Configuration Variables
Below is an alphabetical list of all of the Configuration Parameters (environment variables) used to configure LogScale on your Infrastructure. These are parameters that are exclusively related to LogScale software, as well as options that are related to other systems that integrate with LogScale (e.g., Amazon AWS, Google Cloud). Click on the name of a variable below for more details on it, along with related and similar options.
    Use a simple text editor to open the LogScale configuration file,
    server.conf in the
    /etc/humio directory, and to change
    any of these variables on an installation of LogScale software. Once you've
    finished making changes, be sure to restart LogScale, depending on how you
    deployed it, for the server — or for each node affected in a cluster,
    if not all nodes.
  
Table: Configuration Parameters Table
| Variable | Default Value | Availability | Description | 
|---|---|---|---|
| AD_HOC_TABLES_LIMIT | 10 | Maximum number of ad hoc tables that can be created. Limits the total number of ad hoc query result tables that can exist in the system at one time. | |
| ALERT_DESPITE_WARNINGS | false | Alerts are activated even with warnings from the alert query | |
| ALERT_DISCLAIMER | Disclaimer to notify that alerts are sent from a given view or repository | ||
| ALERT_MAX_THROTTLE_FIELD_VALUES_STORED | 100 | Maximum number of field values stored for each standard alert | |
| ALLOW_CHANGE_REPO_ON_EVENTS | false | HEC allows ingest to any specified repository | |
| ALLOW_XML_DOCTYPE_DECL | false | ALLOW_XML_DOCTYPE_DECL Environment Variable | |
| API_EXPLORER_ENABLED | true | Enables or disables the API GraphQL Explorer functionality (see Accessing GraphQL using API Explorer). | |
| AUDITLOG_SENSITIVE_RETENTION_DAYS | 200 * 365 days | Specifies when sensitive logs are deleted by retention in humio-audit repository | |
| AUTH_ALLOW_SIGNUP | true | AUTH_ALLOW_SIGNUP Environment Variable | |
| AUTH_BY_PROXY_HEADER_NAME | none | Specifies usernames in header for the proxy | |
| AUTHENTICATION_METHOD | single-user | Enables a standard LDAP bind method | |
| AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN | false | Automatically creates users in LogScale if they logged in with external authentication methods | |
| AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN | false | Allows to transfer group membership rules at login | |
| AUTO_UPDATE_IP_LOCATION_DB | true | deprecated in 1.19 | Deprecated and replaced by AUTO_UPDATE_MAXMIND | 
| AUTO_UPDATE_MAXMIND | true | Enables automatic update of MaxMind GeoLite2 database | |
| AUTOSHARDING_MAX | 131,072 shards | Sets the number of datasources created during auto-sharding. | |
| AWS_ACCESS_KEY_ID | Sets the access key for AWS | ||
| AWS_SECRET_ACCESS_KEY | Sets the secret access key for AWS | ||
| INGEST_FEED_AZURE_TENANT_ID | Sets the tentant id to use to access Azure. | ||
| AZURE_STORAGE_CONCURRENCY | cores/2 | The number of concurrent downloading/uploading files in Azure storage | |
| BACKUP_DIR | humio-backup | deprecated in 1.57 | Specifies the directory where to write a backup of the data files | 
| BACKUP_KEY | developer | Specifies the secret key used for encryption for data files backup | |
| BACKUP_NAME | none | deprecated in 1.57 | Names the backup of the data files | 
| BITBUCKET_OAUTH_CLIENT_ID | none | The Key from your BitBucket OAuth Consumer | |
| BITBUCKET_OAUTH_CLIENT_SECRET | none | The Secret from your BitBucket OAuth Consumer | |
| BLOCK_SIGNUP | true | Boolean flag that controls whether new user signups are blocked. When set to true, new user registration will be disabled, preventing the creation of new accounts. Useful for maintenance periods or when you want to control access to the system. | |
| BLOCK_SIZE_MAX_KB | 1,024 KB | Maximum size in KB to target for blocks in a single segment | |
| BLOCK_SIZE_MIN_KB | 384 KB | Minimum size in KB to target for blocks in a single segment | |
| BLOCKS_PER_MINISEGMENT | 300 | Desired number of blocks in a mini-segment | |
| BLOCKS_PER_SEGMENT | 30,000 | Desired number of blocks in a final segment | |
| BOOTSTRAP_HOST_ID | 0 | Sets an ID for the server at first start up | |
| BOOTSTRAP_HOST_UUID_COOKIE | none | Sets a unique identifier of the local filesystem contents | |
| BOOTSTRAP_ROOT_TOKEN_HASHED | (not set) | Specifies the hashed root token for a LogScale instance | |
| BUCKET_STORAGE_IGNORE_ETAG_UPLOAD | false | For bucket storage to work with MinIO, disables checksum matching while uploading the file | |
| BUCKET_STORAGE_MULTIPLE_ENDPOINTS | false | Proxy configuration applied to all bucket storage backends or not | |
| BUCKET_STORAGE_SSE_COMPATIBLE | Makes bucket storage not verify checksums of raw objects after uploading to an S3 | ||
| CLUSTER_PING_TIMEOUT_SECONDS | 90 | Sets amount of time to wait for response from nodes when checking node responsiveness. | |
| COMPRESSION_TYPE | high | Sets default compression levels for segments and minisegments | |
| COOKIE_DOMAIN | Sets the domain when configuring session cookies | ||
| COOKIE_PATH | Indicates a URL path that must exist in the requested URL in order to send the cookie header | ||
| COOKIE_SAMESITE | Sets whether the cookie should be restricted to first-party or same-site context | ||
| COOKIE_SECURE | Indicates that the cookie is sent to the server only when the request is made with the https: scheme | ||
| CORES | Available Processors | Specifies the number of CPU cores for the machine running LogScale | |
| CORRELATE_CONSTELLATION_TICK_LIMIT | 5 | Maximum number of processing ticks allowed in correlation constellation operations. This setting helps prevent excessive resource consumption in complex correlation operations. Higher values allow more complex correlations but consume more computational resources. | |
| CORRELATE_CONSTRAINT_LIMIT | 5 | Maximum number of constraints allowed in correlation operations. This setting limits the complexity of correlation queries to prevent excessive resource consumption. Higher values allow more complex constraints but may increase memory usage and processing time. | |
| CORRELATE_LINK_VALUES_LIMIT | 100 | Maximum number of link values allowed in correlation operations. This setting limits the total number of values that can be linked across events during correlation. Higher values allow for more comprehensive correlation results but require more memory. | |
| CORRELATE_LINK_VALUES_MAX_BYTE_SIZE | 1,024 | Maximum total byte size allowed for link values in correlation operations. This setting limits the memory footprint of linked values during correlation processing. Specified in bytes, this limit prevents excessive memory consumption when correlating events with large field values. | |
| CORRELATE_MIN_ITERATIONS | 2 | Minimum number of iterations that the correlation algorithm will perform. This setting ensures correlation operations run for at least the specified number of iterations, allowing time for patterns to emerge even if early convergence criteria are met. | |
| CORRELATE_NUMBER_OF_TIME_BUCKETS | 100,000 | Number of time buckets to use when performing correlation analysis. This setting controls how the time range is divided into discrete intervals for temporal correlation. Higher values provide finer time granularity but require more computational resources. | |
| CORRELATE_QUERY_EVENT_LIMIT | 100,000 | Maximum number of events allowed in correlation query operations. | |
| CORRELATE_QUERY_LIMIT | 5 | Maximum number of queries allowed in correlation operations. | |
| CORS_ALLOWED_ORIGINS | true | Websites or IP addresses that allow Cross-Origin Resource Sharing | |
| CREATE_HUMIO_SEARCH_ALL | false | Allows creation of humio-search-all view | |
| DAYS_BEFORE_TOMBSTONE_DELETION | 14 | Sets the restorability of deleted repositories or views, but not
      the data within them. For information about the configuration that
      sets the time in which you can restore data from the dataspace,
      see DELETE_BACKUP_AFTER_MILLIS. | |
| DEBUG_AUDIT_REQUEST_TRACE | true | Controls whether to enable debug tracing for audit requests. | |
| DEFAULT_ALLOW_REBALANCE_EXISTING_SEGMENTS | true | Sets whether or not the existing segment decider will run | |
| DEFAULT_ALLOW_UPDATE_DESIRED_DIGESTERS | true | Enables automatic management of the digest partition table | |
| DEFAULT_DIGEST_REPLICATION_FACTOR | 3 | Allows configuration of the replication factor used for the digest partitions table | |
| DEFAULT_GROUPS | List of default groups that users belong to | ||
| DEFAULT_SEGMENT_REPLICATION_FACTOR | 1 | Sets the number of replicas each segment file will have. | |
| DELETE_BACKUP_AFTER_MILLIS | 604,800,000 ms | Configures when data files backup must be deleted | |
| DELETE_DUPLICATED_NAME_VIEWS_AFTER_MERGING | false | Controls whether to delete views with duplicate names after merging. | |
| DELETE_ON_INGEST_QUEUE | true | Deletes events from the ingest queue | |
| DIGEST_EXECUTOR_CORES | CORES Divided by 2 | Internal configuration to half the number of CPU cores set in CORES variable | |
| DIRECTORY | humio-data | Data directory for LogScale | |
| DISABLE_ANALYTICS_JOB | true | Controls whether analytics jobs are disabled. | |
| DISABLE_USER_TRACKING | true | Controls whether user tracking is disabled. | |
| DISABLE_VIEW_WITH_SAME_NAME_CLEANUP | true | Disable views with the same name during clean-up. | |
| DUMP_THREADS_SECONDS | Specifies the interval thread dumps are written with | ||
| ELASTIC_PORT | Sets the port for ElasticSearch bulk endpoint | ||
| EMAIL_ACTION_DISCLAIMER | Disclaimer in every email to clarify alerts or scheduled searches are sent as LogScale actions | ||
| EMERGENCY_USERS | false | Enables emergency users in case of issues with identity provider | |
| ENABLE_ALERTS | true | Enables/disables all alerts | |
| ENABLE_BEARER_TOKEN_AUTHORIZATION | false | Using less secure bearer token instead of secure cookies | |
| ENABLE_DEMO_DATA | true | Controls whether demo data is enabled. | |
| ENABLE_EVENT_FORWARDING | false | Enables/disables event forwarding | |
| ENABLE_FDR_POLLING_ON_NODE | true | Enables polling and ingest of FDR data on the LogScale node | |
| ENABLE_FILTER_ALERTS | true | Enables/disables filter alerts | |
| ENABLE_GLOBAL_JSON_STATS_LOGGER | false | Controls whether the global JSON statistics logger is enabled. | |
| ENABLE_IOC_SERVICE | true | Enables the IOC database service. | |
| ENABLE_PERSONAL_API_TOKENS | true | Enables/disables use of personal API tokens | |
| ENABLE_QUERY_LOAD_BALANCING | true | Allows queries to execute locally on the node that receives the requests | |
| ENABLE_SANDBOXES | true | Enables/disables sandbox repositories | |
| ENABLE_SCHEDULED_SEARCHES | false | Sets whether scheduled searches should be executed | |
| ENABLEINTERNALLOGGER | true | ENABLEINTERNALLOGGER Environment Variable | |
| ENFORCE_AUDITABLE | false | Sets permissions and enforce Auditable mode for root access | |
| EXTERNAL_FUNCTION_REQUEST_RESPONSE_EVENT_COUNT_LIMIT | 10,000 | Maximum number of events allowed in an external function response. | |
| EXTERNAL_FUNCITON_REQUEST_RESPONSE_SIZE_LIMIT_BYTES | 10,485,760 | Maximum size in bytes allowed for an external function response. | |
| EXTERNAL_URL | http://localhost:PORT | URL that other hosts can use to reach this server | |
| FDR_MAX_NODES_PER_FEED | 5 | Maximum number of nodes allowed per feed for FDR. | |
| FDR_S3_FILE_SIZE_MAX | 250,000,000 | Maximum file size in bytes for S3 files in FDR. | |
| FDR_USE_PROXY | Makes the FDR job use the proxy settings specified with HTTP_PROXY_* environment variables | ||
| FDR_VISIBILITY_TIMEOUT | 15 m | Visibility timeout of SQS messages read by FDR integration | |
| FILE_REPLICATION_FACTOR | 5 | Replication factor for files in the cluster. | |
| FILTER_ALERT_MAX_EMAIL_TRIGGER_LIMIT | 15 triggers/minute | Sets the trigger limit for filter alerts having emails attached | |
| FILTER_ALERT_MAX_NON_EMAIL_TRIGGER_LIMIT | 100 triggers/minute | Sets the trigger limit for filter alerts without email attached | |
| FILTER_ALERTS_MAX_CATCH_UP_LIMIT | 24h | Sets how long back filter alerts will be able to catch up with delays, expressed using Relative Time Syntax. Note that while a filter alert is catching up, it will not react to new events, so if a single event is causing the alert or the associated action(s) to fail, the alert will not trigger until that event is outside the catch up limit. For more information, see Filter alerts. | |
| FILTER_ALERTS_MAX_WAIT_FOR_MISSING_DATA | 24m | Sets how long filter alerts will wait for query warnings about missing data to disappear, expressed using Relative Time Syntax. If a filter alert is waiting for query warnings to disappear for longer than 15 minutes, the alert will not react to new events. If the query warning is permanent, the alert will not trigger until the whole waiting time has passed. For more information, see Filter alerts. | |
| FLUSH_BLOCK_SECONDS | 900 seconds | How long a mini-segment can stay open | |
| FORWARDING_BREAKER_EXP_BACKOFF_FACTOR | 2.0 | Increase reset time after each new failure | |
| FORWARDING_BREAKER_FAILURES | 50 | Failures before stopping all events in event forwarding | |
| FORWARDING_BREAKER_MAX_RESET | 60 seconds | Max reset time in event forwarding | |
| FORWARDING_BREAKER_RESET | 1 second | Awaiting time before a new event in event forwarding | |
| FORWARDING_BREAKER_TIMEOUT | 10 | Timeout before a call is considered a failure | |
| FORWARDING_MAX_CONCURRENCY | 50,000 | Max number of events waiting to be forwarded | |
| GC_KILL_THRESHOLD_MILLIS | Threshold for timeSpentOnGC that makes LogScale exit when exceeded | ||
| GCP_ARCHIVING_ACCOUNT_JSON_FILE | Path to the JSON configuration file for Google cloud storage archiving | ||
| GCP_ARCHIVING_BUCKET | Sets the name of the bucket to use for archiving | ||
| GCP_ARCHIVING_ENCRYPTION_KEY | Sets the encryption key for Google cloud storage for archiving | ||
| GCP_ARCHIVING_ENDPOINT_BASE | Sets the URL for pointing to your own non-Google Cloud storage endpoint for archiving | ||
| GCP_ARCHIVING_OBJECT_KEY_PREFIX | Allows nodes to share a bucket | ||
| GCP_EXPORT_WORKLOAD_IDENTITY | Uses Workload Identity for exporting to bucket of query results | ||
| GCP_STORAGE_ACCOUNT_JSON_FILE | Path to the JSON configuration file for Google cloud storage | ||
| GCP_STORAGE_BUCKET | Sets the name of the bucket to use | ||
| GCP_STORAGE_CONCURRENCY | cores/2 | The number of concurrent downloading/uploading files in GCP storage | |
| GCP_STORAGE_ENCRYPTION_KEY | Sets the encryption key of the bucket to use | ||
| GCP_STORAGE_ENDPOINT_BASE | Sets the URL for pointing to your own non-Google Cloud storage endpoint for storage | ||
| GCP_STORAGE_OBJECT_KEY_PREFIX | Allows nodes to share a bucket | ||
| GCP_STORAGE_PREFERRED_COPY_SOURCE | false | Sets how to download segments from bucket storage when prefetching | |
| GCP_STORAGE_USE_HTTP_PROXY | true | Enables/disables HTTP proxy for communicating with Google Cloud Bucket Storage | |
| GCP_STORAGE_WORKLOAD_IDENTITY | Uses Workload Identity for bucket storage | ||
| GITHUB_OAUTH_CLIENT_ID | GITHUB_OAUTH_CLIENT_ID Environment Variable | ||
| GITHUB_OAUTH_CLIENT_SECRET | GITHUB_OAUTH_CLIENT_SECRET Environment Variable | ||
| GLOB_ALLOW_LIST_EMAIL_ACTIONS | Allow all | Blocks recipients of email actions that are not in the provided allow list. | |
| GLOB_MATCH_LIMIT | 20,000 | Sets the maximum number of rows for csv_file in match() function | |
| GLOBAL_THROTTLE_PERCENTAGE | 20 | Percentage of time allowed for a global publishing thread before other transactions of that type are throttled | |
| GOOGLE_OAUTH_CLIENT_ID | The client_id from your Google OAuth App | ||
| GOOGLE_OAUTH_CLIENT_SECRET | The client_secret from your GitHub OAuth App | ||
| GRACE_PERIOD_BEFORE_DELETING_DEAD_EPHEMERAL_HOSTS_MS | 100 | Grace period in milliseconds before dead ephemeral hosts are deleted. | |
| GRACEFUL_SHUTDOWN_CONSIDERED_ALIVE_SECONDS | 300 | Number of seconds a server is considered alive during graceful shutdown. | |
| GRAPHQL_ALIAS_COUNT_LIMIT | 100 | Maximum number of aliases allowed in a GraphQL query. | |
| GRAPHQL_DIRECTIVE_COUNT_LIMIT | 100 | Maximum number of directives allowed in a GraphQL query. | |
| GRAPHQL_QUERY_ANALYSIS_DISABLED | true | Controls whether GraphQL query analysis is disabled. | |
| HEALTH_CHECK__CLUSTER_TIME_SKEW__WARN_THRESHOLD_MS | 15,000 ms | Sets the threshold for the difference in time between cluster nodes to indicate when the cluster-time-skew health check should trigger a WARN. | |
| HEALTH_CHECK__EVENT_LATENCY_P99__WARN_THRESHOLD_SEC | 30 sec | Sets the threshold for latency for events. This latency is measured from the time an event in received by LogScale and until the digest phase is done processing that event (running live searches and persisting to disk). This value indicates when the event-latency-p99 health check should trigger a WARN. | |
| HEALTH_CHECK__GLOBAL_TOPIC_LATENCY_P50__WARN_THRESHOLD_MSEC | 50 ms | Sets the threshold for latency in the global-events topic that is the shared communications channel in a cluster. This threshold indicates when the global-topic-latency-median health check should trigger a WARN. | |
| HEALTH_CHECK__PRIMARY_DISK_USAGE__WARN_THRESHOLD_SEC | 90 sec | Used when configuring the primary-disk-usage health check to set the percentage threshold for when to trigger a WARN. | |
| HEALTH_CHECK__SECONDARY_DISK_USAGE__WARN_THRESHOLD_SEC | 90 sec | Used when configuring the secondary-disk-usage health check to set the percentage threshold for when to trigger a WARN. | |
| HTTP_PROXY_HOST | Configures the HTTP proxy host used by connections from LogScale | ||
| HTTP_PROXY_ALLOW_ACTIONS_NOT_USE | false | Allows actions not to use HTTP proxy | |
| HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE | false | deprecated in 1.19 | Configures alert notifiers not to use HTTP proxy | 
| HTTP_PROXY_PASSWORD | Sets the password for HTTP proxy configuration | ||
| HTTP_PROXY_PORT | 3,129 | Sets the port for HTTP proxy configuration | |
| HTTP_PROXY_USERNAME | Sets the username for HTTP proxy configuration | ||
| HUMIO_AUDITLOG_DIR | /data/logs | 
        Sets the directory in which to store audit logs. When using
        containers this is set to be  
        On bare-metal it is set to  | |
| HUMIO_DEBUGLOG_DIR | /data/logs | 
        Sets the directory in which to store debug logs. When using
        containers this is set to be  
        On bare-metal it is set to  | |
| HUMIO_HTTP_BIND | HUMIO_SOCKET_BIND | IP to bind the http listening socket to | |
| HUMIO_KAFKA_TOPIC_PREFIX | Adds a prefix to the topic names in Kafka | ||
| HUMIO_LOG4J_CONFIGURATION | Sets the path for the log4j2-custom-config file | ||
| HUMIO_PORT | Sets the TCP port to listen for HTTP traffic | ||
| HUMIO_SOCKET_BIND | 0.0.0.0 | Sets the IP address to bind the UDP/TCP/HTTP listening sockets | |
| IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES | 4,320 minutes | Time in minutes dashboard queries keep running when not polled | |
| INGEST_FEED_AZURE_CLIENT_ID | Sets the ID of the default client. | ||
| INGEST_FEED_AZURE_CLIENT_SECRET | Sets the secret access key for azure | ||
| INGEST_FEED_GOVERNOR_CYCLE_DURATION | 1,000 | Duration in milliseconds for each ingest feed governor cycle. | |
| INGEST_FEED_MAX_CONCURRENT_POLLS | 1,000 | Maximum number of concurrent polls allowed for ingest feeds. | |
| INITIAL_FEATURE_FLAGS | empty | Configures feature flags within LogScale | |
| IOC_CROWDSTRIKE_API_CLIENT_ID | Sets the client ID for CrowdStrike Intel API | ||
| IOC_CROWDSTRIKE_API_CLIENT_SECRET | Sets the client secret for CrowdStrike Intel API | ||
| IOC_CROWDSTRIKE_API_URL | CrowdStrike API server URL for IOCs database download | ||
| IOC_UPDATE_SERVER_URL | https://ioc.humio.com | API server URL for IOCs database download | |
| IOC_USE_HTTP_PROXY | true | Allows to choose HTTP_PROXY for IOCs database update | |
| IP_FILTER_ACTIONS | IP-based access control list (ACL) for outgoing connections made by actions. Replaces IP_FILTER_NOTIFIERS | ||
| IP_FILTER_NOTIFIERS | IP-based access control list (ACL) for outgoing connections made by notifiers. Replaced by IP_FILTER_NOTIFIERS | ||
| IP_FILTER_RDNS |  | IP filter for filtering which IP addresses may be queried with the rdns()function orreverseDns()function. | |
| IP_FILTER_RDNS_SERVER |  | IP filter for filtering which DNS servers may be specified in the rdns()function orreverseDns()function. | |
| JOIN_DEFAULT_LIMIT | 100,000 | Default limit for join operations in queries. | |
| JVM_LOG_DIR | /data/logs | 
        Sets the directory in which to store Java logs. When using
        containers this is set to be  
        On bare-metal it is set to  | |
| JVM_TMP_DIR | /data/humio-data/jvm-tmp | 
        Sets the directory in which to store temporary Java data. When
        using containers this is set to be
         | |
| JWKS_REFRESH_INTERVAL | 3,600,000 | JWKS_REFRESH_INTERVAL Environment Variable | |
| KAFKA_CLIENT_RACK | Specifies the client.rackvalue
      directly. | ||
| KAFKA_CLIENT_RACK_ENV_VAR | ZONE | Finds the name of the variable that holds the value of client.rack. | |
| KAFKA_MANAGED_BY_HUMIO | true | Set/unset LogScale to create topics and manage replicas in Kafka | |
| KAFKA_SERVERS | Kafka bootstrap servers list | ||
| LDAP_AUTH_PRINCIPAL | Allows to transform LogScale login usernames so to enable LDAP authentication | ||
| LDAP_AUTH_PRINCIPALS_REGEX | Separates multiple patterns with users in more locations within LDAP | ||
| LDAP_AUTH_PROVIDER_CERT | The certification for key exchange to connect for LDAP authentication | ||
| LDAP_AUTH_PROVIDER_URL | The URL to connect to for LDAP authentication | ||
| LDAP_DOMAIN_NAME | Allows users to login with their username and not domain name | ||
| LDAP_GROUP_BASE_DN | The query to perform to get the user's groups for LDAP | ||
| LDAP_GROUP_FILTER | LDAP_GROUP_FILTER Environment Variable | ||
| LDAP_GROUP_SEARCH_BIND_FOR_LOOKUP | false | LDAP_GROUP_SEARCH_BIND_FOR_LOOKUP Environment Variable | |
| LDAP_GROUPNAME_ATTRIBUTE | Allows using an alternate attribute on the group record in LDAP as the group name in LogScale RBAC configuration | ||
| LDAP_SEARCH_BASE_DN | Sets the base DN search prefix for LDAP-Search authentication method | ||
| LDAP_SEARCH_BIND_NAME | Sets the bind principal for LDAP-Search authentication method | ||
| LDAP_SEARCH_BIND_PASSWORD | Sets the bind password for LDAP-Search authentication method | ||
| LDAP_SEARCH_DOMAIN_NAME | LDAP_SEARCH_DOMAIN_NAME Environment Variable | ||
| LDAP_SEARCH_FILTER | LDAP_SEARCH_FILTER Environment Variable | ||
| LDAP_USERNAME_ATTRIBUTE | Allows choosing some attribute in the LDAP user record as the username in LogScale | ||
| LDAP_VERBOSE_LOGGING | false | LDAP_VERBOSE_LOGGING Environment Variable | |
| LIVEQUERY_CANCEL_COST_PERCENTAGE | 10 | Backlog allowed before canceling the queries with the highest cost | |
| LIVEQUERY_CANCEL_TRIGGER_DELAY_MS | 20,000 ms | Sets cancelling of the most consuming live queries | |
| LOCAL_STORAGE_MIN_AGE_DAYS | Minimum number of days to keep a fresh segment file before it is deleted locally | ||
| LOCAL_STORAGE_PERCENTAGE | 85 % | Sets a limit to the percentage of disk full | |
| LOGSCALE_SAML_IDP_REQUIRE_MATCHING_EMAIL_DOMAIN | false | Whether the email domain is required to match | |
| MAX_BUCKET_POINTS | 10,000 | MAX_BUCKET_POINTS Environment Variable | |
| MAX_CHARS_TO_FIND_TIMESTAMP | Sets the number of characters searched by the findTimestamp()function | ||
| MAX_CONCURRENT_EXPORTS_PER_VIEW | 10 | MAX_CONCURRENT_EXPORTS_PER_VIEW Environment Variable | |
| MAX_CONCURRENT_QUERIES_ON_WORKER | 1,000 | Maximum number of historic queries that can be executed on a single worker node. This limit does not apply to live parts of queries. | |
| MAX_DISTINCT_TAG_VALUES | 1,000 | Allows auto-grouping of tags | |
| MAX_EVENT_FIELD_COUNT | 8,000 fields | Sets the enforced maximum number of fields in an event in the ingest phase | |
| MAX_EVENT_FIELD_COUNT_IN_PARSER | 50,000 fields | Specifies the number of fields allowed within the parser | |
| MAX_EVENT_SIZE | 1 MiB | Specifies the maximum allowed event size | |
| MAX_FILEUPLOAD_SIZE | 104,857,600 bytes | Specifies the maximum size of uploaded files. | |
| MAX_GRAPHQL_QUERY_DEPTH | 11 | MAX_GRAPHQL_QUERY_DEPTH Environment Variable | |
| MAX_HOURS_SEGMENT_OPEN | 24 hours | The maximum number of hours a merge target will remain open for writing before being closed. | |
| MAX_INGEST_DELAY_SECONDS | 3,600 seconds | Events backlog allowed before LogScale starts responding on http interfaces | |
| MAX_INGEST_REQUEST_SIZE | 33,554,432 bytes | Size limit of ingest requests after content-encoding has been applied. | |
| MAX_JITREX_BACKTRACK | 1,000 | Limits CPU resources spent in a regex match | |
| MAX_JOIN_LIMIT | 200,000 rows | Sets the limit parameter of the join()function. | |
| MAX_NUMBER_OF_GLOBALDATA_DUMPS_TO_KEEP | 20 data dumps | Maximum number of global data dumps | |
| MAX_QUERY_PENALTY_CREDIT_FOR_BLOCKED_QUERIES_FACTOR | 5.0 | Maximum factor for penalty credit given for blocked queries. | |
| MAX_QUERY_POLLS_FOR_WORKER | 100 | Maximum number of worker polls (across all workers) scheduled per second. | |
| MAX_SECS_WAIT_FOR_SYNC_WHEN_CHANGING_DIGEST_LEADER | 5 minutes | Specifies when digest coordination will permit a node that is not in sync | |
| MAX_SERIES_LIMIT | 500 series | Determines the max amount of series in a bucket and/or timechart. | |
| MAX_SERIES_MEMLIMIT | Determines the maximum memory for a series in a bucket and/or timechart. | ||
| MAXMIND_ACCOUNT_ID | true | Sets automatic update of MaxMind IP location database | |
| MAXMIND_BASE_URL | Enables to change the base path to download MaxMind from | ||
| MAXMIND_EDITION_ID | deprecated in 1.19 | Deprecated, replaced by MAXMIND_IP_LOCATION_EDITION_ID | |
| MAXMIND_IP_LOCATION_EDITION_ID | Allows to use an alternative MaxMind database for IP location information (optional) | ||
| MAXMIND_LICENSE_KEY | Where to specify the license key for your account if you have a MaxMind license | ||
| MIN_QUERY_PERMITS_FACTOR | 1.0 | Minimum factor for query permits allocation. | |
| MINI_SEGMENT_MAX_MERGE_DELAY_MS_BEFORE_WARNING | 48 ms | Logs a warning if mini segment is not merged | |
| MINIMUM_HUMIO_VERSION | 1.0.0 | Minimum version of Humio (LogScale) required for the cluster. | |
| MULTI_PASS_DEFAULT_ITERATION_LIMIT | 10 | Default limit for the number of iterations in multi-pass operations. | |
| MULTI_PASS_MAX_ITERATION_LIMIT | 50 | Maximum limit for the number of iterations in multi-pass operations. | |
| NODE_ROLES | all | Select the logical roles for a node within the LogScale cluster | |
| OIDC_AUDIENCE | Audience to expect in a JWT | ||
| OIDC_AUTHORIZATION_ENDPOINT | URL to endpoint user is redirected to when authorizing | ||
| OIDC_CACHE_USERINFO_MS | 600,000 ms | How long user info is cached on a LogScale node | |
| OIDC_ENABLE_DIRECT_TOKEN_AUTH | false | Whether direct token authorization is enabled. | |
| OIDC_GROUPS_CLAIM | humio-groups | Claim name to interpret as the groups in LogScale | |
| OIDC_JWKS_URI | URL to JWKS endpoint for keys to validate tokens | ||
| OIDC_MULTI_ORG_CLAIM | Claim name when running with multiple organizations in LogScale | ||
| OIDC_OAUTH_CLIENT_ID | Client ID of OpenID application | ||
| OIDC_OAUTH_CLIENT_SECRET | Client secret of OpenID application | ||
| OIDC_PROVIDER | URL to the OpenID Connect provider | ||
| OIDC_REQUIRE_ISSUER_MATCH | true | Whether issuer match is required. | |
| OIDC_SCOPE_CLAIM | scope | Claim for OIDC scope. | |
| OIDC_SCOPES | OIDC_SCOPES Environment Variable | ||
| OIDC_SERVICE_NAME | OpenID Connect | OIDC provider name displayed at sign in | |
| OIDC_SUBDOMAIN_FROM_REQUEST_URL | false | Whether subdomain from request URL is permitted. | |
| OIDC_TOKEN_ENDPOINT | URL to token endpoint used to exchange authentication code to an access token | ||
| OIDC_TOKEN_ENDPOINT_AUTH_METHOD | Authorization method for a token endpoint | ||
| OIDC_USE_HTTP_PROXY | true | Whether to use the HTTP proxy for calling OIDC | |
| OIDC_USERINFO_ENDPOINT | URL to user info endpoint to retrieve user information from an access token | ||
| OIDC_USERNAME_CLAIM | humio-user | Name of the claim to interpret as username in LogScale | |
| ONLY_CREATE_USER_IF_SYNCED_GROUPS_HAVE_ACCESS | false | Configures whether users are created if synced groups have access to the sandbox and system repositories | |
| PARSER_THROTTLING_ALLOC_FACTOR | 1.0 | Factor used to determine the allocation of resources for parser throttling. Controls the fraction of resources dedicated to parsing operations to prevent overload. | |
| POSTMARK_FROM | Send emails using the Postmark service | ||
| POSTMARK_SERVER_SECRET | Sets the values for your server's token when using the Postmark service | ||
| PRIMARY_STORAGE_MAX_FILL_PERCENTAGE | Primary segment files' storage limit | ||
| PRIMARY_STORAGE_PERCENTAGE | Primary segment files' storage limit | ||
| PROMETHEUS_METRICS_PORT | Enables Prometheus to scrape metrics from LogScale | ||
| PUBLIC_URL | Public URL where LogScale instance is reachable from a browser | ||
| QUERY_CACHE_MIN_COST | 1,000L | Enables/disables caching when using features that store a copy of live search results to the local disk | |
| QUERY_EXECUTOR_CORES | Sets the number of CPU cores to reduce pressure on context switching due to hyper-threading | ||
| RDNS_DEFAULT_SERVER |  | Default server to use for reverse DNS queries using rdns()function orreverseDns()function. | |
| READ_GROUP_PERMISSIONS_FROM_FILE | false | Allows groups and roles to be converted to new RBAC model and visible under Administration in read-only | |
| REJECT_INGEST_ON_PARSER_EXCEEDING_FRACTION | 0.85 | Fraction threshold that determines when to reject ingest operations if a parser is exceeding its allocated resources. When parser resource usage exceeds this fraction of its allocation, new ingest operations will be rejected. | |
| S3_ARCHIVING_ACCESSKEY | Sets the S3 access keys for archiving ingested logs in export format | ||
| S3_ARCHIVING_CLUSTER_WIDE_DISABLED | false | Boolean flag that controls whether S3 archiving is disabled across the entire cluster. When set to true, S3 archiving will be disabled for all repositories in the cluster regardless of individual settings. | |
| S3_ARCHIVING_CLUSTER_WIDE_END_AT | 2099-12-31T23:59:59.999Z | End date and time for cluster-wide S3 archiving period. Specifies when to stop S3 archiving across the cluster. Value should be in ISO-8601 format (yyyy-MM-dd'T'HH:mm:ss.SSSZ). | |
| S3_ARCHIVING_CLUSTER_WIDE_REGEX_FOR_REPO_NAME | .* | Regular expression pattern used to match repository names for cluster-wide S3 archiving. Only repositories with names matching this pattern will be included in cluster-wide S3 archiving. Use ".*" to match all repositories. | |
| S3_ARCHIVING_CLUSTER_WIDE_START_FROM | 2020-01-01T00:00:00.000Z | Start date and time for cluster-wide S3 archiving period. Specifies when to begin S3 archiving across the cluster. Value should be in ISO-8601 format (yyyy-MM-dd'T'HH:mm:ss.SSSZ). | |
| S3_ARCHIVING_ENDPOINT_BASE | Allows to point to a non-AWS endpoint for archiving | ||
| S3_ARCHIVING_REQUIRE_ROLE | Sets whether S3 configuration is using an IAM user or IAM role (recommended). | ||
| S3_ARCHIVING_SECRETKEY | Sets the S3 secret key for archiving of ingested logs in an export format | ||
| S3_ARCHIVING_USE_HTTP_PROXY | true | Whether to use the globally configured HTTP proxy for communicating with S3 | |
| S3_ARCHIVING_WORKERCOUNT | 1 | Sets the number of parallel workers for upload | |
| S3_EXPORT_USE_HTTP_PROXY | true | Enables/disables HTTP proxy configured for exporting to Amazon S3 | |
| S3_RECOVER_FROM_KMS_KEY_ARN | Arn to the KMS key when using server side encryption on a recovery bucket | ||
| S3_STORAGE_2_KMS_KEY_ARN | ARN to the KMS key when using server side encryption on a 2nd bucket | ||
| S3_STORAGE_ACCESSKEY | Sets the access key for S3 storage | ||
| S3_STORAGE_BUCKET | Bucket storage S3 variant | ||
| S3_STORAGE_CONCURRENCY | cores/2 | The number of concurrent downloading/uploading files in S3 storage | |
| S3_STORAGE_ENCRYPTION_KEY | Sets the encryption key for S3 storage | ||
| S3_STORAGE_ENDPOINT_BASE | Sets the URL for pointing to your own non-AWS endpoint for S3 storage | ||
| S3_STORAGE_KMS_KEY_ARN | ARN to the KMS key when using server side encryption on a bucket | ||
| S3_STORAGE_OBJECT_KEY_PREFIX | Sets the optional prefix for all object keys | ||
| S3_STORAGE_PREFERRED_COPY_SOURCE | false | Sets how to download segments from bucket storage when prefetching | |
| S3_STORAGE_REGION | S3_STORAGE_REGION Environment Variable | ||
| S3_STORAGE_SECRETKEY | Sets Secret Key for S3 bucket storage | ||
| S3_STORAGE_USE_HTTP_PROXY | true | Enables/disables HTTP proxy for communicating with Amazon Bucket Storage | |
| SAML_ADMIN_ATTRIBUTE_ACCEPT_VALUE | SAML_ADMIN_ATTRIBUTE_ACCEPT_VALUE Environment Variable | ||
| SAML_ALTERNATIVE_IDP_CERTIFICATE | Provides an alternative certificate for authentication | ||
| SAML_DEBUG | false | SAML_DEBUG Environment Variable | |
| SAML_GROUP_MEMBERSHIP_ATTRIBUTE | Synchronizes the groups upon successful login in LogScale | ||
| SAML_IDP_CERTIFICATE | Provides a certificate for authentication | ||
| SAML_IDP_ENTITY_ID | IDP identifier used internally in the authentication flow | ||
| SAML_IDP_SIGN_ON_URL | User accessing LogScale is redirected to this variable and authentication flow starts | ||
| SAML_USER_ATTRIBUTE | Allows to set a different user attribute name | ||
| SANGRIA_LOG_SLOW_MILLIS | SANGRIA_LOG_SLOW_MILLIS Environment Variable | ||
| SCHEDULED_SEARCH_BACKFILL_LIMIT | 5 | Configures the global maximum backfill limit for scheduled searches | |
| SCHEDULED_SEARCH_DESPITE_WARNINGS | false | Configures actions trigger in schedules searches in case of warnings | |
| SECONDARY_DATA_DIRECTORY | Enables a secondary file system to store segment files | ||
| SECONDARY_STORAGE_MAX_FILL_PERCENTAGE | Sets the limit for secondary storage in percentage | ||
| SELFJOIN_LIMIT | 10 | Maximum number of self-joins allowed in a query. Limits the complexity of queries to prevent excessive resource consumption from queries with too many self-joins. If 0 or less, then it is unlimited. | |
| SEND_USER_INVITES | true | Sets whether to send email invitations | |
| SHARED_DASHBOARDS_ENABLED | true | Allows to disable shared dashboards | |
| SHUTDOWN_ABORT_FLUSH_TIMEOUT_MILLIS | 30,000 ms | How long the digest worker thread keeps working on flushing the contents of in-memory buffers at shutdown | |
| SINGLE_USER_PASSWORD | Sets the password for single-user authentication mode | ||
| SINGLE_USER_USERNAME | user | Sets the username for single-user authentication mode | |
| SMTP_HOST | Allows to send emails using an SMTP server | ||
| SMTP_PASSWORD | Sets the secret password when using an SMTP server for emails | ||
| SMTP_PORT | Sets the port number when using an SMTP server for emails | ||
| SMTP_SENDER_ADDRESS | Sets your sender address when using an SMTP server for emails | ||
| SMTP_USE_STARTTLS | Enables/disables StartTLS when using an SMTP server for emails | ||
| SMTP_USERNAME | Sets your username when using an SMTP server for emails | ||
| STATIC_IMAGE_CONTENT_URL | Allows note widgets to display images from the configured URL | ||
| STREAMING_QUERY_KEEPALIVE_NEWLINES | false | Whether to emit a newline into streaming query responses | |
| STREAMING_QUERY_KEEPALIVE_NEWLINES_ON_NODES | false | Whether to emit a newline into streaming query responses for internal requests | |
| STREAMING_QUERY_KEEPALIVE_TIMEOUT | unset | The keep-alive duration to set on HTTP responses for streaming queries | |
| TABLE_CACHE_MEMORY_ALLOWANCE_FRACTION | 0.2 | Specifies the maximum fraction of available memory for the table cache. Controls how much of the system's memory can be used for caching query result tables. It is specified as a fraction of the total memory available for files. | |
| TAG_HASHING_BUCKETS | 32 | Used to support auto-grouping of tags | |
| TCP_INGEST_MAX_TIMEOUT_SECONDS | Sets the timeout for TCP ingest listeners | ||
| THREAD_SIZE_LOGGING_INTERVAL_SECONDS | THREAD_SIZE_LOGGING_INTERVAL_SECONDS Environment Variable | ||
| TLS_CIPHER_SUITES | Used to set the allowed TLS protocols and cipher suites | ||
| TLS_CLIENT_ALIAS | Alias of the key in the keystore to use when a client request is made from other LogScale instances or to a webhook notifier | ||
| TLS_CLIENT_AUTH | false | Whether to require TLS client authentication | |
| TLS_DEFAULT_ALIAS | Alias of the key in the keystore to use when serving a client without an SNI extension header | ||
| TLS_HOSTNAME_VERIFICATION_FILTER | Whether to perform hostname verification | ||
| TLS_KEY_PASSWORD | The key password for TLS | ||
| TLS_KEYSTORE_LOCATION | Path to the keystore | ||
| TLS_KEYSTORE_TYPE | The type of keystore, either PKCS12 or JKS | ||
| TLS_PROTOCOLS | Sets the TLS protocols to allow when communicating | ||
| TLS_SERVER | Whether TLS should be used when serving the web interface | ||
| TLS_TRUSTSTORE_LOCATION | Path to the truststore | ||
| TLS_TRUSTSTORE_PASSWORD | Password to unlock the truststore, if any | ||
| TLS_TRUSTSTORE_TYPE | The type of truststore, either PKCS12 or JKS | ||
| TOP_K_MAX_MAP_SIZE_HISTORICAL | 32 * 1,024 bytes | TOP_K_MAX_MAP_SIZE_HISTORICAL Environment Variable | |
| TOP_K_MAX_MAP_SIZE_LIVE | 8 * 1,024 bytes | TOP_K_MAX_MAP_SIZE_LIVE Environment Variable | |
| TOPIC_MAX_MESSAGE_BYTES | 8,388,608 bytes | When LogScale is managing Kafka, overrides the default message
      size. Only applicable on initial creation of a topic. To customize
      the behavior, use the scripts shipping with the Kafka install: kafka/bin/kafka-configs.sh. | |
| UI_AUTH_FLOW | true | UI_AUTH_FLOW Environment Variable | |
| USING_EPHEMERAL_DISKS | false | Whether to use ephemeral disks on all nodes | |
| VALUE_DEDUP_LEVEL | Limits the CPU time spent on removing duplication of values | ||
| VERBOSE_AUTH | false | VERBOSE_AUTH Environment Variable | |
| WARN_ON_INGEST_DELAY_MILLIS | 120,000 ms | Warns when ingest is delayed | |
| ZONE | When set, allows to spread spread partitions across the different zones |