in conjunction with
      # -distributor.extend-writes=false.
      # CLI flag: -dataobj-consumer.unregister-on-shutdown
      [unregister_on_shutdown: <boolean> | default = true]

      # When enabled the readiness probe succeeds only after all instances are
      # ACTIVE and healthy in the ring, otherwise only the instance itself is
      # checked. This option should be disabled if in your cluster multiple
      # instances can be rolled out simultaneously, otherwise rolling updates
      # may be slowed down.
      # CLI flag: -dataobj-consumer.readiness-check-ring-health
      [readiness_check_ring_health: <boolean> | default = true]

      # IP address to advertise in the ring.
      # CLI flag: -dataobj-consumer.lifecycler.addr
      [address: <string> | default = ""]

      # port to advertise in consul (defaults to server.grpc-listen-port).
      # CLI flag: -dataobj-consumer.lifecycler.port
      [port: <int> | default = 0]

      # ID to register in the ring.
      # CLI flag: -dataobj-consumer.lifecycler.ID
      [id: <string> | default = "<hostname>"]

    partition_ring:
      # The key-value store used to share the hash ring across multiple
      # instances. This option needs be set on ingesters, distributors,
      # queriers, and rulers when running in microservices mode.
      kvstore:
        # Backend storage to use for the ring. Supported values are: consul,
        # etcd, inmemory, memberlist, multi.
        # CLI flag: -dataobj-consumer.partition-ring.store
        [store: <string> | default = "memberlist"]

        # The prefix for the keys in the store. Should end with a /.
        # CLI flag: -dataobj-consumer.partition-ring.prefix
        [prefix: <string> | default = "collectors/"]

        # Configuration for a Consul client. Only applies if the selected
        # kvstore is consul.
        # The CLI flags prefix for this block configuration is:
        # dataobj-consumer.partition-ring
        [consul: <consul>]

        # Configuration for an ETCD v3 client. Only applies if the selected
        # kvstore is etcd.
        # The CLI flags prefix for this block configuration is:
        # dataobj-consumer.partition-ring
        [etcd: <etcd>]

        multi:
          # Primary backend storage used by multi-client.
          # CLI flag: -dataobj-consumer.partition-ring.multi.primary
          [primary: <string> | default = ""]

          # Secondary backend storage used by multi-client.
          # CLI flag: -dataobj-consumer.partition-ring.multi.secondary
          [secondary: <string> | default = ""]

          # Mirror writes to the secondary store.
          # CLI flag: -dataobj-consumer.partition-ring.multi.mirror-enabled
          [mirror_enabled: <boolean> | default = false]

          # Timeout for storing a value to the secondary store.
          # CLI flag: -dataobj-consumer.partition-ring.multi.mirror-timeout
          [mirror_timeout: <duration> | default = 2s]

      # Minimum number of owners to wait before a PENDING partition gets
      # switched to ACTIVE.
      # CLI flag: -dataobj-consumer.partition-ring.min-partition-owners-count
      [min_partition_owners_count: <int> | default = 1]

      # How long the minimum number of owners are enforced before a PENDING
      # partition gets switched to ACTIVE.
      # CLI flag: -dataobj-consumer.partition-ring.min-partition-owners-duration
      [min_partition_owners_duration: <duration> | default = 10s]

      # How long to wait before an INACTIVE partition is eligible for deletion.
      # The partition is deleted only if it has been in INACTIVE state for at
      # least the configured duration and it has no owners registered. A value
      # of 0 disables partitions deletion.
      # CLI flag: -dataobj-consumer.partition-ring.delete-inactive-partition-after
      [delete_inactive_partition_after: <duration> | default = 13h]

      # Experimental: The size of the cache used for shuffle sharding. If zero
      # or negative, an unbounded cache is used. If positive, an LRU cache with
      # the specified size is used.
      # CLI flag: -dataobj-consumer.partition-ring.shuffle-shard-cache-size
      [shuffle_shard_cache_size: <int> | default = 0]

    uploader:
      # The size of the SHA prefix to use for generating object storage keys for
      # data objects.
      # CLI flag: -dataobj-consumer.sha-prefix-size
      [shaprefixsize: <int> | default = 2]

    # The maximum amount of time to wait in seconds before flushing an object
    # that is no longer receiving new writes.
    # CLI flag: -dataobj-consumer.idle-flush-timeout
    [idle_flush_timeout: <duration> | default = 1h]

    # The maximum amount of time to accumulate data in a builder before flushing
    # it. Defaults to 1 hour.
    # CLI flag: -dataobj-consumer.max-builder-age
    [max_builder_age: <duration> | default = 1h]

    # The name of the Kafka topic.
    # CLI flag: -dataobj-consumer.topic
    [topic: <string> | default = ""]

  index:
    # The target maximum amount of uncompressed data to hold in data pages (for
    # columnar sections). Uncompressed size is used for consistent I/O and
    # planning.
    # CLI flag: -dataobj-index-builder.target-page-size
    [target_page_size: <int> | default = 128KiB]

    # The maximum row count for pages to use for the data object builder. A
    # value of 0 means no limit.
    # CLI flag: -dataobj-index-builder.max-page-rows
    [max_page_rows: <int> | default = 0]

    # The target maximum size of the encoded object and all of its encoded
    # sections (after compression), to limit memory usage of a builder.
    # CLI flag: -dataobj-index-builder.target-builder-memory-limit
    [target_object_size: <int> | default = 64MiB]

    # The target maximum amount of uncompressed data to hold in sections, for
    # sections that support being limited by size. Uncompressed size is used for
    # consistent I/O and planning.
    # CLI flag: -dataobj-index-builder.target-section-size
    [target_section_size: <int> | default = 16MiB]

    # The size of logs to buffer in memory before adding into columnar builders,
    # used to reduce CPU load of sorting.
    # CLI flag: -dataobj-index-builder.buffer-size
    [buffer_size: <int> | default = 2MiB]

    # The maximum number of dataobj section stripes to merge into a section at
    # once. Must be greater than 1.
    # CLI flag: -dataobj-index-builder.section-stripe-merge-limit
    [section_stripe_merge_limit: <int> | default = 2]

    # Experimental: The number of events to batch before building an index
    # CLI flag: -dataobj-index-builder.events-per-index
    [events_per_index: <int> | default = 32]

    # Experimental: How often to check for stale partitions to flush
    # CLI flag: -dataobj-index-builder.flush-interval
    [flush_interval: <duration> | default = 1m]

    # Experimental: Maximum time to wait before flushing buffered events
    # CLI flag: -dataobj-index-builder.max-idle-time
    [max_idle_time: <duration> | default = 30m]

  metastore:
    # Experimental: A prefix to use for storing indexes in object storage. Used
    # for testing only.
    # CLI flag: -dataobj-metastore.index-storage-prefix
    [index_storage_prefix: <string> | default = "index/v0"]

    # Experimental: The ratio of log partitions to metastore partitions. For
    # example, a value of 10 means there is 1 metastore partition for every 10
    # log partitions.
    # CLI flag: -dataobj-metastore.partition-ratio
    [partition_ratio: <int> | default = 10]

  # The prefix to use for the storage bucket.
  # CLI flag: -dataobj-storage-bucket-prefix
  [storage_bucket_prefix: <string> | default = "dataobj/"]

  # Enable data objects.
  # CLI flag: -dataobj.enabled
  [enabled: <boolean> | default = false]

ingest_limits:
  # Enable the ingest limits service.
  # CLI flag: -ingest-limits.enabled
  [enabled: <boolean> | default = false]

  # The duration for which which streams are considered active. Streams that
  # have not been updated within this window are considered inactive and not
  # counted towards limits.
  # CLI flag: -ingest-limits.active-window
  [active_window: <duration> | default = 2h]

  # The time window for rate calculation. This should match the window used in
  # Prometheus rate() queries for consistency.
  # CLI flag: -ingest-limits.rate-window
  [rate_window: <duration> | default = 5m]

  # The size of the buckets used to calculate stream rates. Smaller buckets
  # provide more precise rates but require more memory.
  # CLI flag: -ingest-limits.bucket-size
  [bucket_size: <duration> | default = 1m]

  # The interval at which old streams are evicted.
  # CLI flag: -ingest-limits.eviction-interval
  [eviction_interval: <duration> | default = 10m]

  # The number of partitions for the Kafka topic used to read and write stream
  # metadata. It is fixed, not a maximum.
  # CLI flag: -ingest-limits.num-partitions
  [num_partitions: <int> | default = 64]

  lifecycler:
    ring:
      kvstore:
        # Backend storage to use for the ring. Supported values are: consul,
        # etcd, inmemory, memberlist, multi.
        # CLI flag: -ingest-limits.store
        [store: <string> | default = "consul"]

        # The prefix for the keys in the store. Should end with a /.
        # CLI flag: -ingest-limits.prefix
        [prefix: <string> | default = "collectors/"]

        # Configuration for a Consul client. Only applies if the selected
        # kvstore is consul.
        # The CLI flags prefix for this block configuration is: ingest-limits
        [consul: <consul>]

        # Configuration for an ETCD v3 client. Only applies if the selected
        # kvstore is etcd.
        # The CLI flags prefix for this block configuration is: ingest-limits
        [etcd: <etcd>]

        multi:
          # Primary backend storage used by multi-client.
          # CLI flag: -ingest-limits.multi.primary
          [primary: <string> | default = ""]

          # Secondary backend storage used by multi-client.
          # CLI flag: -ingest-limits.multi.secondary
          [secondary: <string> | default = ""]

          # Mirror writes to the secondary store.
          # CLI flag: -ingest-limits.multi.mirror-enabled
          [mirror_enabled: <boolean> | default = false]

          # Timeout for storing a value to the secondary store.
          # CLI flag: -ingest-limits.multi.mirror-timeout
          [mirror_timeout: <duration> | default = 2s]

      # The heartbeat timeout after which ingesters are skipped for
      # reads/writes.
      # CLI flag: -ingest-limits.ring.heartbeat-timeout
      [heartbeat_timeout: <duration> | default = 1m]

      # The number of ingesters to write to and read from.
      # CLI flag: -ingest-limits.distributor.replication-factor
      [replication_factor: <int> | default = 3]

      # True to enable the zone-awareness and replicate ingested samples across
      # different availability zones.
      # CLI flag: -ingest-limits.distributor.zone-awareness-enabled
      [zone_awareness_enabled: <boolean> | default = false]

      # Comma-separated list of zones to exclude from the ring. Instances in
      # excluded zones will be filtered out from the ring.
      # CLI flag: -ingest-limits.distributor.excluded-zones
      [excluded_zones: <string> | default = ""]

    # Number of tokens for each ingester.
    # CLI flag: -ingest-limits.num-tokens
    [num_tokens: <int> | default = 128]

    # Period at which to heartbeat to consul.
    # CLI flag: -ingest-limits.heartbeat-period
    [heartbeat_period: <duration> | default = 5s]

    # Heartbeat timeout after which instance is assumed to be unhealthy.
    # CLI flag: -ingest-limits.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # Observe tokens after generating to resolve collisions. Useful when using
    # gossiping ring.
    # CLI flag: -ingest-limits.observe-period
    [observe_period: <duration> | default = 0s]

    # Period to wait for a claim from another member; will join automatically
    # after this.
    # CLI flag: -ingest-limits.join-after
    [join_after: <duration> | default = 0s]

    # Minimum duration to wait after the internal readiness checks have passed
    # but before succeeding the readiness endpoint. This is used to slowdown
    # deployment controllers (eg. Kubernetes) after an instance is ready and
    # before they proceed with a rolling update, to give the rest of the cluster
    # instances enough time to receive ring updates.
    # CLI flag: -ingest-limits.min-ready-duration
    [min_ready_duration: <duration> | default = 15s]

    # Name of network interface to read address from.
    # CLI flag: -ingest-limits.lifecycler.interface
    [interface_names: <list of strings> | default = [<private network interfaces>]]

    # Enable IPv6 support. Required to make use of IP addresses from IPv6
    # interfaces.
    # CLI flag: -ingest-limits.enable-inet6
    [enable_inet6: <boolean> | default = false]

    # Duration to sleep for before exiting, to ensure metrics are scraped.
    # CLI flag: -ingest-limits.final-sleep
    [final_sleep: <duration> | default = 0s]

    # File path where tokens are stored. If empty, tokens are not stored at
    # shutdown and restored at startup.
    # CLI flag: -ingest-limits.tokens-file-path
    [tokens_file_path: <string> | default = ""]

    # The availability zone where this instance is running.
    # CLI flag: -ingest-limits.availability-zone
    [availability_zone: <string> | default = ""]

    # Unregister from the ring upon clean shutdown. It can be useful to disable
    # for rolling restarts with consistent naming in conjunction with
    # -distributor.extend-writes=false.
    # CLI flag: -ingest-limits.unregister-on-shutdown
    [unregister_on_shutdown: <boolean> | default = true]

    # When enabled the readiness probe succeeds only after all instances are
    # ACTIVE and healthy in the ring, otherwise only the instance itself is
    # checked. This option should be disabled if in your cluster multiple
    # instances can be rolled out simultaneously, otherwise rolling updates may
    # be slowed down.
    # CLI flag: -ingest-limits.readiness-check-ring-health
    [readiness_check_ring_health: <boolean> | default = true]

    # IP address to advertise in the ring.
    # CLI flag: -ingest-limits.lifecycler.addr
    [address: <string> | default = ""]

    # port to advertise in consul (defaults to server.grpc-listen-port).
    # CLI flag: -ingest-limits.lifecycler.port
    [port: <int> | default = 0]

    # ID to register in the ring.
    # CLI flag: -ingest-limits.lifecycler.ID
    [id: <string> | default = "<hostname>"]

  # The consumer group for the Kafka topic used to read stream metadata records.
  # CLI flag: -ingest-limits.consumer-group
  [consumer_group: <string> | default = "ingest-limits"]

  # The topic for the Kafka topic used to read and write stream metadata
  # records.
  # CLI flag: -ingest-limits.topic
  [topic: <string> | default = ""]

ingest_limits_frontend:
  client_config:
    # Configures client gRPC connections to limits service.
    # The CLI flags prefix for this block configuration is:
    # ingest-limits-frontend.limits-client
    [grpc_client_config: <grpc_client>]

    # Configures client gRPC connections pool to limits service.
    pool_config:
      # How frequently to clean up clients for ingest-limits that have gone
      # away.
      # CLI flag: -ingest-limits-frontend.client-cleanup-period
      [client_cleanup_period: <duration> | default = 15s]

      # Run a health check on each ingest-limits client during periodic cleanup.
      # CLI flag: -ingest-limits-frontend.health-check-ingest-limits
      [health_check_ingest_limits: <boolean> | default = true]

      # Timeout for the health check.
      # CLI flag: -ingest-limits-frontend.remote-timeout
      [remote_timeout: <duration> | default = 1s]

  lifecycler:
    ring:
      kvstore:
        # Backend storage to use for the ring. Supported values are: consul,
        # etcd, inmemory, memberlist, multi.
        # CLI flag: -ingest-limits-frontend.store
        [store: <string> | default = "consul"]

        # The prefix for the keys in the store. Should end with a /.
        # CLI flag: -ingest-limits-frontend.prefix
        [prefix: <string> | default = "collectors/"]

        # Configuration for a Consul client. Only applies if the selected
        # kvstore is consul.
        # The CLI flags prefix for this block configuration is:
        # ingest-limits-frontend
        [consul: <consul>]

        # Configuration for an ETCD v3 client. Only applies if the selected
        # kvstore is etcd.
        # The CLI flags prefix for this block configuration is:
        # ingest-limits-frontend
        [etcd: <etcd>]

        multi:
          # Primary backend storage used by multi-client.
          # CLI flag: -ingest-limits-frontend.multi.primary
          [primary: <string> | default = ""]

          # Secondary backend storage used by multi-client.
          # CLI flag: -ingest-limits-frontend.multi.secondary
          [secondary: <string> | default = ""]

          # Mirror writes to the secondary store.
          # CLI flag: -ingest-limits-frontend.multi.mirror-enabled
          [mirror_enabled: <boolean> | default = false]

          # Timeout for storing a value to the secondary store.
          # CLI flag: -ingest-limits-frontend.multi.mirror-timeout
          [mirror_timeout: <duration> | default = 2s]

      # The heartbeat timeout after which ingesters are skipped for
      # reads/writes.
      # CLI flag: -ingest-limits-frontend.ring.heartbeat-timeout
      [heartbeat_timeout: <duration> | default = 1m]

      # The number of ingesters to write to and read from.
      # CLI flag: -ingest-limits-frontend.distributor.replication-factor
      [replication_factor: <int> | default = 3]

      # True to enable the zone-awareness and replicate ingested samples across
      # different availability zones.
      # CLI flag: -ingest-limits-frontend.distributor.zone-awareness-enabled
      [zone_awareness_enabled: <boolean> | default = false]

      # Comma-separated list of zones to exclude from the ring. Instances in
      # excluded zones will be filtered out from the ring.
      # CLI flag: -ingest-limits-frontend.distributor.excluded-zones
      [excluded_zones: <string> | default = ""]

    # Number of tokens for each ingester.
    # CLI flag: -ingest-limits-frontend.num-tokens
    [num_tokens: <int> | default = 128]

    # Period at which to heartbeat to consul.
    # CLI flag: -ingest-limits-frontend.heartbeat-period
    [heartbeat_period: <duration> | default = 5s]

    # Heartbeat timeout after which instance is assumed to be unhealthy.
    # CLI flag: -ingest-limits-frontend.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # Observe tokens after generating to resolve collisions. Useful when using
    # gossiping ring.
    # CLI flag: -ingest-limits-frontend.observe-period
    [observe_period: <duration> | default = 0s]

    # Period to wait for a claim from another member; will join automatically
    # after this.
    # CLI flag: -ingest-limits-frontend.join-after
    [join_after: <duration> | default = 0s]

    # Minimum duration to wait after the internal readiness checks have passed
    # but before succeeding the readiness endpoint. This is used to slowdown
    # deployment controllers (eg. Kubernetes) after an instance is ready and
    # before they proceed with a rolling update, to give the rest of the cluster
    # instances enough time to receive ring updates.
    # CLI flag: -ingest-limits-frontend.min-ready-duration
    [min_ready_duration: <duration> | default = 15s]

    # Name of network interface to read address from.
    # CLI flag: -ingest-limits-frontend.lifecycler.interface
    [interface_names: <list of strings> | default = [<private network interfaces>]]

    # Enable IPv6 support. Required to make use of IP addresses from IPv6
    # interfaces.
    # CLI flag: -ingest-limits-frontend.enable-inet6
    [enable_inet6: <boolean> | default = false]

    # Duration to sleep for before exiting, to ensure metrics are scraped.
    # CLI flag: -ingest-limits-frontend.final-sleep
    [final_sleep: <duration> | default = 0s]

    # File path where tokens are stored. If empty, tokens are not stored at
    # shutdown and restored at startup.
    # CLI flag: -ingest-limits-frontend.tokens-file-path
    [tokens_file_path: <string> | default = ""]

    # The availability zone where this instance is running.
    # CLI flag: -ingest-limits-frontend.availability-zone
    [availability_zone: <string> | default = ""]

    # Unregister from the ring upon clean shutdown. It can be useful to disable
    # for rolling restarts with consistent naming in conjunction with
    # -distributor.extend-writes=false.
    # CLI flag: -ingest-limits-frontend.unregister-on-shutdown
    [unregister_on_shutdown: <boolean> | default = true]

    # When enabled the readiness probe succeeds only after all instances are
    # ACTIVE and healthy in the ring, otherwise only the instance itself is
    # checked. This option should be disabled if in your cluster multiple
    # instances can be rolled out simultaneously, otherwise rolling updates may
    # be slowed down.
    # CLI flag: -ingest-limits-frontend.readiness-check-ring-health
    [readiness_check_ring_health: <boolean> | default = true]

    # IP address to advertise in the ring.
    # CLI flag: -ingest-limits-frontend.lifecycler.addr
    [address: <string> | default = ""]

    # port to advertise in consul (defaults to server.grpc-listen-port).
    # CLI flag: -ingest-limits-frontend.lifecycler.port
    [port: <int> | default = 0]

    # ID to register in the ring.
    # CLI flag: -ingest-limits-frontend.lifecycler.ID
    [id: <string> | default = "<hostname>"]

  # The number of partitions to use for the ring.
  # CLI flag: -ingest-limits-frontend.num-partitions
  [num_partitions: <int> | default = 64]

  # Enable the assigned partitions cache.
  # CLI flag: -ingest-limits-frontend.assigned-partitions-cache-enabled
  [assigned_partitions_cache_enabled: <boolean> | default = true]

  # The TTL for the assigned partitions cache.
  # CLI flag: -ingest-limits-frontend.assigned-partitions-cache-ttl
  [assigned_partitions_cache_ttl: <duration> | default = 1m]

  # [Experimental]: Enable the accepted streams cache.
  # CLI flag: -ingest-limits-frontend.accepted-streams-cache-enabled
  [accepted_streams_cache_enabled: <boolean> | default = false]

  # The TTL for the accepted streams cache.
  # CLI flag: -ingest-limits-frontend.accepted-streams-cache-ttl
  [accepted_streams_cache_ttl: <duration> | default = 1m]

  # The jitter to add to the accepted streams cache.
  # CLI flag: -ingest-limits-frontend.accepted-streams-cache-ttl-jitter
  [accepted_streams_cache_ttl_jitter: <duration> | default = 15s]

ingest_limits_frontend_client:
  # Configures client gRPC connections to limits service.
  # The CLI flags prefix for this block configuration is:
  # ingest-limits-frontend-client
  [grpc_client_config: <grpc_client>]

  # Configures client gRPC connections pool to limits service.
  pool_config:
    # How frequently to clean up clients for ingest-limits-frontend that have
    # gone away.
    # CLI flag: -ingest-limits-frontend-client.client-cleanup-period
    [client_cleanup_period: <duration> | default = 15s]

    # Run a health check on each ingest-limits-frontend client during periodic
    # cleanup.
    # CLI flag: -ingest-limits-frontend-client.health-check-ingest-limits
    [health_check_ingest_limits: <boolean> | default = true]

    # Timeout for the health check.
    # CLI flag: -ingest-limits-frontend-client.remote-timeout
    [remote_timeout: <duration> | default = 1s]

# Configuration for 'runtime config' module, responsible for reloading runtime
# configuration file.
[runtime_config: <runtime_config>]

# These are values which allow you to control aspects of Loki's operation, most
# commonly used for controlling types of higher verbosity logging, the values
# here can be overridden in the `configs` section of the `runtime_config` file.
[operational_config: <operational_config>]

# Configuration for tracing.
[tracing: <tracing>]

# Configuration for analytics.
[analytics: <analytics>]

# Configuration for profiling options.
[profiling: <profiling>]

# List of limit fields to publish from the tenant limits endpoint. If empty, all
# fields are returned. Use YAML field names (e.g., 'retention_period',
# 'max_query_series').
# CLI flag: -limits.tenant-limits-allow-publish
[tenant_limits_allow_publish: <list of strings> | default = [discover_log_levels discover_service_name log_level_fields max_entries_limit_per_query max_line_size_truncate max_query_bytes_read max_query_length max_query_lookback max_query_range max_query_series metric_aggregation_enabled otlp_config pattern_persistence_enabled query_timeout retention_period retention_stream volume_enabled volume_max_series]]

# Common configuration to be shared between multiple modules. If a more specific
# configuration is given in other sections, the related configuration within
# this section will be ignored.
[common: <common>]

# How long to wait between SIGTERM and shutdown. After receiving SIGTERM, Loki
# will report 503 Service Unavailable status via /ready endpoint.
# CLI flag: -shutdown-delay
[shutdown_delay: <duration> | default = 0s]

# Namespace of the metrics that in previous releases had cortex as namespace.
# This setting is deprecated and will be removed in the next minor release.
# CLI flag: -metrics-namespace
[metrics_namespace: <string> | default = "loki"]

alibabacloud_storage_config

The alibabacloud_storage_config block configures the connection to Alibaba Cloud Storage object storage backend. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage
ruler.storage

# Name of OSS bucket.
# CLI flag: -<prefix>.oss.bucketname
[bucket: <string> | default = ""]

# oss Endpoint to connect to.
# CLI flag: -<prefix>.oss.endpoint
[endpoint: <string> | default = ""]

# alibabacloud Access Key ID
# CLI flag: -<prefix>.oss.access-key-id
[access_key_id: <string> | default = ""]

# alibabacloud Secret Access Key
# CLI flag: -<prefix>.oss.secret-access-key
[secret_access_key: <string> | default = ""]

# Connection timeout in seconds
# CLI flag: -<prefix>.oss.conn-timeout-sec
[conn_timeout_sec: <int> | default = 30]

# Read/Write timeout in seconds
# CLI flag: -<prefix>.oss.read-write-timeout-sec
[read_write_timeout_sec: <int> | default = 60]

analytics

Configuration for analytics.

# Enable anonymous usage reporting.
# CLI flag: -reporting.enabled
[reporting_enabled: <boolean> | default = true]

# URL to which reports are sent
# CLI flag: -reporting.usage-stats-url
[usage_stats_url: <string> | default = "https://stats.grafana.org/loki-usage-report"]

# URL to the proxy server
# CLI flag: -reporting.proxy-url
[proxy_url: <string> | default = ""]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: reporting.tls-config
[tls_config: <tls_config>]

attributes_config

Define actions for matching OpenTelemetry (OTEL) attributes.

# Configures action to take on matching attributes. It allows one of
# [structured_metadata, drop] for all attribute types. It additionally allows
# index_label action for resource attributes
[action: <string> | default = ""]

# List of attributes to configure how to store them or drop them altogether
[attributes: <list of strings>]

# Regex to choose attributes to configure how to store them or drop them
# altogether
[regex: <Regexp>]

aws_storage_config

The aws_storage_config block configures the connection to dynamoDB and S3 object storage. Either one of them or both can be configured.

# Deprecated: Configures storing indexes in DynamoDB.
dynamodb:
  # DynamoDB endpoint URL with escaped Key and Secret encoded. If only region is
  # specified as a host, proper endpoint will be deduced. Use
  # inmemory:///<table-name> to use a mock in-memory implementation.
  # CLI flag: -dynamodb.url
  [dynamodb_url: <url>]

  # DynamoDB table management requests per second limit.
  # CLI flag: -dynamodb.api-limit
  [api_limit: <float> | default = 2]

  # DynamoDB rate cap to back off when throttled.
  # CLI flag: -dynamodb.throttle-limit
  [throttle_limit: <float> | default = 10]

  metrics:
    # Use metrics-based autoscaling, via this query URL
    # CLI flag: -metrics.url
    [url: <string> | default = ""]

    # Queue length above which we will scale up capacity
    # CLI flag: -metrics.target-queue-length
    [target_queue_length: <int> | default = 100000]

    # Scale up capacity by this multiple
    # CLI flag: -metrics.scale-up-factor
    [scale_up_factor: <float> | default = 1.3]

    # Ignore throttling below this level (rate per second)
    # CLI flag: -metrics.ignore-throttle-below
    [ignore_throttle_below: <float> | default = 1]

    # query to fetch ingester queue length
    # CLI flag: -metrics.queue-length-query
    [queue_length_query: <string> | default = "sum(avg_over_time(loki_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m])) or sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"]

    # query to fetch throttle rates per table
    # CLI flag: -metrics.write-throttle-query
    [write_throttle_query: <string> | default = "sum(rate(cortex_dynamo_throttled_total{operation=\"DynamoDB.BatchWriteItem\"}[1m])) by (table) > 0"]

    # query to fetch write capacity usage per table
    # CLI flag: -metrics.usage-query
    [write_usage_query: <string> | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.BatchWriteItem\"}[15m])) by (table) > 0"]

    # query to fetch read capacity usage per table
    # CLI flag: -metrics.read-usage-query
    [read_usage_query: <string> | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.QueryPages\"}[1h])) by (table) > 0"]

    # query to fetch read errors per table
    # CLI flag: -metrics.read-error-query
    [read_error_query: <string> | default = "sum(increase(cortex_dynamo_failures_total{operation=\"DynamoDB.QueryPages\",error=\"ProvisionedThroughputExceededException\"}[1m])) by (table) > 0"]

  # Number of chunks to group together to parallelise fetches (zero to disable)
  # CLI flag: -dynamodb.chunk-gang-size
  [chunk_gang_size: <int> | default = 10]

  # Max number of chunk-get operations to start in parallel
  # CLI flag: -dynamodb.chunk.get-max-parallelism
  [chunk_get_max_parallelism: <int> | default = 32]

  backoff_config:
    # Minimum backoff time
    # CLI flag: -dynamodb.min-backoff
    [min_period: <duration> | default = 100ms]

    # Maximum backoff time
    # CLI flag: -dynamodb.max-backoff
    [max_period: <duration> | default = 50s]

    # Maximum number of times to retry an operation
    # CLI flag: -dynamodb.max-retries
    [max_retries: <int> | default = 20]

  # KMS key used for encrypting DynamoDB items.  DynamoDB will use an Amazon
  # owned KMS key if not provided.
  # CLI flag: -dynamodb.kms-key-id
  [kms_key_id: <string> | default = ""]

# The s3_storage_config block configures the connection to Amazon S3 object
# storage backend.
[<s3_storage_config>]

azure_storage_config

The azure_storage_config block configures the connection to Azure object storage backend. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage
ruler.storage

# Azure Cloud environment. Supported values are: AzureGlobal, AzureChinaCloud,
# AzureGermanCloud, AzureUSGovernment.
# CLI flag: -<prefix>.azure.environment
[environment: <string> | default = "AzureGlobal"]

# Azure storage account name.
# CLI flag: -<prefix>.azure.account-name
[account_name: <string> | default = ""]

# Azure storage account key.
# CLI flag: -<prefix>.azure.account-key
[account_key: <string> | default = ""]

# If `connection-string` is set, the values of `account-name` and
# `endpoint-suffix` values will not be used. Use this method over `account-key`
# if you need to authenticate via a SAS token. Or if you use the Azurite
# emulator.
# CLI flag: -<prefix>.azure.connection-string
[connection_string: <string> | default = ""]

# Name of the storage account blob container used to store chunks. This
# container must be created before running cortex.
# CLI flag: -<prefix>.azure.container-name
[container_name: <string> | default = "loki"]

# Azure active directory endpoint override. Use when the Azure SDK does not
# support your environment.
# CLI flag: -<prefix>.azure.active-directory-endpoint
[active_directory_endpoint: <string> | default = ""]

# Azure storage endpoint suffix without schema. The storage account name will be
# prefixed to this value to create the FQDN.
# CLI flag: -<prefix>.azure.endpoint-suffix
[endpoint_suffix: <string> | default = ""]

# Use Managed Identity to authenticate to the Azure storage account.
# CLI flag: -<prefix>.azure.use-managed-identity
[use_managed_identity: <boolean> | default = false]

# Use Federated Token to authenticate to the Azure storage account.
# CLI flag: -<prefix>.azure.use-federated-token
[use_federated_token: <boolean> | default = false]

# User assigned identity ID to authenticate to the Azure storage account.
# CLI flag: -<prefix>.azure.user-assigned-id
[user_assigned_id: <string> | default = ""]

# Use Service Principal to authenticate through Azure OAuth.
# CLI flag: -<prefix>.azure.use-service-principal
[use_service_principal: <boolean> | default = false]

# Azure Service Principal ID(GUID).
# CLI flag: -<prefix>.azure.client-id
[client_id: <string> | default = ""]

# Azure Service Principal secret key.
# CLI flag: -<prefix>.azure.client-secret
[client_secret: <string> | default = ""]

# Azure Tenant ID is used to authenticate through Azure OAuth.
# CLI flag: -<prefix>.azure.tenant-id
[tenant_id: <string> | default = ""]

# Chunk delimiter for blob ID to be used
# CLI flag: -<prefix>.azure.chunk-delimiter
[chunk_delimiter: <string> | default = "-"]

# Preallocated buffer size for downloads.
# CLI flag: -<prefix>.azure.download-buffer-size
[download_buffer_size: <int> | default = 512000]

# Preallocated buffer size for uploads.
# CLI flag: -<prefix>.azure.upload-buffer-size
[upload_buffer_size: <int> | default = 256000]

# Number of buffers used to used to upload a chunk.
# CLI flag: -<prefix>.azure.download-buffer-count
[upload_buffer_count: <int> | default = 1]

# Timeout for requests made against azure blob storage.
# CLI flag: -<prefix>.azure.request-timeout
[request_timeout: <duration> | default = 30s]

# Number of retries for a request which times out.
# CLI flag: -<prefix>.azure.max-retries
[max_retries: <int> | default = 5]

# Minimum time to wait before retrying a request.
# CLI flag: -<prefix>.azure.min-retry-delay
[min_retry_delay: <duration> | default = 10ms]

# Maximum time to wait before retrying a request.
# CLI flag: -<prefix>.azure.max-retry-delay
[max_retry_delay: <duration> | default = 500ms]

bloom_build

Experimental: The bloom_build block configures the Loki bloom planner and builder servers, responsible for building bloom filters.

# Flag to enable or disable the usage of the bloom-planner and bloom-builder
# components.
# CLI flag: -bloom-build.enabled
[enabled: <boolean> | default = false]

planner:
  # Interval at which to re-run the bloom creation planning.
  # CLI flag: -bloom-build.planner.interval
  [planning_interval: <duration> | default = 8h]

  # Newest day-table offset (from today, inclusive) to build blooms for. 0 start
  # building from today, 1 from yesterday and so on. Increase to lower cost by
  # not re-writing data to object storage too frequently since recent data
  # changes more often at the cost of not having blooms available as quickly.
  # CLI flag: -bloom-build.planner.min-table-offset
  [min_table_offset: <int> | default = 0]

  # Oldest day-table offset (from today, inclusive) to build blooms for. 1 till
  # yesterday, 2 till day before yesterday and so on. This can be used to lower
  # cost by not trying to build blooms for older data which doesn't change. This
  # can be optimized by aligning it with the maximum
  # `reject_old_samples_max_age` setting of any tenant.
  # CLI flag: -bloom-build.planner.max-table-offset
  [max_table_offset: <int> | default = 1]

  retention:
    # Enable bloom retention.
    # CLI flag: -bloom-build.planner.retention.enabled
    [enabled: <boolean> | default = false]

  queue:
    # Maximum number of tasks to queue per tenant.
    # CLI flag: -bloom-build.planner.queue.max-tasks-per-tenant
    [max_queued_tasks_per_tenant: <int> | default = 30000]

    # Whether to store tasks on disk.
    # CLI flag: -bloom-build.planner.queue.store-tasks-on-disk
    [store_tasks_on_disk: <boolean> | default = false]

    # Directory to store tasks on disk.
    # CLI flag: -bloom-build.planner.queue.tasks-disk-directory
    [tasks_disk_directory: <string> | default = "/tmp/bloom-planner-queue"]

    # Whether to clean the tasks directory on startup.
    # CLI flag: -bloom-build.planner.queue.clean-tasks-directory
    [clean_tasks_directory: <boolean> | default = false]

builder:
  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is:
  # bloom-build.builder.grpc
  [grpc_config: <grpc_client>]

  # Hostname (and port) of the bloom planner
  # CLI flag: -bloom-build.builder.planner-address
  [planner_address: <string> | default = ""]

  backoff_config:
    # Minimum delay when backing off.
    # CLI flag: -bloom-build.builder.backoff.backoff-min-period
    [min_period: <duration> | default = 100ms]

    # Maximum delay when backing off.
    # CLI flag: -bloom-build.builder.backoff.backoff-max-period
    [max_period: <duration> | default = 10s]

    # Number of times to backoff and retry before failing.
    # CLI flag: -bloom-build.builder.backoff.backoff-retries
    [max_retries: <int> | default = 10]

bloom_gateway

Experimental: The bloom_gateway block configures the Loki bloom gateway server, responsible for serving queries for filtering chunks based on filter expressions.

# Flag to enable or disable the bloom gateway component globally.
# CLI flag: -bloom-gateway.enabled
[enabled: <boolean> | default = false]

client:
  # Configures the behavior of the connection pool.
  pool_config:
    # How frequently to update the list of servers.
    # CLI flag: -bloom-gateway-client.pool.check-interval
    [check_interval: <duration> | default = 15s]

  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is:
  # bloom-gateway-client.grpc
  [grpc_client_config: <grpc_client>]

  # Comma separated addresses list in DNS Service Discovery format:
  # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes
  # CLI flag: -bloom-gateway-client.addresses
  [addresses: <string> | default = ""]

# Number of workers to use for filtering chunks concurrently. Usually set to 1x
# number of CPU cores.
# CLI flag: -bloom-gateway.worker-concurrency
[worker_concurrency: <int> | default = 4]

# Number of blocks processed concurrently on a single worker. Usually set to 2x
# number of CPU cores.
# CLI flag: -bloom-gateway.block-query-concurrency
[block_query_concurrency: <int> | default = 8]

# Maximum number of outstanding tasks per tenant.
# CLI flag: -bloom-gateway.max-outstanding-per-tenant
[max_outstanding_per_tenant: <int> | default = 1024]

# How many tasks are multiplexed at once.
# CLI flag: -bloom-gateway.num-multiplex-tasks
[num_multiplex_tasks: <int> | default = 512]

bos_storage_config

The bos_storage_config block configures the connection to Baidu Object Storage (BOS) object storage backend. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage
ruler.storage

# Name of BOS bucket.
# CLI flag: -<prefix>.bos.bucket-name
[bucket_name: <string> | default = ""]

# BOS endpoint to connect to.
# CLI flag: -<prefix>.bos.endpoint
[endpoint: <string> | default = "bj.bcebos.com"]

# Baidu Cloud Engine (BCE) Access Key ID.
# CLI flag: -<prefix>.bos.access-key-id
[access_key_id: <string> | default = ""]

# Baidu Cloud Engine (BCE) Secret Access Key.
# CLI flag: -<prefix>.bos.secret-access-key
[secret_access_key: <string> | default = ""]

cache_config

The cache_config block configures the cache backend for a specific Loki component. The supported CLI flags <prefix> used to reference this configuration block are:

bloom.metas-cache
frontend
frontend.index-stats-results-cache
frontend.instant-metric-results-cache
frontend.label-results-cache
frontend.series-results-cache
frontend.volume-results-cache
query-engine.results-cache
store.chunks-cache
store.chunks-cache-l2
store.index-cache-read
store.index-cache-write

# The default validity of entries for caches unless overridden.
# CLI flag: -<prefix>.default-validity
[default_validity: <duration> | default = 1h]

background:
  # At what concurrency to write back to cache.
  # CLI flag: -<prefix>.background.write-back-concurrency
  [writeback_goroutines: <int> | default = 1]

  # How many key batches to buffer for background write-back. Default is large
  # to prefer size based limiting.
  # CLI flag: -<prefix>.background.write-back-buffer
  [writeback_buffer: <int> | default = 500000]

  # Size limit in bytes for background write-back.
  # CLI flag: -<prefix>.background.write-back-size-limit
  [writeback_size_limit: <int> | default = 500MB]

memcached:
  # How long keys stay in the memcache.
  # CLI flag: -<prefix>.memcached.expiration
  [expiration: <duration> | default = 0s]

  # How many keys to fetch in each batch.
  # CLI flag: -<prefix>.memcached.batchsize
  [batch_size: <int> | default = 4]

  # Maximum active requests to memcache.
  # CLI flag: -<prefix>.memcached.parallelism
  [parallelism: <int> | default = 5]

memcached_client:
  # Hostname for memcached service to use. If empty and if addresses is unset,
  # no memcached will be used.
  # CLI flag: -<prefix>.memcached.hostname
  [host: <string> | default = ""]

  # SRV service used to discover memcache servers.
  # CLI flag: -<prefix>.memcached.service
  [service: <string> | default = "memcached"]

  # Comma separated addresses list in DNS Service Discovery format:
  # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes
  # CLI flag: -<prefix>.memcached.addresses
  [addresses: <string> | default = ""]

  # Maximum time to wait before giving up on memcached requests.
  # CLI flag: -<prefix>.memcached.timeout
  [timeout: <duration> | default = 100ms]

  # Maximum number of idle connections in pool.
  # CLI flag: -<prefix>.memcached.max-idle-conns
  [max_idle_conns: <int> | default = 16]

  # The maximum size of an item stored in memcached. Bigger items are not
  # stored. If set to 0, no maximum size is enforced.
  # CLI flag: -<prefix>.memcached.max-item-size
  [max_item_size: <int> | default = 0]

  # Period with which to poll DNS for memcache servers.
  # CLI flag: -<prefix>.memcached.update-interval
  [update_interval: <duration> | default = 1m]

  # Use consistent hashing to distribute to memcache servers.
  # CLI flag: -<prefix>.memcached.consistent-hash
  [consistent_hash: <boolean> | default = true]

  # Trip circuit-breaker after this number of consecutive dial failures (if zero
  # then circuit-breaker is disabled).
  # CLI flag: -<prefix>.memcached.circuit-breaker-consecutive-failures
  [circuit_breaker_consecutive_failures: <int> | default = 10]

  # Duration circuit-breaker remains open after tripping (if zero then 60
  # seconds is used).
  # CLI flag: -<prefix>.memcached.circuit-breaker-timeout
  [circuit_breaker_timeout: <duration> | default = 10s]

  # Reset circuit-breaker counts after this long (if zero then never reset).
  # CLI flag: -<prefix>.memcached.circuit-breaker-interval
  [circuit_breaker_interval: <duration> | default = 10s]

  # Enable connecting to Memcached with TLS.
  # CLI flag: -<prefix>.memcached.tls-enabled
  [tls_enabled: <boolean> | default = false]

  # The TLS configuration.
  # The CLI flags prefix for this block configuration is:
  # store.index-cache-write.memcached
  [<tls_config>]

redis:
  # Redis Server or Cluster configuration endpoint to use for caching. A
  # comma-separated list of endpoints for Redis Cluster or Redis Sentinel. If
  # empty, no redis will be used.
  # CLI flag: -<prefix>.redis.endpoint
  [endpoint: <string> | default = ""]

  # Redis Sentinel master name. An empty string for Redis Server or Redis
  # Cluster.
  # CLI flag: -<prefix>.redis.master-name
  [master_name: <string> | default = ""]

  # Maximum time to wait before giving up on redis requests.
  # CLI flag: -<prefix>.redis.timeout
  [timeout: <duration> | default = 500ms]

  # How long keys stay in the redis.
  # CLI flag: -<prefix>.redis.expiration
  [expiration: <duration> | default = 0s]

  # Database index.
  # CLI flag: -<prefix>.redis.db
  [db: <int> | default = 0]

  # Maximum number of connections in the pool.
  # CLI flag: -<prefix>.redis.pool-size
  [pool_size: <int> | default = 0]

  # Username to use when connecting to redis.
  # CLI flag: -<prefix>.redis.username
  [username: <string> | default = ""]

  # Password to use when connecting to redis.
  # CLI flag: -<prefix>.redis.password
  [password: <string> | default = ""]

  # Enable connecting to redis with TLS.
  # CLI flag: -<prefix>.redis.tls-enabled
  [tls_enabled: <boolean> | default = false]

  # Skip validating server certificate.
  # CLI flag: -<prefix>.redis.tls-insecure-skip-verify
  [tls_insecure_skip_verify: <boolean> | default = false]

  # Close connections after remaining idle for this duration. If the value is
  # zero, then idle connections are not closed.
  # CLI flag: -<prefix>.redis.idle-timeout
  [idle_timeout: <duration> | default = 0s]

  # Close connections older than this duration. If the value is zero, then the
  # pool does not close connections based on age.
  # CLI flag: -<prefix>.redis.max-connection-age
  [max_connection_age: <duration> | default = 0s]

  # By default, the Redis client only reads from the master node. Enabling this
  # option can lower pressure on the master node by randomly routing read-only
  # commands to the master and any available replicas.
  # CLI flag: -<prefix>.redis.route-randomly
  [route_randomly: <boolean> | default = false]

embedded_cache:
  # Whether embedded cache is enabled.
  # CLI flag: -<prefix>.embedded-cache.enabled
  [enabled: <boolean> | default = false]

  # Maximum memory size of the cache in MB.
  # CLI flag: -<prefix>.embedded-cache.max-size-mb
  [max_size_mb: <int> | default = 100]

  # Maximum number of entries in the cache.
  # CLI flag: -<prefix>.embedded-cache.max-size-items
  [max_size_items: <int> | default = 0]

  # The time to live for items in the cache before they get purged.
  # CLI flag: -<prefix>.embedded-cache.ttl
  [ttl: <duration> | default = 1h]

chunk_store_config

The chunk_store_config block configures how chunks will be cached and how long to wait before saving them to the backing store.

# The cache_config block configures the cache backend for a specific Loki
# component.
# The CLI flags prefix for this block configuration is: store.chunks-cache
[chunk_cache_config: <cache_config>]

# The cache_config block configures the cache backend for a specific Loki
# component.
# The CLI flags prefix for this block configuration is: store.chunks-cache-l2
[chunk_cache_config_l2: <cache_config>]

# Write dedupe cache is deprecated along with legacy index types (aws,
# aws-dynamo, bigtable, bigtable-hashed, cassandra, gcp, gcp-columnkey,
# grpc-store).
# Consider using TSDB index which does not require a write dedupe cache.
# The CLI flags prefix for this block configuration is: store.index-cache-write
[write_dedupe_cache_config: <cache_config>]

# Chunks fetched from queriers before this duration will not be written to the
# cache. A value of 0 will write all chunks to the cache
# CLI flag: -store.skip-query-writeback-older-than
[skip_query_writeback_cache_older_than: <duration> | default = 0s]

# Chunks will be handed off to the L2 cache after this duration. 0 to disable L2
# cache.
# CLI flag: -store.chunks-cache-l2.handoff
[l2_chunk_cache_handoff: <duration> | default = 0s]

# Cache index entries older than this period. 0 to disable.
# CLI flag: -store.cache-lookups-older-than
[cache_lookups_older_than: <duration> | default = 0s]

common

Common configuration to be shared between multiple modules. If a more specific configuration is given in other sections, the related configuration within this section will be ignored.

# prefix for the path
# CLI flag: -common.path-prefix
[path_prefix: <string> | default = ""]

storage:
  # The s3_storage_config block configures the connection to Amazon S3 object
  # storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [s3: <s3_storage_config>]

  # The gcs_storage_config block configures the connection to Google Cloud
  # Storage object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [gcs: <gcs_storage_config>]

  # The azure_storage_config block configures the connection to Azure object
  # storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [azure: <azure_storage_config>]

  # The alibabacloud_storage_config block configures the connection to Alibaba
  # Cloud Storage object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [alibabacloud: <alibabacloud_storage_config>]

  # The bos_storage_config block configures the connection to Baidu Object
  # Storage (BOS) object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [bos: <bos_storage_config>]

  # The swift_storage_config block configures the connection to OpenStack Object
  # Storage (Swift) object storage backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [swift: <swift_storage_config>]

  filesystem:
    # Directory to store chunks in.
    # CLI flag: -common.storage.filesystem.chunk-directory
    [chunks_directory: <string> | default = ""]

    # Directory to store rules in.
    # CLI flag: -common.storage.filesystem.rules-directory
    [rules_directory: <string> | default = ""]

  hedging:
    # If set to a non-zero value a second request will be issued at the provided
    # duration. Default is 0 (disabled)
    # CLI flag: -common.storage.hedge-requests-at
    [at: <duration> | default = 0s]

    # The maximum of hedge requests allowed.
    # CLI flag: -common.storage.hedge-requests-up-to
    [up_to: <int> | default = 2]

    # The maximum of hedge requests allowed per seconds.
    # CLI flag: -common.storage.hedge-max-per-second
    [max_per_second: <int> | default = 5]

  # The cos_storage_config block configures the connection to IBM Cloud Object
  # Storage (COS) backend.
  # The CLI flags prefix for this block configuration is: common.storage
  [cos: <cos_storage_config>]

  congestion_control:
    # Use storage congestion control (default: disabled).
    # CLI flag: -common.storage.congestion-control.enabled
    [enabled: <boolean> | default = false]

    controller:
      # Congestion control strategy to use (default: none, options: 'aimd').
      # CLI flag: -common.storage.congestion-control.strategy
      [strategy: <string> | default = ""]

      aimd:
        # AIMD starting throughput window size: how many requests can be sent
        # per second (default: 2000).
        # CLI flag: -common.storage.congestion-control.strategy.aimd.start
        [start: <int> | default = 2000]

        # AIMD maximum throughput window size: upper limit of requests sent per
        # second (default: 10000).
        # CLI flag: -common.storage.congestion-control.strategy.aimd.upper-bound
        [upper_bound: <int> | default = 10000]

        # AIMD backoff factor when upstream service is throttled to decrease
        # number of requests sent per second (default: 0.5).
        # CLI flag: -common.storage.congestion-control.strategy.aimd.backoff-factor
        [backoff_factor: <float> | default = 0.5]

    retry:
      # Congestion control retry strategy to use (default: none, options:
      # 'limited').
      # CLI flag: -common.storage.congestion-control.retry.strategy
      [strategy: <string> | default = ""]

      # Maximum number of retries allowed.
      # CLI flag: -common.storage.congestion-control.retry.strategy.limited.limit
      [limit: <int> | default = 2]

    hedging:
      config:
        [at: <duration>]

        [up_to: <int>]

        [max_per_second: <int>]

      # Congestion control hedge strategy to use (default: none, options:
      # 'limited').
      # CLI flag: -common.storage.congestion-control.hedge.strategy
      [strategy: <string> | default = ""]

  # The thanos_object_store_config block configures the connection to object
  # storage backend using thanos-io/objstore clients. This will become the
  # default way of configuring object store clients in future releases.
  # Currently this is opt-in and takes effect only when `-use-thanos-objstore`
  # is set to true.
  # The CLI flags prefix for this block configuration is:
  # common.storage.object-store
  [object_store: <thanos_object_store_config>]

[persist_tokens: <boolean>]

[replication_factor: <int>]

ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -common.storage.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -common.storage.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: common.storage.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: common.storage.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -common.storage.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -common.storage.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to the secondary store.
      # CLI flag: -common.storage.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing a value to the secondary store.
      # CLI flag: -common.storage.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring.
  # CLI flag: -common.storage.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -common.storage.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -common.storage.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -common.storage.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Number of tokens to own in the ring.
  # CLI flag: -common.storage.ring.num-tokens
  [num_tokens: <int> | default = 128]

  # Factor for data replication.
  # CLI flag: -common.storage.ring.replication-factor
  [replication_factor: <int> | default = 3]

  # Instance ID to register in the ring.
  # CLI flag: -common.storage.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -common.storage.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -common.storage.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -common.storage.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -common.storage.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -common.storage.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

[instance_interface_names: <list of strings> | default = [<private network interfaces>]]

[instance_addr: <string> | default = ""]

# the http address of the compactor in the form http://host:port
# CLI flag: -common.compactor-address
[compactor_address: <string> | default = ""]

# the grpc address of the compactor in the form host:port
# CLI flag: -common.compactor-grpc-address
[compactor_grpc_address: <string> | default = ""]

# Experimental: path to use for temporary data, where scratch data is supported.
# CLI flag: -common.scratch-path
[scratch_path: <string> | default = ""]

compactor

The compactor block configures the compactor component, which compacts index shards for performance.

# Directory where files can be downloaded for compaction.
# CLI flag: -compactor.working-directory
[working_directory: <string> | default = "/var/loki/compactor"]

# Interval at which to re-run the compaction operation.
# CLI flag: -compactor.compaction-interval
[compaction_interval: <duration> | default = 10m]

# Interval at which to apply/enforce retention. 0 means run at same interval as
# compaction. If non-zero, it should always be a multiple of compaction
# interval.
# CLI flag: -compactor.apply-retention-interval
[apply_retention_interval: <duration> | default = 0s]

# Activate custom (per-stream,per-tenant) retention.
# CLI flag: -compactor.retention-enabled
[retention_enabled: <boolean> | default = false]

# Delay after which chunks will be fully deleted during retention.
# CLI flag: -compactor.retention-delete-delay
[retention_delete_delay: <duration> | default = 2h]

# The total amount of worker to use to delete chunks.
# CLI flag: -compactor.retention-delete-worker-count
[retention_delete_worker_count: <int> | default = 150]

# The maximum amount of time to spend running retention and deletion on any
# given table in the index.
# CLI flag: -compactor.retention-table-timeout
[retention_table_timeout: <duration> | default = 0s]

retention_backoff_config:
  # Minimum delay when backing off.
  # CLI flag: -compactor.retention-backoff-config.backoff-min-period
  [min_period: <duration> | default = 100ms]

  # Maximum delay when backing off.
  # CLI flag: -compactor.retention-backoff-config.backoff-max-period
  [max_period: <duration> | default = 10s]

  # Number of times to backoff and retry before failing.
  # CLI flag: -compactor.retention-backoff-config.backoff-retries
  [max_retries: <int> | default = 10]

# Store used for managing delete requests.
# CLI flag: -compactor.delete-request-store
[delete_request_store: <string> | default = ""]

# Path prefix for storing delete requests.
# CLI flag: -compactor.delete-request-store.key-prefix
[delete_request_store_key_prefix: <string> | default = "index/"]

# Type of DB to use for storing delete requests. Supported types: boltdb, sqlite
# CLI flag: -compactor.delete-request-store.db-type
[delete_request_store_db_type: <string> | default = "boltdb"]

# Type of DB to use as backup for storing delete requests. Backup DB should
# ideally be used while migrating from one DB type to another. Supported
# type(s): boltdb
# CLI flag: -compactor.delete-request-store.backup-db-type
[backup_delete_request_store_db_type: <string> | default = ""]

# The max number of delete requests to run per compaction cycle.
# CLI flag: -compactor.delete-batch-size
[delete_batch_size: <int> | default = 70]

# Allow cancellation of delete request until duration after they are created.
# Data would be deleted only after delete requests have been older than this
# duration. Ideally this should be set to at least 24h.
# CLI flag: -compactor.delete-request-cancel-period
[delete_request_cancel_period: <duration> | default = 24h]

# Constrain the size of any single delete request with line filters. When a
# delete request > delete_max_interval is input, the request is sharded into
# smaller requests of no more than delete_max_interval
# CLI flag: -compactor.delete-max-interval
[delete_max_interval: <duration> | default = 24h]

# Maximum number of tables to compact in parallel. While increasing this value,
# please make sure compactor has enough disk space allocated to be able to store
# and compact as many tables.
# CLI flag: -compactor.max-compaction-parallelism
[max_compaction_parallelism: <int> | default = 1]

# Number of upload/remove operations to execute in parallel when finalizing a
# compaction. NOTE: This setting is per compaction operation, which can be
# executed in parallel. The upper bound on the number of concurrent uploads is
# upload_parallelism * max_compaction_parallelism.
# CLI flag: -compactor.upload-parallelism
[upload_parallelism: <int> | default = 10]

# The hash ring configuration used by compactors to elect a single instance for
# running compactions. The CLI flags prefix for this block config is:
# compactor.ring
compactor_ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -compactor.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -compactor.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: compactor.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: compactor.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -compactor.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -compactor.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to the secondary store.
      # CLI flag: -compactor.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing a value to the secondary store.
      # CLI flag: -compactor.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring.
  # CLI flag: -compactor.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -compactor.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -compactor.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -compactor.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Instance ID to register in the ring.
  # CLI flag: -compactor.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -compactor.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -compactor.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -compactor.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -compactor.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -compactor.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

# Number of tables that compactor will try to compact. Newer tables are chosen
# when this is less than the number of tables available.
# CLI flag: -compactor.tables-to-compact
[tables_to_compact: <int> | default = 0]

# Do not compact N latest tables. Together with -compactor.run-once and
# -compactor.tables-to-compact, this is useful when clearing compactor backlogs.
# CLI flag: -compactor.skip-latest-n-tables
[skip_latest_n_tables: <int> | default = 0]

# Experimental: Configuration to turn on and run horizontally scalable
# compactor. Supported modes - [disabled]: Keeps the horizontal scaling mode
# disabled. Locally runs all the functions of the compactor.[main]: Runs all
# functions of the compactor. Distributes work to workers where
# possible.[worker]: Runs the compactor in worker mode, only working on jobs
# built by the main compactor.
# CLI flag: -compactor.horizontal-scaling-mode
[horizontal_scaling_mode: <string> | default = "disabled"]

worker_config:
  # Number of sub-workers to run for concurrent processing of jobs.
  # CLI flag: -compactor.worker.num-sub-workers
  [num_sub_workers: <int> | default = 4]

jobs_config:
  deletion:
    # Object storage path prefix for storing deletion manifests.
    # CLI flag: -compactor.jobs.deletion.deletion-manifest-store-prefix
    [deletion_manifest_store_prefix: <string> | default = "__deletion_manifest__/"]

    # Maximum number of chunks to process concurrently in each worker.
    # CLI flag: -compactor.jobs.deletion.chunk-processing-concurrency
    [chunk_processing_concurrency: <int> | default = 3]

    # Maximum time to wait for a job before considering it failed and retrying.
    # CLI flag: -compactor.jobs.deletion.timeout
    [timeout: <duration> | default = 15m]

    # Maximum number of times to retry a failed or timed out job.
    # CLI flag: -compactor.jobs.deletion.max-retries
    [max_retries: <int> | default = 3]

# Object storage path prefix for storing deletion markers. The prefix must end
# with a forward slash(/). Leave empty to continue to store deletion markers on
# the local disk.
# CLI flag: -compactor.deletion-marker-object-store-prefix
[deletion_marker_object_store_prefix: <string> | default = ""]

consul

Configuration for a Consul client. Only applies if the selected kvstore is consul. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage.ring
compactor.ring
dataobj-consumer
dataobj-consumer.partition-ring
distributor.ring
index-gateway.ring
ingest-limits
ingest-limits-frontend
ingester.partition-ring
pattern-ingester
query-scheduler.ring
ruler.ring
ui.ring

# Hostname and port of Consul.
# CLI flag: -<prefix>.consul.hostname
[host: <string> | default = "localhost:8500"]

# ACL Token used to interact with Consul.
# CLI flag: -<prefix>.consul.acl-token
[acl_token: <string> | default = ""]

# HTTP timeout when talking to Consul
# CLI flag: -<prefix>.consul.client-timeout
[http_client_timeout: <duration> | default = 20s]

# Enable consistent reads to Consul.
# CLI flag: -<prefix>.consul.consistent-reads
[consistent_reads: <boolean> | default = false]

# Rate limit when watching key or prefix in Consul, in requests per second. 0
# disables the rate limit.
# CLI flag: -<prefix>.consul.watch-rate-limit
[watch_rate_limit: <float> | default = 1]

# Burst size used in rate limit. Values less than 1 are treated as 1.
# CLI flag: -<prefix>.consul.watch-burst-size
[watch_burst_size: <int> | default = 1]

# Maximum duration to wait before retrying a Compare And Swap (CAS) operation.
# CLI flag: -<prefix>.consul.cas-retry-delay
[cas_retry_delay: <duration> | default = 1s]

cos_storage_config

The cos_storage_config block configures the connection to IBM Cloud Object Storage (COS) backend. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage
ruler.storage

# Set this to `true` to force the request to use path-style addressing.
# CLI flag: -<prefix>.cos.force-path-style
[forcepathstyle: <boolean> | default = false]

# Comma separated list of bucket names to evenly distribute chunks over.
# CLI flag: -<prefix>.cos.buckets
[bucketnames: <string> | default = ""]

# COS Endpoint to connect to.
# CLI flag: -<prefix>.cos.endpoint
[endpoint: <string> | default = ""]

# COS region to use.
# CLI flag: -<prefix>.cos.region
[region: <string> | default = ""]

# COS HMAC Access Key ID.
# CLI flag: -<prefix>.cos.access-key-id
[access_key_id: <string> | default = ""]

# COS HMAC Secret Access Key.
# CLI flag: -<prefix>.cos.secret-access-key
[secret_access_key: <string> | default = ""]

http_config:
  # The maximum amount of time an idle connection will be held open.
  # CLI flag: -<prefix>.cos.http.idle-conn-timeout
  [idle_conn_timeout: <duration> | default = 1m30s]

  # If non-zero, specifies the amount of time to wait for a server's response
  # headers after fully writing the request.
  # CLI flag: -<prefix>.cos.http.response-header-timeout
  [response_header_timeout: <duration> | default = 0s]

# Configures back off when cos get Object.
backoff_config:
  # Minimum backoff time when cos get Object.
  # CLI flag: -<prefix>.cos.min-backoff
  [min_period: <duration> | default = 100ms]

  # Maximum backoff time when cos get Object.
  # CLI flag: -<prefix>.cos.max-backoff
  [max_period: <duration> | default = 3s]

  # Maximum number of times to retry when cos get Object.
  # CLI flag: -<prefix>.cos.max-retries
  [max_retries: <int> | default = 5]

# IAM API key to access COS.
# CLI flag: -<prefix>.cos.api-key
[api_key: <string> | default = ""]

# COS service instance id to use.
# CLI flag: -<prefix>.cos.service-instance-id
[service_instance_id: <string> | default = ""]

# IAM Auth Endpoint for authentication.
# CLI flag: -<prefix>.cos.auth-endpoint
[auth_endpoint: <string> | default = "https://iam.cloud.ibm.com/identity/token"]

# Compute resource token file path.
# CLI flag: -<prefix>.cos.cr-token-file-path
[cr_token_file_path: <string> | default = ""]

# Name of the trusted profile.
# CLI flag: -<prefix>.cos.trusted-profile-name
[trusted_profile_name: <string> | default = ""]

# ID of the trusted profile.
# CLI flag: -<prefix>.cos.trusted-profile-id
[trusted_profile_id: <string> | default = ""]

distributor

Configures the distributor.

ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -distributor.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -distributor.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: distributor.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: distributor.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -distributor.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -distributor.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to the secondary store.
      # CLI flag: -distributor.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing a value to the secondary store.
      # CLI flag: -distributor.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring.
  # CLI flag: -distributor.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 5s]

  # The heartbeat timeout after which distributors are considered unhealthy
  # within the ring. 0 = never (timeout disabled).
  # CLI flag: -distributor.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # Name of network interface to read address from.
  # CLI flag: -distributor.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

# Number of workers to push batches to ingesters.
# CLI flag: -distributor.push-worker-count
[push_worker_count: <int> | default = 256]

# The maximum size of a received message.
# CLI flag: -distributor.max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]

# The maximum size of a decompressed message. Defaults to 50x max-recv-msg-size.
# CLI flag: -distributor.max-decompressed-size
[max_decompressed_size: <int> | default = 5242880000]

rate_store:
  # The max number of concurrent requests to make to ingester stream apis
  # CLI flag: -distributor.rate-store.max-request-parallelism
  [max_request_parallelism: <int> | default = 200]

  # The interval on which distributors will update current stream rates from
  # ingesters
  # CLI flag: -distributor.rate-store.stream-rate-update-interval
  [stream_rate_update_interval: <duration> | default = 1s]

  # Timeout for communication between distributors and any given ingester when
  # updating rates
  # CLI flag: -distributor.rate-store.ingester-request-timeout
  [ingester_request_timeout: <duration> | default = 500ms]

  # If enabled, detailed logs and spans will be emitted.
  # CLI flag: -distributor.rate-store.debug
  [debug: <boolean> | default = false]

# Customize the logging of write failures.
write_failures_logging:
  # Log volume allowed (per second). Default: 1KB.
  # CLI flag: -distributor.write-failures-logging.rate
  [rate: <int> | default = 1KB]

  # Whether a insight=true key should be logged or not. Default: false.
  # CLI flag: -distributor.write-failures-logging.add-insights-label
  [add_insights_label: <boolean> | default = false]

otlp_config:
  # List of default otlp resource attributes to be picked as index labels
  # CLI flag: -distributor.otlp.default_resource_attributes_as_index_labels
  [default_resource_attributes_as_index_labels: <list of strings> | default = [service.name service.namespace service.instance.id deployment.environment deployment.environment.name cloud.region cloud.availability_zone k8s.cluster.name k8s.namespace.name k8s.pod.name k8s.container.name container.name k8s.replicaset.name k8s.deployment.name k8s.statefulset.name k8s.daemonset.name k8s.cronjob.name k8s.job.name]]

# Default policy stream mappings that are merged with per-tenant mappings.
[default_policy_stream_mappings: <map of string to list of PriorityStreams>]

# Enable writes to Kafka during Push requests.
# CLI flag: -distributor.kafka-writes-enabled
[kafka_writes_enabled: <boolean> | default = false]

# Enable writes to Ingesters during Push requests. Defaults to true.
# CLI flag: -distributor.ingester-writes-enabled
[ingester_writes_enabled: <boolean> | default = true]

# Enable checking limits against the ingest-limits service. Defaults to false.
# CLI flag: -distributor.ingest-limits-enabled
[ingest_limits_enabled: <boolean> | default = false]

# Enable dry-run mode where limits are checked the ingest-limits service, but
# not enforced. Defaults to false.
# CLI flag: -distributor.ingest-limits-dry-run-enabled
[ingest_limits_dry_run_enabled: <boolean> | default = false]

dataobj_tee:
  # Enable data object tee.
  # CLI flag: -distributor.dataobj-tee.enabled
  [enabled: <boolean> | default = false]

  # Topic for data object tee.
  # CLI flag: -distributor.dataobj-tee.topic
  [topic: <string> | default = ""]

  # Maximum number of bytes to buffer.
  # CLI flag: -distributor.dataobj-tee.max-buffered-bytes
  [max_buffered_bytes: <int> | default = 104857600]

  # The per-tenant partition rate (bytes/sec).
  # CLI flag: -distributor.dataobj-tee.per-partition-rate-bytes
  [per_partition_rate_bytes: <int> | default = 1048576]

  # Enables optional debug metrics.
  # CLI flag: -distributor.dataobj-tee.debug-metrics-enabled
  [debug_metrics_enabled: <boolean> | default = false]

  # Duration to accumulate rate updates before sending to limits frontend. Set
  # to 0 to disable batching.
  # CLI flag: -distributor.dataobj-tee.rate-batch-window
  [rate_batch_window: <duration> | default = 0s]

etcd

Configuration for an ETCD v3 client. Only applies if the selected kvstore is etcd. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage.ring
compactor.ring
dataobj-consumer
dataobj-consumer.partition-ring
distributor.ring
index-gateway.ring
ingest-limits
ingest-limits-frontend
ingester.partition-ring
pattern-ingester
query-scheduler.ring
ruler.ring
ui.ring

# The etcd endpoints to connect to.
# CLI flag: -<prefix>.etcd.endpoints
[endpoints: <list of strings> | default = []]

# The dial timeout for the etcd connection.
# CLI flag: -<prefix>.etcd.dial-timeout
[dial_timeout: <duration> | default = 10s]

# The maximum number of retries to do for failed ops.
# CLI flag: -<prefix>.etcd.max-retries
[max_retries: <int> | default = 10]

# Enable TLS.
# CLI flag: -<prefix>.etcd.tls-enabled
[tls_enabled: <boolean> | default = false]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: ui.ring.etcd
[<tls_config>]

# Etcd username.
# CLI flag: -<prefix>.etcd.username
[username: <string> | default = ""]

# Etcd password.
# CLI flag: -<prefix>.etcd.password
[password: <string> | default = ""]

frontend

The frontend block configures the Loki query-frontend.

# Log queries that are slower than the specified duration. Set to 0 to disable.
# Set to < 0 to enable on all queries.
# CLI flag: -frontend.log-queries-longer-than
[log_queries_longer_than: <duration> | default = 0s]

# Comma-separated list of request header names to include in query logs. Applies
# to both query stats and slow queries logs.
# CLI flag: -frontend.log-query-request-headers
[log_query_request_headers: <string> | default = ""]

# Max body size for downstream prometheus.
# CLI flag: -frontend.max-body-size
[max_body_size: <int> | default = 10485760]

# True to enable query statistics tracking. When enabled, a message with some
# statistics is logged for every query.
# CLI flag: -frontend.query-stats-enabled
[query_stats_enabled: <boolean> | default = false]

# Maximum number of outstanding requests per tenant per frontend; requests
# beyond this error with HTTP 429.
# CLI flag: -querier.max-outstanding-requests-per-tenant
[max_outstanding_per_tenant: <int> | default = 2048]

# In the event a tenant is repeatedly sending queries that lead the querier to
# crash or be killed due to an out-of-memory error, the crashed querier will be
# disconnected from the query frontend and a new querier will be immediately
# assigned to the tenant’s shard. This invalidates the assumption that shuffle
# sharding can be used to reduce the impact on tenants. This option mitigates
# the impact by configuring a delay between when a querier disconnects because
# of a crash and when the crashed querier is actually removed from the tenant's
# shard.
# CLI flag: -query-frontend.querier-forget-delay
[querier_forget_delay: <duration> | default = 0s]

# DNS hostname used for finding query-schedulers.
# CLI flag: -frontend.scheduler-address
[scheduler_address: <string> | default = ""]

# How often to resolve the scheduler-address, in order to look for new
# query-scheduler instances. Also used to determine how often to poll the
# scheduler-ring for addresses if the scheduler-ring is configured.
# CLI flag: -frontend.scheduler-dns-lookup-period
[scheduler_dns_lookup_period: <duration> | default = 10s]

# Number of concurrent workers forwarding queries to single query-scheduler.
# CLI flag: -frontend.scheduler-worker-concurrency
[scheduler_worker_concurrency: <int> | default = 5]

# The grpc_client block configures the gRPC client used to communicate between a
# client and server component in Loki.
# The CLI flags prefix for this block configuration is:
# frontend.grpc-client-config
[grpc_client_config: <grpc_client>]

# Time to wait for inflight requests to finish before forcefully shutting down.
# This needs to be aligned with the query timeout and the graceful termination
# period of the process orchestrator.
# CLI flag: -frontend.graceful-shutdown-timeout
[graceful_shutdown_timeout: <duration> | default = 5m]

# Name of network interface to read address from. This address is sent to
# query-scheduler and querier, which uses it to send the query response back to
# query-frontend.
# CLI flag: -frontend.instance-interface-names
[instance_interface_names: <list of strings> | default = [<private network interfaces>]]

# Enable using a IPv6 instance address (default false).
# CLI flag: -frontend.instance-enable-ipv6
[instance_enable_ipv6: <boolean> | default = false]

# Defines the encoding for requests to and responses from the scheduler and
# querier. Can be 'json' or 'protobuf' (defaults to 'json').
# CLI flag: -frontend.encoding
[encoding: <string> | default = "json"]

# Compress HTTP responses.
# CLI flag: -querier.compress-http-responses
[compress_responses: <boolean> | default = true]

# URL of downstream Loki.
# CLI flag: -frontend.downstream-url
[downstream_url: <string> | default = ""]

# URL of querier for tail proxy.
# CLI flag: -frontend.tail-proxy-url
[tail_proxy_url: <string> | default = ""]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: frontend.tail-tls-config
[tail_tls_config: <tls_config>]

# Support 'application/vnd.apache.parquet' content type in HTTP responses.
[support_parquet_encoding: <boolean>]

frontend_worker

The frontend_worker configures the worker - running within the Loki querier - picking up and executing queries enqueued by the query-frontend.

# Address of query frontend service, in host:port format. If
# -querier.scheduler-address is set as well, querier will use scheduler instead.
# Only one of -querier.frontend-address or -querier.scheduler-address can be
# set. If neither is set, queries are only received via HTTP endpoint.
# CLI flag: -querier.frontend-address
[frontend_address: <string> | default = ""]

# Hostname (and port) of scheduler that querier will periodically resolve,
# connect to and receive queries from. Only one of -querier.frontend-address or
# -querier.scheduler-address can be set. If neither is set, queries are only
# received via HTTP endpoint.
# CLI flag: -querier.scheduler-address
[scheduler_address: <string> | default = ""]

# How often to query DNS for query-frontend or query-scheduler address. Also
# used to determine how often to poll the scheduler-ring for addresses if the
# scheduler-ring is configured.
# CLI flag: -querier.dns-lookup-period
[dns_lookup_duration: <duration> | default = 3s]

# Querier ID, sent to frontend service to identify requests from the same
# querier. Defaults to hostname.
# CLI flag: -querier.id
[id: <string> | default = ""]

# Configures the querier gRPC client used to communicate with the
# query-frontend. This can't be used in conjunction with 'grpc_client_config'.
# The CLI flags prefix for this block configuration is:
# querier.frontend-grpc-client
[query_frontend_grpc_client: <grpc_client>]

# Configures the querier gRPC client used to communicate with the query-frontend
# and with the query-scheduler. This can't be used in conjunction with
# 'query_frontend_grpc_client' or 'query_scheduler_grpc_client'.
# The CLI flags prefix for this block configuration is: querier.frontend-client
[grpc_client_config: <grpc_client>]

# Configures the querier gRPC client used to communicate with the
# query-scheduler. This can't be used in conjunction with 'grpc_client_config'.
# The CLI flags prefix for this block configuration is:
# querier.scheduler-grpc-client
[query_scheduler_grpc_client: <grpc_client>]

gcs_storage_config

The gcs_storage_config block configures the connection to Google Cloud Storage object storage backend. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage
ruler.storage

# Name of GCS bucket. Please refer to
# https://cloud.google.com/docs/authentication/production for more information
# about how to configure authentication.
# CLI flag: -<prefix>.gcs.bucketname
[bucket_name: <string> | default = ""]

# Custom GCS endpoint URL.
# CLI flag: -<prefix>.gcs.endpoint
[endpoint: <string> | default = ""]

# Service account key content in JSON format, refer to
# https://cloud.google.com/iam/docs/creating-managing-service-account-keys for
# creation.
# CLI flag: -<prefix>.gcs.service-account
[service_account: <string> | default = ""]

# The size of the buffer that GCS client for each PUT request. 0 to disable
# buffering.
# CLI flag: -<prefix>.gcs.chunk-buffer-size
[chunk_buffer_size: <int> | default = 0]

# The duration after which the requests to GCS should be timed out.
# CLI flag: -<prefix>.gcs.request-timeout
[request_timeout: <duration> | default = 0s]

# Enable OpenCensus (OC) instrumentation for all requests.
# CLI flag: -<prefix>.gcs.enable-opencensus
[enable_opencensus: <boolean> | default = true]

# Enable HTTP2 connections.
# CLI flag: -<prefix>.gcs.enable-http2
[enable_http2: <boolean> | default = true]

# Enable automatic retries of failed idempotent requests.
# CLI flag: -<prefix>.gcs.enable-retries
[enable_retries: <boolean> | default = true]

grpc_client

The grpc_client block configures the gRPC client used to communicate between a client and server component in Loki. The supported CLI flags <prefix> used to reference this configuration block are:

bigtable
bloom-build.builder.grpc
bloom-gateway-client.grpc
boltdb.shipper.index-gateway-client.grpc
compactor.grpc-client
frontend.grpc-client-config
ingest-limits-frontend-client
ingest-limits-frontend.limits-client
ingester.client
pattern-ingester.client
querier.frontend-client
querier.frontend-grpc-client
querier.scheduler-grpc-client
query-scheduler.grpc-client-config
ruler.client
tsdb.shipper.index-gateway-client.grpc

# gRPC client max receive message size (bytes).
# CLI flag: -<prefix>.grpc-max-recv-msg-size
[max_recv_msg_size: <int> | default = 104857600]

# gRPC client max send message size (bytes).
# CLI flag: -<prefix>.grpc-max-send-msg-size
[max_send_msg_size: <int> | default = 104857600]

# Use compression when sending messages. Supported values are: 'gzip', 'snappy'
# and '' (disable compression)
# CLI flag: -<prefix>.grpc-compression
[grpc_compression: <string> | default = ""]

# Rate limit for gRPC client; 0 means disabled.
# CLI flag: -<prefix>.grpc-client-rate-limit
[rate_limit: <float> | default = 0]

# Rate limit burst for gRPC client.
# CLI flag: -<prefix>.grpc-client-rate-limit-burst
[rate_limit_burst: <int> | default = 0]

# Enable backoff and retry when we hit rate limits.
# CLI flag: -<prefix>.backoff-on-ratelimits
[backoff_on_ratelimits: <boolean> | default = false]

backoff_config:
  # Minimum delay when backing off.
  # CLI flag: -<prefix>.backoff-min-period
  [min_period: <duration> | default = 100ms]

  # Maximum delay when backing off.
  # CLI flag: -<prefix>.backoff-max-period
  [max_period: <duration> | default = 10s]

  # Number of times to backoff and retry before failing.
  # CLI flag: -<prefix>.backoff-retries
  [max_retries: <int> | default = 10]

# Initial stream window size. Values less than the default are not supported and
# are ignored. Setting this to a value other than the default disables the BDP
# estimator.
# CLI flag: -<prefix>.initial-stream-window-size
[initial_stream_window_size: <int> | default = 63KiB1023B]

# Initial connection window size. Values less than the default are not supported
# and are ignored. Setting this to a value other than the default disables the
# BDP estimator.
# CLI flag: -<prefix>.initial-connection-window-size
[initial_connection_window_size: <int> | default = 63KiB1023B]

# Enable TLS in the gRPC client. This flag needs to be enabled when any other
# TLS flag is set. If set to false, insecure connection to gRPC server will be
# used.
# CLI flag: -<prefix>.tls-enabled
[tls_enabled: <boolean> | default = false]

# The TLS configuration.
# The CLI flags prefix for this block configuration is:
# tsdb.shipper.index-gateway-client.grpc
[<tls_config>]

# The maximum amount of time to establish a connection. A value of 0 means
# default gRPC client connect timeout and backoff.
# CLI flag: -<prefix>.connect-timeout
[connect_timeout: <duration> | default = 5s]

# Initial backoff delay after first connection failure. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -<prefix>.connect-backoff-base-delay
[connect_backoff_base_delay: <duration> | default = 1s]

# Maximum backoff delay when establishing a connection. Only relevant if
# ConnectTimeout > 0.
# CLI flag: -<prefix>.connect-backoff-max-delay
[connect_backoff_max_delay: <duration> | default = 5s]

cluster_validation:
  # Primary cluster validation label.
  # CLI flag: -<prefix>.cluster-validation.label
  [label: <string> | default = ""]

index_gateway

The index_gateway block configures the Loki index gateway server, responsible for serving index queries without the need to constantly interact with the object store.

# Defines in which mode the index gateway server will operate (default to
# 'simple'). It supports two modes:
# - 'simple': an index gateway server instance is responsible for handling,
# storing and returning requests for all indices for all tenants.
# - 'ring': an index gateway server instance is responsible for a subset of
# tenants instead of all tenants.
# CLI flag: -index-gateway.mode
[mode: <string> | default = "simple"]

# Defines the ring to be used by the index gateway servers and clients in case
# the servers are configured to run in 'ring' mode. In case this isn't
# configured, this block supports inheriting configuration from the common ring
# section.
ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -index-gateway.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -index-gateway.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: index-gateway.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: index-gateway.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -index-gateway.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -index-gateway.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to the secondary store.
      # CLI flag: -index-gateway.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing a value to the secondary store.
      # CLI flag: -index-gateway.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring.
  # CLI flag: -index-gateway.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -index-gateway.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -index-gateway.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -index-gateway.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Deprecated: How many index gateway instances are assigned to each tenant.
  # Use -index-gateway.shard-size instead. The shard size is also a per-tenant
  # setting.
  # CLI flag: -replication-factor
  [replication_factor: <int> | default = 3]

  # Instance ID to register in the ring.
  # CLI flag: -index-gateway.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -index-gateway.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -index-gateway.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -index-gateway.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -index-gateway.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -index-gateway.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

ingester

The ingester block configures the ingester and how the ingester will register itself to a key value store.

# Configures how the lifecycle of the ingester will operate and where it will
# register for discovery.
lifecycler:
  ring:
    kvstore:
      # Backend storage to use for the ring. Supported values are: consul, etcd,
      # inmemory, memberlist, multi.
      # CLI flag: -ring.store
      [store: <string> | default = "consul"]

      # The prefix for the keys in the store. Should end with a /.
      # CLI flag: -ring.prefix
      [prefix: <string> | default = "collectors/"]

      # Configuration for a Consul client. Only applies if the selected kvstore
      # is consul.
      [consul: <consul>]

      # Configuration for an ETCD v3 client. Only applies if the selected
      # kvstore is etcd.
      [etcd: <etcd>]

      multi:
        # Primary backend storage used by multi-client.
        # CLI flag: -multi.primary
        [primary: <string> | default = ""]

        # Secondary backend storage used by multi-client.
        # CLI flag: -multi.secondary
        [secondary: <string> | default = ""]

        # Mirror writes to the secondary store.
        # CLI flag: -multi.mirror-enabled
        [mirror_enabled: <boolean> | default = false]

        # Timeout for storing a value to the secondary store.
        # CLI flag: -multi.mirror-timeout
        [mirror_timeout: <duration> | default = 2s]

    # The heartbeat timeout after which ingesters are skipped for reads/writes.
    # CLI flag: -ring.heartbeat-timeout
    [heartbeat_timeout: <duration> | default = 1m]

    # The number of ingesters to write to and read from.
    # CLI flag: -distributor.replication-factor
    [replication_factor: <int> | default = 3]

    # True to enable the zone-awareness and replicate ingested samples across
    # different availability zones.
    # CLI flag: -distributor.zone-awareness-enabled
    [zone_awareness_enabled: <boolean> | default = false]

    # Comma-separated list of zones to exclude from the ring. Instances in
    # excluded zones will be filtered out from the ring.
    # CLI flag: -distributor.excluded-zones
    [excluded_zones: <string> | default = ""]

  # Number of tokens for each ingester.
  # CLI flag: -ingester.num-tokens
  [num_tokens: <int> | default = 128]

  # Period at which to heartbeat to consul.
  # CLI flag: -ingester.heartbeat-period
  [heartbeat_period: <duration> | default = 5s]

  # Heartbeat timeout after which instance is assumed to be unhealthy.
  # CLI flag: -ingester.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # Observe tokens after generating to resolve collisions. Useful when using
  # gossiping ring.
  # CLI flag: -ingester.observe-period
  [observe_period: <duration> | default = 0s]

  # Period to wait for a claim from another member; will join automatically
  # after this.
  # CLI flag: -ingester.join-after
  [join_after: <duration> | default = 0s]

  # Minimum duration to wait after the internal readiness checks have passed but
  # before succeeding the readiness endpoint. This is used to slowdown
  # deployment controllers (eg. Kubernetes) after an instance is ready and
  # before they proceed with a rolling update, to give the rest of the cluster
  # instances enough time to receive ring updates.
  # CLI flag: -ingester.min-ready-duration
  [min_ready_duration: <duration> | default = 15s]

  # Name of network interface to read address from.
  # CLI flag: -ingester.lifecycler.interface
  [interface_names: <list of strings> | default = [<private network interfaces>]]

  # Enable IPv6 support. Required to make use of IP addresses from IPv6
  # interfaces.
  # CLI flag: -ingester.enable-inet6
  [enable_inet6: <boolean> | default = false]

  # Duration to sleep for before exiting, to ensure metrics are scraped.
  # CLI flag: -ingester.final-sleep
  [final_sleep: <duration> | default = 0s]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -ingester.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # The availability zone where this instance is running.
  # CLI flag: -ingester.availability-zone
  [availability_zone: <string> | default = ""]

  # Unregister from the ring upon clean shutdown. It can be useful to disable
  # for rolling restarts with consistent naming in conjunction with
  # -distributor.extend-writes=false.
  # CLI flag: -ingester.unregister-on-shutdown
  [unregister_on_shutdown: <boolean> | default = true]

  # When enabled the readiness probe succeeds only after all instances are
  # ACTIVE and healthy in the ring, otherwise only the instance itself is
  # checked. This option should be disabled if in your cluster multiple
  # instances can be rolled out simultaneously, otherwise rolling updates may be
  # slowed down.
  # CLI flag: -ingester.readiness-check-ring-health
  [readiness_check_ring_health: <boolean> | default = true]

  # IP address to advertise in the ring.
  # CLI flag: -ingester.lifecycler.addr
  [address: <string> | default = ""]

  # port to advertise in consul (defaults to server.grpc-listen-port).
  # CLI flag: -ingester.lifecycler.port
  [port: <int> | default = 0]

  # ID to register in the ring.
  # CLI flag: -ingester.lifecycler.ID
  [id: <string> | default = "<hostname>"]

# How many flushes can happen concurrently from each stream.
# CLI flag: -ingester.concurrent-flushes
[concurrent_flushes: <int> | default = 32]

# How often should the ingester see if there are any blocks to flush. The first
# flush check is delayed by a random time up to 0.8x the flush check period.
# Additionally, there is +/- 1% jitter added to the interval.
# CLI flag: -ingester.flush-check-period
[flush_check_period: <duration> | default = 30s]

flush_op_backoff:
  # Minimum backoff period when a flush fails. Each concurrent flush has its own
  # backoff, see `ingester.concurrent-flushes`.
  # CLI flag: -ingester.flush-op-backoff-min-period
  [min_period: <duration> | default = 10s]

  # Maximum backoff period when a flush fails. Each concurrent flush has its own
  # backoff, see `ingester.concurrent-flushes`.
  # CLI flag: -ingester.flush-op-backoff-max-period
  [max_period: <duration> | default = 1m]

  # Maximum retries for failed flushes.
  # CLI flag: -ingester.flush-op-backoff-retries
  [max_retries: <int> | default = 10]

# The timeout for an individual flush. Will be retried up to
# `flush-op-backoff-retries` times.
# CLI flag: -ingester.flush-op-timeout
[flush_op_timeout: <duration> | default = 10m]

# How long chunks should be retained in-memory after they've been flushed.
# CLI flag: -ingester.chunks-retain-period
[chunk_retain_period: <duration> | default = 0s]

# How long chunks should sit in-memory with no updates before being flushed if
# they don't hit the max block size. This means that half-empty chunks will
# still be flushed after a certain period as long as they receive no further
# activity.
# CLI flag: -ingester.chunks-idle-period
[chunk_idle_period: <duration> | default = 30m]

# The targeted _uncompressed_ size in bytes of a chunk block When this threshold
# is exceeded the head block will be cut and compressed inside the chunk.
# CLI flag: -ingester.chunks-block-size
[chunk_block_size: <int> | default = 262144]

# A target _compressed_ size in bytes for chunks. This is a desired size not an
# exact size, chunks may be slightly bigger or significantly smaller if they get
# flushed for other reasons (e.g. chunk_idle_period). A value of 0 creates
# chunks with a fixed 10 blocks, a non zero value will create chunks with a
# variable number of blocks to meet the target size.
# CLI flag: -ingester.chunk-target-size
[chunk_target_size: <int> | default = 1572864]

# The algorithm to use for compressing chunk. (none, gzip, lz4-64k, snappy,
# lz4-256k, lz4-1M, lz4, flate, zstd)
# CLI flag: -ingester.chunk-encoding
[chunk_encoding: <string> | default = "gzip"]

# The maximum duration of a timeseries chunk in memory. If a timeseries runs for
# longer than this, the current chunk will be flushed to the store and a new
# chunk created.
# CLI flag: -ingester.max-chunk-age
[max_chunk_age: <duration> | default = 2h]

# Forget about ingesters having heartbeat timestamps older than
# `ring.kvstore.heartbeat_timeout`. This is equivalent to clicking on the
# `/ring` `forget` button in the UI: the ingester is removed from the ring. This
# is a useful setting when you are sure that an unhealthy node won't return. An
# example is when not using stateful sets or the equivalent. Use
# `memberlist.rejoin_interval` > 0 to handle network partition cases when using
# a memberlist.
# CLI flag: -ingester.autoforget-unhealthy
[autoforget_unhealthy: <boolean> | default = false]

# Parameters used to synchronize ingesters to cut chunks at the same moment.
# Sync period is used to roll over incoming entry to a new chunk. If chunk's
# utilization isn't high enough (eg. less than 50% when sync_min_utilization is
# set to 0.5), then this chunk rollover doesn't happen.
# CLI flag: -ingester.sync-period
[sync_period: <duration> | default = 1h]

# Minimum utilization of chunk when doing synchronization.
# CLI flag: -ingester.sync-min-utilization
[sync_min_utilization: <float> | default = 0.1]

# The maximum number of errors a stream will report to the user when a push
# fails. 0 to make unlimited.
# CLI flag: -ingester.max-ignored-stream-errors
[max_returned_stream_errors: <int> | default = 10]

# How far back should an ingester be allowed to query the store for data, for
# use only with boltdb-shipper/tsdb index and filesystem object store. -1 for
# infinite.
# CLI flag: -ingester.query-store-max-look-back-period
[query_store_max_look_back_period: <duration> | default = 0s]

# The ingester WAL (Write Ahead Log) records incoming logs and stores them on
# the local file systems in order to guarantee persistence of acknowledged data
# in the event of a process crash.
wal:
  # Enable writing of ingested data into WAL.
  # CLI flag: -ingester.wal-enabled
  [enabled: <boolean> | default = true]

  # Directory where the WAL data is stored and/or recovered from.
  # CLI flag: -ingester.wal-dir
  [dir: <string> | default = "wal"]

  # Interval at which checkpoints should be created.
  # CLI flag: -ingester.checkpoint-duration
  [checkpoint_duration: <duration> | default = 5m]

  # When WAL is enabled, should chunks be flushed to long-term storage on
  # shutdown.
  # CLI flag: -ingester.flush-on-shutdown
  [flush_on_shutdown: <boolean> | default = false]

  # Maximum memory size the WAL may use during replay. After hitting this, it
  # will flush data to storage before continuing. A unit suffix (KB, MB, GB) may
  # be applied.
  # CLI flag: -ingester.wal-replay-memory-ceiling
  [replay_memory_ceiling: <int> | default = 4GB]

  # Threshold for disk usage (0.0 to 1.0) at which the WAL will throttle
  # incoming writes. Set to 0 to disable throttling.
  # CLI flag: -ingester.wal-disk-full-threshold
  [disk_full_threshold: <float> | default = 0.9]

# Shard factor used in the ingesters for the in process reverse index. This MUST
# be evenly divisible by ALL schema shard factors or Loki will not start.
# CLI flag: -ingester.index-shards
[index_shards: <int> | default = 32]

# Maximum number of dropped streams to keep in memory during tailing.
# CLI flag: -ingester.tailer.max-dropped-streams
[max_dropped_streams: <int> | default = 10]

# Path where the shutdown marker file is stored. If not set and
# common.path_prefix is set then common.path_prefix will be used.
# CLI flag: -ingester.shutdown-marker-path
[shutdown_marker_path: <string> | default = ""]

# Interval at which the ingester ownedStreamService checks for changes in the
# ring to recalculate owned streams.
# CLI flag: -ingester.owned-streams-check-interval
[owned_streams_check_interval: <duration> | default = 30s]

# When enabled, the ingester skips stream count limit checks, delegating them
# entirely to the ingest-limits service (Thor). Requires ingest-limits service
# to be enabled.
# CLI flag: -ingester.delegate-stream-limits-enabled
[delegate_stream_limits_enabled: <boolean> | default = false]

kafka_ingestion:
  # Whether the kafka ingester is enabled.
  # CLI flag: -ingester.kafka-ingestion-enabled
  [enabled: <boolean> | default = false]

  partition_ring:
    # The key-value store used to share the hash ring across multiple instances.
    # This option needs be set on ingesters, distributors, queriers, and rulers
    # when running in microservices mode.
    kvstore:
      # Backend storage to use for the ring. Supported values are: consul, etcd,
      # inmemory, memberlist, multi.
      # CLI flag: -ingester.partition-ring.store
      [store: <string> | default = "memberlist"]

      # The prefix for the keys in the store. Should end with a /.
      # CLI flag: -ingester.partition-ring.prefix
      [prefix: <string> | default = "collectors/"]

      # Configuration for a Consul client. Only applies if the selected kvstore
      # is consul.
      # The CLI flags prefix for this block configuration is:
      # ingester.partition-ring
      [consul: <consul>]

      # Configuration for an ETCD v3 client. Only applies if the selected
      # kvstore is etcd.
      # The CLI flags prefix for this block configuration is:
      # ingester.partition-ring
      [etcd: <etcd>]

      multi:
        # Primary backend storage used by multi-client.
        # CLI flag: -ingester.partition-ring.multi.primary
        [primary: <string> | default = ""]

        # Secondary backend storage used by multi-client.
        # CLI flag: -ingester.partition-ring.multi.secondary
        [secondary: <string> | default = ""]

        # Mirror writes to the secondary store.
        # CLI flag: -ingester.partition-ring.multi.mirror-enabled
        [mirror_enabled: <boolean> | default = false]

        # Timeout for storing a value to the secondary store.
        # CLI flag: -ingester.partition-ring.multi.mirror-timeout
        [mirror_timeout: <duration> | default = 2s]

    # Minimum number of owners to wait before a PENDING partition gets switched
    # to ACTIVE.
    # CLI flag: -ingester.partition-ring.min-partition-owners-count
    [min_partition_owners_count: <int> | default = 1]

    # How long the minimum number of owners are enforced before a PENDING
    # partition gets switched to ACTIVE.
    # CLI flag: -ingester.partition-ring.min-partition-owners-duration
    [min_partition_owners_duration: <duration> | default = 10s]

    # How long to wait before an INACTIVE partition is eligible for deletion.
    # The partition is deleted only if it has been in INACTIVE state for at
    # least the configured duration and it has no owners registered. A value of
    # 0 disables partitions deletion.
    # CLI flag: -ingester.partition-ring.delete-inactive-partition-after
    [delete_inactive_partition_after: <duration> | default = 13h]

    # Experimental: The size of the cache used for shuffle sharding. If zero or
    # negative, an unbounded cache is used. If positive, an LRU cache with the
    # specified size is used.
    # CLI flag: -ingester.partition-ring.shuffle-shard-cache-size
    [shuffle_shard_cache_size: <int> | default = 0]

ingester_client

The ingester_client block configures how the distributor will connect to ingesters. Only appropriate when running all components, the distributor, or the querier.

# Configures how connections are pooled.
pool_config:
  # How frequently to clean up clients for ingesters that have gone away.
  # CLI flag: -distributor.client-cleanup-period
  [client_cleanup_period: <duration> | default = 15s]

  # Run a health check on each ingester client during periodic cleanup.
  # CLI flag: -distributor.health-check-ingesters
  [health_check_ingesters: <boolean> | default = true]

  # How quickly a dead client will be removed after it has been detected to
  # disappear. Set this to a value to allow time for a secondary health check to
  # recover the missing client.
  # CLI flag: -ingester.client.healthcheck-timeout
  [remote_timeout: <duration> | default = 1s]

# The remote request timeout on the client side.
# CLI flag: -ingester.client.timeout
[remote_timeout: <duration> | default = 5s]

# Configures how the gRPC connection to ingesters work as a client.
# The CLI flags prefix for this block configuration is: ingester.client
[grpc_client_config: <grpc_client>]

limits_config

The limits_config block configures global and per-tenant limits in Loki. The values here can be overridden in the overrides section of the runtime_config file

# Whether the ingestion rate limit should be applied individually to each
# distributor instance (local), or evenly shared across the cluster (global).
# The ingestion rate strategy cannot be overridden on a per-tenant basis.
# - local: enforces the limit on a per distributor basis. The actual effective
# rate limit will be N times higher, where N is the number of distributor
# replicas.
# - global: enforces the limit globally, configuring a per-distributor local
# rate limiter as 'ingestion_rate / N', where N is the number of distributor
# replicas (it's automatically adjusted if the number of replicas change). The
# global strategy requires the distributors to form their own ring, which is
# used to keep track of the current number of healthy distributor replicas.
# CLI flag: -distributor.ingestion-rate-limit-strategy
[ingestion_rate_strategy: <string> | default = "global"]

# Per-user ingestion rate limit in sample size per second. Sample size includes
# size of the logs line and the size of structured metadata labels. Units in MB.
# CLI flag: -distributor.ingestion-rate-limit-mb
[ingestion_rate_mb: <float> | default = 4]

# Per-user allowed ingestion burst size (in sample size). Units in MB. The burst
# size refers to the per-distributor local rate limiter even in the case of the
# 'global' strategy, and should be set at least to the maximum logs size
# expected in a single push request.
# CLI flag: -distributor.ingestion-burst-size-mb
[ingestion_burst_size_mb: <float> | default = 6]

# Maximum length accepted for label names.
# CLI flag: -validation.max-length-label-name
[max_label_name_length: <int> | default = 1024]

# Maximum length accepted for label value. This setting also applies to the
# metric name.
# CLI flag: -validation.max-length-label-value
[max_label_value_length: <int> | default = 2048]

# Maximum number of label names per series.
# CLI flag: -validation.max-label-names-per-series
[max_label_names_per_series: <int> | default = 15]

# Whether or not old samples will be rejected.
# CLI flag: -validation.reject-old-samples
[reject_old_samples: <boolean> | default = true]

# Maximum accepted sample age before rejecting.
# CLI flag: -validation.reject-old-samples.max-age
[reject_old_samples_max_age: <duration> | default = 1w]

# Duration which table will be created/deleted before/after it's needed; we
# won't accept sample from before this time.
# CLI flag: -validation.create-grace-period
[creation_grace_period: <duration> | default = 10m]

# Maximum line size on ingestion path. Example: 256kb. Any log line exceeding
# this limit will be discarded unless `distributor.max-line-size-truncate` is
# set, in which case it is truncated rather than discarded completely. There is
# no limit when set to 0.
# CLI flag: -distributor.max-line-size
[max_line_size: <int> | default = 256KB]

# Whether to truncate lines that exceed max_line_size.
# CLI flag: -distributor.max-line-size-truncate
[max_line_size_truncate: <boolean> | default = false]

# Identifier that is added at the end of a truncated log line.
# CLI flag: -distributor.max-line-size-truncate-identifier
[max_line_size_truncate_identifier: <string> | default = ""]

# Alter the log line timestamp during ingestion when the timestamp is the same
# as the previous entry for the same stream. When enabled, if a log line in a
# push request has the same timestamp as the previous line for the same stream,
# one nanosecond is added to the log line. This will preserve the received order
# of log lines with the exact same timestamp when they are queried, by slightly
# altering their stored timestamp. NOTE: This is imperfect, because Loki accepts
# out of order writes, and another push request for the same stream could
# contain duplicate timestamps to existing entries and they will not be
# incremented.
# CLI flag: -validation.increment-duplicate-timestamps
[increment_duplicate_timestamp: <boolean> | default = false]

# Simulated latency to add to push requests. Used for testing. Set to 0s to
# disable.
# CLI flag: -limits.simulated-push-latency
[simulated_push_latency: <duration> | default = 0s]

# Enable experimental support for running multiple query variants over the same
# underlying data. For example, running both a rate() and count_over_time()
# query over the same range selector.
# CLI flag: -limits.enable-multi-variant-queries
[enable_multi_variant_queries: <boolean> | default = false]

# Experimental: Detect fields from stream labels, structured metadata, or
# json/logfmt formatted log line and put them into structured metadata of the
# log entry.
discover_generic_fields:
  [fields: <map of string to list of strings>]

# If no service_name label exists, Loki maps a single label from the configured
# list to service_name. If none of the configured labels exist in the stream,
# label is set to unknown_service. Empty list disables setting the label.
# CLI flag: -validation.discover-service-name
[discover_service_name: <list of strings> | default = [service app application app_name name app_kubernetes_io_name container container_name k8s_container_name component workload job k8s_job_name]]

# Discover and add log levels during ingestion, if not present already. Levels
# would be added to Structured Metadata with name
# level/LEVEL/Level/Severity/severity/SEVERITY/lvl/LVL/Lvl (case-sensitive) and
# one of the values from 'trace', 'debug', 'info', 'warn', 'error', 'critical',
# 'fatal' (case insensitive).
# CLI flag: -validation.discover-log-levels
[discover_log_levels: <boolean> | default = true]

# Field name to use for log levels. If not set, log level would be detected
# based on pre-defined labels as mentioned above.
# CLI flag: -validation.log-level-fields
[log_level_fields: <list of strings> | default = [level LEVEL Level log.level severity SEVERITY Severity SeverityText lvl LVL Lvl severity_text Severity_Text SEVERITY_TEXT]]

# Maximum depth to search for log level fields in JSON logs. A value of 0 or
# less means unlimited depth. Default is 2 which searches the first 2 levels of
# the JSON object.
# CLI flag: -validation.log-level-from-json-max-depth
[log_level_from_json_max_depth: <int> | default = 2]

# When true an ingester takes into account only the streams that it owns
# according to the ring while applying the stream limit.
# CLI flag: -ingester.use-owned-stream-count
[use_owned_stream_count: <boolean> | default = false]

# Maximum number of active streams per user, per ingester. 0 to disable.
# CLI flag: -ingester.max-streams-per-user
[max_streams_per_user: <int> | default = 0]

# Maximum number of active streams per user, across the cluster. 0 to disable.
# When the global limit is enabled, each ingester is configured with a dynamic
# local limit based on the replication factor and the current number of healthy
# ingesters, and is kept updated whenever the number of ingesters change.
# CLI flag: -ingester.max-global-streams-per-user
[max_global_streams_per_user: <int> | default = 5000]

# Deprecated. When true, out-of-order writes are accepted.
# CLI flag: -ingester.unordered-writes
[unordered_writes: <boolean> | default = true]

# Maximum byte rate per second per stream, also expressible in human readable
# forms (1MB, 256KB, etc).
# CLI flag: -ingester.per-stream-rate-limit
[per_stream_rate_limit: <int> | default = 3MB]

# Maximum burst bytes per stream, also expressible in human readable forms (1MB,
# 256KB, etc). This is how far above the rate limit a stream can 'burst' before
# the stream is limited.
# CLI flag: -ingester.per-stream-rate-limit-burst
[per_stream_rate_limit_burst: <int> | default = 15MB]

# Maximum number of chunks that can be fetched in a single query.
# CLI flag: -store.query-chunk-limit
[max_chunks_per_query: <int> | default = 2000000]

# Limit the maximum of unique series that is returned by a metric query. When
# the limit is reached an error is returned.
# CLI flag: -querier.max-query-series
[max_query_series: <int> | default = 500]

# Limit how far back in time series data and metadata can be queried, up until
# lookback duration ago. This limit is enforced in the query frontend, the
# querier and the ruler. If the requested time range is outside the allowed
# range, the request will not fail, but will be modified to only query data
# within the allowed time range. The default value of 0 does not set a limit.
# CLI flag: -querier.max-query-lookback
[max_query_lookback: <duration> | default = 0s]

# The limit to length of chunk store queries. 0 to disable.
# CLI flag: -store.max-query-length
[max_query_length: <duration> | default = 30d1h]

# Limit the length of the [range] inside a range query. Default is 0 or
# unlimited
# CLI flag: -querier.max-query-range
[max_query_range: <duration> | default = 0s]

# Maximum number of queries that will be scheduled in parallel by the frontend.
# CLI flag: -querier.max-query-parallelism
[max_query_parallelism: <int> | default = 32]

# Maximum number of queries will be scheduled in parallel by the frontend for
# TSDB schemas.
# CLI flag: -querier.tsdb-max-query-parallelism
[tsdb_max_query_parallelism: <int> | default = 128]

# Target maximum number of bytes assigned to a single sharded query. Also
# expressible in human readable forms (1GB, etc). Note: This is a _target_ and
# not an absolute limit. The actual limit can be higher, but the query planner
# will try to build shards up to this limit.
# CLI flag: -querier.tsdb-max-bytes-per-shard
[tsdb_max_bytes_per_shard: <int> | default = 600MB]

# sharding strategy to use in query planning. Suggested to use bounded once all
# nodes can recognize it.
# CLI flag: -limits.tsdb-sharding-strategy
[tsdb_sharding_strategy: <string> | default = "power_of_two"]

# Precompute chunks for TSDB queries. This can improve query performance at the
# cost of increased memory usage by computing chunks once during planning,
# reducing index calls.
# CLI flag: -querier.tsdb-precompute-chunks
[tsdb_precompute_chunks: <boolean> | default = false]

# Cardinality limit for index queries.
# CLI flag: -store.cardinality-limit
[cardinality_limit: <int> | default = 100000]

# Maximum number of stream matchers per query.
# CLI flag: -querier.max-streams-matcher-per-query
[max_streams_matchers_per_query: <int> | default = 1000]

# Maximum number of concurrent tail requests.
# CLI flag: -querier.max-concurrent-tail-requests
[max_concurrent_tail_requests: <int> | default = 10]

# Maximum number of log entries that will be returned for a query.
# CLI flag: -validation.max-entries-limit
[max_entries_limit_per_query: <int> | default = 5000]

# Most recent allowed cacheable result per-tenant, to prevent caching very
# recent results that might still be in flux.
# CLI flag: -frontend.max-cache-freshness
[max_cache_freshness_per_query: <duration> | default = 10m]

# Do not cache metadata request if the end time is within the
# frontend.max-metadata-cache-freshness window. Set this to 0 to apply no such
# limits. Defaults to 24h.
# CLI flag: -frontend.max-metadata-cache-freshness
[max_metadata_cache_freshness: <duration> | default = 1d]

# Do not cache requests with an end time that falls within Now minus this
# duration. 0 disables this feature (default).
# CLI flag: -frontend.max-stats-cache-freshness
[max_stats_cache_freshness: <duration> | default = 10m]

# Maximum number of queriers that can handle requests for a single tenant. If
# set to 0 or value higher than number of available queriers, *all* queriers
# will handle requests for the tenant. Each frontend (or query-scheduler, if
# used) will select the same set of queriers for the same tenant (given that all
# queriers are connected to all frontends / query-schedulers). This option only
# works with queriers connecting to the query-frontend / query-scheduler, not
# when using downstream URL.
# CLI flag: -frontend.max-queriers-per-tenant
[max_queriers_per_tenant: <int> | default = 0]

# How much of the available query capacity ("querier" components in distributed
# mode, "read" components in SSD mode) can be used by a single tenant. Allowed
# values are 0.0 to 1.0. For example, setting this to 0.5 would allow a tenant
# to use half of the available queriers for processing the query workload. If
# set to 0, query capacity is determined by frontend.max-queriers-per-tenant.
# When both frontend.max-queriers-per-tenant and frontend.max-query-capacity are
# configured, smaller value of the resulting querier replica count is
# considered: min(frontend.max-queriers-per-tenant, ceil(querier_replicas *
# frontend.max-query-capacity)). *All* queriers will handle requests for the
# tenant if neither limits are applied. This option only works with queriers
# connecting to the query-frontend / query-scheduler, not when using downstream
# URL. Use this feature in a multi-tenant setup where you need to limit query
# capacity for certain tenants.
# CLI flag: -frontend.max-query-capacity
[max_query_capacity: <float> | default = 0]

# Number of days of index to be kept always downloaded for queries. Applies only
# to per user index in boltdb-shipper index store. 0 to disable.
# CLI flag: -store.query-ready-index-num-days
[query_ready_index_num_days: <int> | default = 0]

# Timeout when querying backends (ingesters or storage) during the execution of
# a query request. When a specific per-tenant timeout is used, the global
# timeout is ignored.
# CLI flag: -querier.query-timeout
[query_timeout: <duration> | default = 1m]

# Split queries by a time interval and execute in parallel. The value 0 disables
# splitting by time. This also determines how cache keys are chosen when result
# caching is enabled.
# CLI flag: -querier.split-queries-by-interval
[split_queries_by_interval: <duration> | default = 1h]

# Split metadata queries by a time interval and execute in parallel. The value 0
# disables splitting metadata queries by time. This also determines how cache
# keys are chosen when label/series result caching is enabled.
# CLI flag: -querier.split-metadata-queries-by-interval
[split_metadata_queries_by_interval: <duration> | default = 1d]

# Experimental. Split interval to use for the portion of metadata request that
# falls within `recent_metadata_query_window`. Rest of the request which is
# outside the window still uses `split_metadata_queries_by_interval`. If set to
# 0, the entire request defaults to using a split interval of
# `split_metadata_queries_by_interval.`.
# CLI flag: -experimental.querier.split-recent-metadata-queries-by-interval
[split_recent_metadata_queries_by_interval: <duration> | default = 1h]

# Experimental. Metadata query window inside which
# `split_recent_metadata_queries_by_interval` gets applied, portion of the
# metadata request that falls in this window is split using
# `split_recent_metadata_queries_by_interval`. The value 0 disables using a
# different split interval for recent metadata queries.
# 
# This is added to improve cacheability of recent metadata queries. Query split
# interval also determines the interval used in cache key. The default split
# interval of 24h is useful for caching long queries, each cache key holding 1
# day's results. But metadata queries are often shorter than 24h, to cache them
# effectively we need a smaller split interval. `recent_metadata_query_window`
# along with `split_recent_metadata_queries_by_interval` help configure a
# shorter split interval for recent metadata queries.
# CLI flag: -experimental.querier.recent-metadata-query-window
[recent_metadata_query_window: <duration> | default = 0s]

# Split instant metric queries by a time interval and execute in parallel. The
# value 0 disables splitting instant metric queries by time. This also
# determines how cache keys are chosen when instant metric query result caching
# is enabled.
# CLI flag: -querier.split-instant-metric-queries-by-interval
[split_instant_metric_queries_by_interval: <duration> | default = 1h]

# Time bucket interval used for cache key generation in the Thor (V2) query
# engine. Queries starting within the same bucket share the same cache key.
# CLI flag: -querier.engine-results-cache-time-bucket-interval
[engine_results_cache_time_bucket_interval: <duration> | default = 1d]

# Interval to use for time-based splitting when a request is within the
# `query_ingesters_within` window; defaults to `split-queries-by-interval` by
# setting to 0.
# CLI flag: -querier.split-ingester-queries-by-interval
[split_ingester_queries_by_interval: <duration> | default = 0s]

# Limit queries that can be sharded. Queries within the time range of now and
# now minus this sharding lookback are not sharded. The default value of 0s
# disables the lookback, causing sharding of all queries at all times.
# CLI flag: -frontend.min-sharding-lookback
[min_sharding_lookback: <duration> | default = 0s]

# Max number of bytes a query can fetch. Enforced in log and metric queries only
# when TSDB is used. This limit is not enforced on log queries without filters.
# The default value of 0 disables this limit.
# CLI flag: -frontend.max-query-bytes-read
[max_query_bytes_read: <int> | default = 0B]

# Max number of bytes a query can fetch after splitting and sharding. Enforced
# in log and metric queries only when TSDB is used. This limit is not enforced
# on log queries without filters. The default value of 0 disables this limit.
# CLI flag: -frontend.max-querier-bytes-read
[max_querier_bytes_read: <int> | default = 150GB]

# Enable log-volume endpoints.
# CLI flag: -limits.volume-enabled
[volume_enabled: <boolean> | default = true]

# The maximum number of aggregated series in a log-volume response
# CLI flag: -limits.volume-max-series
[volume_max_series: <int> | default = 1000]

# Maximum number of rules per rule group per-tenant. 0 to disable.
# CLI flag: -ruler.max-rules-per-rule-group
[ruler_max_rules_per_rule_group: <int> | default = 0]

# Maximum number of rule groups per-tenant. 0 to disable.
# CLI flag: -ruler.max-rule-groups-per-tenant
[ruler_max_rule_groups_per_tenant: <int> | default = 0]

# The default tenant's shard size when shuffle-sharding is enabled in the ruler.
# When this setting is specified in the per-tenant overrides, a value of 0
# disables shuffle sharding for the tenant.
# CLI flag: -ruler.tenant-shard-size
[ruler_tenant_shard_size: <int> | default = 0]

# Enable WAL replay on ruler startup. Disabling this can reduce memory usage on
# startup at the cost of not recovering in-memory WAL metrics on restart.
# CLI flag: -ruler.enable-wal-replay
[ruler_enable_wal_replay: <boolean> | default = true]

# Disable recording rules remote-write.
[ruler_remote_write_disabled: <boolean>]

# Deprecated: Use 'ruler_remote_write_config' instead. The URL of the endpoint
# to send samples to.
[ruler_remote_write_url: <string> | default = ""]

# Deprecated: Use 'ruler_remote_write_config' instead. Timeout for requests to
# the remote write endpoint.
[ruler_remote_write_timeout: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Custom HTTP headers to be
# sent along with each remote write request. Be aware that headers that are set
# by Loki itself can't be overwritten.
[ruler_remote_write_headers: <headers>]

# Deprecated: Use 'ruler_remote_write_config' instead. List of remote write
# relabel configurations.
[ruler_remote_write_relabel_configs: <relabel_config...>]

# Deprecated: Use 'ruler_remote_write_config' instead. Number of samples to
# buffer per shard before we block reading of more samples from the WAL. It is
# recommended to have enough capacity in each shard to buffer several requests
# to keep throughput up while processing occasional slow remote requests.
[ruler_remote_write_queue_capacity: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Minimum number of shards,
# i.e. amount of concurrency.
[ruler_remote_write_queue_min_shards: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of shards,
# i.e. amount of concurrency.
[ruler_remote_write_queue_max_shards: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of samples
# per send.
[ruler_remote_write_queue_max_samples_per_send: <int>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum time a sample
# will wait in buffer.
[ruler_remote_write_queue_batch_send_deadline: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Initial retry delay. Gets
# doubled for every retry.
[ruler_remote_write_queue_min_backoff: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Maximum retry delay.
[ruler_remote_write_queue_max_backoff: <duration>]

# Deprecated: Use 'ruler_remote_write_config' instead. Retry upon receiving a
# 429 status code from the remote-write storage. This is experimental and might
# change in the future.
[ruler_remote_write_queue_retry_on_ratelimit: <boolean>]

# Deprecated: Use 'ruler_remote_write_config' instead. Configures AWS's
# Signature Verification 4 signing process to sign every remote write request.
ruler_remote_write_sigv4_config:
  [region: <string> | default = ""]

  [access_key: <string> | default = ""]

  [secret_key: <string> | default = ""]

  [profile: <string> | default = ""]

  [role_arn: <string> | default = ""]

# Configures global and per-tenant limits for remote write clients. A map with
# remote client id as key.
[ruler_remote_write_config: <map of string to RemoteWriteConfig>]

# Timeout for a remote rule evaluation. Defaults to the value of
# 'querier.query-timeout'.
[ruler_remote_evaluation_timeout: <duration>]

# Maximum size (in bytes) of the allowable response size from a remote rule
# evaluation. Set to 0 to allow any response size (default).
[ruler_remote_evaluation_max_response_size: <int>]

# Deletion mode. Can be one of 'disabled', 'filter-only', or
# 'filter-and-delete'. When set to 'filter-only' or 'filter-and-delete', and if
# retention_enabled is true, then the log entry deletion API endpoints are
# available.
# CLI flag: -compactor.deletion-mode
[deletion_mode: <string> | default = "filter-and-delete"]

# Retention period to apply to stored data, only applies if retention_enabled is
# true in the compactor config. As of version 2.8.0, a zero value of 0 or 0s
# disables retention. In previous releases, Loki did not properly honor a zero
# value to disable retention and a really large value should be used instead.
# CLI flag: -store.retention
[retention_period: <duration> | default = 0s]

# Per-stream retention to apply, if the retention is enabled on the compactor
# side.
# Example:
#  retention_stream:
#  - selector: '{namespace="dev"}'
#  priority: 1
#  period: 24h
# - selector: '{container="nginx"}'
#  priority: 1
#  period: 744h
# Selector is a Prometheus labels matchers that will apply the 'period'
# retention only if the stream is matching. In case multiple streams are
# matching, the highest priority will be picked. If no rule is matched the
# 'retention_period' is used.
[retention_stream: <list of StreamRetentions>]

# Feature renamed to 'runtime configuration', flag deprecated in favor of
# -runtime-config.file (runtime_config.file in YAML).
# CLI flag: -limits.per-user-override-config
[per_tenant_override_config: <string> | default = ""]

# Feature renamed to 'runtime configuration'; flag deprecated in favor of
# -runtime-config.reload-period (runtime_config.period in YAML).
# CLI flag: -limits.per-user-override-period
[per_tenant_override_period: <duration> | default = 10s]

# Deprecated: Use deletion_mode per tenant configuration instead.
[allow_deletes: <boolean>]

# Define streams sharding behavior.
shard_streams:
  # Automatically shard streams to keep them under the per-stream rate limit.
  # Sharding is dictated by the desired rate.
  # CLI flag: -shard-streams.enabled
  [enabled: <boolean> | default = true]

  # Automatically shard streams by adding a __time_shard__ label, with values
  # calculated from the log timestamps divided by MaxChunkAge/2. This allows the
  # out-of-order ingestion of very old logs. If both flags are enabled,
  # time-based sharding will happen before rate-based sharding.
  # CLI flag: -shard-streams.time-sharding-enabled
  [time_sharding_enabled: <boolean> | default = false]

  # Logs with timestamps that are newer than this value will not be
  # time-sharded.
  # CLI flag: -shard-streams.time-sharding-ignore-recent
  [time_sharding_ignore_recent: <duration> | default = 40m]

  # Whether to log sharding streams behavior or not. Not recommended for
  # production environments.
  # CLI flag: -shard-streams.logging-enabled
  [logging_enabled: <boolean> | default = false]

  # Threshold used to cut a new shard. Default (1536KB) means if a rate is above
  # 1536KB/s, it will be sharded into two streams.
  # CLI flag: -shard-streams.desired-rate
  [desired_rate: <int> | default = 1536KB]

[blocked_queries: <blocked_query...>]

# Define a list of required selector labels.
[required_labels: <list of strings>]

# Minimum number of label matchers a query should contain.
[minimum_labels_number: <int>]

# The shard size defines how many index gateways should be used by a tenant for
# querying. If the global shard factor is 0, the global shard factor is set to
# the deprecated -replication-factor for backwards compatibility reasons.
# CLI flag: -index-gateway.shard-size
[index_gateway_shard_size: <int> | default = 0]

# Experimental. Defines a fraction (between 0.0 and 1.0) of the total index
# gateways available for a each tenant. A value of 0.0 has the same effect as
# 1.0, meaning all available index gateways. This setting only applies to simple
# mode.
# CLI flag: -index-gateway.max-capacity
[index_gateway_max_capacity: <float> | default = 1]

# Experimental. Whether to use the bloom gateway component in the read path to
# filter chunks.
# CLI flag: -bloom-gateway.enable-filtering
[bloom_gateway_enable_filtering: <boolean> | default = false]

# Experimental. Maximum number of builders to use when building blooms. 0 allows
# unlimited builders.
# CLI flag: -bloom-build.max-builders
[bloom_build_max_builders: <int> | default = 0]

# Experimental. Maximum number of retries for a failed task. If a task fails
# more than this number of times, it is considered failed and will not be
# retried. A value of 0 disables this limit.
# CLI flag: -bloom-build.task-max-retries
[bloom_build_task_max_retries: <int> | default = 3]

# Experimental. Timeout for a builder to finish a task. If a builder does not
# respond within this time, it is considered failed and the task will be
# requeued. 0 disables the timeout.
# CLI flag: -bloom-build.builder-response-timeout
[bloom_build_builder_response_timeout: <duration> | default = 0s]

# Experimental. Whether to create blooms for the tenant.
# CLI flag: -bloom-build.enable
[bloom_creation_enabled: <boolean> | default = false]

# Experimental. Bloom planning strategy to use in bloom creation. Can be one of:
# 'split_keyspace_by_factor', 'split_by_series_chunks_size'
# CLI flag: -bloom-build.planning-strategy
[bloom_planning_strategy: <string> | default = "split_keyspace_by_factor"]

# Experimental. Only if `bloom-build.planning-strategy` is 'split'. Number of
# splits to create for the series keyspace when building blooms. The series
# keyspace is split into this many parts to parallelize bloom creation.
# CLI flag: -bloom-build.split-keyspace-by
[bloom_split_series_keyspace_by: <int> | default = 256]

# Experimental. Target chunk size in bytes for bloom tasks. Default is 20GB.
# CLI flag: -bloom-build.split-target-series-chunk-size
[bloom_task_target_series_chunk_size: <int> | default = 20GB]

# Experimental. Compression algorithm for bloom block pages.
# CLI flag: -bloom-build.block-encoding
[bloom_block_encoding: <string> | default = "none"]

# Experimental. Prefetch blocks on bloom gateways as soon as they are built.
# CLI flag: -bloom-build.prefetch-blocks
[bloom_prefetch_blocks: <boolean> | default = false]

# Experimental. The maximum bloom block size. A value of 0 sets an unlimited
# size. Default is 200MB. The actual block size might exceed this limit since
# blooms will be added to blocks until the block exceeds the maximum block size.
# CLI flag: -bloom-build.max-block-size
[bloom_max_block_size: <int> | default = 200MB]

# Experimental. The maximum bloom size per log stream. A log stream whose
# generated bloom filter exceeds this size will be discarded. A value of 0 sets
# an unlimited size. Default is 128MB.
# CLI flag: -bloom-build.max-bloom-size
[bloom_max_bloom_size: <int> | default = 128MB]

# Allow user to send structured metadata in push payload.
# CLI flag: -validation.allow-structured-metadata
[allow_structured_metadata: <boolean> | default = true]

# Maximum size accepted for structured metadata per log line.
# CLI flag: -limits.max-structured-metadata-size
[max_structured_metadata_size: <int> | default = 64KB]

# Maximum number of structured metadata entries per log line.
# CLI flag: -limits.max-structured-metadata-entries-count
[max_structured_metadata_entries_count: <int> | default = 128]

# OTLP log ingestion configurations
otlp_config:
  # Configuration for resource attributes to store them as index labels or
  # Structured Metadata or drop them altogether
  resource_attributes:
    # Configure whether to ignore the default list of resource attributes set in
    # 'distributor.otlp.default_resource_attributes_as_index_labels' to be
    # stored as index labels and only use the given resource attributes config
    [ignore_defaults: <boolean> | default = false]

    [attributes_config: <list of attributes_configs>]

  # Configuration for scope attributes to store them as Structured Metadata or
  # drop them altogether
  [scope_attributes: <list of attributes_configs>]

  # Configuration for log attributes to store them as index labels or Structured
  # Metadata or drop them altogether
  [log_attributes: <list of attributes_configs>]

  # When true, the severity_text field from log records will be stored as an
  # index label. It is recommended not to use this option unless absolutely
  # necessary
  [severity_text_as_label: <boolean> | default = false]

# Block ingestion for policy until the configured date. The policy '*' is the
# global policy, which is applied to all streams not matching a policy and can
# be overridden by other policies. The time should be in RFC3339 format. The
# policy is based on the policy_stream_mapping configuration.
[block_ingestion_policy_until: <map of string to Time>]

# Block ingestion until the configured date. The time should be in RFC3339
# format.
# CLI flag: -limits.block-ingestion-until
[block_ingestion_until: <time> | default = 0]

# HTTP status code to return when ingestion is blocked. If 200, the ingestion
# will be blocked without returning an error to the client. By Default, a custom
# status code (260) is returned to the client along with an error message.
# CLI flag: -limits.block-ingestion-status-code
[block_ingestion_status_code: <int> | default = 260]

# List of labels that must be present in the stream. If any of the labels are
# missing, the stream will be discarded. This flag configures it globally for
# all tenants. Experimental.
# CLI flag: -validation.enforced-labels
[enforced_labels: <list of strings> | default = []]

# Map of policies to enforced labels. The policy '*' is the global policy, which
# is applied to all streams and can be extended by other policies. Example:
#  policy_enforced_labels: 
#   policy1: 
#     - label1 
#     - label2 
#   policy2: 
#     - label3 
#     - label4
#   '*':
#     - label5
[policy_enforced_labels: <map of string to list of strings>]

# Map of policies to stream selectors with a priority. Experimental.  Example:
#  policy_stream_mapping: 
#   finance: 
#     - selector: '{namespace="prod", container="billing"}' 
#       priority: 2 
#   ops: 
#     - selector: '{namespace="prod", container="ops"}' 
#       priority: 1 
#   staging: 
#     - selector: '{namespace="staging"}' 
#       priority: 1
[policy_stream_mapping: <map of string to list of PriorityStreams>]

# The number of partitions a tenant's data should be sharded to when using kafka
# ingestion. Tenants are sharded across partitions using shuffle-sharding. 0
# disables shuffle sharding and tenant is sharded across all partitions.
# CLI flag: -limits.ingestion-partition-tenant-shard-size
[ingestion_partitions_tenant_shard_size: <int> | default = 0]

# List of LogQL vector and range aggregations that should be sharded.
[shard_aggregations: <list of strings>]

# Default list of JSON fields to tokenize for pattern detection. It is recommend
# to append to or delete from the defaults rather than replacing them.
# CLI flag: -limits.pattern-ingester-tokenizable-json-fields
[pattern_ingester_tokenizable_json_fields_default: <string> | default = "log,message,msg,msg_,_msg,content"]

# List of additional JSON fields to tokenize for pattern detection.
# CLI flag: -limits.pattern-ingester-tokenizable-json-fields-append
[pattern_ingester_tokenizable_json_fields_append: <string> | default = ""]

# List of JSON fields to excluded from the defaults to tokenize for pattern
# detection.
# CLI flag: -limits.pattern-ingester-tokenizable-json-fields-delete
[pattern_ingester_tokenizable_json_fields_delete: <string> | default = ""]

# Enable metric aggregation. When enabled, pushed streams will be sampled for
# bytes and line counts. These metrics will be written back into Loki as a
# special __aggregated_metric__ stream.
# CLI flag: -limits.aggregation-enabled
[metric_aggregation_enabled: <boolean> | default = false]

# Enable persistence of patterns detected at ingest. When enabled, patterns for
# pushed streams will be written back into Loki as a special __pattern__ stream.
# CLI flag: -limits.pattern-persistence-enabled
[pattern_persistence_enabled: <boolean> | default = false]

# The time granularity for persisting patterns. Controls how many data points
# are written when patterns are flushed. Set to 0 to use the default from the
# pattern ingester configuration.
# CLI flag: -limits.pattern-persistence-granularity
[pattern_persistence_granularity: <duration> | default = 0s]

# Minimum pattern rate (samples per second) required for a pattern to be
# persisted. Patterns with lower rates will be filtered out during persistence.
# CLI flag: -limits.pattern-rate-threshold
[pattern_rate_threshold: <float> | default = 1]

# S3 server-side encryption type. Required to enable server-side encryption
# overrides for a specific tenant. If not set, the default S3 client settings
# are used.
[s3_sse_type: <string> | default = ""]

# S3 server-side encryption KMS Key ID. Ignored if the SSE type override is not
# set.
[s3_sse_kms_key_id: <string> | default = ""]

# S3 server-side encryption KMS encryption context. If unset and the key ID
# override is set, the encryption context will not be provided to S3. Ignored if
# the SSE type override is not set.
[s3_sse_kms_encryption_context: <string> | default = ""]

# Experimental: Controls the amount of scan tasks that can be running in
# parallel in the new query engine. The default of 0 means unlimited parallelism
# and all tasks will be scheduled at once.
# CLI flag: -limits.max-scan-task-parallelism
[max_scan_task_parallelism: <int> | default = 0]

# Experimental: Toggles verbose debug logging of tasks in the new query engine.
# CLI flag: -limits.debug-engine-tasks
[debug_engine_tasks: <boolean> | default = false]

# Experimental: Toggles verbose debug logging of data streams in the new query
# engine.
# CLI flag: -limits.debug-engine-streams
[debug_engine_streams: <boolean> | default = false]

local_storage_config

The local_storage_config block configures the usage of local file system as object storage backend.

# Directory to store chunks in.
# CLI flag: -local.chunk-directory
[directory: <string> | default = ""]

memberlist

Configuration for memberlist client. Only applies if the selected kvstore is memberlist.

When a memberlist config with atleast 1 join_members is defined, kvstore of type memberlist is automatically selected for all the components that require a ring unless otherwise specified in the component’s configuration section.

# Name of the node in memberlist cluster. Defaults to hostname.
# CLI flag: -memberlist.nodename
[node_name: <string> | default = ""]

# Add random suffix to the node name.
# CLI flag: -memberlist.randomize-node-name
[randomize_node_name: <boolean> | default = true]

# The timeout for establishing a connection with a remote node, and for
# read/write operations.
# CLI flag: -memberlist.stream-timeout
[stream_timeout: <duration> | default = 2s]

# Multiplication factor used when sending out messages (factor * log(N+1)).
# CLI flag: -memberlist.retransmit-factor
[retransmit_factor: <int> | default = 4]

# How often to use pull/push sync.
# CLI flag: -memberlist.pullpush-interval
[pull_push_interval: <duration> | default = 30s]

# How often to gossip.
# CLI flag: -memberlist.gossip-interval
[gossip_interval: <duration> | default = 200ms]

# How many nodes to gossip to.
# CLI flag: -memberlist.gossip-nodes
[gossip_nodes: <int> | default = 3]

# How long to keep gossiping to dead nodes, to give them chance to refute their
# death.
# CLI flag: -memberlist.gossip-to-dead-nodes-time
[gossip_to_dead_nodes_time: <duration> | default = 30s]

# How soon can dead node's name be reclaimed with new address. 0 to disable.
# CLI flag: -memberlist.dead-node-reclaim-time
[dead_node_reclaim_time: <duration> | default = 0s]

# Enable message compression. This can be used to reduce bandwidth usage at the
# cost of slightly more CPU utilization.
# CLI flag: -memberlist.compression-enabled
[compression_enabled: <boolean> | default = true]

# How frequently to notify watchers when a key changes. Can reduce CPU activity
# in large memberlist deployments. 0 to notify without delay.
# CLI flag: -memberlist.notify-interval
[notify_interval: <duration> | default = 0s]

# Gossip address to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-addr
[advertise_addr: <string> | default = ""]

# Gossip port to advertise to other members in the cluster. Used for NAT
# traversal.
# CLI flag: -memberlist.advertise-port
[advertise_port: <int> | default = 7946]

# The cluster label is an optional string to include in outbound packets and
# gossip streams. Other members in the memberlist cluster will discard any
# message whose label doesn't match the configured one, unless the
# 'cluster-label-verification-disabled' configuration option is set to true.
# CLI flag: -memberlist.cluster-label
[cluster_label: <string> | default = ""]

# When true, memberlist doesn't verify that inbound packets and gossip streams
# have the cluster label matching the configured one. This verification should
# be disabled while rolling out the change to the configured cluster label in a
# live memberlist cluster.
# CLI flag: -memberlist.cluster-label-verification-disabled
[cluster_label_verification_disabled: <boolean> | default = false]

# Other cluster members to join. Can be specified multiple times or as a
# comma-separated list. It can be an IP, hostname or an entry specified in the
# DNS Service Discovery format.
# CLI flag: -memberlist.join
[join_members: <list of strings>]

# Min backoff duration to join other cluster members.
# CLI flag: -memberlist.min-join-backoff
[min_join_backoff: <duration> | default = 1s]

# Max backoff duration to join other cluster members.
# CLI flag: -memberlist.max-join-backoff
[max_join_backoff: <duration> | default = 1m]

# Max number of retries to join other cluster members.
# CLI flag: -memberlist.max-join-retries
[max_join_retries: <int> | default = 10]

# Abort if this node fails the fast memberlist cluster joining procedure at
# startup. When enabled, it's guaranteed that other services, depending on
# memberlist, have an updated view over the cluster state when they're started.
# CLI flag: -memberlist.abort-if-fast-join-fails
[abort_if_cluster_fast_join_fails: <boolean> | default = false]

# Minimum number of seed nodes that must be successfully joined during fast-join
# for it to succeed. Only applies when -memberlist.abort-if-fast-join-fails is
# enabled.
# CLI flag: -memberlist.abort-if-fast-join-fails-min-nodes
[abort_if_cluster_fast_join_fails_min_nodes: <int> | default = 1]

# Abort if this node fails to join memberlist cluster at startup. When enabled,
# it's not guaranteed that other services are started only after the cluster
# state has been successfully updated; use 'abort-if-fast-join-fails' instead.
# CLI flag: -memberlist.abort-if-join-fails
[abort_if_cluster_join_fails: <boolean> | default = false]

# If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix
# the cluster split issue, and is harmless otherwise. For example when using
# only few components as a seed nodes (via -memberlist.join), then it's
# recommended to use rejoin. If -memberlist.join points to dynamic service that
# resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin
# is not needed.
# CLI flag: -memberlist.rejoin-interval
[rejoin_interval: <duration> | default = 0s]

# Seed nodes to use for periodic rejoin. Takes precedence over -memberlist.join
# for rejoining. If not specified, -memberlist.join is used. Can be specified
# multiple times or as a comma-separated list. Supports IP, hostname, or DNS
# Service Discovery format.
# CLI flag: -memberlist.rejoin-seed-nodes
[rejoin_seed_nodes: <list of strings>]

# How long to keep LEFT ingesters in the ring.
# CLI flag: -memberlist.left-ingesters-timeout
[left_ingesters_timeout: <duration> | default = 5m]

# How long to keep obsolete entries in the KV store.
# CLI flag: -memberlist.obsolete-entries-timeout
[obsolete_entries_timeout: <duration> | default = 30s]

# Timeout for leaving memberlist cluster.
# CLI flag: -memberlist.leave-timeout
[leave_timeout: <duration> | default = 20s]

# Timeout for broadcasting all remaining locally-generated updates to other
# nodes when shutting down. Only used if there are nodes left in the memberlist
# cluster, and only applies to locally-generated updates, not to broadcast
# messages that are result of incoming gossip updates. 0 = no timeout, wait
# until all locally-generated updates are sent.
# CLI flag: -memberlist.broadcast-timeout-for-local-updates-on-shutdown
[broadcast_timeout_for_local_updates_on_shutdown: <duration> | default = 10s]

# How much space to use for keeping received and sent messages in memory for
# troubleshooting (two buffers). 0 to disable.
# CLI flag: -memberlist.message-history-buffer-bytes
[message_history_buffer_bytes: <int> | default = 0]

# Size of the buffered channel for the WatchPrefix function.
# CLI flag: -memberlist.watch-prefix-buffer-size
[watch_prefix_buffer_size: <int> | default = 128]

# IP address to listen on for gossip messages. Multiple addresses may be
# specified. Defaults to 0.0.0.0
# CLI flag: -memberlist.bind-addr
[bind_addr: <list of strings> | default = []]

# Port to listen on for gossip messages.
# CLI flag: -memberlist.bind-port
[bind_port: <int> | default = 7946]

# Timeout used when connecting to other nodes to send packet.
# CLI flag: -memberlist.packet-dial-timeout
[packet_dial_timeout: <duration> | default = 2s]

# Timeout for writing 'packet' data.
# CLI flag: -memberlist.packet-write-timeout
[packet_write_timeout: <duration> | default = 5s]

# Maximum number of concurrent writes to other nodes.
# CLI flag: -memberlist.max-concurrent-writes
[max_concurrent_writes: <int> | default = 3]

# Timeout for acquiring one of the concurrent write slots. After this time, the
# message will be dropped.
# CLI flag: -memberlist.acquire-writer-timeout
[acquire_writer_timeout: <duration> | default = 250ms]

# Enable TLS on the memberlist transport layer.
# CLI flag: -memberlist.tls-enabled
[tls_enabled: <boolean> | default = false]

# The TLS configuration.
# The CLI flags prefix for this block configuration is: memberlist
[<tls_config>]

zone_aware_routing:
  # Enable zone-aware routing for memberlist gossip.
  # CLI flag: -memberlist.zone-aware-routing.enabled
  [enabled: <boolean> | default = false]

  # Availability zone where this node is running.
  # CLI flag: -memberlist.zone-aware-routing.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Role of this node in the cluster. Valid values: member, bridge.
  # CLI flag: -memberlist.zone-aware-routing.role
  [role: <string> | default = "member"]

named_stores_config

Configures additional object stores for a given storage provider. Supported stores: aws, azure, bos, filesystem, gcs, swift. Example:

    storage_config:
      named_stores:
        aws:
          store-1:
            endpoint: s3://foo-bucket
            region: us-west1

Named store from this example can be used by setting object_store to store-1 in period_config.

[aws: <map of string to aws_storage_config>]

[azure: <map of string to azure_storage_config>]

[bos: <map of string to bos_storage_config>]

[filesystem: <map of string to local_storage_config>]

[gcs: <map of string to gcs_storage_config>]

[alibabacloud: <map of string to alibabacloud_storage_config>]

[swift: <map of string to swift_storage_config>]

[cos: <map of string to cos_storage_config>]

operational_config

These are values which allow you to control aspects of Loki’s operation, most commonly used for controlling types of higher verbosity logging, the values here can be overridden in the configs section of the runtime_config file.

# Log every new stream created by a push request (very verbose, recommend to
# enable via runtime config only).
# CLI flag: -operation-config.log-stream-creation
[log_stream_creation: <boolean> | default = false]

# Log every push request (very verbose, recommend to enable via runtime config
# only).
# CLI flag: -operation-config.log-push-request
[log_push_request: <boolean> | default = false]

# Log a commutative hash of the labels for all streams in a push request. In
# some cases this can potentially be used as an identifier of the agent sending
# the stream. Calculating hashes is epensive so only enable as needed.
# CLI flag: -operation-config.log-hash-of-labels
[log_hash_of_labels: <boolean> | default = false]

# Log every stream in a push request (very verbose, recommend to enable via
# runtime config only).
# CLI flag: -operation-config.log-push-request-streams
[log_push_request_streams: <boolean> | default = false]

# Only show streams that match a provided IP address, LogPushRequestStreams must
# be enabled. Can be used multiple times to filter by multiple IPs.
# CLI flag: -operation-config.filter-push-request-streams-ips
[filter_push_request_streams_ips: <list of strings> | default = []]

# Log service name discovery (very verbose, recommend to enable via runtime
# config only).
# CLI flag: -operation-config.log-service-name-discovery
[log_service_name_discovery: <boolean> | default = false]

# Log metrics for duplicate lines received.
# CLI flag: -operation-config.log-duplicate-metrics
[log_duplicate_metrics: <boolean> | default = false]

# Log stream info for duplicate lines received
# CLI flag: -operation-config.log-duplicate-stream-info
[log_duplicate_stream_info: <boolean> | default = false]

# Log push errors with a rate limited logger, will show client push errors
# without overly spamming logs.
# CLI flag: -operation-config.limited-log-push-errors
[limited_log_push_errors: <boolean> | default = true]

period_config

The period_config block configures what index schemas should be used for from specific time periods.

# The date of the first day that index buckets should be created. Use a date in
# the past if this is your only period_config, otherwise use a date when you
# want the schema to switch over. In YYYY-MM-DD format, for example: 2018-04-15.
[from: <daytime>]

# store and object_store below affect which <storage_config> key is used. Which
# index to use. Either tsdb or boltdb-shipper. Following stores are deprecated:
# aws, aws-dynamo, gcp, gcp-columnkey, bigtable, bigtable-hashed, cassandra,
# grpc.
[store: <string> | default = ""]

# Which store to use for the chunks. Either aws (alias s3), azure, gcs,
# alibabacloud, bos, cos, swift, filesystem, or a named_store (refer to
# named_stores_config). Following stores are deprecated: aws-dynamo, gcp,
# gcp-columnkey, bigtable, bigtable-hashed, cassandra, grpc.
[object_store: <string> | default = ""]

# The schema version to use, current recommended schema is v13.
[schema: <string> | default = ""]

# Configures how the index is updated and stored.
index:
  # Path prefix for index tables. Prefix always needs to end with a path
  # delimiter '/', except when the prefix is empty.
  [path_prefix: <string> | default = "index/"]

  # Table prefix for all period tables.
  [prefix: <string> | default = ""]

  # Table period.
  [period: <duration>]

  # A map to be added to all managed tables.
  [tags: <map of string to string>]

# Configured how the chunks are updated and stored.
chunks:
  # Table prefix for all period tables.
  [prefix: <string> | default = ""]

  # Table period.
  [period: <duration>]

  # A map to be added to all managed tables.
  [tags: <map of string to string>]

# How many shards will be created. Only used if schema is v10 or greater.
[row_shards: <int> | default = 16]

profiling

Configuration for profiling options.

# Sets the value for runtime.SetBlockProfilingRate
# CLI flag: -profiling.block-profile-rate
[block_profile_rate: <int> | default = 0]

# Sets the value for runtime.SetCPUProfileRate
# CLI flag: -profiling.cpu-profile-rate
[cpu_profile_rate: <int> | default = 0]

# Sets the value for runtime.SetMutexProfileFraction
# CLI flag: -profiling.mutex-profile-fraction
[mutex_profile_fraction: <int> | default = 0]

querier

Configures the querier. Only appropriate when running all modules or just the querier.

# Maximum duration for which the live tailing requests are served.
# CLI flag: -querier.tail-max-duration
[tail_max_duration: <duration> | default = 1h]

# Time to wait before sending more than the minimum successful query requests.
# CLI flag: -querier.extra-query-delay
[extra_query_delay: <duration> | default = 0s]

# Maximum lookback beyond which queries are not sent to ingester. 0 means all
# queries are sent to ingester.
# CLI flag: -querier.query-ingesters-within
[query_ingesters_within: <duration> | default = 3h]

engine:
  # The maximum amount of time to look back for log lines. Used only for instant
  # log queries.
  # CLI flag: -querier.engine.max-lookback-period
  [max_look_back_period: <duration> | default = 30s]

  # The maximum number of labels the heap of a topk query using a count min
  # sketch can track.
  # CLI flag: -querier.engine.max-count-min-sketch-heap-size
  [max_count_min_sketch_heap_size: <int> | default = 10000]

# The maximum number of queries that can be simultaneously processed by the
# querier.
# CLI flag: -querier.max-concurrent
[max_concurrent: <int> | default = 4]

# Only query the store, and not attempt any ingesters. This is useful for
# running a standalone querier pool operating only against stored data.
# CLI flag: -querier.query-store-only
[query_store_only: <boolean> | default = false]

# When true, queriers only query the ingesters, and not stored data. This is
# useful when the object store is unavailable.
# CLI flag: -querier.query-ingester-only
[query_ingester_only: <boolean> | default = false]

# When true, allow queries to span multiple tenants.
# CLI flag: -querier.multi-tenant-queries-enabled
[multi_tenant_queries_enabled: <boolean> | default = false]

# When true, querier limits sent via a header are enforced.
# CLI flag: -querier.per-request-limits-enabled
[per_request_limits_enabled: <boolean> | default = false]

# When true, querier directs ingester queries to the partition-ingesters instead
# of the normal ingesters.
# CLI flag: -querier.query-partition-ingesters
[query_partition_ingesters: <boolean> | default = false]

query_range

The query_range block configures the query splitting and caching in the Loki query-frontend.

# Mutate incoming queries to align their start and end with their step.
# CLI flag: -querier.align-querier-with-step
[align_queries_with_step: <boolean> | default = false]

results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is: frontend
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.compression
  [compression: <string> | default = ""]

# Cache query results.
# CLI flag: -querier.cache-results
[cache_results: <boolean> | default = false]

# Maximum number of retries for a single request; beyond this, the downstream
# error is returned.
# CLI flag: -querier.max-retries-per-request
[max_retries: <int> | default = 5]

# Perform query parallelisations based on storage sharding configuration and
# query ASTs. This feature is supported only by the chunks storage engine.
# CLI flag: -querier.parallelise-shardable-queries
[parallelise_shardable_queries: <boolean> | default = true]

# A comma-separated list of LogQL vector and range aggregations that should be
# sharded. Possible values 'quantile_over_time', 'last_over_time',
# 'first_over_time'.
# CLI flag: -querier.shard-aggregations
[shard_aggregations: <string> | default = ""]

# Cache index stats query results.
# CLI flag: -querier.cache-index-stats-results
[cache_index_stats_results: <boolean> | default = true]

# If a cache config is not specified and cache_index_stats_results is true, the
# config for the results cache is used.
index_stats_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.index-stats-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.index-stats-results-cache.compression
  [compression: <string> | default = ""]

# Cache volume query results.
# CLI flag: -querier.cache-volume-results
[cache_volume_results: <boolean> | default = true]

# If a cache config is not specified and cache_volume_results is true, the
# config for the results cache is used.
volume_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.volume-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.volume-results-cache.compression
  [compression: <string> | default = ""]

# Cache instant metric query results.
# CLI flag: -querier.cache-instant-metric-results
[cache_instant_metric_results: <boolean> | default = false]

# If a cache config is not specified and cache_instant_metric_results is true,
# the config for the results cache is used.
instant_metric_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.instant-metric-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.instant-metric-results-cache.compression
  [compression: <string> | default = ""]

# Whether to align the splits of instant metric query with splitByInterval and
# query's exec time. Useful when instant_metric_cache is enabled
# CLI flag: -querier.instant-metric-query-split-align
[instant_metric_query_split_align: <boolean> | default = false]

# Cache series query results.
# CLI flag: -querier.cache-series-results
[cache_series_results: <boolean> | default = true]

# If series_results_cache is not configured and cache_series_results is true,
# the config for the results cache is used.
series_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.series-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.series-results-cache.compression
  [compression: <string> | default = ""]

# Cache label query results.
# CLI flag: -querier.cache-label-results
[cache_label_results: <boolean> | default = true]

# If label_results_cache is not configured and cache_label_results is true, the
# config for the results cache is used.
label_results_cache:
  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is:
  # frontend.label-results-cache
  [cache: <cache_config>]

  # Use compression in cache. The default is an empty value '', which disables
  # compression. Supported values are: 'snappy' and ''.
  # CLI flag: -frontend.label-results-cache.compression
  [compression: <string> | default = ""]

query_scheduler

The query_scheduler block configures the Loki query scheduler. When configured it separates the tenant query queues from the query-frontend.

# Maximum number of outstanding requests per tenant per query-scheduler.
# In-flight requests above this limit will fail with HTTP response status code
# 429.
# CLI flag: -query-scheduler.max-outstanding-requests-per-tenant
[max_outstanding_requests_per_tenant: <int> | default = 32000]

# Maximum number of levels of nesting of hierarchical queues. 0 means that
# hierarchical queues are disabled.
# CLI flag: -query-scheduler.max-queue-hierarchy-levels
[max_queue_hierarchy_levels: <int> | default = 3]

# If a querier disconnects without sending notification about graceful shutdown,
# the query-scheduler will keep the querier in the tenant's shard until the
# forget delay has passed. This feature is useful to reduce the blast radius
# when shuffle-sharding is enabled.
# CLI flag: -query-scheduler.querier-forget-delay
[querier_forget_delay: <duration> | default = 0s]

# This configures the gRPC client used to report errors back to the
# query-frontend.
# The CLI flags prefix for this block configuration is:
# query-scheduler.grpc-client-config
[grpc_client_config: <grpc_client>]

# Set to true to have the query schedulers create and place themselves in a
# ring. If no frontend_address or scheduler_address are present anywhere else in
# the configuration, Loki will toggle this value to true.
# CLI flag: -query-scheduler.use-scheduler-ring
[use_scheduler_ring: <boolean> | default = false]

# The hash ring configuration. This option is required only if
# use_scheduler_ring is true.
scheduler_ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -query-scheduler.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -query-scheduler.ring.prefix
    [prefix: <string> | default = "collectors/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: query-scheduler.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: query-scheduler.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -query-scheduler.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -query-scheduler.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to the secondary store.
      # CLI flag: -query-scheduler.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing a value to the secondary store.
      # CLI flag: -query-scheduler.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Period at which to heartbeat to the ring.
  # CLI flag: -query-scheduler.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 15s]

  # The heartbeat timeout after which compactors are considered unhealthy within
  # the ring. 0 = never (timeout disabled).
  # CLI flag: -query-scheduler.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # File path where tokens are stored. If empty, tokens are not stored at
  # shutdown and restored at startup.
  # CLI flag: -query-scheduler.ring.tokens-file-path
  [tokens_file_path: <string> | default = ""]

  # True to enable zone-awareness and replicate blocks across different
  # availability zones.
  # CLI flag: -query-scheduler.ring.zone-awareness-enabled
  [zone_awareness_enabled: <boolean> | default = false]

  # Instance ID to register in the ring.
  # CLI flag: -query-scheduler.ring.instance-id
  [instance_id: <string> | default = "<hostname>"]

  # Name of network interface to read address from.
  # CLI flag: -query-scheduler.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # Port to advertise in the ring (defaults to server.grpc-listen-port).
  # CLI flag: -query-scheduler.ring.instance-port
  [instance_port: <int> | default = 0]

  # IP address to advertise in the ring.
  # CLI flag: -query-scheduler.ring.instance-addr
  [instance_addr: <string> | default = ""]

  # The availability zone where this instance is running. Required if
  # zone-awareness is enabled.
  # CLI flag: -query-scheduler.ring.instance-availability-zone
  [instance_availability_zone: <string> | default = ""]

  # Enable using a IPv6 instance address.
  # CLI flag: -query-scheduler.ring.instance-enable-ipv6
  [instance_enable_ipv6: <boolean> | default = false]

ruler

The ruler block configures the Loki ruler.

# Base URL of the Grafana instance.
# CLI flag: -ruler.external.url
[external_url: <url>]

# Datasource UID for the dashboard.
# CLI flag: -ruler.datasource-uid
[datasource_uid: <string> | default = ""]

# Labels to add to all alerts.
external_labels:

# The grpc_client block configures the gRPC client used to communicate between a
# client and server component in Loki.
# The CLI flags prefix for this block configuration is: ruler.client
[ruler_client: <grpc_client>]

# How frequently to evaluate rules.
# CLI flag: -ruler.evaluation-interval
[evaluation_interval: <duration> | default = 1m]

# How frequently to poll for rule changes.
# CLI flag: -ruler.poll-interval
[poll_interval: <duration> | default = 1m]

# Deprecated: Use -ruler-storage. CLI flags and their respective YAML config
# options instead.
storage:
  # Method to use for backend rule storage (configdb, azure, gcs, s3, swift,
  # local, bos, cos)
  # CLI flag: -ruler.storage.type
  [type: <string> | default = ""]

  # Configures backend rule storage for Azure.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [azure: <azure_storage_config>]

  # Configures backend rule storage for AlibabaCloud Object Storage (OSS).
  # The CLI flags prefix for this block configuration is: ruler.storage
  [alibabacloud: <alibabacloud_storage_config>]

  # Configures backend rule storage for GCS.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [gcs: <gcs_storage_config>]

  # Configures backend rule storage for S3.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [s3: <s3_storage_config>]

  # Configures backend rule storage for Baidu Object Storage (BOS).
  # The CLI flags prefix for this block configuration is: ruler.storage
  [bos: <bos_storage_config>]

  # Configures backend rule storage for Swift.
  # The CLI flags prefix for this block configuration is: ruler.storage
  [swift: <swift_storage_config>]

  # Configures backend rule storage for IBM Cloud Object Storage (COS).
  # The CLI flags prefix for this block configuration is: ruler.storage
  [cos: <cos_storage_config>]

  # Configures backend rule storage for a local file system directory.
  local:
    # Directory to scan for rules
    # CLI flag: -ruler.storage.local.directory
    [directory: <string> | default = ""]

# File path to store temporary rule files.
# CLI flag: -ruler.rule-path
[rule_path: <string> | default = "/rules"]

# Comma-separated list of Alertmanager URLs to send notifications to. Each
# Alertmanager URL is treated as a separate group in the configuration. Multiple
# Alertmanagers in HA per group can be supported by using DNS resolution via
# '-ruler.alertmanager-discovery'.
# CLI flag: -ruler.alertmanager-url
[alertmanager_url: <string> | default = ""]

# Use DNS SRV records to discover Alertmanager hosts.
# CLI flag: -ruler.alertmanager-discovery
[enable_alertmanager_discovery: <boolean> | default = false]

# How long to wait between refreshing DNS resolutions of Alertmanager hosts.
# CLI flag: -ruler.alertmanager-refresh-interval
[alertmanager_refresh_interval: <duration> | default = 1m]

# Use Alertmanager APIv2. APIv1 was deprecated in Alertmanager 0.16.0 and is
# removed as of 0.27.0.
# CLI flag: -ruler.alertmanager-use-v2
[enable_alertmanager_v2: <boolean> | default = true]

# List of alert relabel configs.
[alert_relabel_configs: <relabel_config...>]

# Capacity of the queue for notifications to be sent to the Alertmanager.
# CLI flag: -ruler.notification-queue-capacity
[notification_queue_capacity: <int> | default = 10000]

# HTTP timeout duration when sending notifications to the Alertmanager.
# CLI flag: -ruler.notification-timeout
[notification_timeout: <duration> | default = 10s]

alertmanager_client:
  # The TLS configuration.
  # The CLI flags prefix for this block configuration is:
  # ruler.alertmanager-client
  [<tls_config>]

  # HTTP Basic authentication username. It overrides the username set in the URL
  # (if any).
  # CLI flag: -ruler.alertmanager-client.basic-auth-username
  [basic_auth_username: <string> | default = ""]

  # HTTP Basic authentication password. It overrides the password set in the URL
  # (if any).
  # CLI flag: -ruler.alertmanager-client.basic-auth-password
  [basic_auth_password: <string> | default = ""]

  # HTTP Header authorization type (default: Bearer).
  # CLI flag: -ruler.alertmanager-client.type
  [type: <string> | default = "Bearer"]

  # HTTP Header authorization credentials.
  # CLI flag: -ruler.alertmanager-client.credentials
  [credentials: <string> | default = ""]

  # HTTP Header authorization credentials file.
  # CLI flag: -ruler.alertmanager-client.credentials-file
  [credentials_file: <string> | default = ""]

# Max time to tolerate outage for restoring "for" state of alert.
# CLI flag: -ruler.for-outage-tolerance
[for_outage_tolerance: <duration> | default = 1h]

# Minimum duration between alert and restored "for" state. This is maintained
# only for alerts with configured "for" time greater than the grace period.
# CLI flag: -ruler.for-grace-period
[for_grace_period: <duration> | default = 10m]

# Minimum amount of time to wait before resending an alert to Alertmanager.
# CLI flag: -ruler.resend-delay
[resend_delay: <duration> | default = 1m]

# Distribute rule evaluation using ring backend.
# CLI flag: -ruler.enable-sharding
[enable_sharding: <boolean> | default = false]

# The sharding strategy to use. Supported values are: default, shuffle-sharding.
# CLI flag: -ruler.sharding-strategy
[sharding_strategy: <string> | default = "default"]

# The sharding algorithm to use for deciding how rules & groups are sharded.
# Supported values are: by-group, by-rule.
# CLI flag: -ruler.sharding-algo
[sharding_algo: <string> | default = "by-group"]

# Time to spend searching for a pending ruler when shutting down.
# CLI flag: -ruler.search-pending-for
[search_pending_for: <duration> | default = 5m]

# Ring used by Loki ruler. The CLI flags prefix for this block configuration is
# 'ruler.ring'.
ring:
  kvstore:
    # Backend storage to use for the ring. Supported values are: consul, etcd,
    # inmemory, memberlist, multi.
    # CLI flag: -ruler.ring.store
    [store: <string> | default = "consul"]

    # The prefix for the keys in the store. Should end with a /.
    # CLI flag: -ruler.ring.prefix
    [prefix: <string> | default = "rulers/"]

    # Configuration for a Consul client. Only applies if the selected kvstore is
    # consul.
    # The CLI flags prefix for this block configuration is: ruler.ring
    [consul: <consul>]

    # Configuration for an ETCD v3 client. Only applies if the selected kvstore
    # is etcd.
    # The CLI flags prefix for this block configuration is: ruler.ring
    [etcd: <etcd>]

    multi:
      # Primary backend storage used by multi-client.
      # CLI flag: -ruler.ring.multi.primary
      [primary: <string> | default = ""]

      # Secondary backend storage used by multi-client.
      # CLI flag: -ruler.ring.multi.secondary
      [secondary: <string> | default = ""]

      # Mirror writes to the secondary store.
      # CLI flag: -ruler.ring.multi.mirror-enabled
      [mirror_enabled: <boolean> | default = false]

      # Timeout for storing a value to the secondary store.
      # CLI flag: -ruler.ring.multi.mirror-timeout
      [mirror_timeout: <duration> | default = 2s]

  # Interval between heartbeats sent to the ring.
  # CLI flag: -ruler.ring.heartbeat-period
  [heartbeat_period: <duration> | default = 5s]

  # The heartbeat timeout after which ruler ring members are considered
  # unhealthy within the ring. 0 = never (timeout disabled).
  # CLI flag: -ruler.ring.heartbeat-timeout
  [heartbeat_timeout: <duration> | default = 1m]

  # Name of network interface to read addresses from.
  # CLI flag: -ruler.ring.instance-interface-names
  [instance_interface_names: <list of strings> | default = [<private network interfaces>]]

  # The number of tokens the lifecycler will generate and put into the ring if
  # it joined without transferring tokens from another lifecycler.
  # CLI flag: -ruler.ring.num-tokens
  [num_tokens: <int> | default = 128]

# Period with which to attempt to flush rule groups.
# CLI flag: -ruler.flush-period
[flush_period: <duration> | default = 1m]

# Enable the ruler API.
# CLI flag: -ruler.enable-api
[enable_api: <boolean> | default = true]

# Comma separated list of tenants whose rules this ruler can evaluate. If
# specified, only these tenants will be handled by ruler, otherwise this ruler
# can process rules from all tenants. Subject to sharding.
# CLI flag: -ruler.enabled-tenants
[enabled_tenants: <string> | default = ""]

# Comma separated list of tenants whose rules this ruler cannot evaluate. If
# specified, a ruler that would normally pick the specified tenant(s) for
# processing will ignore them instead. Subject to sharding.
# CLI flag: -ruler.disabled-tenants
[disabled_tenants: <string> | default = ""]

# Report the wall time for ruler queries to complete as a per user metric and as
# an info level log message.
# CLI flag: -ruler.query-stats-enabled
[query_stats_enabled: <boolean> | default = false]

# Disable the rule_group label on exported metrics.
# CLI flag: -ruler.disable-rule-group-label
[disable_rule_group_label: <boolean> | default = false]

wal:
  # The directory in which to write tenant WAL files. Each tenant will have its
  # own directory one level below this directory.
  # CLI flag: -ruler.wal.dir
  [dir: <string> | default = "ruler-wal"]

  # Frequency with which to run the WAL truncation process.
  # CLI flag: -ruler.wal.truncate-frequency
  [truncate_frequency: <duration> | default = 1h]

  # Minimum age that samples must exist in the WAL before being truncated.
  # CLI flag: -ruler.wal.min-age
  [min_age: <duration> | default = 5m]

  # Maximum age that samples must exist in the WAL before being truncated.
  # CLI flag: -ruler.wal.max-age
  [max_age: <duration> | default = 4h]

wal_cleaner:
  # The minimum age of a WAL to consider for cleaning.
  # CLI flag: -ruler.wal-cleaner.min-age
  [min_age: <duration> | default = 12h]

  # How often to run the WAL cleaner. 0 = disabled.
  # CLI flag: -ruler.wal-cleaner.period
  [period: <duration> | default = 0s]

# Remote-write configuration to send rule samples to a Prometheus remote-write
# endpoint.
remote_write:
  # Deprecated: Use 'clients' instead. Configure remote write client.
  [client: <RemoteWriteConfig>]

  # Configure remote write clients. A map with remote client id as key. For
  # details, see
  # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
  # Specifying a header with key 'X-Scope-OrgID' under the 'headers' section of
  # RemoteWriteConfig is not permitted. If specified, it will be dropped during
  # config parsing.
  [clients: <map of string to RemoteWriteConfig>]

  # Enable remote-write functionality.
  # CLI flag: -ruler.remote-write.enabled
  [enabled: <boolean> | default = false]

  # Minimum period to wait between refreshing remote-write reconfigurations.
  # This should be greater than or equivalent to
  # -limits.per-user-override-period.
  # CLI flag: -ruler.remote-write.config-refresh-period
  [config_refresh_period: <duration> | default = 10s]

  # Add an X-Scope-OrgID header in remote write requests with the tenant ID of a
  # Loki tenant that the recording rules are part of.
  # CLI flag: -ruler.remote-write.add-org-id-header
  [add_org_id_header: <boolean> | default = true]

# Configuration for rule evaluation.
evaluation:
  # The evaluation mode for the ruler. Can be either 'local' or 'remote'. If set
  # to 'local', the ruler will evaluate rules locally. If set to 'remote', the
  # ruler will evaluate rules remotely. If unset, the ruler will evaluate rules
  # locally.
  # CLI flag: -ruler.evaluation.mode
  [mode: <string> | default = "local"]

  # Upper bound of random duration to wait before rule evaluation to avoid
  # contention during concurrent execution of rules. Jitter is calculated
  # consistently for a given rule. Set 0 to disable (default).
  # CLI flag: -ruler.evaluation.max-jitter
  [max_jitter: <duration> | default = 0s]

  query_frontend:
    # GRPC listen address of the query-frontend(s). Must be a DNS address
    # (prefixed with dns:///) to enable client side load balancing.
    # CLI flag: -ruler.evaluation.query-frontend.address
    [address: <string> | default = ""]

    # Set to true if query-frontend connection requires TLS.
    # CLI flag: -ruler.evaluation.query-frontend.tls-enabled
    [tls_enabled: <boolean> | default = false]

    # The TLS configuration.
    # The CLI flags prefix for this block configuration is:
    # ruler.evaluation.query-frontend
    [<tls_config>]

runtime_config

Configuration for ‘runtime config’ module, responsible for reloading runtime configuration file.

# How often to check runtime config files.
# CLI flag: -runtime-config.reload-period
[period: <duration> | default = 10s]

# Comma separated list of yaml files with the configuration that can be updated
# at runtime. Runtime config files will be merged from left to right.
# CLI flag: -runtime-config.file
[file: <string> | default = ""]

s3_storage_config

The s3_storage_config block configures the connection to Amazon S3 object storage backend. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage
ruler.storage

# S3 endpoint URL with escaped Key and Secret encoded. If only region is
# specified as a host, proper endpoint will be deduced. Use
# inmemory:///<bucket-name> to use a mock in-memory implementation.
# CLI flag: -<prefix>.s3.url
[s3: <url>]

# Set this to `true` to force the request to use path-style addressing.
# CLI flag: -<prefix>.s3.force-path-style
[s3forcepathstyle: <boolean> | default = false]

# Comma separated list of bucket names to evenly distribute chunks over.
# Overrides any buckets specified in s3.url flag
# CLI flag: -<prefix>.s3.buckets
[bucketnames: <string> | default = ""]

# S3 Endpoint to connect to.
# CLI flag: -<prefix>.s3.endpoint
[endpoint: <string> | default = ""]

# AWS region to use.
# CLI flag: -<prefix>.s3.region
[region: <string> | default = ""]

# AWS Access Key ID
# CLI flag: -<prefix>.s3.access-key-id
[access_key_id: <string> | default = ""]

# AWS Secret Access Key
# CLI flag: -<prefix>.s3.secret-access-key
[secret_access_key: <string> | default = ""]

# AWS Session Token
# CLI flag: -<prefix>.s3.session-token
[session_token: <string> | default = ""]

# Disable https on s3 connection.
# CLI flag: -<prefix>.s3.insecure
[insecure: <boolean> | default = false]

# Delimiter used to replace the default delimiter ':' in chunk IDs when storing
# chunks. This is mainly intended when you run a MinIO instance on a Windows
# machine. You should not change this value inflight.
# CLI flag: -<prefix>.s3.chunk-delimiter
[chunk_delimiter: <string> | default = ""]

http_config:
  # Timeout specifies a time limit for requests made by s3 Client.
  # CLI flag: -<prefix>.s3.http.timeout
  [timeout: <duration> | default = 0s]

  # The maximum amount of time an idle connection will be held open.
  # CLI flag: -<prefix>.s3.http.idle-conn-timeout
  [idle_conn_timeout: <duration> | default = 1m30s]

  # If non-zero, specifies the amount of time to wait for a server's response
  # headers after fully writing the request.
  # CLI flag: -<prefix>.s3.http.response-header-timeout
  [response_header_timeout: <duration> | default = 0s]

  # Set to true to skip verifying the certificate chain and hostname.
  # CLI flag: -<prefix>.s3.http.insecure-skip-verify
  [insecure_skip_verify: <boolean> | default = false]

  # Path to the trusted CA file that signed the SSL certificate of the S3
  # endpoint.
  # CLI flag: -<prefix>.s3.http.ca-file
  [ca_file: <string> | default = ""]

# The signature version to use for authenticating against S3. Supported values
# are: v4.
# CLI flag: -<prefix>.s3.signature-version
[signature_version: <string> | default = "v4"]

# The S3 storage class which objects will use. Supported values are: GLACIER,
# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS,
# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA.
# CLI flag: -<prefix>.s3.storage-class
[storage_class: <string> | default = "STANDARD"]

sse:
  # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
  # CLI flag: -<prefix>.s3.sse.type
  [type: <string> | default = ""]

  # KMS Key ID used to encrypt objects in S3
  # CLI flag: -<prefix>.s3.sse.kms-key-id
  [kms_key_id: <string> | default = ""]

  # KMS Encryption Context used for object encryption. It expects JSON formatted
  # string.
  # CLI flag: -<prefix>.s3.sse.kms-encryption-context
  [kms_encryption_context: <string> | default = ""]

# Configures back off when S3 get Object.
backoff_config:
  # Minimum backoff time when s3 get Object
  # CLI flag: -<prefix>.s3.min-backoff
  [min_period: <duration> | default = 100ms]

  # Maximum backoff time when s3 get Object
  # CLI flag: -<prefix>.s3.max-backoff
  [max_period: <duration> | default = 3s]

  # Maximum number of times to retry for s3 GetObject or ObjectExists
  # CLI flag: -<prefix>.s3.max-retries
  [max_retries: <int> | default = 5]

# Disable forcing S3 dualstack endpoint usage.
# CLI flag: -<prefix>.s3.disable-dualstack
[disable_dualstack: <boolean> | default = false]

schema_config

Configures the chunk index schema and where it is stored.

[configs: <list of period_configs>]

server

Configures the server of the launched module(s).

# HTTP server listen network, default tcp
# CLI flag: -server.http-listen-network
[http_listen_network: <string> | default = "tcp"]

# HTTP server listen address.
# CLI flag: -server.http-listen-address
[http_listen_address: <string> | default = ""]

# HTTP server listen port.
# CLI flag: -server.http-listen-port
[http_listen_port: <int> | default = 3100]

# Maximum number of simultaneous http connections, <=0 to disable
# CLI flag: -server.http-conn-limit
[http_listen_conn_limit: <int> | default = 0]

# gRPC server listen network
# CLI flag: -server.grpc-listen-network
[grpc_listen_network: <string> | default = "tcp"]

# gRPC server listen address.
# CLI flag: -server.grpc-listen-address
[grpc_listen_address: <string> | default = ""]

# gRPC server listen port.
# CLI flag: -server.grpc-listen-port
[grpc_listen_port: <int> | default = 9095]

# Maximum number of simultaneous grpc connections, <=0 to disable
# CLI flag: -server.grpc-conn-limit
[grpc_listen_conn_limit: <int> | default = 0]

# If true, the max streams by connection gauge will be collected.
# CLI flag: -server.grpc-collect-max-streams-by-conn
[grpc_collect_max_streams_by_conn: <boolean> | default = true]

# Enables PROXY protocol.
# CLI flag: -server.proxy-protocol-enabled
[proxy_protocol_enabled: <boolean> | default = false]

# Comma-separated list of cipher suites to use. If blank, the default Go cipher
# suites is used.
# CLI flag: -server.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]

# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11,
# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used.
# CLI flag: -server.tls-min-version
[tls_min_version: <string> | default = ""]

http_tls_config:
  # Server TLS certificate. This configuration parameter is YAML only.
  [cert: <string> | default = ""]

  # Server TLS key. This configuration parameter is YAML only.
  [key: <string> | default = ""]

  # Root certificate authority used to verify client certificates. This
  # configuration parameter is YAML only.
  [client_ca: <string> | default = ""]

  # HTTP server cert path.
  # CLI flag: -server.http-tls-cert-path
  [cert_file: <string> | default = ""]

  # HTTP server key path.
  # CLI flag: -server.http-tls-key-path
  [key_file: <string> | default = ""]

  # HTTP TLS Client Auth type.
  # CLI flag: -server.http-tls-client-auth
  [client_auth_type: <string> | default = ""]

  # HTTP TLS Client CA path.
  # CLI flag: -server.http-tls-ca-path
  [client_ca_file: <string> | default = ""]

grpc_tls_config:
  # Server TLS certificate. This configuration parameter is YAML only.
  [cert: <string> | default = ""]

  # Server TLS key. This configuration parameter is YAML only.
  [key: <string> | default = ""]

  # Root certificate authority used to verify client certificates. This
  # configuration parameter is YAML only.
  [client_ca: <string> | default = ""]

  # GRPC TLS server cert path.
  # CLI flag: -server.grpc-tls-cert-path
  [cert_file: <string> | default = ""]

  # GRPC TLS server key path.
  # CLI flag: -server.grpc-tls-key-path
  [key_file: <string> | default = ""]

  # GRPC TLS Client Auth type.
  # CLI flag: -server.grpc-tls-client-auth
  [client_auth_type: <string> | default = ""]

  # GRPC TLS Client CA path.
  # CLI flag: -server.grpc-tls-ca-path
  [client_ca_file: <string> | default = ""]

# Register the intrumentation handlers (/metrics etc).
# CLI flag: -server.register-instrumentation
[register_instrumentation: <boolean> | default = true]

# If set to true, gRPC statuses will be reported in instrumentation labels with
# their string representations. Otherwise, they will be reported as "error".
# CLI flag: -server.report-grpc-codes-in-instrumentation-label-enabled
[report_grpc_codes_in_instrumentation_label_enabled: <boolean> | default = false]

# Timeout for graceful shutdowns
# CLI flag: -server.graceful-shutdown-timeout
[graceful_shutdown_timeout: <duration> | default = 30s]

# Read timeout for entire HTTP request, including headers and body.
# CLI flag: -server.http-read-timeout
[http_server_read_timeout: <duration> | default = 30s]

# Read timeout for HTTP request headers. If set to 0, value of
# -server.http-read-timeout is used.
# CLI flag: -server.http-read-header-timeout
[http_server_read_header_timeout: <duration> | default = 0s]

# Write timeout for HTTP server
# CLI flag: -server.http-write-timeout
[http_server_write_timeout: <duration> | default = 30s]

# Idle timeout for HTTP server
# CLI flag: -server.http-idle-timeout
[http_server_idle_timeout: <duration> | default = 2m]

# Log closed connections that did not receive any response, most likely because
# client didn't send any request within timeout.
# CLI flag: -server.http-log-closed-connections-without-response-enabled
[http_log_closed_connections_without_response_enabled: <boolean> | default = false]

# Limit on the size of a gRPC message this server can receive (bytes).
# CLI flag: -server.grpc-max-recv-msg-size-bytes
[grpc_server_max_recv_msg_size: <int> | default = 4194304]

# Limit on the size of a gRPC message this server can send (bytes).
# CLI flag: -server.grpc-max-send-msg-size-bytes
[grpc_server_max_send_msg_size: <int> | default = 4194304]

# Limit on the number of concurrent streams for gRPC calls per client connection
# (0 = unlimited)
# CLI flag: -server.grpc-max-concurrent-streams
[grpc_server_max_concurrent_streams: <int> | default = 100]

# The duration after which an idle connection should be closed. Default:
# infinity
# CLI flag: -server.grpc.keepalive.max-connection-idle
[grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s]

# The duration for the maximum amount of time a connection may exist before it
# will be closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age
[grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s]

# An additive period after max-connection-age after which the connection will be
# forcibly closed. Default: infinity
# CLI flag: -server.grpc.keepalive.max-connection-age-grace
[grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s]

# Duration after which a keepalive probe is sent in case of no activity over the
# connection., Default: 2h
# CLI flag: -server.grpc.keepalive.time
[grpc_server_keepalive_time: <duration> | default = 2h]

# After having pinged for keepalive check, the duration after which an idle
# connection should be closed, Default: 20s
# CLI flag: -server.grpc.keepalive.timeout
[grpc_server_keepalive_timeout: <duration> | default = 20s]

# Minimum amount of time a client should wait before sending a keepalive ping.
# If client sends keepalive ping more often, server will send GOAWAY and close
# the connection.
# CLI flag: -server.grpc.keepalive.min-time-between-pings
[grpc_server_min_time_between_pings: <duration> | default = 10s]

# If true, server allows keepalive pings even when there are no active
# streams(RPCs). If false, and client sends ping when there are no active
# streams, server will send GOAWAY and close the connection.
# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed
[grpc_server_ping_without_stream_allowed: <boolean> | default = true]

# If non-zero, configures the amount of GRPC server workers used to serve the
# requests.
# CLI flag: -server.grpc.num-workers
[grpc_server_num_workers: <int> | default = 0]

# If true, the request_message_bytes, response_message_bytes, and
# inflight_requests metrics will be tracked. Enabling this option prevents the
# use of memory pools for parsing gRPC request bodies and may lead to more
# memory allocations.
# CLI flag: -server.grpc.stats-tracking-enabled
[grpc_server_stats_tracking_enabled: <boolean> | default = true]

# Deprecated option, has no effect and will be removed in a future version.
# CLI flag: -server.grpc.recv-buffer-pools-enabled
[grpc_server_recv_buffer_pools_enabled: <boolean> | default = false]

# Output log messages in the given format. Valid formats: [logfmt, json]
# CLI flag: -log.format
[log_format: <string> | default = "logfmt"]

# Only log messages with the given severity or above. Valid levels: [debug,
# info, warn, error]
# CLI flag: -log.level
[log_level: <string> | default = "info"]

# Optionally log the source IPs.
# CLI flag: -server.log-source-ips-enabled
[log_source_ips_enabled: <boolean> | default = false]

# Log all source IPs instead of only the originating one. Only used if
# server.log-source-ips-enabled is true
# CLI flag: -server.log-source-ips-full
[log_source_ips_full: <boolean> | default = false]

# Header field storing the source IPs. Only used if
# server.log-source-ips-enabled is true. If not set the default Forwarded,
# X-Real-IP and X-Forwarded-For headers are used
# CLI flag: -server.log-source-ips-header
[log_source_ips_header: <string> | default = ""]

# Regex for matching the source IPs. Only used if server.log-source-ips-enabled
# is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For
# headers are used
# CLI flag: -server.log-source-ips-regex
[log_source_ips_regex: <string> | default = ""]

# Optionally log request headers.
# CLI flag: -server.log-request-headers
[log_request_headers: <boolean> | default = false]

# Optionally log requests at info level instead of debug level. Applies to
# request headers as well if server.log-request-headers is enabled.
# CLI flag: -server.log-request-at-info-level-enabled
[log_request_at_info_level_enabled: <boolean> | default = false]

# Comma separated list of headers to exclude from loggin. Only used if
# server.log-request-headers is true.
# CLI flag: -server.log-request-headers-exclude-list
[log_request_exclude_headers_list: <string> | default = ""]

# Optionally add request headers to tracing spans.
# CLI flag: -server.trace-request-headers
[trace_request_headers: <boolean> | default = false]

# Comma separated list of headers to exclude from tracing spans. Only used if
# server.trace-request-headers is true. The following headers are always
# excluded: Authorization, Cookie, X-Access-Token, X-Csrf-Token, X-Grafana-Id.
# CLI flag: -server.trace-request-headers-exclude-list
[trace_request_exclude_headers_list: <string> | default = ""]

# Base path to serve all API routes from (e.g. /v1/)
# CLI flag: -server.path-prefix
[http_path_prefix: <string> | default = ""]

cluster_validation:
  # Primary cluster validation label.
  # CLI flag: -server.cluster-validation.label
  [label: <string> | default = ""]

  # Comma-separated list of additional cluster validation labels that the server
  # will accept from incoming requests.
  # CLI flag: -server.cluster-validation.additional-labels
  [additional_labels: <string> | default = ""]

  grpc:
    # When enabled, cluster label validation is executed: configured cluster
    # validation label is compared with the cluster validation label received
    # through the requests.
    # CLI flag: -server.cluster-validation.grpc.enabled
    [enabled: <boolean> | default = false]

    # When enabled, soft cluster label validation is executed. Can be enabled
    # only together with server.cluster-validation.grpc.enabled
    # CLI flag: -server.cluster-validation.grpc.soft-validation
    [soft_validation: <boolean> | default = false]

  http:
    # When enabled, cluster label validation is executed: configured cluster
    # validation label is compared with the cluster validation label received
    # through the requests.
    # CLI flag: -server.cluster-validation.http.enabled
    [enabled: <boolean> | default = false]

    # When enabled, soft cluster label validation is executed. Can be enabled
    # only together with server.cluster-validation.http.enabled
    # CLI flag: -server.cluster-validation.http.soft-validation
    [soft_validation: <boolean> | default = false]

    # Comma-separated list of url paths that are excluded from the cluster
    # validation check.
    # CLI flag: -server.cluster-validation.http.excluded-paths
    [excluded_paths: <string> | default = ""]

    # Comma-separated list of user agents that are excluded from the cluster
    # validation check.
    # CLI flag: -server.cluster-validation.http.excluded-user-agents
    [excluded_user_agents: <string> | default = ""]

# Creates new traces for each call rather than continuing the existing trace. A
# span link is used to allow navigation to the parent trace. Only works when
# using Open-Telemetry tracing.
# CLI flag: -server.create-new-traces
[create_new_traces: <boolean> | default = false]

storage_config

The storage_config block configures one of many possible stores for both the index and chunks. Which configuration to be picked should be defined in schema_config block.

# The alibabacloud_storage_config block configures the connection to Alibaba
# Cloud Storage object storage backend.
[alibabacloud: <alibabacloud_storage_config>]

# The aws_storage_config block configures the connection to dynamoDB and S3
# object storage. Either one of them or both can be configured.
[aws: <aws_storage_config>]

# The azure_storage_config block configures the connection to Azure object
# storage backend.
[azure: <azure_storage_config>]

# The bos_storage_config block configures the connection to Baidu Object Storage
# (BOS) object storage backend.
[bos: <bos_storage_config>]

# Deprecated: Configures storing indexes in Bigtable. Required fields only
# required when bigtable is defined in config.
bigtable:
  # Bigtable project ID.
  # CLI flag: -bigtable.project
  [project: <string> | default = ""]

  # Bigtable instance ID. Please refer to
  # https://cloud.google.com/docs/authentication/production for more information
  # about how to configure authentication.
  # CLI flag: -bigtable.instance
  [instance: <string> | default = ""]

  # The grpc_client block configures the gRPC client used to communicate between
  # a client and server component in Loki.
  # The CLI flags prefix for this block configuration is: bigtable
  [grpc_client_config: <grpc_client>]

  # If enabled, once a tables info is fetched, it is cached.
  # CLI flag: -bigtable.table-cache.enabled
  [table_cache_enabled: <boolean> | default = true]

  # Duration to cache tables before checking again.
  # CLI flag: -bigtable.table-cache.expiration
  [table_cache_expiration: <duration> | default = 30m]

# Configures storing chunks in GCS. Required fields only required when gcs is
# defined in config.
[gcs: <gcs_storage_config>]

# Deprecated: Configures storing chunks and/or the index in Cassandra.
cassandra:
  # Comma-separated hostnames or IPs of Cassandra instances.
  # CLI flag: -cassandra.addresses
  [addresses: <string> | default = ""]

  # Port that Cassandra is running on
  # CLI flag: -cassandra.port
  [port: <int> | default = 9042]

  # Keyspace to use in Cassandra.
  # CLI flag: -cassandra.keyspace
  [keyspace: <string> | default = ""]

  # Consistency level for Cassandra.
  # CLI flag: -cassandra.consistency
  [consistency: <string> | default = "QUORUM"]

  # Replication factor to use in Cassandra.
  # CLI flag: -cassandra.replication-factor
  [replication_factor: <int> | default = 3]

  # Instruct the cassandra driver to not attempt to get host info from the
  # system.peers table.
  # CLI flag: -cassandra.disable-initial-host-lookup
  [disable_initial_host_lookup: <boolean> | default = false]

  # Use SSL when connecting to cassandra instances.
  # CLI flag: -cassandra.ssl
  [SSL: <boolean> | default = false]

  # Require SSL certificate validation.
  # CLI flag: -cassandra.host-verification
  [host_verification: <boolean> | default = true]

  # Policy for selecting Cassandra host. Supported values are: round-robin,
  # token-aware.
  # CLI flag: -cassandra.host-selection-policy
  [host_selection_policy: <string> | default = "round-robin"]

  # Path to certificate file to verify the peer.
  # CLI flag: -cassandra.ca-path
  [CA_path: <string> | default = ""]

  # Path to certificate file used by TLS.
  # CLI flag: -cassandra.tls-cert-path
  [tls_cert_path: <string> | default = ""]

  # Path to private key file used by TLS.
  # CLI flag: -cassandra.tls-key-path
  [tls_key_path: <string> | default = ""]

  # Enable password authentication when connecting to cassandra.
  # CLI flag: -cassandra.auth
  [auth: <boolean> | default = false]

  # Username to use when connecting to cassandra.
  # CLI flag: -cassandra.username
  [username: <string> | default = ""]

  # Password to use when connecting to cassandra.
  # CLI flag: -cassandra.password
  [password: <string> | default = ""]

  # File containing password to use when connecting to cassandra.
  # CLI flag: -cassandra.password-file
  [password_file: <string> | default = ""]

  # If set, when authenticating with cassandra a custom authenticator will be
  # expected during the handshake. This flag can be set multiple times.
  # CLI flag: -cassandra.custom-authenticator
  [custom_authenticators: <list of strings> | default = []]

  # Timeout when connecting to cassandra.
  # CLI flag: -cassandra.timeout
  [timeout: <duration> | default = 2s]

  # Initial connection timeout, used during initial dial to server.
  # CLI flag: -cassandra.connect-timeout
  [connect_timeout: <duration> | default = 5s]

  # Interval to retry connecting to cassandra nodes marked as DOWN.
  # CLI flag: -cassandra.reconnent-interval
  [reconnect_interval: <duration> | default = 1s]

  # Number of retries to perform on a request. Set to 0 to disable retries.
  # CLI flag: -cassandra.max-retries
  [max_retries: <int> | default = 0]

  # Maximum time to wait before retrying a failed request.
  # CLI flag: -cassandra.retry-max-backoff
  [retry_max_backoff: <duration> | default = 10s]

  # Minimum time to wait before retrying a failed request.
  # CLI flag: -cassandra.retry-min-backoff
  [retry_min_backoff: <duration> | default = 100ms]

  # Limit number of concurrent queries to Cassandra. Set to 0 to disable the
  # limit.
  # CLI flag: -cassandra.query-concurrency
  [query_concurrency: <int> | default = 0]

  # Number of TCP connections per host.
  # CLI flag: -cassandra.num-connections
  [num_connections: <int> | default = 2]

  # Convict hosts of being down on failure.
  # CLI flag: -cassandra.convict-hosts-on-failure
  [convict_hosts_on_failure: <boolean> | default = true]

  # Table options used to create index or chunk tables. This value is used as
  # plain text in the table `WITH` like this, "CREATE TABLE
  # <generated_by_cortex> (...) WITH <cassandra.table-options>". For details,
  # see https://cortexmetrics.io/docs/production/cassandra. By default it will
  # use the default table options of your Cassandra cluster.
  # CLI flag: -cassandra.table-options
  [table_options: <string> | default = ""]

# Deprecated: Configures storing index in BoltDB. Required fields only required
# when boltdb is present in the configuration.
boltdb:
  # Location of BoltDB index files.
  # CLI flag: -boltdb.dir
  [directory: <string> | default = ""]

# Configures storing the chunks on the local file system. Required fields only
# required when filesystem is present in the configuration.
[filesystem: <local_storage_config>]

# The swift_storage_config block configures the connection to OpenStack Object
# Storage (Swift) object storage backend.
[swift: <swift_storage_config>]

# Deprecated:
grpc_store:
  # Hostname or IP of the gRPC store instance.
  # CLI flag: -grpc-store.server-address
  [server_address: <string> | default = ""]

hedging:
  # If set to a non-zero value a second request will be issued at the provided
  # duration. Default is 0 (disabled)
  # CLI flag: -store.hedge-requests-at
  [at: <duration> | default = 0s]

  # The maximum of hedge requests allowed.
  # CLI flag: -store.hedge-requests-up-to
  [up_to: <int> | default = 2]

  # The maximum of hedge requests allowed per seconds.
  # CLI flag: -store.hedge-max-per-second
  [max_per_second: <int> | default = 5]

# Configures additional object stores for a given storage provider.
# Supported stores: aws, azure, bos, filesystem, gcs, swift.
# Example:
# ```yaml
#     storage_config:
#       named_stores:
#         aws:
#           store-1:
#             endpoint: s3://foo-bucket
#             region: us-west1
# ```
# Named store from this example can be used by setting object_store to store-1
# in period_config.
[named_stores: <named_stores_config>]

# The cos_storage_config block configures the connection to IBM Cloud Object
# Storage (COS) backend.
[cos: <cos_storage_config>]

# Cache validity for active index entries. Should be no higher than
# -ingester.max-chunk-idle.
# CLI flag: -store.index-cache-validity
[index_cache_validity: <duration> | default = 5m]

congestion_control:
  # Use storage congestion control (default: disabled).
  # CLI flag: -store.congestion-control.enabled
  [enabled: <boolean> | default = false]

  controller:
    # Congestion control strategy to use (default: none, options: 'aimd').
    # CLI flag: -store.congestion-control.strategy
    [strategy: <string> | default = ""]

    aimd:
      # AIMD starting throughput window size: how many requests can be sent per
      # second (default: 2000).
      # CLI flag: -store.congestion-control.strategy.aimd.start
      [start: <int> | default = 2000]

      # AIMD maximum throughput window size: upper limit of requests sent per
      # second (default: 10000).
      # CLI flag: -store.congestion-control.strategy.aimd.upper-bound
      [upper_bound: <int> | default = 10000]

      # AIMD backoff factor when upstream service is throttled to decrease
      # number of requests sent per second (default: 0.5).
      # CLI flag: -store.congestion-control.strategy.aimd.backoff-factor
      [backoff_factor: <float> | default = 0.5]

  retry:
    # Congestion control retry strategy to use (default: none, options:
    # 'limited').
    # CLI flag: -store.congestion-control.retry.strategy
    [strategy: <string> | default = ""]

    # Maximum number of retries allowed.
    # CLI flag: -store.congestion-control.retry.strategy.limited.limit
    [limit: <int> | default = 2]

  hedging:
    config:
      [at: <duration>]

      [up_to: <int>]

      [max_per_second: <int>]

    # Congestion control hedge strategy to use (default: none, options:
    # 'limited').
    # CLI flag: -store.congestion-control.hedge.strategy
    [strategy: <string> | default = ""]

# Experimental. Sets a constant prefix for all keys inserted into object
# storage. Example: loki/
# CLI flag: -store.object-prefix
[object_prefix: <string> | default = ""]

# The cache_config block configures the cache backend for a specific Loki
# component.
# The CLI flags prefix for this block configuration is: store.index-cache-read
[index_queries_cache_config: <cache_config>]

# Disable broad index queries which results in reduced cache usage and faster
# query performance at the expense of somewhat higher QPS on the index store.
# CLI flag: -store.disable-broad-index-queries
[disable_broad_index_queries: <boolean> | default = false]

# Maximum number of parallel chunk reads.
# CLI flag: -store.max-parallel-get-chunk
[max_parallel_get_chunk: <int> | default = 150]

# Enables the use of thanos-io/objstore clients for connecting to object
# storage. When set to true, the configuration inside
# `storage_config.object_store` or `common.storage.object_store` block takes
# effect.
# CLI flag: -use-thanos-objstore
[use_thanos_objstore: <boolean> | default = false]

object_store:
  # The thanos_object_store_config block configures the connection to object
  # storage backend using thanos-io/objstore clients. This will become the
  # default way of configuring object store clients in future releases.
  # Currently this is opt-in and takes effect only when `-use-thanos-objstore`
  # is set to true.
  # The CLI flags prefix for this block configuration is: object-store
  [<thanos_object_store_config>]

  named_stores:
    [azure: <map of string to NamedAzureStorageConfig>]

    [filesystem: <map of string to NamedFilesystemStorageConfig>]

    [gcs: <map of string to NamedGCSStorageConfig>]

    [s3: <map of string to NamedS3StorageConfig>]

    [swift: <map of string to NamedSwiftStorageConfig>]

# The maximum number of chunks to fetch per batch.
# CLI flag: -store.max-chunk-batch-size
[max_chunk_batch_size: <int> | default = 50]

# Configures storing index in an Object Store
# (GCS/S3/Azure/Swift/COS/Filesystem) in the form of boltdb files. Required
# fields only required when boltdb-shipper is defined in config.
boltdb_shipper:
  # Directory where ingesters would write index files which would then be
  # uploaded by shipper to configured storage
  # CLI flag: -boltdb.shipper.active-index-directory
  [active_index_directory: <string> | default = ""]

  # Cache location for restoring index files from storage for queries
  # CLI flag: -boltdb.shipper.cache-location
  [cache_location: <string> | default = ""]

  # TTL for index files restored in cache for queries
  # CLI flag: -boltdb.shipper.cache-ttl
  [cache_ttl: <duration> | default = 24h]

  # Resync downloaded files with the storage
  # CLI flag: -boltdb.shipper.resync-interval
  [resync_interval: <duration> | default = 5m]

  # Number of days of common index to be kept downloaded for queries. For per
  # tenant index query readiness, use limits overrides config.
  # CLI flag: -boltdb.shipper.query-ready-num-days
  [query_ready_num_days: <int> | default = 0]

  index_gateway_client:
    # The grpc_client block configures the gRPC client used to communicate
    # between a client and server component in Loki.
    # The CLI flags prefix for this block configuration is:
    # boltdb.shipper.index-gateway-client.grpc
    [grpc_client_config: <grpc_client>]

    # Hostname or IP of the Index Gateway gRPC server running in simple mode.
    # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A
    # record with multiple IP's, a DNS SRV record with a followup A record
    # lookup, or a DNS SRV record without a followup A record lookup,
    # respectively.
    # CLI flag: -boltdb.shipper.index-gateway-client.server-address
    [server_address: <string> | default = ""]

    # Whether requests sent to the gateway should be logged or not.
    # CLI flag: -boltdb.shipper.index-gateway-client.log-gateway-requests
    [log_gateway_requests: <boolean> | default = false]

    # Experimental: Defines buckets for time-based sharding. Time based sharding
    # only takes affect when index gateways run in simple mode. To enable client
    # side time-based sharding of queries across index gateway instances set at
    # least one bucket in the format of a string representation of a
    # time.Duration, e.g. ['168h', '336h', '504h']
    # CLI flag: -boltdb.shipper.index-gateway-client.time-based-sharding-buckets
    [time_based_sharding_buckets: <list of strings> | default = []]

  [ingestername: <string> | default = ""]

  [mode: <string> | default = ""]

  [ingesterdbretainperiod: <duration>]

  # Build per tenant index files
  # CLI flag: -boltdb.shipper.build-per-tenant-index
  [build_per_tenant_index: <boolean> | default = false]

# Configures storing index in an Object Store
# (GCS/S3/Azure/Swift/COS/Filesystem) in a prometheus TSDB-like format. Required
# fields only required when TSDB is defined in config.
tsdb_shipper:
  # Directory where ingesters would write index files which would then be
  # uploaded by shipper to configured storage
  # CLI flag: -tsdb.shipper.active-index-directory
  [active_index_directory: <string> | default = ""]

  # Cache location for restoring index files from storage for queries
  # CLI flag: -tsdb.shipper.cache-location
  [cache_location: <string> | default = ""]

  # TTL for index files restored in cache for queries
  # CLI flag: -tsdb.shipper.cache-ttl
  [cache_ttl: <duration> | default = 24h]

  # Resync downloaded files with the storage
  # CLI flag: -tsdb.shipper.resync-interval
  [resync_interval: <duration> | default = 5m]

  # Number of days of common index to be kept downloaded for queries. For per
  # tenant index query readiness, use limits overrides config.
  # CLI flag: -tsdb.shipper.query-ready-num-days
  [query_ready_num_days: <int> | default = 0]

  index_gateway_client:
    # The grpc_client block configures the gRPC client used to communicate
    # between a client and server component in Loki.
    # The CLI flags prefix for this block configuration is:
    # tsdb.shipper.index-gateway-client.grpc
    [grpc_client_config: <grpc_client>]

    # Hostname or IP of the Index Gateway gRPC server running in simple mode.
    # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A
    # record with multiple IP's, a DNS SRV record with a followup A record
    # lookup, or a DNS SRV record without a followup A record lookup,
    # respectively.
    # CLI flag: -tsdb.shipper.index-gateway-client.server-address
    [server_address: <string> | default = ""]

    # Whether requests sent to the gateway should be logged or not.
    # CLI flag: -tsdb.shipper.index-gateway-client.log-gateway-requests
    [log_gateway_requests: <boolean> | default = false]

    # Experimental: Defines buckets for time-based sharding. Time based sharding
    # only takes affect when index gateways run in simple mode. To enable client
    # side time-based sharding of queries across index gateway instances set at
    # least one bucket in the format of a string representation of a
    # time.Duration, e.g. ['168h', '336h', '504h']
    # CLI flag: -tsdb.shipper.index-gateway-client.time-based-sharding-buckets
    [time_based_sharding_buckets: <list of strings> | default = []]

  [ingestername: <string> | default = ""]

  [mode: <string> | default = ""]

  [ingesterdbretainperiod: <duration>]

# Experimental: Configures the bloom shipper component, which contains the store
# abstraction to fetch bloom filters from and put them to object storage.
bloom_shipper:
  # Working directory to store downloaded bloom blocks. Supports multiple
  # directories, separated by comma.
  # CLI flag: -bloom.shipper.working-directory
  [working_directory: <string> | default = "/data/blooms"]

  # Maximum size of bloom pages that should be queried. Larger pages than this
  # limit are skipped when querying blooms to limit memory usage.
  # CLI flag: -bloom.max-query-page-size
  [max_query_page_size: <int> | default = 64MiB]

  # The amount of maximum concurrent bloom blocks downloads. Usually set to 2x
  # number of CPU cores.
  # CLI flag: -bloom.download-parallelism
  [download_parallelism: <int> | default = 8]

  blocks_cache:
    # Cache for bloom blocks. Soft limit of the cache in bytes. Exceeding this
    # limit will trigger evictions of least recently used items in the
    # background.
    # CLI flag: -bloom.blocks-cache.soft-limit
    [soft_limit: <int> | default = 32GiB]

    # Cache for bloom blocks. Hard limit of the cache in bytes. Exceeding this
    # limit will block execution until soft limit is deceeded.
    # CLI flag: -bloom.blocks-cache.hard-limit
    [hard_limit: <int> | default = 64GiB]

    # Cache for bloom blocks. The time to live for items in the cache before
    # they get purged.
    # CLI flag: -bloom.blocks-cache.ttl
    [ttl: <duration> | default = 24h]

  # The cache_config block configures the cache backend for a specific Loki
  # component.
  # The CLI flags prefix for this block configuration is: bloom.metas-cache
  [metas_cache: <cache_config>]

  metas_lru_cache:
    # In-memory LRU cache for bloom metas. Whether embedded cache is enabled.
    # CLI flag: -bloom.metas-lru-cache.enabled
    [enabled: <boolean> | default = false]

    # In-memory LRU cache for bloom metas. Maximum memory size of the cache in
    # MB.
    # CLI flag: -bloom.metas-lru-cache.max-size-mb
    [max_size_mb: <int> | default = 100]

    # In-memory LRU cache for bloom metas. Maximum number of entries in the
    # cache.
    # CLI flag: -bloom.metas-lru-cache.max-size-items
    [max_size_items: <int> | default = 0]

    # In-memory LRU cache for bloom metas. The time to live for items in the
    # cache before they get purged.
    # CLI flag: -bloom.metas-lru-cache.ttl
    [ttl: <duration> | default = 1h]

swift_storage_config

The swift_storage_config block configures the connection to OpenStack Object Storage (Swift) object storage backend. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage
ruler.storage

# OpenStack Swift authentication API version. 0 to autodetect.
# CLI flag: -<prefix>.swift.auth-version
[auth_version: <int> | default = 0]

# OpenStack Swift authentication URL
# CLI flag: -<prefix>.swift.auth-url
[auth_url: <string> | default = ""]

# Set this to true to use the internal OpenStack Swift endpoint URL
# CLI flag: -<prefix>.swift.internal
[internal: <boolean> | default = false]

# OpenStack Swift username.
# CLI flag: -<prefix>.swift.username
[username: <string> | default = ""]

# OpenStack Swift user's domain name.
# CLI flag: -<prefix>.swift.user-domain-name
[user_domain_name: <string> | default = ""]

# OpenStack Swift user's domain ID.
# CLI flag: -<prefix>.swift.user-domain-id
[user_domain_id: <string> | default = ""]

# OpenStack Swift user ID.
# CLI flag: -<prefix>.swift.user-id
[user_id: <string> | default = ""]

# OpenStack Swift API key.
# CLI flag: -<prefix>.swift.password
[password: <string> | default = ""]

# OpenStack Swift user's domain ID.
# CLI flag: -<prefix>.swift.domain-id
[domain_id: <string> | default = ""]

# OpenStack Swift user's domain name.
# CLI flag: -<prefix>.swift.domain-name
[domain_name: <string> | default = ""]

# OpenStack Swift project ID (v2,v3 auth only).
# CLI flag: -<prefix>.swift.project-id
[project_id: <string> | default = ""]

# OpenStack Swift project name (v2,v3 auth only).
# CLI flag: -<prefix>.swift.project-name
[project_name: <string> | default = ""]

# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs the from user domain.
# CLI flag: -<prefix>.swift.project-domain-id
[project_domain_id: <string> | default = ""]

# Name of the OpenStack Swift project's domain (v3 auth only), only needed if it
# differs from the user domain.
# CLI flag: -<prefix>.swift.project-domain-name
[project_domain_name: <string> | default = ""]

# OpenStack Swift Region to use (v2,v3 auth only).
# CLI flag: -<prefix>.swift.region-name
[region_name: <string> | default = ""]

# Name of the OpenStack Swift container to put chunks in.
# CLI flag: -<prefix>.swift.container-name
[container_name: <string> | default = ""]

# Max retries on requests error.
# CLI flag: -<prefix>.swift.max-retries
[max_retries: <int> | default = 3]

# Time after which a connection attempt is aborted.
# CLI flag: -<prefix>.swift.connect-timeout
[connect_timeout: <duration> | default = 10s]

# Time after which an idle request is aborted. The timeout watchdog is reset
# each time some data is received, so the timeout triggers after X time no data
# is received on a request.
# CLI flag: -<prefix>.swift.request-timeout
[request_timeout: <duration> | default = 5s]

http:
  # Path to the CA certificates to validate server certificate against. If not
  # set, the host's root CA certificates are used.
  # CLI flag: -<prefix>.swift.http.tls-ca-path
  [tls_ca_path: <string> | default = ""]

table_manager

The table_manager block configures the table manager for retention.

# If true, disable all changes to DB capacity
# CLI flag: -table-manager.throughput-updates-disabled
[throughput_updates_disabled: <boolean> | default = false]

# If true, enables retention deletes of DB tables
# CLI flag: -table-manager.retention-deletes-enabled
[retention_deletes_enabled: <boolean> | default = false]

# Tables older than this retention period are deleted. Must be either 0
# (disabled) or a multiple of 24h. When enabled, be aware this setting is
# destructive to data!
# CLI flag: -table-manager.retention-period
[retention_period: <duration> | default = 0s]

# How frequently to poll backend to learn our capacity.
# CLI flag: -table-manager.poll-interval
[poll_interval: <duration> | default = 2m]

# Periodic tables grace period (duration which table will be created/deleted
# before/after it's needed).
# CLI flag: -table-manager.periodic-table.grace-period
[creation_grace_period: <duration> | default = 10m]

index_tables_provisioning:
  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.index-table.enable-ondemand-throughput-mode
  [enable_ondemand_throughput_mode: <boolean> | default = false]

  # Table default write throughput. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.write-throughput
  [provisioned_write_throughput: <int> | default = 1000]

  # Table default read throughput. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.read-throughput
  [provisioned_read_throughput: <int> | default = 300]

  write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.write-throughput.scale.target-value
    [target: <float> | default = 80]

  read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.index-table.inactive-enable-ondemand-throughput-mode
  [enable_inactive_throughput_on_demand_mode: <boolean> | default = false]

  # Table write throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.inactive-write-throughput
  [inactive_write_throughput: <int> | default = 1]

  # Table read throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.index-table.inactive-read-throughput
  [inactive_read_throughput: <int> | default = 300]

  inactive_write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.target-value
    [target: <float> | default = 80]

  inactive_read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Number of last inactive tables to enable write autoscale.
  # CLI flag: -table-manager.index-table.inactive-write-throughput.scale-last-n
  [inactive_write_scale_lastn: <int> | default = 4]

  # Number of last inactive tables to enable read autoscale.
  # CLI flag: -table-manager.index-table.inactive-read-throughput.scale-last-n
  [inactive_read_scale_lastn: <int> | default = 4]

chunk_tables_provisioning:
  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.chunk-table.enable-ondemand-throughput-mode
  [enable_ondemand_throughput_mode: <boolean> | default = false]

  # Table default write throughput. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.write-throughput
  [provisioned_write_throughput: <int> | default = 1000]

  # Table default read throughput. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.read-throughput
  [provisioned_read_throughput: <int> | default = 300]

  write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.write-throughput.scale.target-value
    [target: <float> | default = 80]

  read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Enables on demand throughput provisioning for the storage provider (if
  # supported). Applies only to tables which are not autoscaled. Supported by
  # DynamoDB
  # CLI flag: -table-manager.chunk-table.inactive-enable-ondemand-throughput-mode
  [enable_inactive_throughput_on_demand_mode: <boolean> | default = false]

  # Table write throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.inactive-write-throughput
  [inactive_write_throughput: <int> | default = 1]

  # Table read throughput for inactive tables. Supported by DynamoDB
  # CLI flag: -table-manager.chunk-table.inactive-read-throughput
  [inactive_read_throughput: <int> | default = 300]

  inactive_write_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.target-value
    [target: <float> | default = 80]

  inactive_read_scale:
    # Should we enable autoscale for the table.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.enabled
    [enabled: <boolean> | default = false]

    # AWS AutoScaling role ARN
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.role-arn
    [role_arn: <string> | default = ""]

    # DynamoDB minimum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.min-capacity
    [min_capacity: <int> | default = 3000]

    # DynamoDB maximum provision capacity.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.max-capacity
    [max_capacity: <int> | default = 6000]

    # DynamoDB minimum seconds between each autoscale up.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.out-cooldown
    [out_cooldown: <int> | default = 1800]

    # DynamoDB minimum seconds between each autoscale down.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.in-cooldown
    [in_cooldown: <int> | default = 1800]

    # DynamoDB target ratio of consumed capacity to provisioned capacity.
    # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.target-value
    [target: <float> | default = 80]

  # Number of last inactive tables to enable write autoscale.
  # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale-last-n
  [inactive_write_scale_lastn: <int> | default = 4]

  # Number of last inactive tables to enable read autoscale.
  # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale-last-n
  [inactive_read_scale_lastn: <int> | default = 4]

thanos_object_store_config

The thanos_object_store_config block configures the connection to object storage backend using thanos-io/objstore clients. This will become the default way of configuring object store clients in future releases. Currently this is opt-in and takes effect only when -use-thanos-objstore is set to true. The supported CLI flags <prefix> used to reference this configuration block are:

common.storage.object-store
object-store
ruler-storage
ui.goldfish.results

s3:
  # The S3 bucket endpoint. It could be an AWS S3 endpoint listed at
  # https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an
  # S3-compatible service in hostname:port format.
  # CLI flag: -<prefix>.s3.endpoint
  [endpoint: <string> | default = ""]

  # S3 region. If unset, the client will issue a S3 GetBucketLocation API call
  # to autodetect it.
  # CLI flag: -<prefix>.s3.region
  [region: <string> | default = ""]

  # S3 bucket name
  # CLI flag: -<prefix>.s3.bucket-name
  [bucket_name: <string> | default = ""]

  # S3 secret access key
  # CLI flag: -<prefix>.s3.secret-access-key
  [secret_access_key: <string> | default = ""]

  # S3 access key ID
  # CLI flag: -<prefix>.s3.access-key-id
  [access_key_id: <string> | default = ""]

  # S3 session token
  # CLI flag: -<prefix>.s3.session-token
  [session_token: <string> | default = ""]

  # If enabled, use http:// for the S3 endpoint instead of https://. This could
  # be useful in local dev/test environments while using an S3-compatible
  # backend storage, like Minio.
  # CLI flag: -<prefix>.s3.insecure
  [insecure: <boolean> | default = false]

  # Use a specific version of the S3 list object API. Supported values are v1 or
  # v2. Default is unset.
  # CLI flag: -<prefix>.s3.list-objects-version
  [list_objects_version: <string> | default = ""]

  # Bucket lookup style type, used to access bucket in S3-compatible service.
  # Default is auto. Supported values are: auto, path, virtual-hosted.
  # CLI flag: -<prefix>.s3.bucket-lookup-type
  [bucket_lookup_type: <int> | default = auto]

  # When enabled, direct all AWS S3 requests to the dual-stack IPv4/IPv6
  # endpoint for the configured region.
  # CLI flag: -<prefix>.s3.dualstack-enabled
  [dualstack_enabled: <boolean> | default = true]

  # The S3 storage class to use, not set by default. Details can be found at
  # https://aws.amazon.com/s3/storage-classes/. Supported values are: STANDARD,
  # REDUCED_REDUNDANCY, GLACIER, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING,
  # DEEP_ARCHIVE, OUTPOSTS, GLACIER_IR, SNOW, EXPRESS_ONEZONE, FSX_OPENZFS,
  # FSX_ONTAP
  # CLI flag: -<prefix>.s3.storage-class
  [storage_class: <string> | default = ""]

  # If enabled, it will use the default authentication methods of the AWS SDK
  # for go based on known environment variables and known AWS config files.
  # CLI flag: -<prefix>.s3.native-aws-auth-enabled
  [native_aws_auth_enabled: <boolean> | default = false]

  # The minimum file size in bytes used for multipart uploads. If 0, the value
  # is optimally computed for each object.
  # CLI flag: -<prefix>.s3.part-size
  [part_size: <int> | default = 0]

  # If enabled, a Content-MD5 header is sent with S3 Put Object requests.
  # Consumes more resources to compute the MD5, but may improve compatibility
  # with object storage services that do not support checksums.
  # CLI flag: -<prefix>.s3.send-content-md5
  [send_content_md5: <boolean> | default = false]

  # Accessing S3 resources using temporary, secure credentials provided by AWS
  # Security Token Service.
  # CLI flag: -<prefix>.s3.sts-endpoint
  [sts_endpoint: <string> | default = ""]

  # The maximum number of retries for S3 requests that are retryable. Default is
  # 10, set this to 1 to disable retries.
  # CLI flag: -<prefix>.s3.max-retries
  [max_retries: <int> | default = 10]

  sse:
    # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3.
    # CLI flag: -<prefix>.s3.sse.type
    [type: <string> | default = ""]

    # KMS Key ID used to encrypt objects in S3
    # CLI flag: -<prefix>.s3.sse.kms-key-id
    [kms_key_id: <string> | default = ""]

    # KMS Encryption Context used for object encryption. It expects JSON
    # formatted string.
    # CLI flag: -<prefix>.s3.sse.kms-encryption-context
    [kms_encryption_context: <string> | default = ""]

  http:
    # The time an idle connection will remain idle before closing.
    # CLI flag: -<prefix>.s3.http.idle-conn-timeout
    [idle_conn_timeout: <duration> | default = 1m30s]

    # The amount of time the client will wait for a servers response headers.
    # CLI flag: -<prefix>.s3.http.response-header-timeout
    [response_header_timeout: <duration> | default = 2m]

    # If the client connects via HTTPS and this option is enabled, the client
    # will accept any certificate and hostname.
    # CLI flag: -<prefix>.s3.http.insecure-skip-verify
    [insecure_skip_verify: <boolean> | default = false]

    # Maximum time to wait for a TLS handshake. 0 means no limit.
    # CLI flag: -<prefix>.s3.tls-handshake-timeout
    [tls_handshake_timeout: <duration> | default = 10s]

    # The time to wait for a server's first response headers after fully writing
    # the request headers if the request has an Expect header. 0 to send the
    # request body immediately.
    # CLI flag: -<prefix>.s3.expect-continue-timeout
    [expect_continue_timeout: <duration> | default = 1s]

    # Maximum number of idle (keep-alive) connections across all hosts. 0 means
    # no limit.
    # CLI flag: -<prefix>.s3.max-idle-connections
    [max_idle_connections: <int> | default = 100]

    # Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
    # built-in default value is used.
    # CLI flag: -<prefix>.s3.max-idle-connections-per-host
    [max_idle_connections_per_host: <int> | default = 100]

    # Maximum number of connections per host. 0 means no limit.
    # CLI flag: -<prefix>.s3.max-connections-per-host
    [max_connections_per_host: <int> | default = 0]

    # Path to the CA certificates to validate server certificate against. If not
    # set, the host's root CA certificates are used.
    # CLI flag: -<prefix>.s3.http.tls-ca-path
    [tls_ca_path: <string> | default = ""]

    # Path to the client certificate, which will be used for authenticating with
    # the server. Also requires the key path to be configured.
    # CLI flag: -<prefix>.s3.http.tls-cert-path
    [tls_cert_path: <string> | default = ""]

    # Path to the key for the client certificate. Also requires the client
    # certificate to be configured.
    # CLI flag: -<prefix>.s3.http.tls-key-path
    [tls_key_path: <string> | default = ""]

    # Override the expected name on the server certificate.
    # CLI flag: -<prefix>.s3.http.tls-server-name
    [tls_server_name: <string> | default = ""]

  trace:
    # When enabled, low-level S3 HTTP operation information is logged at the
    # debug level.
    # CLI flag: -<prefix>.s3.trace.enabled
    [enabled: <boolean> | default = false]

gcs:
  # GCS bucket name
  # CLI flag: -<prefix>.gcs.bucket-name
  [bucket_name: <string> | default = ""]

  # JSON either from a Google Developers Console client_credentials.json file,
  # or a Google Developers service account key. Needs to be valid JSON, not a
  # filesystem path. If empty, fallback to Google default logic:
  # 1. A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS
  # environment variable. For workload identity federation, refer to
  # https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation
  # on how to generate the JSON configuration file for on-prem/non-Google cloud
  # platforms.
  # 2. A JSON file in a location known to the gcloud command-line tool:
  # $HOME/.config/gcloud/application_default_credentials.json.
  # 3. On Google Compute Engine it fetches credentials from the metadata server.
  # CLI flag: -<prefix>.gcs.service-account
  [service_account: <string> | default = ""]

  # The maximum size of the buffer that GCS client for a single PUT request. 0
  # to disable buffering.
  # CLI flag: -<prefix>.gcs.chunk-buffer-size
  [chunk_buffer_size: <int> | default = 0]

  # The maximum number of retries for idempotent operations. Overrides the
  # default gcs storage client behavior if this value is greater than 0. Set
  # this to 1 to disable retries.
  # CLI flag: -<prefix>.gcs.max-retries
  [max_retries: <int> | default = 10]

azure:
  # Azure storage account name
  # CLI flag: -<prefix>.azure.account-name
  [account_name: <string> | default = ""]

  # Azure storage account key. If unset, Azure managed identities will be used
  # for authentication instead.
  # CLI flag: -<prefix>.azure.account-key
  [account_key: <string> | default = ""]

  # If `connection-string` is set, the value of `endpoint-suffix` will not be
  # used. Use this method over `account-key` if you need to authenticate via a
  # SAS token. Or if you use the Azurite emulator.
  # CLI flag: -<prefix>.azure.connection-string
  [connection_string: <string> | default = ""]

  # Azure storage container name
  # CLI flag: -<prefix>.azure.container-name
  [container_name: <string> | default = ""]

  # Azure storage endpoint suffix without schema. The account name will be
  # prefixed to this value to create the FQDN. If set to empty string, default
  # endpoint suffix is used.
  # CLI flag: -<prefix>.azure.endpoint-suffix
  [endpoint_suffix: <string> | default = ""]

  # Number of retries for recoverable errors
  # CLI flag: -<prefix>.azure.max-retries
  [max_retries: <int> | default = 20]

  # User assigned managed identity. If empty, then System assigned identity is
  # used.
  # CLI flag: -<prefix>.azure.user-assigned-id
  [user_assigned_id: <string> | default = ""]

  # Delimiter used to replace ':' in chunk IDs when storing chunks
  # CLI flag: -<prefix>.azure.chunk-delimiter
  [chunk_delimiter: <string> | default = "-"]

swift:
  # OpenStack Swift application credential id
  # CLI flag: -<prefix>.swift.application-credential-id
  [application_credential_id: <string> | default = ""]

  # OpenStack Swift application credential name
  # CLI flag: -<prefix>.swift.application-credential-name
  [application_credential_name: <string> | default = ""]

  # OpenStack Swift application credential secret
  # CLI flag: -<prefix>.swift.application-credential-secret
  [application_credential_secret: <string> | default = ""]

  # OpenStack Swift authentication API version. 0 to autodetect.
  # CLI flag: -<prefix>.swift.auth-version
  [auth_version: <int> | default = 0]

  # OpenStack Swift authentication URL
  # CLI flag: -<prefix>.swift.auth-url
  [auth_url: <string> | default = ""]

  # OpenStack Swift username.
  # CLI flag: -<prefix>.swift.username
  [username: <string> | default = ""]

  # OpenStack Swift user's domain name.
  # CLI flag: -<prefix>.swift.user-domain-name
  [user_domain_name: <string> | default = ""]

  # OpenStack Swift user's domain ID.
  # CLI flag: -<prefix>.swift.user-domain-id
  [user_domain_id: <string> | default = ""]

  # OpenStack Swift user ID.
  # CLI flag: -<prefix>.swift.user-id
  [user_id: <string> | default = ""]

  # OpenStack Swift API key.
  # CLI flag: -<prefix>.swift.password
  [password: <string> | default = ""]

  # OpenStack Swift user's domain ID.
  # CLI flag: -<prefix>.swift.domain-id
  [domain_id: <string> | default = ""]

  # OpenStack Swift user's domain name.
  # CLI flag: -<prefix>.swift.domain-name
  [domain_name: <string> | default = ""]

  # OpenStack Swift project ID (v2,v3 auth only).
  # CLI flag: -<prefix>.swift.project-id
  [project_id: <string> | default = ""]

  # OpenStack Swift project name (v2,v3 auth only).
  # CLI flag: -<prefix>.swift.project-name
  [project_name: <string> | default = ""]

  # ID of the OpenStack Swift project's domain (v3 auth only), only needed if it
  # differs the from user domain.
  # CLI flag: -<prefix>.swift.project-domain-id
  [project_domain_id: <string> | default = ""]

  # Name of the OpenStack Swift project's domain (v3 auth only), only needed if
  # it differs from the user domain.
  # CLI flag: -<prefix>.swift.project-domain-name
  [project_domain_name: <string> | default = ""]

  # OpenStack Swift Region to use (v2,v3 auth only).
  # CLI flag: -<prefix>.swift.region-name
  [region_name: <string> | default = ""]

  # Name of the OpenStack Swift container to put chunks in.
  # CLI flag: -<prefix>.swift.container-name
  [container_name: <string> | default = ""]

  # Max retries on requests error.
  # CLI flag: -<prefix>.swift.max-retries
  [max_retries: <int> | default = 3]

  # Time after which a connection attempt is aborted.
  # CLI flag: -<prefix>.swift.connect-timeout
  [connect_timeout: <duration> | default = 10s]

  # Time after which an idle request is aborted. The timeout watchdog is reset
  # each time some data is received, so the timeout triggers after X time no
  # data is received on a request.
  # CLI flag: -<prefix>.swift.request-timeout
  [request_timeout: <duration> | default = 5s]

  http:
    # The time an idle connection will remain idle before closing.
    # CLI flag: -<prefix>.swift.http.idle-conn-timeout
    [idle_conn_timeout: <duration> | default = 1m30s]

    # The amount of time the client will wait for a servers response headers.
    # CLI flag: -<prefix>.swift.http.response-header-timeout
    [response_header_timeout: <duration> | default = 2m]

    # If the client connects via HTTPS and this option is enabled, the client
    # will accept any certificate and hostname.
    # CLI flag: -<prefix>.swift.http.insecure-skip-verify
    [insecure_skip_verify: <boolean> | default = false]

    # Maximum time to wait for a TLS handshake. 0 means no limit.
    # CLI flag: -<prefix>.swift.tls-handshake-timeout
    [tls_handshake_timeout: <duration> | default = 10s]

    # The time to wait for a server's first response headers after fully writing
    # the request headers if the request has an Expect header. 0 to send the
    # request body immediately.
    # CLI flag: -<prefix>.swift.expect-continue-timeout
    [expect_continue_timeout: <duration> | default = 1s]

    # Maximum number of idle (keep-alive) connections across all hosts. 0 means
    # no limit.
    # CLI flag: -<prefix>.swift.max-idle-connections
    [max_idle_connections: <int> | default = 100]

    # Maximum number of idle (keep-alive) connections to keep per-host. If 0, a
    # built-in default value is used.
    # CLI flag: -<prefix>.swift.max-idle-connections-per-host
    [max_idle_connections_per_host: <int> | default = 100]

    # Maximum number of connections per host. 0 means no limit.
    # CLI flag: -<prefix>.swift.max-connections-per-host
    [max_connections_per_host: <int> | default = 0]

    # Path to the CA certificates to validate server certificate against. If not
    # set, the host's root CA certificates are used.
    # CLI flag: -<prefix>.swift.http.tls-ca-path
    [tls_ca_path: <string> | default = ""]

    # Path to the client certificate, which will be used for authenticating with
    # the server. Also requires the key path to be configured.
    # CLI flag: -<prefix>.swift.http.tls-cert-path
    [tls_cert_path: <string> | default = ""]

    # Path to the key for the client certificate. Also requires the client
    # certificate to be configured.
    # CLI flag: -<prefix>.swift.http.tls-key-path
    [tls_key_path: <string> | default = ""]

    # Override the expected name on the server certificate.
    # CLI flag: -<prefix>.swift.http.tls-server-name
    [tls_server_name: <string> | default = ""]

filesystem:
  # Local filesystem storage directory.
  # CLI flag: -<prefix>.filesystem.dir
  [dir: <string> | default = ""]

alibaba:
  # Endpoint to connect to.
  # CLI flag: -<prefix>.oss.endpoint
  [endpoint: <string> | default = ""]

  # Name of OSS bucket.
  # CLI flag: -<prefix>.oss.bucketname
  [bucket: <string> | default = ""]

  # alibabacloud Access Key ID
  # CLI flag: -<prefix>.oss.access-key-id
  [access_key_id: <string> | default = ""]

  # alibabacloud Secret Access Key
  # CLI flag: -<prefix>.oss.access-key-secret
  [access_key_secret: <string> | default = ""]

bos:
  # Name of BOS bucket.
  # CLI flag: -<prefix>.bos.bucket
  [bucket: <string> | default = ""]

  # BOS endpoint to connect to.
  # CLI flag: -<prefix>.bos.endpoint
  [endpoint: <string> | default = ""]

  # Baidu Cloud Engine (BCE) Access Key ID.
  # CLI flag: -<prefix>.bos.access-key
  [access_key: <string> | default = ""]

  # Baidu Cloud Engine (BCE) Secret Access Key.
  # CLI flag: -<prefix>.bos.secret-key
  [secret_key: <string> | default = ""]

# Prefix for all objects stored in the backend storage. For simplicity, it may
# only contain digits, English alphabet letters and dashes.
# CLI flag: -<prefix>.storage-prefix
[storage_prefix: <string> | default = ""]

tls_config

The TLS configuration. The supported CLI flags <prefix> used to reference this configuration block are:

bigtable
bloom-build.builder.grpc
bloom-gateway-client.grpc
bloom.metas-cache.memcached
boltdb.shipper.index-gateway-client.grpc
common.storage.ring.etcd
compactor.grpc-client
compactor.ring.etcd
dataobj-consumer.etcd
dataobj-consumer.partition-ring.etcd
distributor.ring.etcd
etcd
frontend.grpc-client-config
frontend.index-stats-results-cache.memcached
frontend.instant-metric-results-cache.memcached
frontend.label-results-cache.memcached
frontend.memcached
frontend.series-results-cache.memcached
frontend.tail-tls-config
frontend.volume-results-cache.memcached
index-gateway.ring.etcd
ingest-limits-frontend-client
ingest-limits-frontend.etcd
ingest-limits-frontend.limits-client
ingest-limits.etcd
ingester.client
ingester.partition-ring.etcd
memberlist
pattern-ingester.client
pattern-ingester.etcd
querier.frontend-client
querier.frontend-grpc-client
querier.scheduler-grpc-client
query-engine.results-cache.memcached
query-scheduler.grpc-client-config
query-scheduler.ring.etcd
reporting.tls-config
ruler.alertmanager-client
ruler.client
ruler.evaluation.query-frontend
ruler.ring.etcd
store.chunks-cache-l2.memcached
store.chunks-cache.memcached
store.index-cache-read.memcached
store.index-cache-write.memcached
tsdb.shipper.index-gateway-client.grpc
ui.ring.etcd

# Path to the client certificate, which will be used for authenticating with the
# server. Also requires the key path to be configured.
# CLI flag: -<prefix>.tls-cert-path
[tls_cert_path: <string> | default = ""]

# Path to the key for the client certificate. Also requires the client
# certificate to be configured.
# CLI flag: -<prefix>.tls-key-path
[tls_key_path: <string> | default = ""]

# Path to the CA certificates to validate server certificate against. If not
# set, the host's root CA certificates are used.
# CLI flag: -<prefix>.tls-ca-path
[tls_ca_path: <string> | default = ""]

# Override the expected name on the server certificate.
# CLI flag: -<prefix>.tls-server-name
[tls_server_name: <string> | default = ""]

# Skip validating server certificate.
# CLI flag: -<prefix>.tls-insecure-skip-verify
[tls_insecure_skip_verify: <boolean> | default = false]

# Override the default cipher suite list (separated by commas). Allowed values:
# 
# Secure Ciphers:
# - TLS_AES_128_GCM_SHA256
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
# 
# Insecure Ciphers:
# - TLS_RSA_WITH_RC4_128_SHA
# - TLS_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA
# - TLS_RSA_WITH_AES_256_CBC_SHA
# - TLS_RSA_WITH_AES_128_CBC_SHA256
# - TLS_RSA_WITH_AES_128_GCM_SHA256
# - TLS_RSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_RC4_128_SHA
# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
# CLI flag: -<prefix>.tls-cipher-suites
[tls_cipher_suites: <string> | default = ""]

# Override the default minimum TLS version. Allowed values: VersionTLS10,
# VersionTLS11, VersionTLS12, VersionTLS13
# CLI flag: -<prefix>.tls-min-version
[tls_min_version: <string> | default = ""]

tracing

Configuration for tracing.

# Set to false to disable tracing.
# CLI flag: -tracing.enabled
[enabled: <boolean> | default = true]

Runtime Configuration file

Loki has a concept of “runtime config” file, which is simply a file that is reloaded while Loki is running. It is used by some Loki components to allow operator to change some aspects of Loki configuration without restarting it. File is specified by using -runtime-config.file=<filename> flag and reload period (which defaults to 10 seconds) can be changed by -runtime-config.reload-period=<duration> flag. Previously this mechanism was only used by limits overrides, and flags were called -limits.per-user-override-config=<filename> and -limits.per-user-override-period=10s respectively. These are still used, if -runtime-config.file=<filename> is not specified.

At the moment, two components use runtime configuration: limits and multi KV store.

Options for runtime configuration reload can also be configured via YAML:

# Configuration file to periodically check and reload.
[file: <string>: default = empty]

# How often to check the file.
[period: <duration>: default 10s]

Example runtime configuration file:

overrides:
  tenant1:
    ingestion_rate_mb: 10
    max_streams_per_user: 100000
    max_chunks_per_query: 100000
  tenant2:
    max_streams_per_user: 1000000
    max_chunks_per_query: 1000000

multi_kv_config:
    mirror-enabled: false
    primary: consul

Accept out-of-order writes

Since the beginning of Loki, log entries had to be written to Loki in order by time. This limitation has been lifted. Out-of-order writes are enabled globally by default, but can be disabled/enabled on a cluster or per-tenant basis.

To disable out-of-order writes for all tenants, place in the limits_config section:
YAML
```
limits_config:
    unordered_writes: false
```
To disable out-of-order writes for specific tenants, configure a runtime configuration file:
YAML
```
runtime_config:
  file: overrides.yaml
```
In the overrides.yaml file, add unordered_writes for each tenant permitted to have out-of-order writes:
YAML
```
overrides:
  "tenantA":
    unordered_writes: false
```

How far into the past accepted out-of-order log entries may be is configurable with max_chunk_age. max_chunk_age defaults to 2 hour. Loki calculates the earliest time that out-of-order entries may have and be accepted with

time_of_most_recent_line - (max_chunk_age/2)

This means the allowed out-of-order window is half of the configured max_chunk_age.

Log entries with timestamps that are after this earliest time are accepted. Log entries further back in time return an out-of-order error.

For example, if max_chunk_age is 2 hours and the stream {foo="bar"} has one entry at 8:00, the earliest accepted timestamp will be calculated as: 8:00 - (2h / 2) = 7:00.

Loki will accept data for that stream as far back in time as 7:00.

If another log line is written at 10:00, the earliest accepted timestamp becomes: 10:00 - (2h / 2) = 9:00.

Loki will accept data for that stream as far back in time as 9:00.

Loki HTTP API

Thu, 09 Apr 2026 02:28:18 +0000

Loki HTTP API

Loki exposes an HTTP API for pushing, querying, and tailing log data, as well as for viewing and managing cluster information.

Note
Note that authorization is not part of the Loki API. Authorization needs to be done separately, for example, using an open-source load-balancer such as NGINX.

Endpoints

Ingest endpoints

These endpoints are exposed by the distributor, write, and all components:

A list of clients can be found in the clients documentation.

Query endpoints

Note
Requests sent to the query endpoints must use valid LogQL syntax. For more information, see the LogQL section of the documentation.

Tip
For Python examples of these endpoints, see Query Loki with Python.

These HTTP endpoints are exposed by the querier, query-frontend, read, and all components:

Status endpoints

These HTTP endpoints are exposed by all components and return the status of the component:

Ring endpoints

These HTTP endpoints are exposed by their respective component that is part of the ring URL prefix:

Flush/shutdown endpoints

These HTTP endpoints are exposed by the ingester, write, and all components for flushing chunks and/or shutting down.

Rule endpoints

These HTTP endpoints are exposed by the ruler component:

API endpoints starting with /api/prom are Prometheus API-compatible and the result formats can be used interchangeably.

Log deletion endpoints

These endpoints are exposed by the compactor, backend, and all components:

Other endpoints

These HTTP endpoints are exposed by all individual components:

GET /loki/api/v1/format_query

Deprecated endpoints

Note
The following endpoints are deprecated.While they still exist and work, they should not be used for new deployments. Existing deployments should upgrade to use the supported endpoints.

Deprecated	Replacement
`POST /api/prom/push`	`POST /loki/api/v1/push`
`GET /api/prom/tail`	`GET /loki/api/v1/tail`
`GET /api/prom/query`	`GET /loki/api/v1/query`
`GET /api/prom/label`	`GET /loki/api/v1/labels`
`GET /api/prom/label/<name>/values`	`GET /loki/api/v1/label/<name>/values`
`GET /api/prom/series`	`GET /loki/api/v1/series`

Format

Matrix, vector, and stream

Some Loki API endpoints return a result of a matrix, a vector, or a stream:

Matrix: a table of values where each row represents a different label set and the columns are each sample values for that row over the queried time. Matrix types are only returned when running a query that computes some value.
Instant Vector: denoted in the type as just vector, an Instant Vector represents the latest value of a calculation for a given labelset. Instant Vectors are only returned when doing a query against a single point in time.
Stream: a Stream is a set of all values (logs) for a given label set over the queried time range. Streams are the only type that will result in log lines being returned.

Timestamps

The API accepts several formats for timestamps:

All epoch values will be interpreted as a Unix timestamp in nanoseconds.
A floating point number is a Unix timestamp with fractions of a second.
A string in RFC3339 and RFC3339Nano format, as supported by Go’s time package.

Note
When using /api/v1/push, you must send the timestamp as a string and not a number, otherwise the endpoint will return a 400 error.

Statistics

Query endpoints such as /loki/api/v1/query and /loki/api/v1/query_range return a set of statistics about the query execution. Those statistics allow users to understand the amount of data processed and at which speed.

The example below show all possible statistics returned with their respective description.

{
  "status": "success",
  "data": {
    "resultType": "streams",
    "result": [],
    "stats": {
      "ingester": {
        "compressedBytes": 0, // Total bytes of compressed chunks (blocks) processed by ingesters
        "decompressedBytes": 0, // Total bytes decompressed and processed by ingesters
        "decompressedLines": 0, // Total lines decompressed and processed by ingesters
        "headChunkBytes": 0, // Total bytes read from ingesters head chunks
        "headChunkLines": 0, // Total lines read from ingesters head chunks
        "totalBatches": 0, // Total batches sent by ingesters
        "totalChunksMatched": 0, // Total chunks matched by ingesters
        "totalDuplicates": 0, // Total of duplicates found by ingesters
        "totalLinesSent": 0, // Total lines sent by ingesters
        "totalReached": 0 // Amount of ingesters reached.
      },
      "store": {
        "compressedBytes": 0, // Total bytes of compressed chunks (blocks) processed by the store
        "decompressedBytes": 0, // Total bytes decompressed and processed by the store
        "decompressedLines": 0, // Total lines decompressed and processed by the store
        "chunksDownloadTime": 0, // Total time spent downloading chunks in seconds (float)
        "totalChunksRef": 0, // Total chunks found in the index for the current query
        "totalChunksDownloaded": 0, // Total of chunks downloaded
        "totalDuplicates": 0 // Total of duplicates removed from replication
      },
      "summary": {
        "bytesProcessedPerSecond": 0, // Total of bytes processed per second
        "execTime": 0, // Total execution time in seconds (float)
        "linesProcessedPerSecond": 0, // Total lines processed per second
        "queueTime": 0, // Total queue time in seconds (float)
        "totalBytesProcessed": 0, // Total amount of bytes processed overall for this request
        "totalLinesProcessed": 0 // Total amount of lines processed overall for this request
      }
    }
  }
}

Ingest logs

POST /loki/api/v1/push

/loki/api/v1/push is the endpoint used to send log entries to Loki. The default behavior is for the POST body to be a Snappy-compressed Protocol Buffer message:

These POST requests require the Content-Type HTTP header to be application/x-protobuf.

Alternatively, if the Content-Type header is set to application/json, a JSON post body can be sent in the following format:

{
  "streams": [
    {
      "stream": {
        "label": "value"
      },
      "values": [
          [ "<unix epoch in nanoseconds>", "<log line>" ],
          [ "<unix epoch in nanoseconds>", "<log line>" ]
      ]
    }
  ]
}

You can set Content-Encoding: gzip request header and post gzipped JSON.

You can optionally attach structured metadata to each log line by adding a JSON object to the end of the log line array. The JSON object must be a valid JSON object with string keys and string values. The JSON object should not contain any nested object. The JSON object must be set immediately after the log line. Here is an example of a log entry with some structured metadata attached:

"values": [
    [ "<unix epoch in nanoseconds>", "<log line>", {"trace_id": "0242ac120002", "user_id": "superUser123"}]
]

In microservices mode, /loki/api/v1/push is exposed by the distributor.

If block_ingestion_until is configured and push requests are blocked, the endpoint will return the status code configured in block_ingestion_status_code (260 by default) along with an error message. If the configured status code is 200, no error message will be returned.

Examples

The following cURL command pushes a stream with the label “foo=bar2” and a single log line “fizzbuzz” using JSON encoding:

curl -H "Content-Type: application/json" \
  -s -X POST "http://localhost:3100/loki/api/v1/push" \
  --data-raw '{"streams": [{ "stream": { "foo": "bar2" }, "values": [ [ "1570818238000000000", "fizzbuzz" ] ] }]}'

Ingest logs using OTLP

POST /otlp/v1/logs

/otlp/v1/logs lets the OpenTelemetry Collector send logs to Loki using otlphttp protocol.

For information on how to configure Loki, refer to the OTel Collector topic.

Note
When configuring the OpenTelemetry Collector, you must use endpoint: http://<LOKI_ADDR>/otlp, as the collector automatically completes the endpoint. Entering the full endpoint will generate an error.

Query logs at a single point in time

GET /loki/api/v1/query

/loki/api/v1/query allows for doing queries against a single point in time. This type of query is often referred to as an instant query. Instant queries are only used for metric type LogQL queries and will return a 400 (Bad Request) in case a log type query is provided. The endpoint accepts the following query parameters in the URL:

query: The LogQL query to perform. Requests that do not use valid LogQL syntax will return errors.
limit: The max number of entries to return. It defaults to 100. Only applies to query types which produce a stream (log lines) response.
time: The evaluation time for the query as a nanosecond Unix epoch or another supported format. Defaults to now.
direction: Determines the sort order of logs. Supported values are forward or backward. Defaults to backward.

In microservices mode, /loki/api/v1/query is exposed by the querier and the query frontend.

Response format:

{
  "status": "success",
  "data": {
    "resultType": "vector" | "streams",
    "result": [<vector value>] | [<stream value>],
    "stats" : [<statistics>]
  }
}

where <vector value> is:

{
  "metric": {
    <label key-value pairs>
  },
  "value": [
    <number: second unix epoch>,
    <string: value>
  ]
}

and <stream value> is:

{
  "stream": {
    <label key-value pairs>
  },
  "values": [
    [
      <string: nanosecond unix epoch>,
      <string: log line>
    ],
    ...
  ]
}

The items in the values array are sorted by timestamp. The most recent item is first when using direction=backward. The oldest item is first when using direction=forward.

Parquet can be request as a response format by setting the Accept header to application/vnd.apache.parquet.

The schema is the following for streams:

column_name	column_type
timestamp	TIMESTAMP WITH TIME ZONE
labels	MAP(VARCHAR, VARCHAR)
line	VARCHAR

and for metrics:

column_name	column_type
timestamp	TIMESTAMP WITH TIME ZONE
labels	MAP(VARCHAR, VARCHAR)
value	DOUBLE

See statistics for information about the statistics returned by Loki.

Examples

This example cURL command

curl -G -s  "http://localhost:3100/loki/api/v1/query" \
  --data-urlencode 'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

gave this response:

{
  "status": "success",
  "data": {
    "resultType": "vector",
    "result": [
      {
        "metric": {},
        "value": [
          1588889221,
          "1267.1266666666666"
        ]
      },
      {
        "metric": {
          "level": "warn"
        },
        "value": [
          1588889221,
          "37.77166666666667"
        ]
      },
      {
        "metric": {
          "level": "info"
        },
        "value": [
          1588889221,
          "37.69"
        ]
      }
    ],
    "stats": {
      ...
    }
  }
}

If your cluster has Grafana Loki Multi-Tenancy enabled, set the X-Scope-OrgID header to identify the tenant you want to query. Here is the same example query for the single tenant called Tenant1:

curl -H 'X-Scope-OrgID:Tenant1' \
  -G -s "http://localhost:3100/loki/api/v1/query" \
  --data-urlencode 'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

To query against the three tenants Tenant1, Tenant2, and Tenant3, specify the tenant names separated by the pipe (|) character:

curl -H 'X-Scope-OrgID:Tenant1|Tenant2|Tenant3' \
  -G -s "http://localhost:3100/loki/api/v1/query" \
  --data-urlencode 'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

The same example query for Grafana Enterprise Logs uses Basic Authentication and specifies the tenant names as a user. The tenant names are separated by the pipe (|) character. The password in this example is an access policy token that has been defined in the API_TOKEN environment variable:

curl -u "Tenant1|Tenant2|Tenant3:$API_TOKEN" \
  -G -s "http://localhost:3100/loki/api/v1/query" \
  --data-urlencode 'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

To query against your hosted log tenant in Grafana Cloud, use the User and URL values provided in the Loki logging service details of your Grafana Cloud stack. You can find this information in the Cloud Portal. Use an access policy token in your queries for authentication. The password in this example is an access policy token that has been defined in the API_TOKEN environment variable:

curl -u "User:$API_TOKEN" \
  -G -s "<URL_PROVIDED_IN_LOKI_DATA_SOURCE_SETTINGS>/loki/api/v1/query" \
  --data-urlencode 'query=sum(rate({job="varlogs"}[10m])) by (level)' | jq

Query logs within a range of time

GET /loki/api/v1/query_range

/loki/api/v1/query_range is used to do a query over a range of time. This type of query is often referred to as a range query. Range queries are used for both log and metric type LogQL queries. It accepts the following query parameters in the URL:

query: The LogQL query to perform.
limit: The max number of entries to return. It defaults to 100. Only applies to query types which produce a stream (log lines) response.
start: The start time for the query as a nanosecond Unix epoch or another supported format. Defaults to one hour ago. Loki returns results with timestamp greater or equal to this value.
end: The end time for the query as a nanosecond Unix epoch or another supported format. Defaults to now. Loki returns results with timestamp lower than this value.
since: A duration used to calculate start relative to end. If end is in the future, start is calculated as this duration before now. Any value specified for start supersedes this parameter.
step: Query resolution step width in duration format or float number of seconds. duration refers to Prometheus duration strings of the form [0-9]+[smhdwy]. For example, 5m refers to a duration of 5 minutes. Defaults to a dynamic value based on start and end. Only applies to query types which produce a matrix response.
interval: Only return entries at (or greater than) the specified interval, can be a duration format or float number of seconds. Only applies to queries which produce a stream response. Not to be confused with step, see the explanation under Step versus interval.
direction: Determines the sort order of logs. Supported values are forward or backward. Defaults to backward.

In microservices mode, /loki/api/v1/query_range is exposed by the querier and the query frontend.

Step versus interval

Use the step parameter when making metric queries to Loki, or queries which return a matrix response. It is evaluated in exactly the same way Prometheus evaluates step. First the query will be evaluated at start and then evaluated again at start + step and again at start + step + step until end is reached. The result will be a matrix of the query result evaluated at each step.

Use the interval parameter when making log queries to Loki, or queries which return a stream response. It is evaluated by returning a log entry at start, then the next entry will be returned an entry with timestampe >= start + interval, and again at start + interval + interval and so on until end is reached. It does not fill missing entries.

Response format:

{
  "status": "success",
  "data": {
    "resultType": "matrix" | "streams",
    "result": [<matrix value>] | [<stream value>]
    "stats" : [<statistics>]
  }
}

where <matrix value> is:

{
  "metric": {
    <label key-value pairs>
  },
  "values": [
    [
      <number: second unix epoch>,
      <string: value>
    ],
    ...
  ]
}

The items in the values array are sorted by timestamp, and the oldest item is first.

And <stream value> is:

{
  "stream": {
    <label key-value pairs>
  },
  "values": [
    [
      <string: nanosecond unix epoch>,
      <string: log line>
    ],
    ...
  ]
}

The items in the values array are sorted by timestamp. The most recent item is first when using direction=backward. The oldest item is first when using direction=forward.

Parquet can be request as a response format by setting the Accept header to application/vnd.apache.parquet.

The schema is the following for streams:

column_name	column_type
timestamp	TIMESTAMP WITH TIME ZONE
labels	MAP(VARCHAR, VARCHAR)
line	VARCHAR

and for metrics:

column_name	column_type
timestamp	TIMESTAMP WITH TIME ZONE
labels	MAP(VARCHAR, VARCHAR)
value	DOUBLE

See statistics for information about the statistics returned by Loki.

Examples

This example cURL command

curl -G -s  "http://localhost:3100/loki/api/v1/query_range" \
  --data-urlencode 'query=sum(rate({job="varlogs"}[10m])) by (level)' \
  --data-urlencode 'step=300' | jq

gave this response:

{
  "status": "success",
  "data": {
    "resultType": "matrix",
    "result": [
      {
       "metric": {
          "level": "info"
        },
        "values": [
          [
            1588889221,
            "137.95"
          ],
          [
            1588889221,
            "467.115"
          ],
          [
            1588889221,
            "658.8516666666667"
          ]
        ]
      },
      {
        "metric": {
          "level": "warn"
        },
        "values": [
          [
            1588889221,
            "137.27833333333334"
          ],
          [
            1588889221,
            "467.69"
          ],
          [
            1588889221,
            "660.6933333333334"
          ]
        ]
      }
    ],
    "stats": {
      ...
    }
  }
}

This example cURL command

curl -G -s "http://localhost:3100/loki/api/v1/query_range" \
  --data-urlencode 'query={job="varlogs"}' | jq

gave this response:

{
  "status": "success",
  "data": {
    "resultType": "streams",
    "result": [
      {
        "stream": {
          "filename": "/var/log/myproject.log",
          "job": "varlogs",
          "level": "info"
        },
        "values": [
          [
            "1569266497240578000",
            "foo"
          ],
          [
            "1569266492548155000",
            "bar"
          ]
        ]
      }
    ],
    "stats": {
      ...
    }
  }
}

Query labels

GET /loki/api/v1/labels

/loki/api/v1/labels retrieves the list of known labels within a given time span. Loki may use a larger time span than the one specified. It accepts the following query parameters in the URL:

start: The start time for the query as a nanosecond Unix epoch. Defaults to 6 hours ago.
end: The end time for the query as a nanosecond Unix epoch. Defaults to now.
since: A duration used to calculate start relative to end. If end is in the future, start is calculated as this duration before now. Any value specified for start supersedes this parameter.
query: Log stream selector that selects the streams to match and return label names. Example: {app="myapp", environment="dev"}

In microservices mode, /loki/api/v1/labels is exposed by the querier.

Response format:

{
  "status": "success",
  "data": [
    <label string>,
    ...
  ]
}

Examples

This example cURL command

curl -G -s  "http://localhost:3100/loki/api/v1/labels" | jq

gave this response:

{
  "status": "success",
  "data": [
    "foo",
    "bar",
    "baz"
  ]
}

Query label values

GET /loki/api/v1/label/<name>/values

/loki/api/v1/label/<name>/values retrieves the list of known values for a given label within a given time span. Loki may use a larger time span than the one specified. It accepts the following query parameters in the URL:

start: The start time for the query as a nanosecond Unix epoch. Defaults to 6 hours ago.
end: The end time for the query as a nanosecond Unix epoch. Defaults to now.
since: A duration used to calculate start relative to end. If end is in the future, start is calculated as this duration before now. Any value specified for start supersedes this parameter.
query: Log stream selector that selects the streams to match and return label values for <name>. Example: {app="myapp", environment="dev"}

In microservices mode, /loki/api/v1/label/<name>/values is exposed by the querier.

Response format:

{
  "status": "success",
  "data": [
    <label value>,
    ...
  ]
}

Examples

This example cURL command

curl -G -s  "http://localhost:3100/loki/api/v1/label/foo/values" | jq

gave this response:

{
  "status": "success",
  "data": [
    "cat",
    "dog",
    "axolotl"
  ]
}

Query streams

The Series API is available under the following:

GET /loki/api/v1/series
POST /loki/api/v1/series

This endpoint returns the list of streams (unique set of labels) that match a certain given selector.

URL query parameters:

match[]=<selector>: Repeated log stream selector argument that selects the streams to return. At least one match[] argument must be provided.
start=<nanosecond Unix epoch>: Start timestamp.
end=<nanosecond Unix epoch>: End timestamp.
since: A duration used to calculate start relative to end. If end is in the future, start is calculated as this duration before now. Any value specified for start supersedes this parameter.

You can URL-encode these parameters directly in the request body by using the POST method and Content-Type: application/x-www-form-urlencoded header. This is useful when specifying a large or dynamic number of stream selectors that may breach server-side URL character limits.

In microservices mode, these endpoints are exposed by the querier.

Examples

This example cURL command

curl -s "http://localhost:3100/loki/api/v1/series" \
  --data-urlencode 'match[]={container_name=~"prometheus.*", component="server"}' \
  --data-urlencode 'match[]={app="loki"}' | jq '.'

gave this response:

{
  "status": "success",
  "data": [
    {
      "container_name": "loki",
      "app": "loki",
      "stream": "stderr",
      "filename": "/var/log/pods/default_loki-stack-0_50835643-1df0-11ea-ba79-025000000001/loki/0.log",
      "name": "loki",
      "job": "default/loki",
      "controller_revision_hash": "loki-stack-757479754d",
      "statefulset_kubernetes_io_pod_name": "loki-stack-0",
      "release": "loki-stack",
      "namespace": "default",
      "instance": "loki-stack-0"
    },
    {
      "chart": "prometheus-9.3.3",
      "container_name": "prometheus-server-configmap-reload",
      "filename": "/var/log/pods/default_loki-stack-prometheus-server-696cc9ddff-87lmq_507b1db4-1df0-11ea-ba79-025000000001/prometheus-server-configmap-reload/0.log",
      "instance": "loki-stack-prometheus-server-696cc9ddff-87lmq",
      "pod_template_hash": "696cc9ddff",
      "app": "prometheus",
      "component": "server",
      "heritage": "Tiller",
      "job": "default/prometheus",
      "namespace": "default",
      "release": "loki-stack",
      "stream": "stderr"
    },
    {
      "app": "prometheus",
      "component": "server",
      "filename": "/var/log/pods/default_loki-stack-prometheus-server-696cc9ddff-87lmq_507b1db4-1df0-11ea-ba79-025000000001/prometheus-server/0.log",
      "release": "loki-stack",
      "namespace": "default",
      "pod_template_hash": "696cc9ddff",
      "stream": "stderr",
      "chart": "prometheus-9.3.3",
      "container_name": "prometheus-server",
      "heritage": "Tiller",
      "instance": "loki-stack-prometheus-server-696cc9ddff-87lmq",
      "job": "default/prometheus"
    }
  ]
}

Query log statistics

GET /loki/api/v1/index/stats

The /loki/api/v1/index/stats endpoint can be used to query the index for the number of streams, chunks, entries, and bytes that a query resolves to.

URL query parameters:

query: The LogQL matchers to check (that is, {job="foo", env!="dev"})
start=<nanosecond Unix epoch>: Start timestamp.
end=<nanosecond Unix epoch>: End timestamp.

Response:

{
  "streams": 100,
  "chunks": 1000,
  "entries": 5000,
  "bytes": 100000
}

It is an approximation with the following caveats:

It does not include data from the ingesters.
It is a probabilistic technique.
Streams/chunks which span multiple period configurations may be counted twice.

These make it generally more helpful for larger queries. It can be used for better understanding the throughput requirements and data topology for a list of matchers over a period of time.

Query log volume

GET /loki/api/v1/index/volume
GET /loki/api/v1/index/volume_range

Note
You must configure volume_enabled: true to enable this feature.

The /loki/api/v1/index/volume and /loki/api/v1/index/volume_range endpoints can be used to query the index for volume information about label and label-value combinations. This is helpful in exploring the logs Loki has ingested to find high or low volume streams. The volume endpoint returns results for a single point in time, the time the query was processed. Each datapoint represents an aggregation of the matching label or series over the requested time period, returned in a Prometheus style vector response. The volume_range endoint returns a series of datapoints over a range of time, in Prometheus style matrix response, for each matching set of labels or series. The number of timestamps returned when querying volume_range will be determined by the provided step parameter and the requested time range.

The query should be a valid LogQL stream selector, for example {job="foo", env=~".+"}. By default, these endpoints will aggregate into series consisting of all matches for labels included in the query. For example, assuming you have the streams {job="foo", env="prod", team="alpha"}, {job="bar", env="prod", team="beta"}, {job="foo", env="dev", team="alpha"}, and {job="bar", env="dev", team="beta"} in your system. The query {job="foo", env=~".+"} would return the two metric series {job="foo", env="dev"} and {job="foo", env="prod"}, each with datapoints representing the accumulate values of chunks for the streams matching that selector, which in this case would be the streams {job="foo", env="dev", team="alpha"} and {job="foo", env="prod", team="alpha"}, respectively.

There are two parameters which can affect the aggregation strategy. First, a comma-separated list of targetLabels can be provided, allowing volumes to be aggregated by the speficied targetLabels only. This is useful for negations. For example, if you said {team="alpha", env!="dev"}, the default behavior would include env in the aggregation set. However, maybe you’re looking for all non-dev jobs for team alpha, and you don’t care which env those are in (other than caring that they’re not dev jobs). To achieve this, you could specify targetLabels=team,job, resulting in a single metric series (in this case) of {team="alpha", job="foo}.

The other way to change aggregations is with the aggregateBy parameter. The default value for this is series, which aggregates into combinations of matching key-value pairs. Alternately this can be specified as labels, which will aggregate into labels only. In this case, the response will have a metric series with a label name matching each label, and a label value of "". This is useful for exploring logs at a high level. For example, if you wanted to know what percentage of your logs had a team label, you could query your logs with aggregateBy=labels and a query with either an exact or regex match on team, or by including team in the list of targetLabels.

URL query parameters:

query: The LogQL matchers to check (that is, {job="foo", env=~".+"}). This parameter is required.
start=<nanosecond Unix epoch>: Start timestamp. This parameter is required.
end=<nanosecond Unix epoch>: End timestamp. This parameter is required.
limit: How many metric series to return. The parameter is optional, the default is 100.
step: Query resolution step width in duration format or float number of seconds. duration refers to Prometheus duration strings of the form [0-9]+[smhdwy]. For example, 5m refers to a duration of 5 minutes. Defaults to a dynamic value based on start and end. Only applies when querying the volume_range endpoint, which will always return a Prometheus style matrix response. This parameter is optional, and only applicable for query_range. The default step configured for range queries will be used when not provided.
targetLabels: A comma separated list of labels to aggregate into. This parameter is optional. When not provided, volumes will be aggregated into the matching labels or label-value pairs.
aggregateBy: Whether to aggregate into labels or label-value pairs. This parameter is optional, the default is label-value pairs.

Patterns detection

GET /loki/api/v1/patterns

Note
You must configure
YAML
pattern_ingester:
  enabled: true
to enable this feature.

The /loki/api/v1/patterns endpoint can be used to query loki for patterns detected in the logs. This helps understand the structure of the logs Loki has ingested.

The query should be a valid LogQL stream selector, for example {job="foo", env=~".+"}. The result is aggregated by the pattern from all matching streams.

For each pattern detected, the response includes the pattern itself and the number of samples for each pattern at each timestamp.

For example, if you have the following logs:

ts=2024-03-30T23:03:40 caller=grpc_logging.go:66 level=info method=/cortex.Ingester/Push duration=200ms msg=gRPC
ts=2024-03-30T23:03:41 caller=grpc_logging.go:66 level=info method=/cortex.Ingester/Push duration=500ms msg=gRPC

The pattern detected might be:

ts=<_> caller=grpc_logging.go:66 level=info method=/cortex.Ingester/Push duration=<_> msg=gRPC

URL query parameters:

query: The LogQL matchers to check (that is, {job="foo", env=~".+"}). This parameter is required.
start=<nanosecond Unix epoch>: Start timestamp. This parameter is required.
end=<nanosecond Unix epoch>: End timestamp. This parameter is required.
step=<duration string or float number of seconds>: Step between samples for occurrences of this pattern. This parameter is optional.

Examples

This example cURL command

curl -s "http://localhost:3100/loki/api/v1/patterns" \
  --data-urlencode 'query={app="loki"}' | jq

gave this response:

{
  "status": "success",
  "data": [
    {
      "pattern": "<_> caller=grpc_logging.go:66 <_> level=error method=/cortex.Ingester/Push <_> msg=gRPC err=\"connection refused to object store\"",
      "samples": [
        [
          1711839260,
          1
        ],
        [
          1711839270,
          2
        ],
        [
          1711839280,
          1
        ]
      ]
    },
    {
      "pattern": "<_> caller=grpc_logging.go:66 <_> level=info method=/cortex.Ingester/Push <_> msg=gRPC",
      "samples": [
        [
          1711839260,
          105
        ],
        [
          1711839270,
          222
        ],
        [
          1711839280,
          196
        ]
      ]
    }
  ]
}

The result is a list of patterns detected in the logs, with the number of samples for each pattern at each timestamp. The pattern format is the same as the LogQL pattern filter and parser and can be used in queries for filtering matching logs. Each sample is a tuple of timestamp (second) and count.

Detected fields

GET /loki/api/v1/detected_fields
POST /loki/api/v1/detected_fields

The /loki/api/v1/detected_fields endpoint returns fields that Loki has detected in log lines matching the given stream selector, along with the inferred type, estimated cardinality, and the parser that was used to extract the field. This endpoint is useful for discovering the structure of your logs without running a full log query.

URL query parameters:

query: The LogQL stream selector to match. Example: {app="myapp", environment="dev"}. This parameter is required.
start=<nanosecond Unix epoch>: Start timestamp. This parameter is optional. If omitted, it defaults to end - since.
end=<nanosecond Unix epoch>: End timestamp. This parameter is optional. If omitted, it defaults to the current server time.
since=<duration>: Relative time range (for example, 1h, 5m). This parameter is optional and is used when start is omitted to compute start = end - since. If both start and since are omitted, since defaults to 1h.
step=<duration string or float number of seconds>: Step between sample windows. This parameter is optional.
line_limit=<integer>: Maximum number of log lines to scan per shard. Defaults to 100. This parameter is optional.
limit=<integer>: Maximum number of fields to return. Defaults to 1000. The query parameter field_limit is also accepted as an alias for backwards compatibility. This parameter is optional.

You can URL-encode these parameters directly in the request body by using the POST method and Content-Type: application/x-www-form-urlencoded header.

Response format:

{
  "fields": [
    {
      "label": <string>,
      "type": <string|int|float|boolean|duration|bytes>,
      "cardinality": <integer>,
      "parsers": [<string>],
      "jsonPath": <string, optional>,
      "sketch": <object, optional>
    }
  ],
  "limit": <integer>
}

Examples

This example cURL command

curl -H 'X-Scope-OrgID: <TENANT_ID>' -G -s "http://localhost:3100/loki/api/v1/detected_fields" \
  --data-urlencode 'query={app="myapp"}' \
  --data-urlencode 'start=1609459200000000000' \
  --data-urlencode 'end=1609462800000000000' | jq

gave this response:

{
  "fields": [
    {
      "label": "level",
      "type": "string",
      "cardinality": 3,
      "parsers": ["logfmt"]
    },
    {
      "label": "duration",
      "type": "duration",
      "cardinality": 152,
      "parsers": ["logfmt"]
    },
    {
      "label": "status",
      "type": "int",
      "cardinality": 5,
      "parsers": ["logfmt"]
    }
  ],
  "limit": 1000
}

Detected field values

GET /loki/api/v1/detected_field/{name}/values
POST /loki/api/v1/detected_field/{name}/values

The /loki/api/v1/detected_field/{name}/values endpoint returns the values observed for a specific detected field matching the given stream selector. {name} is the name of the field to retrieve values for.

URL query parameters:

query: The LogQL stream selector to match. Example: {app="myapp", environment="dev"}. This parameter is required.
start=<nanosecond Unix epoch>: Start timestamp. This parameter is optional. If omitted, it defaults to end - since.
end=<nanosecond Unix epoch>: End timestamp. This parameter is optional. If omitted, it defaults to the current server time.
since=<duration>: Relative time range (for example, 1h, 5m). This parameter is optional and is used when start is omitted to compute start = end - since. If both start and since are omitted, since defaults to 1h.
step=<duration string or float number of seconds>: Step between sample windows. This parameter is optional.
line_limit=<integer>: Maximum number of log lines to scan per shard. Defaults to 100. This parameter is optional.
limit=<integer>: Maximum number of values to return. Defaults to 1000. The query parameter field_limit is also accepted as an alias. This parameter is optional.

You can URL-encode these parameters directly in the request body by using the POST method and Content-Type: application/x-www-form-urlencoded header.

Response format:

{
  "values": [
    <string>,
    ...
  ],
  "limit": <integer>
}

Examples

This example cURL command

curl -H 'X-Scope-OrgID: <TENANT_ID>' -G -s "http://localhost:3100/loki/api/v1/detected_field/level/values" \
  --data-urlencode 'query={app="myapp"}' \
  --data-urlencode 'start=1609459200000000000' \
  --data-urlencode 'end=1609462800000000000' | jq

gave this response:

{
  "values": [
    "debug",
    "info",
    "warn",
    "error"
  ],
  "limit": 1000
}

Stream logs

GET /loki/api/v1/tail

/loki/api/v1/tail is a WebSocket endpoint that streams log messages based on a query to the client. It accepts the following query parameters in the URL:

query: The LogQL query to perform.
delay_for: The number of seconds to delay retrieving logs to let slow loggers catch up. Defaults to 0 and cannot be larger than 5.
limit: The max number of entries to return. It defaults to 100.
start: The start time for the query as a nanosecond Unix epoch. Defaults to one hour ago.

In microservices mode, /loki/api/v1/tail is exposed by the querier.

Response format (streamed):

{
  "streams": [
    {
      "stream": {
        <label key-value pairs>
      },
      "values": [
        [
          <string: nanosecond unix epoch>,
          <string: log line>
        ]
      ]
    }
  ],
  "dropped_entries": [
    {
      "labels": {
        <label key-value pairs>
      },
      "timestamp": "<nanosecond unix epoch>"
    }
  ]
}

Readiness probe

GET /ready

/ready returns HTTP 200 when the Loki instance is ready to accept traffic. If running Loki on Kubernetes, /ready can be used as a readiness probe.

In microservices mode, the /ready endpoint is exposed by all components.

Change log level

GET /log_level
POST /log_level

/log_level a GET returns the current log level and a POST lets you change the log level of a Loki process at runtime. This can be useful for accessing debugging information during an incident. Caution should be used when running at the debug log level, as this produces a large volume of data.

The endpoint accepts the following query parameters in the URL:

log_level: A valid log level that can be passed as a URL param (?log_level=<level>) or as a form value in case of POST. Valid levels: [debug, info, warn, error]

In microservices mode, the /log_level endpoint is exposed by all components.

Prometheus metrics

GET /metrics

/metrics returns exposed Prometheus metrics. See Observing Loki for a list of exported metrics.

In microservices mode, the /metrics endpoint is exposed by all components.

Show current configuration

GET /config

/config exposes the current configuration. The optional mode query parameter can be used to modify the output. If it has the value diffs only the differences between the default configuration and the current are returned. A value of defaults returns the default configuration.

In microservices mode, the /config endpoint is exposed by all components.

List running services

GET /services

/services returns a list of all running services and their current states.

Services can have the following states:

New: Service is new, not running yet (initial state)
Starting: Service is starting; if starting succeeds, service enters Running state
Running: Service is fully running now; when service stops running, it enters Stopping state
Stopping: Service is shutting down
Terminated: Service has stopped successfully (terminal state)
Failed: Service has failed in Starting, Running or Stopping state (terminal state)

Show build information

GET /loki/api/v1/status/buildinfo

/loki/api/v1/status/buildinfo exposes the build information in a JSON object. The fields are version, revision, branch, buildDate, buildUser, and goVersion.

Flush in-memory chunks to backing store

POST /flush

/flush triggers a flush of all in-memory chunks held by the ingesters to the backing store. Mainly used for local testing.

In microservices mode, the /flush endpoint is exposed by the ingester.

Prepare ingester shutdown

GET, POST, DELETE /ingester/prepare_shutdown

This endpoint is used to tell the ingester to release all resources on receiving the next SIGTERM or SIGINT signal.

A POST request to the /ingester/prepare_shutdown endpoint configures the ingester for a full shutdown and returns immediately. Only when the ingester process is stopped with SIGINT or SIGTERM, it will unregister from the ring, and in-memory data will be flushed to long-term storage. This endpoint supersedes any YAML configurations and isn’t necessary if the ingester is already configured to unregister from the ring or to flush on shutdown.

A GET request to the /ingester/prepare_shutdown endpoint returns the status of this configuration, either set or unset.

A DELETE request to the /ingester/prepare_shutdown endpoint reverts the configuration of the ingester to its previous state (with respect to unregistering on shutdown and flushing of in-memory data to long-term storage).

This API endpoint is usually used by Kubernetes-specific scale down automations such as the rollout-operator.

Flush in-memory chunks and shut down

GET, POST /ingester/shutdown

/ingester/shutdown triggers a shutdown of the ingester and notably will always flush any in memory chunks it holds. This is helpful for scaling down WAL-enabled ingesters where we want to ensure old WAL directories are not orphaned, but instead flushed to our chunk backend.

It accepts three URL query parameters flush, delete_ring_tokens, and terminate.

URL query parameters:

flush=<bool>: Flag to control whether to flush any in-memory chunks the ingester holds. Defaults to true.
delete_ring_tokens=<bool>: Flag to control whether to delete the file that contains the ingester ring tokens of the instance if the -ingester.token-file-path is specified. Defaults to false.
terminate=<bool>: Flag to control whether to terminate the Loki process after service shutdown. Defaults to true.

This handler, in contrast to the deprecated /ingester/flush_shutdown handler, terminates the Loki process by default. This behaviour can be changed by setting the terminate query parameter to false.

In microservices mode, the /ingester/shutdown endpoint is exposed by the ingester.

Distributor ring status

GET /distributor/ring

Displays a web page with the distributor hash ring status, including the state, health, and last heartbeat time of each distributor.

Index gateway ring status

GET /indexgateway/ring

Displays a web page with the index gateway hash ring status, including the state, health, and last heartbeat time of each index gateway.

Ruler

The ruler API endpoints require to configure a backend object storage to store the recording rules and alerts. The ruler API uses the concept of a “namespace” when creating rule groups. This is a stand-in for the name of the rule file in Prometheus. Rule groups must be named uniquely within a namespace.

Note
You must configure enable_api: true to enable this feature.

Ruler ring status

GET /ruler/ring

Displays a web page with the ruler hash ring status, including the state, health, and last heartbeat time of each ruler.

List rule groups

GET /loki/api/v1/rules

List all rules configured for the authenticated tenant. This endpoint returns a YAML dictionary with all the rule groups for each namespace and 200 status code on success.

Example response

---
<namespace1>:
- name: <string>
  interval: <duration;optional>
  rules:
  - alert: <string>
    expr: <string>
    for: <duration>
    annotations:
      <annotation_name>: <string>
    labels:
      <label_name>: <string>
- name: <string>
  interval: <duration;optional>
  rules:
  - alert: <string>
    expr: <string>
    for: <duration>
    annotations:
      <annotation_name>: <string>
    labels:
      <label_name>: <string>
<namespace2>:
- name: <string>
  interval: <duration;optional>
  rules:
  - alert: <string>
    expr: <string>
    for: <duration>
    annotations:
      <annotation_name>: <string>
    labels:
      <label_name>: <string>

Get rule groups by namespace

GET /loki/api/v1/rules/{namespace}

Returns the rule groups defined for a given namespace.

Example response

name: <string>
interval: <duration;optional>
rules:
  - alert: <string>
    expr: <string>
    for: <duration>
    annotations:
      <annotation_name>: <string>
    labels:
      <label_name>: <string>

Get rule group

GET /loki/api/v1/rules/{namespace}/{groupName}

Returns the rule group matching the request namespace and group name.

Set rule group

POST /loki/api/v1/rules/{namespace}

Creates or updates a rule group. This endpoint expects a request with Content-Type: application/yaml header and the rules YAML definition in the request body, and returns 202 on success.

Example request

Request headers:

Content-Type: application/yaml

Request body:

name: <string>
interval: <duration;optional>
rules:
  - alert: <string>
    expr: <string>
    for: <duration>
    annotations:
      <annotation_name>: <string>
    labels:
      <label_name>: <string>

Delete rule group

DELETE /loki/api/v1/rules/{namespace}/{groupName}

Deletes a rule group by namespace and group name. This endpoints returns 202 on success.

Delete namespace

DELETE /loki/api/v1/rules/{namespace}

Deletes all the rule groups in a namespace (including the namespace itself). This endpoint returns 202 on success.

List rules

GET /prometheus/api/v1/rules?type={alert|record}&file={}&rule_group={}&rule_name={}

Prometheus-compatible rules endpoint to list alerting and recording rules that are currently loaded.

The type parameter is optional. If set, only the specified type of rule is returned.

The file, rule_group and rule_name parameters are optional, and can accept multiple values. If set, the response content is filtered accordingly.

For more information, refer to the Prometheus rules documentation.

List alerts

GET /prometheus/api/v1/alerts

Prometheus-compatible rules endpoint to list all active alerts.

For more information, refer to the Prometheus alerts documentation.

Compactor

Compactor ring status

GET /compactor/ring

Displays a web page with the compactor hash ring status, including the state, health, and last heartbeat time of each compactor.

Request log deletion

POST /loki/api/v1/delete
PUT /loki/api/v1/delete

Create a new delete request for the authenticated tenant. The log entry deletion documentation has configuration details.

Log entry deletion is supported only when TSDB or BoltDB Shipper is configured for the index store.

Query parameters:

query=<series_selector>: query argument that identifies the streams from which to delete with optional line filters.
start=<rfc3339 | unix_seconds_timestamp>: A timestamp that identifies the start of the time window within which entries will be deleted. This parameter is required.
end=<rfc3339 | unix_seconds_timestamp>: A timestamp that identifies the end of the time window within which entries will be deleted. If not specified, defaults to the current time.
max_interval=<duration>: The maximum time period the delete request can span. If the request is larger than this value, it is split into several requests of <= max_interval. Valid time units are s, m, and h.

A 204 response indicates success.

The query parameter can also include filter operations. For example query={foo="bar"} |= "other" will filter out lines that contain the string “other” for the streams matching the stream selector {foo="bar"}.

Examples

URL encode the query parameter. This sample form of a cURL command URL encodes query={foo="bar"}:

curl -g -X POST \
  'http://127.0.0.1:3100/loki/api/v1/delete?query={foo="bar"}&start=1591616227&end=1591619692' \
  -H 'X-Scope-OrgID: 1'

The same example deletion request for Grafana Enterprise Logs uses Basic Authentication and specifies the tenant name as a user; Tenant1 is the tenant name in this example. The password in this example is an access policy token that has been defined in the API_TOKEN environment variable. The token must be for an access policy with logs:delete scope for the tenant specified in the user field:

curl -u "Tenant1:$API_TOKEN" \
  -g -X POST \
  'http://127.0.0.1:3100/loki/api/v1/delete?query={foo="bar"}&start=1591616227&end=1591619692'

List log deletion requests

GET /loki/api/v1/delete

List the existing delete requests for the authenticated tenant. The log entry deletion documentation has configuration details.

Log entry deletion is supported only when TSDB or BoltDB Shipper is configured for the index store.

List the existing delete requests using the following API:

GET /loki/api/v1/delete

This endpoint returns both processed and unprocessed deletion requests. It does not list canceled requests, as those requests will have been removed from storage.

Query parameters:

start=<rfc3339 | unix_seconds_timestamp>: Optional. A timestamp that identifies the start of the time range. Only deletion requests that overlap with this time range will be returned. Must be provided together with end.
end=<rfc3339 | unix_seconds_timestamp>: Optional. A timestamp that identifies the end of the time range. Only deletion requests that overlap with this time range will be returned. Must be provided together with start.

Examples

Example cURL command:

curl -X GET \
  <COMPACTOR_ADDR>/loki/api/v1/delete \
  -H 'X-Scope-OrgID: <ORG_ID>'

curl -u "Tenant1:$API_TOKEN" \
  -X GET \
  <COMPACTOR_ADDR>/loki/api/v1/delete

Request cancellation of a delete request

DELETE /loki/api/v1/delete

Remove a delete request for the authenticated tenant. The log entry deletion documentation has configuration details.

Loki allows cancellation of delete requests until the requests are picked up for processing. It is controlled by the delete_request_cancel_period YAML configuration or the equivalent command line option when invoking Loki. To cancel a delete request that has been picked up for processing or is partially complete, pass the force=true query parameter to the API.

Log entry deletion is supported only when TSDB or BoltDB Shipper is configured for the index store.

Cancel a delete request using this compactor endpoint:

DELETE /loki/api/v1/delete

Query parameters:

request_id=<request_id>: Identifies the delete request to cancel; IDs are found using the delete endpoint.
force=<boolean>: When the force query parameter is true, partially completed delete requests will be canceled.
Note
some data from the request may still be deleted and the deleted request will be listed as ‘processed’.

A 204 response indicates success.

Examples

Example cURL command:

curl -X DELETE \
  '<COMPACTOR_ADDR>/loki/api/v1/delete?request_id=<REQUEST_ID>' \
  -H 'X-Scope-OrgID: <TENANT_ID>'

The same example deletion cancellation request for Grafana Enterprise Logs uses Basic Authentication and specifies the tenant name as a user; Tenant1 is the tenant name in this example. The password in this example is an access policy token that has been defined in the API_TOKEN environment variable. The token must be for an access policy with logs:delete scope for the tenant specified in the user field.

curl -u "Tenant1:$API_TOKEN" \
  -X DELETE \
  '<COMPACTOR_ADDR>/loki/api/v1/delete?request_id=<REQUEST_ID>'

Format a LogQL query

GET /loki/api/v1/format_query
POST /loki/api/v1/format_query

The endpoint accepts the following query parameters in the URL:

query: A LogQL query string. Can be passed as URL param (?query=<query>) in case of both GET and POST. Or as form value in case of POST.

The /loki/api/v1/format_query endpoint lets you format LogQL queries. It returns an error if the passed LogQL is invalid. It is exposed by all Loki components and helps to improve readability and the debugging experience of LogQL queries.

The following example formats the expression LogQL {foo= "bar"} into

{
   "status" : "success",
   "data" : "{foo=\"bar\"}"
}

Query Loki with Python

Thu, 09 Apr 2026 02:28:18 +0000

Query Loki with Python

This page provides Python examples for the most common Loki HTTP API operations: querying logs, pushing log entries, and listing labels. For the full API reference including all parameters and response formats, see the Loki HTTP API documentation.

Prerequisites

Install the requests library:

pip install requests

If you need an async-capable client, httpx provides a nearly identical API:

pip install httpx

Authentication

The examples on this page connect to a local Loki instance without authentication. To use these examples with a multi-tenant or Grafana Cloud deployment, add the appropriate authentication as shown below.

Multi-tenant mode

If your cluster has multi-tenancy enabled, pass the tenant ID in the X-Scope-OrgID header:

headers = {"X-Scope-OrgID": "my-tenant"}
resp = requests.get(url, params=params, headers=headers)

To query across multiple tenants, separate tenant names with the pipe (|) character:

headers = {"X-Scope-OrgID": "tenant1|tenant2|tenant3"}

Grafana Cloud

For Grafana Cloud, use basic authentication with your Grafana Cloud user and an API token:

resp = requests.get(url, params=params, auth=("<user>", "<API_TOKEN>"))

You can find the User and URL values in the Loki logging service details of your Grafana Cloud stack.

Self-signed certificates

If your Loki instance uses a self-signed TLS certificate, you can disable certificate verification:

resp = requests.get(url, params=params, verify=False)

For production use, pass the path to your CA bundle instead:

resp = requests.get(url, params=params, verify="/path/to/ca-bundle.crt")

Query logs within a range of time

GET /loki/api/v1/query_range queries logs over a time range. This is the most common query operation.

Using requests

import requests
from datetime import datetime, timedelta


def query_range(
    url: str,
    query: str,
    start: datetime,
    end: datetime,
    limit: int = 1000,
) -> list:
    """Query Loki for log entries within a time range."""
    resp = requests.get(
        f"{url}/loki/api/v1/query_range",
        params={
            "query": query,
            "start": str(int(start.timestamp() * 1e9)),  # nanoseconds
            "end": str(int(end.timestamp() * 1e9)),
            "limit": limit,
            "direction": "backward",
        },
    )
    resp.raise_for_status()
    return resp.json()["data"]["result"]


results = query_range(
    url="http://localhost:3100",
    query='{job="varlogs"} |= "error"',
    start=datetime.now() - timedelta(hours=1),
    end=datetime.now(),
)

for stream in results:
    print(f"Labels: {stream['stream']}")
    for ts, line in stream["values"]:
        print(f"  {datetime.fromtimestamp(int(ts) / 1e9)}: {line}")

Using httpx

import httpx
from datetime import datetime, timedelta


def query_range(
    url: str,
    query: str,
    start: datetime,
    end: datetime,
    limit: int = 1000,
) -> list:
    """Query Loki for log entries within a time range."""
    resp = httpx.get(
        f"{url}/loki/api/v1/query_range",
        params={
            "query": query,
            "start": str(int(start.timestamp() * 1e9)),  # nanoseconds
            "end": str(int(end.timestamp() * 1e9)),
            "limit": limit,
            "direction": "backward",
        },
    )
    resp.raise_for_status()
    return resp.json()["data"]["result"]


results = query_range(
    url="http://localhost:3100",
    query='{job="varlogs"} |= "error"',
    start=datetime.now() - timedelta(hours=1),
    end=datetime.now(),
)

for stream in results:
    print(f"Labels: {stream['stream']}")
    for ts, line in stream["values"]:
        print(f"  {datetime.fromtimestamp(int(ts) / 1e9)}: {line}")

Query logs at a single point in time

GET /loki/api/v1/query evaluates a query at a single point in time. Use this for instant metric queries such as aggregations with rate(), count_over_time(), or bytes_over_time(). Log stream selectors (queries that return log lines) are not supported as instant queries; use query_range instead.

import requests
from datetime import datetime


def query_instant(url: str, query: str) -> list:
    """Run an instant metric query against Loki."""
    resp = requests.get(
        f"{url}/loki/api/v1/query",
        params={
            "query": query,
            "time": str(int(datetime.now().timestamp() * 1e9)),
        },
    )
    resp.raise_for_status()
    return resp.json()["data"]["result"]


results = query_instant(
    url="http://localhost:3100",
    query='sum(rate({job="varlogs"}[10m])) by (level)',
)

for entry in results:
    print(f"{entry['metric']}: {entry['value'][1]}")

Push logs

POST /loki/api/v1/push sends log entries to Loki using the JSON format.

import json
import time
import requests


def push_logs(
    url: str,
    labels: dict[str, str],
    entries: list[tuple[str, str]],
) -> None:
    """Push log entries to Loki.

    Args:
        url: Loki base URL.
        labels: Stream labels, for example {"job": "myapp", "env": "dev"}.
        entries: List of (timestamp_ns, log_line) tuples. Use
                 str(int(time.time() * 1e9)) to get a nanosecond timestamp.
    """
    payload = {
        "streams": [
            {
                "stream": labels,
                "values": [list(e) for e in entries],
            }
        ]
    }
    resp = requests.post(
        f"{url}/loki/api/v1/push",
        headers={"Content-Type": "application/json"},
        data=json.dumps(payload),
    )
    resp.raise_for_status()


now_ns = str(int(time.time() * 1e9))
push_logs(
    url="http://localhost:3100",
    labels={"job": "myapp", "env": "dev"},
    entries=[
        (now_ns, "application started"),
        (now_ns, "listening on port 8080"),
    ],
)

Query labels and label values

GET /loki/api/v1/labels returns the list of known label names. GET /loki/api/v1/label/<name>/values returns the values for a specific label.

import requests


def get_labels(url: str) -> list[str]:
    """List all known label names."""
    resp = requests.get(f"{url}/loki/api/v1/labels")
    resp.raise_for_status()
    return resp.json()["data"]


def get_label_values(url: str, label: str) -> list[str]:
    """List values for a specific label."""
    resp = requests.get(f"{url}/loki/api/v1/label/{label}/values")
    resp.raise_for_status()
    return resp.json()["data"]


labels = get_labels("http://localhost:3100")
print(f"Labels: {labels}")

for label in labels:
    values = get_label_values("http://localhost:3100", label)
    print(f"  {label}: {values}")

Handling errors

Loki returns standard HTTP status codes. Common errors include:

Status	Meaning	Typical cause
400	Bad Request	Invalid LogQL syntax
429	Too Many Requests	Rate limit exceeded
5xx	Server Error	Loki is unavailable or overloaded

Use raise_for_status() to catch errors, and inspect the response body for details:

import time
import requests


def query_with_retry(
    url: str,
    query: str,
    max_retries: int = 3,
    backoff: float = 1.0,
) -> dict:
    """Query Loki with simple retry logic for rate limits."""
    for attempt in range(max_retries):
        resp = requests.get(
            f"{url}/loki/api/v1/query",
            params={"query": query},
        )
        if resp.status_code == 429:
            wait = backoff * (2 ** attempt)
            print(f"Rate limited, retrying in {wait}s...")
            time.sleep(wait)
            continue
        resp.raise_for_status()
        return resp.json()
    raise Exception(f"Query failed after {max_retries} retries")

Common problems

Timestamps are in nanoseconds. Loki expects Unix timestamps in nanoseconds, not seconds or milliseconds. Multiply time.time() by 1e9 and convert to a string.
At least one label matcher is required. You cannot query without a stream selector. {job="myapp"} works; an empty selector does not.
The direction parameter changes result ordering. Use backward (the default) to get the most recent entries first, or forward to get the oldest entries first.
The instant query endpoint only supports metric queries. Log stream selectors like {job="myapp"} return a 400 error on /query. Use /query_range for log queries, and /query for aggregations like rate() or count_over_time().
Use the limit parameter to control result size. The default is 100 entries. For large time ranges, set a higher limit or paginate by adjusting the start parameter based on the last received timestamp.

Loki reference topics on Grafana Labs

Grafana Loki configuration parameters

Grafana Loki configuration parameters

Printing Loki config at runtime

Configuration file reference

Use environment variables in the configuration

Generic placeholders

Supported contents and default values of loki.yaml

alibabacloud_storage_config

analytics

attributes_config

aws_storage_config

azure_storage_config

bloom_build

bloom_gateway

bos_storage_config

cache_config

chunk_store_config

common

compactor

consul

cos_storage_config

distributor

etcd

frontend

frontend_worker

gcs_storage_config

grpc_client

index_gateway

ingester

ingester_client

limits_config

local_storage_config

memberlist

named_stores_config

operational_config

period_config

profiling

querier

query_range

query_scheduler

ruler

runtime_config

s3_storage_config

schema_config

server

storage_config

swift_storage_config

table_manager

thanos_object_store_config

tls_config

tracing

Runtime Configuration file

Accept out-of-order writes

Loki HTTP API

Loki HTTP API

Endpoints

Ingest endpoints

Query endpoints

Status endpoints

Ring endpoints

Flush/shutdown endpoints

Rule endpoints

Log deletion endpoints

Other endpoints

Deprecated endpoints

Format

Matrix, vector, and stream

Timestamps

Statistics

Ingest logs

Examples

Ingest logs using OTLP

Query logs at a single point in time

Examples

Query logs within a range of time

Step versus interval

Examples

Query labels

Examples

Supported contents and default values of `loki.yaml`