Skip to content
LogoLogScale DocumentationFull Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support
help

Versions of this Page

    • Self-Hosted Overview
    • Instance Administration
      • Cluster statistics
      • Data Retention
      • Data Archiving
        • S3 Archiving
      • LogScale Internal Logging
      • Log LogScale to LogScale
      • Query Administration
        • Query Monitor
          • Query Stats
          • Query Details
          • Query Clients
          • Block and Kill
        • Blocking Queries
          • Remove or Unblock
          • Add a Query
          • Blocked Signs
        • Query Quotas
      • Measure and Manage Ingest Usage
        • What's Measured
          • Measurement Repositories
        • Measure Data Ingest
        • Optimize Ingestion
          • Best Practices to Optimize Data Ingestion
        • Monitor Usage
        • License Installation
      • Dynamic Configuration Parameters
        • AdHocTablesLimit
        • ArchivingClusterWideDisabled
        • ArchivingClusterWideEndAt
        • ArchivingClusterWideRegexForRepoName
        • ArchivingClusterWideStartFrom
        • BlockSignup
        • BucketStorageKeySchemeVersion
        • BucketStorageUploadInfrequentThresholdDays
        • BucketStorageWriteVersion
        • DebugAuditRequestTrace
        • DeleteDuplicatedNameViewsAfterMerging
        • DisableAnalyticsJob
        • DisableUserTracking
        • DisableViewWithSameNameCleanup
        • EnableDemoData
        • EnableGlobalJsonStatsLogger
        • ExperimentalSortDataStructure
        • ExternalFunctionRequestResponseEventCountLimit
        • ExternalFunctionRequestResponseSizeLimitBytes
        • FdrMaxNodesPerFeed
        • FdrS3FileSizeMax
        • FdrEnable
        • FdrExcludedNodes
        • FdrMaxNodes
        • FileReplicationFactor
        • FlushSegmentsAndGlobalOnShutdown
        • GracePeriodBeforeDeletingDeadEphemeralHostsMs
        • GraphQLSelectionSizeLimit
        • GraphQLAliasCountLimit
        • GraphQLDirectiveCountLimit
        • GraphQLQueryAnalysisDisabled
        • GroupDefaultLimit
        • GroupMaxLimit
        • IngestFeedGovernorCycleDuration
        • IngestFeedMaxConcurrentPolls
        • IsAutomaticUpdateCheckingAllowed
        • JoinDefaultLimit
        • JoinRowLimit
        • LiveQueryMemoryLimit
        • MaxAccessTokenTTL
        • MaxConcurrentQueriesOnWorker
        • MaxQueryPenaltyCreditForBlockedQueriesFactor
        • MaxQueryPollsForWorker
        • MaxRelocatedDatasourcesInGlobal
        • MaxIngestRequestSize
        • MinQueryPermitsFactor
        • MinimumHumioVersion
        • MultiPassDefaultIterationLimit
        • MultiPassMaxIterationLimit
        • ParserThrottlingAllocationFactor
        • QueryFSMSyncMergeThreshold
        • QueryCoordinatorMaxHeapFraction
        • QueryMemoryLimit
        • QueryPartitionAutoBalance
        • QueryResultRowCountLimit
        • RejectIngestOnParserExceedingFraction
        • SampleIntervalForDatasourceRates
        • SelfJoinLimit
        • StateRowLimit
        • StaticQueryFractionOfCores
        • TableCacheMemoryAllowanceFraction
        • TargetMaxRateForDatasource
        • UnauthenticatedGraphQLSelectionSizeLimit
        • UndersizedMergingRetentionPercentage
        • Getting Dynamic Configuration List
        • Setting a Dynamic Configuration Value
    • Organization Essentials
      • Organization Settings
      • Organization Query Monitor
        • Query Stats
        • Query Details
        • Query Clients
        • Block and Kill
      • Blocking Queries
        • Add Query to Blocklist
        • Blocked Query Indications
    • Configuring Security
      • Tokens in LogScale
      • IP Filters
        • IP Filter Rules
        • Managing IP Filters
        • Creating an IP Filter
        • Editing an IP Filter
      • Security Policies
        • Dashboard Security Policies
        • API Token Security Policies
          • Behavior When Changing Token Security Policies
          • Personal API Token Security Policy
          • Repository and View API Tokens Security Policy
          • Organization API Tokens Security Policies
          • System Tokens Security Policies
        • Actions Security Policies
        • Changing Actions Security Policies
          • Email Action Security Policy
          • OpsGenie Action Security Policy
          • PagerDuty Action Security Policy
          • Slack Action Security Policy
          • Upload file Action Security Policy
          • LogScale repository Action Security Policy
          • VictorOps Action Security Policy
          • Custom webhook actions Action Security Policy
      • API Tokens
        • Using API Tokens
          • Using an Expired API Token
          • Using an IP Filtered API Token
        • Repository and View API Tokens
          • Viewing Repository Tokens
          • Creating Repository API Tokens
          • Managing Repository API Tokens
        • Organization API Tokens
          • Viewing Organization API Tokens
          • Creating Organization API Tokens
          • Managing Organization API Tokens
        • System API Tokens
          • Viewing System Tokens
          • Creating System API Tokens
          • Managing System Tokens
      • Session Management
      • Configure Session Cookies
      • Audit Logging
    • Authentication and Identity Providers
      • SAML Authentication
        • Active Dir. Federation Svc.
        • Azure Active Dir.
        • Duo Security
        • Okta
        • PingFederate
      • OpenID Connect
      • LDAP Authentication
      • OAuth Protocol
        • Authenticating with BitBucket Sign-In
        • Authenticating with GitHub Sign-In
        • Authenticating with Google Sign-In
        • OAuth with Auth0
        • Set the Callback URL
      • Proxy Authentication
      • Single User
      • Root Access
      • Emergency Access
    • Users and Permissions
      • Permission Levels
      • Manage Users
        • Edit a User
        • Remove a User
      • Manage Groups
        • Assign Roles to Groups
        • Group Memberships
        • Group Synchronization
      • Manage Roles
      • Default Role Permissions
      • Repository and View Permissions
      • Organization Admin. Permissions
      • Cluster Management Permissions
      • Supported Functionality
      • Functionality Requirements
      • Setting up Roles in a File
    • Cluster Management
      • Cluster Nodes
      • Auxiliary Nodes
      • Node Identifiers
      • Health Checks
    • Ingesting Data
      • Log Shippers
      • Backfilling Data
      • Disabling Ingestion
      • Event Forwarding
        • Event Forwarders
        • Event Forwarding Rules
      • Ingesting FDR Data
        • Cluster Configuration
        • Adjust Polling Nodes Per Feed
        • Setting Visibility Timeout
        • Ingest FDR Data
          • Troubleshooting FDR Ingest
        • Error Handling
      • Ingest Listeners
      • Ingest Tokens
      • Ingest Feeds
    • Configuration Variables
      • AD_HOC_TABLES_LIMIT
      • ALERT_DESPITE_WARNINGS
      • ALERT_DISCLAIMER
      • ALERT_MAX_THROTTLE_FIELD_VALUES_STORED
      • ALLOW_CHANGE_REPO_ON_EVENTS
      • ALLOW_XML_DOCTYPE_DECL
      • API_EXPLORER_ENABLED
      • AUDITLOG_SENSITIVE_RETENTION_DAYS
      • AUTH_ALLOW_SIGNUP
      • AUTH_BY_PROXY_HEADER_NAME
      • AUTHENTICATION_METHOD
      • AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN
      • AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN
      • AUTO_UPDATE_IP_LOCATION_DB
      • AUTO_UPDATE_MAXMIND
      • AUTOSHARDING_MAX
      • AWS_ACCESS_KEY_ID
      • AWS_SECRET_ACCESS_KEY
      • INGEST_FEED_AZURE_TENANT_ID
      • AZURE_STORAGE_CONCURRENCY
      • BACKUP_DIR
      • BACKUP_KEY
      • BACKUP_NAME
      • BITBUCKET_OAUTH_CLIENT_ID
      • BITBUCKET_OAUTH_CLIENT_SECRET
      • BLOCK_SIGNUP
      • BLOCK_SIZE_MAX_KB
      • BLOCK_SIZE_MIN_KB
      • BLOCKS_PER_MINISEGMENT
      • BLOCKS_PER_SEGMENT
      • BOOTSTRAP_HOST_ID
      • BOOTSTRAP_HOST_UUID_COOKIE
      • BOOTSTRAP_ROOT_TOKEN_HASHED
      • BUCKET_STORAGE_IGNORE_ETAG_UPLOAD
      • BUCKET_STORAGE_MULTIPLE_ENDPOINTS
      • BUCKET_STORAGE_SSE_COMPATIBLE
      • CLUSTER_PING_TIMEOUT_SECONDS
      • COMPRESSION_TYPE
      • COOKIE_DOMAIN
      • COOKIE_PATH
      • COOKIE_SAMESITE
      • COOKIE_SECURE
      • CORES
      • CORRELATE_CONSTELLATION_TICK_LIMIT
      • CORRELATE_CONSTRAINT_LIMIT
      • CORRELATE_LINK_VALUES_LIMIT
      • CORRELATE_LINK_VALUES_MAX_BYTE_SIZE
      • CORRELATE_MIN_ITERATIONS
      • CORRELATE_NUMBER_OF_TIME_BUCKETS
      • CORRELATE_QUERY_EVENT_LIMIT
      • CORRELATE_QUERY_LIMIT
      • CORS_ALLOWED_ORIGINS
      • CREATE_HUMIO_SEARCH_ALL
      • DAYS_BEFORE_TOMBSTONE_DELETION
      • DEBUG_AUDIT_REQUEST_TRACE
      • DEFAULT_ALLOW_REBALANCE_EXISTING_SEGMENTS
      • DEFAULT_ALLOW_UPDATE_DESIRED_DIGESTERS
      • DEFAULT_DIGEST_REPLICATION_FACTOR
      • DEFAULT_GROUPS
      • DEFAULT_SEGMENT_REPLICATION_FACTOR
      • DELETE_BACKUP_AFTER_MILLIS
      • DELETE_DUPLICATED_NAME_VIEWS_AFTER_MERGING
      • DELETE_ON_INGEST_QUEUE
      • DIGEST_EXECUTOR_CORES
      • DIRECTORY
      • DISABLE_ANALYTICS_JOB
      • DISABLE_USER_TRACKING
      • DISABLE_VIEW_WITH_SAME_NAME_CLEANUP
      • DUMP_THREADS_SECONDS
      • ELASTIC_PORT
      • EMAIL_ACTION_DISCLAIMER
      • EMERGENCY_USERS
      • ENABLE_ALERTS
      • ENABLE_BEARER_TOKEN_AUTHORIZATION
      • ENABLE_DEMO_DATA
      • ENABLE_EVENT_FORWARDING
      • ENABLE_FDR_POLLING_ON_NODE
      • ENABLE_FILTER_ALERTS
      • ENABLE_GLOBAL_JSON_STATS_LOGGER
      • ENABLE_IOC_SERVICE
      • ENABLE_PERSONAL_API_TOKENS
      • ENABLE_QUERY_LOAD_BALANCING
      • ENABLE_SANDBOXES
      • ENABLE_SCHEDULED_SEARCHES
      • ENABLEINTERNALLOGGER
      • ENFORCE_AUDITABLE
      • EXTERNAL_FUNCTION_REQUEST_RESPONSE_EVENT_COUNT_LIMIT
      • EXTERNAL_FUNCITON_REQUEST_RESPONSE_SIZE_LIMIT_BYTES
      • EXTERNAL_URL
      • FDR_MAX_NODES_PER_FEED
      • FDR_S3_FILE_SIZE_MAX
      • FDR_USE_PROXY
      • FDR_VISIBILITY_TIMEOUT
      • FILE_REPLICATION_FACTOR
      • FILTER_ALERT_MAX_EMAIL_TRIGGER_LIMIT
      • FILTER_ALERT_MAX_NON_EMAIL_TRIGGER_LIMIT
      • FILTER_ALERTS_MAX_CATCH_UP_LIMIT
      • FILTER_ALERTS_MAX_WAIT_FOR_MISSING_DATA
      • FLUSH_BLOCK_SECONDS
      • FORWARDING_BREAKER_EXP_BACKOFF_FACTOR
      • FORWARDING_BREAKER_FAILURES
      • FORWARDING_BREAKER_MAX_RESET
      • FORWARDING_BREAKER_RESET
      • FORWARDING_BREAKER_TIMEOUT
      • FORWARDING_MAX_CONCURRENCY
      • GC_KILL_THRESHOLD_MILLIS
      • GCP_ARCHIVING_ACCOUNT_JSON_FILE
      • GCP_ARCHIVING_BUCKET
      • GCP_ARCHIVING_ENCRYPTION_KEY
      • GCP_ARCHIVING_ENDPOINT_BASE
      • GCP_ARCHIVING_OBJECT_KEY_PREFIX
      • GCP_EXPORT_WORKLOAD_IDENTITY
      • GCP_STORAGE_ACCOUNT_JSON_FILE
      • GCP_STORAGE_BUCKET
      • GCP_STORAGE_CONCURRENCY
      • GCP_STORAGE_ENCRYPTION_KEY
      • GCP_STORAGE_ENDPOINT_BASE
      • GCP_STORAGE_OBJECT_KEY_PREFIX
      • GCP_STORAGE_PREFERRED_COPY_SOURCE
      • GCP_STORAGE_USE_HTTP_PROXY
      • GCP_STORAGE_WORKLOAD_IDENTITY
      • GITHUB_OAUTH_CLIENT_ID
      • GITHUB_OAUTH_CLIENT_SECRET
      • GLOB_ALLOW_LIST_EMAIL_ACTIONS
      • GLOB_MATCH_LIMIT
      • GLOBAL_THROTTLE_PERCENTAGE
      • GOOGLE_OAUTH_CLIENT_ID
      • GOOGLE_OAUTH_CLIENT_SECRET
      • GRACE_PERIOD_BEFORE_DELETING_DEAD_EPHEMERAL_HOSTS_MS
      • GRACEFUL_SHUTDOWN_CONSIDERED_ALIVE_SECONDS
      • GRAPHQL_ALIAS_COUNT_LIMIT
      • GRAPHQL_DIRECTIVE_COUNT_LIMIT
      • GRAPHQL_QUERY_ANALYSIS_DISABLED
      • HEALTH_CHECK__CLUSTER_TIME_SKEW__WARN_THRESHOLD_MS
      • HEALTH_CHECK__EVENT_LATENCY_P99__WARN_THRESHOLD_SEC
      • HEALTH_CHECK__GLOBAL_TOPIC_LATENCY_P50__WARN_THRESHOLD_MSEC
      • HEALTH_CHECK__PRIMARY_DISK_USAGE__WARN_THRESHOLD_SEC
      • HEALTH_CHECK__SECONDARY_DISK_USAGE__WARN_THRESHOLD_SEC
      • HTTP_PROXY_HOST
      • HTTP_PROXY_ALLOW_ACTIONS_NOT_USE
      • HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE
      • HTTP_PROXY_PASSWORD
      • HTTP_PROXY_PORT
      • HTTP_PROXY_USERNAME
      • HUMIO_AUDITLOG_DIR
      • HUMIO_DEBUGLOG_DIR
      • HUMIO_HTTP_BIND
      • HUMIO_KAFKA_TOPIC_PREFIX
      • HUMIO_LOG4J_CONFIGURATION
      • HUMIO_PORT
      • HUMIO_SOCKET_BIND
      • IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES
      • INGEST_FEED_AZURE_CLIENT_ID
      • INGEST_FEED_AZURE_CLIENT_SECRET
      • INGEST_FEED_GOVERNOR_CYCLE_DURATION
      • INGEST_FEED_MAX_CONCURRENT_POLLS
      • INITIAL_FEATURE_FLAGS
      • IOC_CROWDSTRIKE_API_CLIENT_ID
      • IOC_CROWDSTRIKE_API_CLIENT_SECRET
      • IOC_CROWDSTRIKE_API_URL
      • IOC_UPDATE_SERVER_URL
      • IOC_USE_HTTP_PROXY
      • IP_FILTER_ACTIONS
      • IP_FILTER_NOTIFIERS
      • IP_FILTER_RDNS
      • IP_FILTER_RDNS_SERVER
      • JOIN_DEFAULT_LIMIT
      • JVM_LOG_DIR
      • JVM_TMP_DIR
      • JWKS_REFRESH_INTERVAL
      • KAFKA_CLIENT_RACK
      • KAFKA_CLIENT_RACK_ENV_VAR
      • KAFKA_MANAGED_BY_HUMIO
      • KAFKA_SERVERS
      • LDAP_AUTH_PRINCIPAL
      • LDAP_AUTH_PRINCIPALS_REGEX
      • LDAP_AUTH_PROVIDER_CERT
      • LDAP_AUTH_PROVIDER_URL
      • LDAP_DOMAIN_NAME
      • LDAP_GROUP_BASE_DN
      • LDAP_GROUP_FILTER
      • LDAP_GROUP_SEARCH_BIND_FOR_LOOKUP
      • LDAP_GROUPNAME_ATTRIBUTE
      • LDAP_SEARCH_BASE_DN
      • LDAP_SEARCH_BIND_NAME
      • LDAP_SEARCH_BIND_PASSWORD
      • LDAP_SEARCH_DOMAIN_NAME
      • LDAP_SEARCH_FILTER
      • LDAP_USERNAME_ATTRIBUTE
      • LDAP_VERBOSE_LOGGING
      • LIVEQUERY_CANCEL_COST_PERCENTAGE
      • LIVEQUERY_CANCEL_TRIGGER_DELAY_MS
      • LOCAL_STORAGE_MIN_AGE_DAYS
      • LOCAL_STORAGE_PERCENTAGE
      • LOGSCALE_SAML_IDP_REQUIRE_MATCHING_EMAIL_DOMAIN
      • MAX_BUCKET_POINTS
      • MAX_CHARS_TO_FIND_TIMESTAMP
      • MAX_CONCURRENT_EXPORTS_PER_VIEW
      • MAX_CONCURRENT_QUERIES_ON_WORKER
      • MAX_DISTINCT_TAG_VALUES
      • MAX_EVENT_FIELD_COUNT
      • MAX_EVENT_FIELD_COUNT_IN_PARSER
      • MAX_EVENT_SIZE
      • MAX_FILEUPLOAD_SIZE
      • MAX_GRAPHQL_QUERY_DEPTH
      • MAX_HOURS_SEGMENT_OPEN
      • MAX_INGEST_DELAY_SECONDS
      • MAX_INGEST_REQUEST_SIZE
      • MAX_JITREX_BACKTRACK
      • MAX_JOIN_LIMIT
      • MAX_NUMBER_OF_GLOBALDATA_DUMPS_TO_KEEP
      • MAX_QUERY_PENALTY_CREDIT_FOR_BLOCKED_QUERIES_FACTOR
      • MAX_QUERY_POLLS_FOR_WORKER
      • MAX_SECS_WAIT_FOR_SYNC_WHEN_CHANGING_DIGEST_LEADER
      • MAX_SERIES_LIMIT
      • MAX_SERIES_MEMLIMIT
      • MAXMIND_ACCOUNT_ID
      • MAXMIND_BASE_URL
      • MAXMIND_EDITION_ID
      • MAXMIND_IP_LOCATION_EDITION_ID
      • MAXMIND_LICENSE_KEY
      • MIN_QUERY_PERMITS_FACTOR
      • MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING
      • MINIMUM_HUMIO_VERSION
      • MULTI_PASS_DEFAULT_ITERATION_LIMIT
      • MULTI_PASS_MAX_ITERATION_LIMIT
      • NODE_ROLES
      • OIDC_AUDIENCE
      • OIDC_AUTHORIZATION_ENDPOINT
      • OIDC_CACHE_USERINFO_MS
      • OIDC_ENABLE_DIRECT_TOKEN_AUTH
      • OIDC_GROUPS_CLAIM
      • OIDC_JWKS_URI
      • OIDC_MULTI_ORG_CLAIM
      • OIDC_OAUTH_CLIENT_ID
      • OIDC_OAUTH_CLIENT_SECRET
      • OIDC_PROVIDER
      • OIDC_REQUIRE_ISSUER_MATCH
      • OIDC_SCOPE_CLAIM
      • OIDC_SCOPES
      • OIDC_SERVICE_NAME
      • OIDC_SUBDOMAIN_FROM_REQUEST_URL
      • OIDC_TOKEN_ENDPOINT
      • OIDC_TOKEN_ENDPOINT_AUTH_METHOD
      • OIDC_USE_HTTP_PROXY
      • OIDC_USERINFO_ENDPOINT
      • OIDC_USERNAME_CLAIM
      • ONLY_CREATE_USER_IF_SYNCED_GROUPS_HAVE_ACCESS
      • PARSER_THROTTLING_ALLOC_FACTOR
      • POSTMARK_FROM
      • POSTMARK_SERVER_SECRET
      • PRIMARY_STORAGE_MAX_FILL_PERCENTAGE
      • PRIMARY_STORAGE_PERCENTAGE
      • PROMETHEUS_METRICS_PORT
      • PUBLIC_URL
      • QUERY_CACHE_MIN_COST
      • QUERY_EXECUTOR_CORES
      • RDNS_DEFAULT_SERVER
      • READ_GROUP_PERMISSIONS_FROM_FILE
      • REJECT_INGEST_ON_PARSER_EXCEEDING_FRACTION
      • S3_ARCHIVING_ACCESSKEY
      • S3_ARCHIVING_CLUSTER_WIDE_DISABLED
      • S3_ARCHIVING_CLUSTER_WIDE_END_AT
      • S3_ARCHIVING_CLUSTER_WIDE_REGEX_FOR_REPO_NAME
      • S3_ARCHIVING_CLUSTER_WIDE_START_FROM
      • S3_ARCHIVING_ENDPOINT_BASE
      • S3_ARCHIVING_REQUIRE_ROLE
      • S3_ARCHIVING_SECRETKEY
      • S3_ARCHIVING_USE_HTTP_PROXY
      • S3_ARCHIVING_WORKERCOUNT
      • S3_EXPORT_USE_HTTP_PROXY
      • S3_RECOVER_FROM_KMS_KEY_ARN
      • S3_STORAGE_2_KMS_KEY_ARN
      • S3_STORAGE_ACCESSKEY
      • S3_STORAGE_BUCKET
      • S3_STORAGE_CONCURRENCY
      • S3_STORAGE_ENCRYPTION_KEY
      • S3_STORAGE_ENDPOINT_BASE
      • S3_STORAGE_KMS_KEY_ARN
      • S3_STORAGE_OBJECT_KEY_PREFIX
      • S3_STORAGE_PREFERRED_COPY_SOURCE
      • S3_STORAGE_REGION
      • S3_STORAGE_SECRETKEY
      • S3_STORAGE_USE_HTTP_PROXY
      • SAML_ADMIN_ATTRIBUTE_ACCEPT_VALUE
      • SAML_ALTERNATIVE_IDP_CERTIFICATE
      • SAML_DEBUG
      • SAML_GROUP_MEMBERSHIP_ATTRIBUTE
      • SAML_IDP_CERTIFICATE
      • SAML_IDP_ENTITY_ID
      • SAML_IDP_SIGN_ON_URL
      • SAML_USER_ATTRIBUTE
      • SANGRIA_LOG_SLOW_MILLIS
      • SCHEDULED_SEARCH_BACKFILL_LIMIT
      • SCHEDULED_SEARCH_DESPITE_WARNINGS
      • SECONDARY_DATA_DIRECTORY
      • SECONDARY_STORAGE_MAX_FILL_PERCENTAGE
      • SELFJOIN_LIMIT
      • SEND_USER_INVITES
      • SHARED_DASHBOARDS_ENABLED
      • SHUTDOWN_ABORT_FLUSH_TIMEOUT_MILLIS
      • SINGLE_USER_PASSWORD
      • SINGLE_USER_USERNAME
      • SMTP_HOST
      • SMTP_PASSWORD
      • SMTP_PORT
      • SMTP_SENDER_ADDRESS
      • SMTP_USE_STARTTLS
      • SMTP_USERNAME
      • STATIC_IMAGE_CONTENT_URL
      • STREAMING_QUERY_KEEPALIVE_NEWLINES
      • STREAMING_QUERY_KEEPALIVE_NEWLINES_ON_NODES
      • STREAMING_QUERY_KEEPALIVE_TIMEOUT
      • TABLE_CACHE_MEMORY_ALLOWANCE_FRACTION
      • TAG_HASHING_BUCKETS
      • TCP_INGEST_MAX_TIMEOUT_SECONDS
      • THREAD_SIZE_LOGGING_INTERVAL_SECONDS
      • TLS_CIPHER_SUITES
      • TLS_CLIENT_ALIAS
      • TLS_CLIENT_AUTH
      • TLS_DEFAULT_ALIAS
      • TLS_HOSTNAME_VERIFICATION_FILTER
      • TLS_KEY_PASSWORD
      • TLS_KEYSTORE_LOCATION
      • TLS_KEYSTORE_TYPE
      • TLS_PROTOCOLS
      • TLS_SERVER
      • TLS_TRUSTSTORE_LOCATION
      • TLS_TRUSTSTORE_PASSWORD
      • TLS_TRUSTSTORE_TYPE
      • TOP_K_MAX_MAP_SIZE_HISTORICAL
      • TOP_K_MAX_MAP_SIZE_LIVE
      • TOPIC_MAX_MESSAGE_BYTES
      • UI_AUTH_FLOW
      • USING_EPHEMERAL_DISKS
      • VALUE_DEDUP_LEVEL
      • VERBOSE_AUTH
      • WARN_ON_INGEST_DELAY_MILLIS
      • ZONE
    • LogScale URLs and Endpoints
    • Limits and Standards

 

    • Deployment Overview
    • Planning Your Deployment
      • System Requirements
      • Responsibilities Matrix
      • Capacity Planning
        • Capacity Vectors
          • Ingestion Capacity
          • Digest Capacity
          • Storage Capacity
          • Query Capacity
          • UI Performance
          • Configuring Specific Node Roles
        • Monitoring Capacity Metrics
        • Scenarios
      • Planning to install LogScale
    • Instance Sizing
    • Storage Architecture
      • Primary Storage
      • Secondary Storage
      • Bucket Storage
        • Amazon Bucket Storage
          • IAM User Example Policy
          • Switch to a Fresh Bucket
          • Other options
          • Export to S3 Bucket with Amazon
        • Google Bucket
        • MinIO
        • Snapshot Uploads
      • Digest Node Storage
      • Digest Rules
      • Storage Rules
    • Installing Using Containers
      • Using humio (Testing Only)
      • Using humio-core
        • Deploying a Kafka Cluster using Containers
        • Deploying a LogScale Cluster using Containers
    • Installing On Bare Metal or Cloud Instance
      • Preparing for Installation
      • Individual Node Configuration
      • Installing Java
      • Installing Native Kafka
      • Deploying Kafka using Amazon MSK
      • Installing LogScale
      • LogScale Launcher Script
    • Reference Architectures
      • Cluster Topologies
      • Azure Reference Architecture
        • Architecture Types
          • Basic
          • Ingress
          • Dedicated UI
          • Advanced
        • Requirements
        • Instance Sizing
        • Terraform Modules
        • Build Process
        • Maintaining
      • LogScale Kubernetes Reference Architecture
        • Humio Operator Overview
        • Cluster topology
        • Instance Sizing
        • Kubernetes Deployment Requirements
        • Deploying Prerequisites
          • Kafka Prerequisites
          • Operator Custom Resources
          • Basic Security and Resource Configuration
          • Ingress Configuration
          • Configuring Bucket Storage
        • Basic Architecture Configuration
        • Advanced Architecture Configuration
        • Kubernetes Deployment Limits
        • Deployment for High Availability
        • Disaster Recovery
        • Additional Considerations
        • Scaling a HumioCluster Up or Down
      • AWS Cloud Reference Architecture
      • AWS Cloud Reference Deployment and Automation
        • Quick Start Guide
        • AWS Architecture
        • Instance Sizing
        • Cluster types
        • Terraform Components
        • Amazon Web Services
        • Kubernetes Components
        • Accessing the cluster
        • Sending data to the cluster
        • References
      • Deploying LogScale with Operator on Google Cloud Platform (GCP)
        • GCP Reference Architecture
        • Component Version Requirements
        • GCP Deployment Prerequisites
        • Instance Sizing
        • Deploy GCP Resources and LogScale
        • Accessing the Deployed GCP LogScale Instance
        • Testing GCP Deployment
        • GCP Deployment Cleanup
    • Installing Load Balancers
      • Apache Reverse Proxy
      • Caddy Reverse Proxy
      • Nginx Reverse Proxy
      • HAProxy Reverse Proxy
        • Configuring HAProxy as a Service
    • Deploying Auxiliary Services
      • PDF Render Service
        • Deploying Single PDF Render Services
        • Deploying Multiple PDF Render Services
        • PDF Render Server Configuration Options
        • Adding PDF Render to LogScale Configuration
        • Monitoring Auxiliary PDF Service
    • Configuration Settings
      • Basic Configuration
      • Enabling Rack Awareness
      • Email Configuration
        • SMTP Server Configuration
        • Configure Postmark
      • Feature Flags
      • HTTP Proxy Client
      • IOC Configuration
      • IP Filter
      • JVM Configuration
      • MaxMind Configuration
      • TLS
      • Kafka Configuration
        • Kafka Usage
      • Long-Retention Tuning
    • Managing Your Deployment
      • Monitoring Tips
      • Adding & Removing Nodes
      • Switching Kafka
        • Switch Kafka and ZooKeeper
        • Switch Kafka using KRaft Mode
      • Updating LogScale
      • Replacing Hardware in a Cluster
    • Testing Your Deployment
      • Cluster Admin/Ops
      • End User Functionality
      • Admin User Functionality
      • Operational Testing
      • Performance Testing

 

    • Humio Operator
    • Install Humio Operator on Kubernetes
    • Humio Operator Resource Management
    • Humio Operator Version Matrix
    • Upgrading
      • Independently-Managed CRDs
      • Helm-Managed CRDs
      • Migrating from Helm-Managed CRDs
      • Troubleshooting
    • Operator Release Notes
      • Full Humio Operator Release Notes

 

    • Data Analysis Overview
    • LogScale User Interface
      • Managing Your Account
    • Manage Repositories and Views
      • Create Repository or View
      • Repository and View Settings
      • Falcon LTR Repositories
      • Lookup Files
      • Delete a Repository or View
    • Parse Data
      • Built-in Parsers
      • Create a Parser
          • Using the Parser Code Editor
      • Ingest Tokens
      • Parser Errors
      • Removing Fields
      • Parsing Event Tags
      • Parsing Timestamps
    • Search Data
      • Query Editor
      • Event Fields
      • Display Fields
      • Select and Filter Fields
      • Add and Remove Fields
      • Display Results and Events
      • Inspect Events
      • Show in Context
      • Format Columns
      • Column Properties
      • Field Data Types
      • Field Interactions
      • Different Visuals
      • Change Time Interval
      • Set Time Zone
      • Saved Searches
      • Export Data
      • Search Status
      • Event List Interactions
    • Write Queries
      • Basic query principles
      • Returned events
      • Query management
        • Write new queries
        • Save queries
        • Recall Queries
        • Use saved queries in interactions
      • Common Queries
      • Statement order for better queries
      • Query readability and better usage
    • Automation
      • Alerts
        • Filter Alerts
        • Standard Alerts
        • Alert Activities
        • Creating Alerts
        • Managing Alerts
        • Editing an Alert
        • Setting Alert Throttle Period
        • Sending Aggregate Results to Actions
        • Monitoring Alerts
        • Diagnosing Alerts
          • Errors when Using Live join() Functions
          • Monitor Alerts with humio-activity Repository
            • Alert Raw Event Example
              • Filter alert errors and solutions
              • Legacy alert errors and solutions
      • Scheduled Searches
        • Creating a Scheduled Search
        • Spacing Out Searches
        • Scheduled Search Errors and Resolutions
      • Scheduled PDF Reports
        • Scheduled Reports Security
          • Creating a Scheduled PDF Role using the UI
        • Managing Scheduled Reports
        • Creating Scheduled Reports
        • Editing Scheduled Reports
        • Limitations
        • Scheduled Reports Errors and Resolutions
      • Cron Schedule Templates
      • Actions
        • Creating Actions
        • Managing Actions
        • Action Type: Email
        • Action Type: Falcon LogScale Repository
        • Action Type: OpsGenie
        • Action Type: PagerDuty
        • Action Type: Slack
        • Action Type: Upload File
        • Action Type: VictorOps (Splunk On-Call)
        • Action Type: Webhooks
        • Message Templates and Variables
    • Query Language Syntax
      • Comments
      • Query Filters
      • Operators
      • Adding Fields to Events
      • User Parameters/Variables
      • Conditional Evaluation
      • Array Syntax
      • Expressions
      • Function Syntax
      • Time Syntax
        • Supported Time Zones
        • Relative Time Syntax
      • Regular Expression Syntax
        • Regular Expression Syntax Patterns
        • Unsupported Regular Expression Patterns
        • Regular Expression Flags
        • Differences from Other Regex Implementations
    • Query Functions
      • Aggregate Query Functions
      • Array Query Functions
      • Comparison Query Functions
      • Conditional Query Functions
      • Data Manipulation Query Functions
      • Event Information Query Functions
      • Filtering Query Functions
      • Formatting Query Functions
      • Geolocation Query Functions
      • Hash Query Functions
      • Join Query Functions
      • Math Query Functions
      • Network and Location Query Functions
      • Parsing Query Functions
      • Preamble Query Functions
      • Regular Expression Query Functions
      • Security Related Query Functions
      • Statistics Query Functions
      • String Query Functions
      • Time and Date Query Functions
      • Tranformation Query Functions
      • Widget Query Functions
      • array:contains()
      • array:eval()
      • array:filter()
      • array:intersection()
      • array:reduceAll()
      • array:reduceColumn()
      • array:reduceRow()
      • array:regex()
      • array:union()
      • asn()
      • avg()
      • base64Decode()
      • beta:param()
      • beta:repeating()
      • bitfield:extractFlags()
      • bucket()
      • callFunction()
      • cidr()
      • coalesce()
      • collect()
      • communityId()
      • concat()
      • concatArray()
      • copyEvent()
      • count()
      • counterAsRate()
      • createEvents()
      • crypto:md5()
      • default()
      • drop()
      • dropEvent()
      • end()
      • eval()
      • eventFieldCount()
      • eventInternals()
      • eventSize()
      • fieldset()
      • fieldstats()
      • findTimestamp()
      • format()
      • formatDuration()
      • formatTime()
      • geohash()
      • groupBy()
          • Grouping in groupBy()
          • Limits when using groupBy()
      • hash()
      • hashMatch()
      • hashRewrite()
      • head()
      • in()
      • ioc:lookup()
      • ipLocation()
      • join()
      • json:prettyPrint()
      • kvParse()
      • length()
      • linReg()
      • lower()
      • lowercase()
      • match()
      • math:abs()
      • math:arccos()
      • math:arcsin()
      • math:arctan()
      • math:arctan2()
      • math:ceil()
      • math:cos()
      • math:cosh()
      • math:deg2rad()
      • math:exp()
      • math:expm1()
      • math:floor()
      • math:log()
      • math:log10()
      • math:log1p()
      • math:log2()
      • math:mod()
      • math:pow()
      • math:rad2deg()
      • math:sin()
      • math:sinh()
      • math:spherical2cartesian()
      • math:sqrt()
      • math:tan()
      • math:tanh()
      • max()
      • min()
      • now()
      • parseCEF()
      • parseCsv()
      • parseFixedWidth()
      • parseHexString()
      • parseInt()
      • parseJson()
      • parseLEEF()
      • parseTimestamp()
      • parseUrl()
      • parseXml()
      • percentile()
      • range()
      • rdns()
      • regex()
      • rename()
      • replace()
      • reverseDns()
      • round()
      • sample()
      • sankey()
      • select()
      • selectFromMax()
      • selectFromMin()
      • selectLast()
      • selfJoin()
      • selfJoinFilter()
      • series()
      • session()
      • shannonEntropy()
      • sort()
      • split()
      • splitString()
      • start()
      • stats()
      • stdDev()
      • stripAnsiCodes()
      • subnet()
      • sum()
      • table()
      • tail()
      • test()
      • time:dayOfMonth()
      • time:dayOfWeek()
      • time:dayOfWeekName()
      • time:dayOfYear()
      • time:hour()
      • time:millisecond()
      • time:minute()
      • time:month()
      • time:monthName()
      • time:second()
      • time:weekOfYear()
      • time:year()
      • timeChart()
      • tokenHash()
      • top()
      • transpose()
      • unit:convert()
      • upper()
      • urlDecode()
      • urlEncode()
      • wildcard()
      • window()
      • worldMap()
      • writeJson()
      • xml:prettyPrint()
    • Template Language
      • Template Expressions
      • Template Variable Types
      • Template Examples
    • Keyboard Shortcuts
LogScale Self-Hosted
Falcon LogScale Documentation
/ Falcon LogScale Self-Hosted 1.101.0-1.106.6
/ Configuration Variables

IOC_UPDATE_SERVER_URL

OptionIOC_UPDATE_SERVER_URL
Description API server URL for IOCs database download
Defaulthttps://ioc.humio.com

The url of the server that LogScale downloads the database of IOCs (indicators of compromise) from.

Do not set if IOC_CROWDSTRIKE_API_URL is set.

Support
  • Twitter
  • LinkedIn
  • Youtube

© 2025 CrowdStrike All other marks contained herein are the property of their respective owners.

Enter search term