Environment Variables

Below is an alphabetical list of all Humio environment variables. These are variables that are exclusively related to Humio software, as well as options that are related to other systems that integrate with Humio (e.g., Amazon AWS, Google Cloud, etc.). Click on the name of a variable for more details on it, along with related and similar options listed after this lengthy table.

Environment Variable

Value Type

Default Value

ACTION_LINK_BASE_URL

string

PUBLIC_URL

ALERT_DESPITE_WARNINGS

boolean

false

ALERT_DISCLAIMER

string

ALERT_MAX_THROTTLE_FIELD_VALUES_STORED

integer

100

ALLOW_CHANGE_REPO_ON_EVENTS

boolean

false

ALLOW_GLOBAL_FROM_HTTP

boolean

true

ALLOW_XML_DOCTYPE_DECL

boolean

false

AUDITLOG_SENSITIVE_RETENTION_DAYS

long

200 * 365

AUTH_ALLOW_SIGNUP

boolean

true

AUTH_BY_PROXY_HEADER_NAME

string

none

AUTHENTICATION_METHOD

string

none

AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN

boolean

false

AUTOSHARDING_CHECKINTERVAL_MS

long

30 * 1000

AUTOSHARDING_MAX

integer

16

AUTOSHARDING_TRIGGER_DELAY_MS

long

20 * 1000

AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN

boolean

false

AUTO_UPDATE_IP_LOCATION_DB

boolean

true

AUTO_UPDATE_MAXMIND

boolean

true

BACKUP_DIR

string

humio-backup

BACKUP_KEY

string

developer

BACKUP_NAME

string

none

BITBUCKET_OAUTH_CLIENT_ID

string

none

BITBUCKET_OAUTH_CLIENT_SECRET

string

none

BLOCK_SIZE_MAX_KB

integer

1024

BLOCK_SIZE_MIN_KB

integer

384

BLOCKS_PER_MINISEGMENT

integer

128

BLOCKS_PER_SEGMENT

integer

8000

BLOCKS_PER_SEGMENT_MERGE_EXISTING

integer

2000

BOOTSTRAP_HOST_ID

integer

0

BOOTSTRAP_HOST_UUID_COOKIE

string

none

BUCKET_STORAGE_IGNORE_ETAG_AFTER_UPLOAD

boolean

false

BUCKET_STORAGE_IGNORE_ETAG_UPLOAD

boolean

false

BUCKET_STORAGE_DOWNLOAD_IN_QUERY_TIMEOUT_SECONDS

integer

180

BUCKETSTORAGECLEANINGJOB_DELETE_UNKNOWN_SEGMENTS

boolean

false

CACHE_STORAGE_DIRECTORY

string

none

CACHE_STORAGE_PERCENTAGE

integer

90

CLUSTER_PING_TIMEOUT_SECONDS

integer

90

COMPRESSION_LEVEL

numeric

6 or 9

COMPRESSION_LEVEL_MINI

integer

0

COMPRESSION_TYPE

string

high

CORES

integer

CREATE_HUMIO_SEARCH_ALL

boolean

false

DAYS_BEFORE_TOMBSTONE_DELETION

long

14

DEFAULT_GROUPS

list

empty

DEFAULT_PARTITION_COUNT

integer

24

DELETE_BACKUP_AFTER_MILLIS

long

7L * 24 * 60 * 60 * 1000L

DELETE_ON_INGEST_QUEUE

boolean

true

DELETE_UNKNOWN_LOCAL_SEGMENT_FILES

boolean

false

DELETES_DELAY_MILLIS

long

600 * 1000L

DIGEST_BUFFER_MAX_MILLIS

integer

16000

DIGEST_BUFFER_MIN_MILLIS

integer

100

DIGEST_EXECUTOR_CORES

integer

CORES/2

DIGEST_REPLICATION_FACTOR

intopt

none

DIGESTWRITER_QUEUE_MAX

integer

17

DIRECTORY

DUMP_THREADS_ONLY_HUMIO_THREADS

boolean

true

DUMP_THREADS_SECONDS

integer

10

ELASTIC_PORT

integer

none

EMERGENCY_USERS

boolean

false

ENABLE_ALERTS

boolean

true

ENABLE_EVENT_FORWARDING

boolean

false

ENABLE_GRAPHQL_REQUEST_COUNT

boolean

true

ENABLE_PERSONAL_API_TOKENS

boolean

true

ENABLE_QUERY_LOAD_BALANCING

boolean

true

ENABLE_SCHEDULED_SEARCHES

boolean

true

ENABLEINTERNALLOGGER

boolean

true

ENFORCE_AUDITABLE

boolean

false

EXACT_MATCH_LIMIT

integer

1000 * 1000

EXTERNAL_URL

string

http://localhost:PORT

EXTRA_KAFKA_CONFIGS_FILE

string

none

FEDERATED_QUERY_ENABLED

boolean

FLUSH_BLOCK_SECONDS

integer

1800

FORWARDING_BREAKER_EXP_BACKOFF_FACTOR

double

2.0

FORWARDING_BREAKER_FAILURES

integer

50

FORWARDING_BREAKER_MAX_RESET

duration

60s

FORWARDING_BREAKER_TIMEOUT

integer

10

FORWARDING_BREAKER_RESET

duration

1s

FORWARDING_MAX_CONCURRENCY

integer

GITHUB_OAUTH_CLIENT_ID

string

none

GITHUB_OAUTH_CLIENT_SECRET

string

none

GOOGLE_OAUTH_CLIENT_ID

string

none

GOOGLE_OAUTH_CLIENT_SECRET

string

none

GC_KILL_FACTOR

double

1

GC_KILL_THRESHOLD_MILLIS

long

none

GCP_STORAGE_BUCKET

GCP_STORAGE_ENCRYPTION_KEY

GCP_STORAGE_OBJECT_KEY_PREFIX

HEALTH_CHECK__GRACE_PERIOD_SEC

HASHFILTER_FILL

integer

30

HASHFILTER_MAX_FILE_PERCENTAGE

integer

50

HASHFILTER_BACKFILLING_ENABLED

boolean

true

HTTP_PROXY_ALLOW_ACTIONS_NOT_USE

boolean

false

HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE

boolean

false

HTTP_PROXY_HOST

string

none

HTTP_PROXY_PASSWORD

string

none

HTTP_PROXY_PORT

integer

3129

HTTP_PROXY_USERNAME

string

none

HUMIO_HTTP_BIND

string

HUMIO_SOCKET_BIND

HUMIO_JVM_ARGS

HUMIO_KAFKA_TOPIC_PREFIX

string

none

HUMIO_PORT

integer

8080

HUMIO_SOCKET_BIND

string

0.0.0.0

INGEST_PRODUCER_BUFFER_MEMORY

long

none

INGEST_QUEUE_INITIAL_PARTITIONS

integer

24

INGEST_QUEUE_REPLICATION_FACTOR

integer

2

INGESTQUEUE_COMPRESSION_LEVEL

integer

1

INGRESS_SERVICE_HOSTNAME

IOC_CROWDSTRIKE_API_CLIENT_ID

string

IOC_CROWDSTRIKE_API_CLIENT_SECRET

string

IOC_CROWDSTRIKE_API_URL

string

IOC_UPDATE_SERVER_URL

string

https://ioc.humio.com

IOC_USE_HTTP_PROXY

boolean

IP_FILTER_ACTIONS

string

IP_FILTER_NOTIFIERS

string

JWKS_REFRESH_INTERVAL

long

3600000

KAFKA_MANAGED_BY_HUMIO

boolean

true

KAFKA_SERVERS

LDAP_AUTH_PRINCIPAL

LDAP_AUTH_PRINCIPALS_REGEX

LDAP_AUTH_PROVIDER_CERT

LDAP_AUTH_PROVIDER_URL

LDAP_GROUP_BASE_DN

LDAP_GROUP_SEARCH_BIND_FOR_LOOKUP

boolean

false

LDAP_GROUP_FILTER

LDAP_DOMAIN_NAME

LDAP_GROUPNAME_ATTRIBUTE

LDAP_SEARCH_BASE_DN

LDAP_SEARCH_DOMAIN_NAME

LDAP_SEARCH_FILTER

LDAP_USERNAME_ATTRIBUTE

LDAP_VERBOSE_LOGGING

boolean

false

LIVEQUERY_CANCEL_COST_PERCENTAGE

long

10

LIVEQUERY_CANCEL_TRIGGER_DELAY_MS

long

60

LIVEQUERY_STALE_CANCEL_COST_PERCENTAGE

long

10

LIVEQUERY_STALE_CANCEL_TRIGGER_DELAY_MS

long

20 * 1000

LOCAL_STORAGE_MIN_AGE_DAYS

integer

LOCAL_STORAGE_PERCENTAGE

intopt

LOG4J_CONFIGURATION

MAPPER_JOB_QUEUE_LENGTH

integer

4

MAPPER_MAX_FILES_AT_ONCE

integer

4

MAX_BLOCKS_IN_PROGRESS_PR_CORE

integer

8

MAX_BUCKET_POINTS

integer

10000

MAX_CHARS_TO_FIND_TIMESTAMP

integer

MAX_CONCURRENT_EXPORTS_PER_VIEW

integer

10

MAX_DATASOURCES

integer

10000

MAX_DISTINCT_TAG_VALUES

integer

1000

MAX_EVENT_FIELD_COUNT

integer

1000

MAX_EVENT_SIZE

integer

1024<sup>2</sup>

MAX_FALLOCATE_ESTIMATE

long

1024L<sup>2</sup>

MAX_FILEUPLOAD_SIZE

bytes

1024L<sup>2</sup>

MAX_GRAPHQL_QUERY_DEPTH

integer

11

MAX_HOURS_SEGMENT_OPEN

integer

24

MAX_INGEST_DELAY_SECONDS

integer

3600

MAX_INTERNAL_STATESIZE

long

MAX_JITREX_BACKTRACK

integer

1000

MAX_JOIN_LIMIT

integer

100000

MAX_NUMBER_OF_GLOBALDATA_DUMPS_TO_KEEP

integer

20

MAX_QUERIES_IN_PROGRESS

integer

4

MAX_SERIES_LIMIT

integer

50

MAX_SERIES_MEMLIMIT

bytes

1kb

MAX_STATE_LIMIT

integer

20000

MAXMIND_ACCOUNT_ID

MAXMIND_BASE_URL

string

MAXMIND_EDITION_ID

MAXMIND_IP_LOCATION_EDITION_ID

MAXMIND_LICENSE_KEY

MAX_ZDICT_SIZE

integer

384 * 1024

MEASURETHREADALLOCATIONS

boolean

true

MERGE_UNDERSIZED_SEGMENTS_ENABLED

boolean

true

MINUTES_BEFORE_TOMBSTONE_DELETION_NO_CURRENTS

long

240

NEW_PERMISSIONS_MODEL

boolean

false

NODE_ROLES

string

OIDC_AUDIENCE

OIDC_AUTHORIZATION_ENDPOINT

OIDC_CACHE_USERINFO_MS

long

600000

OIDC_GROUPS_CLAIM

OIDC_JWKS_URI

OIDC_OAUTH_CLIENT_ID

OIDC_OAUTH_CLIENT_SECRET

OIDC_PROVIDER

OIDC_SCOPES

OIDC_SERVICE_NAME

OIDC_TOKEN_ENDPOINT

OIDC_TOKEN_ENDPOINT_AUTH_METHOD

OIDC_USERINFO_ENDPOINT

OIDC_USERNAME_CLAIM

ONLY_CREATE_USER_IF_SYNCED_GROUPS_HAVE_ACCESS

boolean

false

PERMISSION_MODEL_MODE

POSTMARK_FROM

POSTMARK_SERVER_SECRET

PREFIX_AUTHORIZATION_ENABLED

PRIMARY_STORAGE_MAX_FILL_PERCENTAGE

PRIMARY_STORAGE_PERCENTAGE

PROMETHEUS_METRICS_PORT

integer

none

PUBLIC_URL

string

QUERY_CACHE_MIN_COST

long

1000L

QUERY_COORDINATOR

boolean

true

QUERY_EXECUTOR_CORES

integer

QUERY_STATE_SIZE_LOGGING_INTERVAL_SECONDS

long

READ_GROUP_PERMISSIONS_FROM_FILE

boolean

false

S3_ARCHIVING_ACCESSKEY

S3_ARCHIVING_SECRETKEY

S3_ARCHIVING_USE_HTTP_PROXY

boolean

true

S3_ARCHIVING_WORKERCOUNT

S3_STORAGE_ACCESSKEY

S3_STORAGE_BUCKET

S3_STORAGE_CHUNK_SIZE

S3_STORAGE_CHUNK_COUNT

S3_STORAGE_DOWNLOAD_CONCURRENCY

S3_STORAGE_UPLOAD_CONCURRENCY

S3_STORAGE_ENCRYPTION_KEY

S3_STORAGE_HCP_COMPAT

boolean

false

S3_STORAGE_OBJECT_KEY_PREFIX

S3_STORAGE_REGION

S3_STORAGE_SECRETKEY

S3_STORAGE_WORKERCOUNT

SAML_DEBUG

boolean

false

SAML_IDP_CERTIFICATE

SAML_IDP_ENTITY_ID

SAML_IDP_SIGN_ON_URL

string

SAML_GROUP_MEMBERSHIP_ATTRIBUTE

SAML_USER_ATTRIBUTE

SANGRIA_LOG_SLOW_MILLIS

intopt

SCHEDULED_SEARCH_BACKFILL_LIMIT

integer

5

SCHEDULED_SEARCH_DESPITE_WARNINGS

boolean

false

SECONDARY_DATA_DIRECTORY

SECONDARY_STORAGE_MAX_FILL_PERCENTAGE

SEGMENT_UNDER_REPLICATION_GRACE_PERIOD_MILLIS

long

30 * 1000

SEND_USER_INVITES

boolean

true

SERVER

SHARED_DASHBOARDS_ENABLED

boolean

false

SHARED_BLOCK_INVOKER_THRESHOLD

long

100 * 1024 * 1024 * 1024L

SHUTDOWN_ABORT_FLUSH_TIMEOUT_MILLIS

long

300 * 1000L

SINGLE_USER_PASSWORD

SMTP_HOST

SMTP_PASSWORD

SMTP_PORT

integer

none

SMTP_SENDER_ADDRESS

SMTP_USE_STARTTLS

boolean

SMTP_USERNAME

STORAGE_REPLICATION_FACTOR

intopt

STREAMING_QUERY_KEEPALIVE_NEWLINES

boolean

false

STREAMING_QUERY_KEEPALIVE_NEWLINES_ON_NODES

boolean

false

STREAMING_QUERY_KEEPALIVE_TIMEOUT

intopt

TAG_HASHING_BUCKETS

integer

32

TCP_INGEST_MAX_TIMEOUT_SECONDS

long

TLS_CLIENT_ALIAS

TLS_CLIENT_AUTH

TLS_CIPHER_SUITES

TLS_DEFAULT_ALIAS

TLS_KEY_PASSWORD

TLS_PROTOCOLS

TLS_SERVER

boolean

TLS_TRUSTSTORE_LOCATION

TLS_TRUSTSTORE_PASSWORD

TLS_TRUSTSTORE_TYPE

THREAD_SIZE_LOGGING_INTERVAL_SECONDS

long

TOP_K_MAX_MAP_SIZE_HISTORICAL

integer

32 * 1024

TOP_K_MAX_MAP_SIZE_LIVE

integer

8 * 1024

UI_AUTH_FLOW

boolean

true

USE_INGEST_QUEUE

boolean

true

USE_JAVA_REGEX

boolean

false

USE_JAVA_REGEX_FOR_INTERNALS

boolean

true

USING_EPHEMERAL_DISKS

boolean

false

VALUE_DEDUP_LEVEL

integer

VERBOSE_AUTH

boolean

false

VERIFY_CRC32_ON_SEGMENT_FILES

boolean

true

WARN_ON_INGEST_DELAY_MILLIS

integer

120 * 1000

ZONE

ZOOKEEPER_PREFIX_FOR_NODE_UUID

ZOOKEEPER_SESSIONTIMEOUT_FOR_NODE_UUID

integer

5000

ZOOKEEPER_URL

string

ZOOKEEPER_URL_FOR_NODE_UUID

Descriptions of Environment Variables

Below are all of the Humio environment variables, with descriptions of each. This includes generally the data type and default value of each. For many, there is an example of how it might be used in a Humio configuration file.

ACTION_LINK_BASE_URL is the base URL to use in links sent from actions. Trailing slashes in the URL are discarded.

Type

String

Default Value

PUBLIC_URL

This property is only important if you plan to use actions that send messages that include links to the Humio UI.

Below is an example:

ini
ACTION_LINK_BASE_URL=https://humio.mycompany.com

It is not a problem, if the URL is only reachable behind a VPN, as the user’s browser can still access it.

ALERT_DESPITE_WARNINGS

The ALERT_DESPITE_WARNINGS option allows alerts to activate even though there are warnings from the alert query. Be careful enabling this option.

Type

Boolean

Default Value

false

Below is an example:

ini
ALERT_DESPITE_WARNINGS=false

ALERT_DISCLAIMER

For alerts sent from Humio Cloud accounts, a small disclaimer is included on top of every email to clarify that it is sent as a Humio notifier.

Type

String

Default Value

For on-premise installations, you have the option to enable it by setting the ALERT_DISCLAIMER environment variable.

ini
ALERT_DISCLAIMER=This is an alert from repository/view ${viewName}

The ${viewName} variable will be replaced by the name of the view or repository.

ALERT_MAX_THROTTLE_FIELD_VALUES_STORED

This is used to set the maximum number of field values stored per alert that is using field-based throttling.

Type

Integer

Default Value

100

If such alerts trigger with the same field value before the throttle period has elapsed, you might want to increase this limit. Increasing this limit might increase the memory usage of every node in the cluster.

ini
ALERT_MAX_THROTTLE_FIELD_VALUES_STORED=100

When an alert triggers, Humio stores the value of the throttle field in memory. To limit memory usage, there is a fixed limit on the number of values, which Humio stores per alert. If you select a throttle field that can assume more values than the limit, your alert might trigger more frequently than indicated by the given throttle period. For self-hosted installations, the limit can be altered with ALERT_MAX_THROTTLE_FIELD_VALUES_STORED.

ALLOW_CHANGE_REPO_ON_EVENTS

If this variable is set to true, the HTTP Event Collector (HEC) allows ingest to any repository specified as "index": "<repository-name>" in the body of a message, as long as the ingest token is valid for any repository. If the named repository doesn’t exist, though, the event remains in the repository designated by the ingest token.

This option is important for the query-function-copyevent if you want to copy the event to another repository, it must be set to true.

Type

Boolean

Default Value

false

This is a security vulnerability on a public API endpoint. Therefore, this option should be used only inside a trusted environment.

ALLOW_GLOBAL_FROM_HTTP

Type

Boolean

Default Value

true

ALLOW_XML_DOCTYPE_DECL

Type

Boolean

Default Value

false

AUDITLOG_SENSITIVE_RETENTION_DAYS

The humio-audit repository has special retention rules that depends on the sensitive value. Sensitive logs are deleted by retention only when they are too old, controlled by AUDITLOG_SENSITIVE_RETENTION_DAYS. Changing this setting requires a systems operator to change the configuration of the servers running Humio, and then to restart Humio.

Type

Long

Default Value

200 * 365

Non-sensitive logs are deleted according to the regular retention settings for the repository. The default retention setting for this repository is to keep the log forever.

AUTH_ALLOW_SIGNUP

Type

Boolean

Default Value

true

AUTH_BY_PROXY_HEADER_NAME

The proxy must add a header with the username of the end user in the specified header. If the proxy leaves the header blank, the user does not get authenticated, and can thus only access shared dashboards.

Type

String

Default Value

none

ini
AUTHENTICATION_METHOD=byproxy
AUTH_BY_PROXY_HEADER_NAME=name-of-http-header

Humio uses the “Authentication” header as transport from the browser to the Humio back-end. It’s not possible to use a proxy that also uses this header. This rules out using https://github.com/bitly/oauth2_proxy.

AUTHENTICATION_METHOD

This enables more standard LDAP bind method.

Type

String

Default Value

none

See AUTH_BY_PROXY_HEADER_NAME, SINGLE_USER_PASSWORD, and BITBUCKET_OAUTH_CLIENT_ID for more information and an example.

AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN

Users need to be created in Humio before they can log in with external authentication methods like SAML/LDAP/OAUTH.

Type

Boolean

Default Value

false

Set this parameter to true - then users are automatically created in Humio when successfully logging in with external authentication methods. If false, users must be explicitly created in Humio before they can log in.

ini
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=false
AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN=false
ONLY_CREATE_USER_IF_SYNCED_GROUPS_HAVE_ACCESS=false
DEFAULT_GROUPS=group1, group2

In order for the login mechanism to capture and sync the users groups from the authentication mechanism, set AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN to true.

AUTOSHARDING_CHECKINTERVAL_MS

Humio will detect for a high load on a data source, and trigger auto-sharding. The events then get an extra tag, #humioAutoShard that is assigned a random integer value.

Type

Long

Default Value

30 * 1000

This is configured through the settings AUTOSHARDING_TRIGGER_DELAY_MS, which is compared to the time an event spends in the ingest pipeline. When the delay threshold is exceeded, the number of shards on that data source is doubled. The default value for AUTOSHARDING_TRIGGER_DELAY_MS is 5000 ms (5 seconds). The delay needs to be increasing as well, as noted two times in a row at an interval of AUTOSHARDING_CHECKINTERVAL_MS which defaults to 20000 (20 seconds).

See Cluster Management for more information.

AUTOSHARDING_MAX

Type

Integer

Default Value

16

AUTOSHARDING_TRIGGER_DELAY_MS

Type

Long

Default Value

20 * 1000

See AUTOSHARDING_CHECKINTERVAL_MS and Cluster Mismanagement for more information.

AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN

The property AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN controls that group membership rules in Humio are transferred upon login.

Type

Boolean

Default Value

false

When deleting a user or changing access rights in Auth0, changes are not reflected until you log into Humio again.

ini
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true
AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN=true
...

See AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN.

AUTO_UPDATE_IP_LOCATION_DB

This option has been deprecated and replaced by AUTO_UPDATE_MAXMIND.

Type

Boolean

Default Value

true

AUTO_UPDATE_MAXMIND

Type

Boolean

Default Value

true

AWS_SECRET_ACCESS_KEY

Type

Default Value

AWS_ACCESS_KEY_ID

Type

Default Value

BACKUP_DIR

Make Humio write a backup of the data files: Backup files are written to mount point “/backup” by default (when run in the Humio Docker containers). Otherwise the backup directory can be specified. By default, data in backup is deleted 7 days after it has been deleted in Humio. This behavior is configurable.

Type

String

Default Value

humio-backup

ini
BACKUP_NAME=my-backup-name
BACKUP_DIR="/backup"
BACKUP_KEY=my-secret-key-used-for-encryption
DELETE_BACKUP_AFTER_MILLIS=604800000

BACKUP_KEY

Make Humio write a backup of the data files: Backup files are written to mount point “/backup”.

Type

String

Default Value

developer

ini
BACKUP_NAME=my-backup-name
BACKUP_KEY=my-secret-key-used-for-encryption

See BACKUP_DIR above for more information.

BACKUP_NAME

Make Humio write a backup of the data files: Backup files are written to mount point “/backup”.

Type

String

Default Value

none

ini
BACKUP_NAME=my-backup-name
BACKUP_KEY=my-secret-key-used-for-encryption

See BACKUP_DIR above for more information and an example.

BITBUCKET_OAUTH_CLIENT_ID

Type

String

Default Value

none

ini
AUTHENTICATION_METHOD=oauth
PUBLIC_URL=$YOUR_SERVERS_BASE_URL
BITBUCKET_OAUTH_CLIENT_ID=$CLIENT_ID # The Key from your BitBucket OAuth Consumer
BITBUCKET_OAUTH_CLIENT_SECRET=$CLIENT_SECRET # The Secret your BitBucket OAuth Consumer
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true  # default is false

BITBUCKET_OAUTH_CLIENT_SECRET

See BITBUCKET_OAUTH_CLIENT_ID above for more information and an example.

Type

String

Default Value

none

BLOCK_SIZE_MAX_KB

Maximum size in KB to target for blocks in a segment. Range: [128; 2048]. Blocks may flush due to time, size of pre-filter bits. Default value: 1024 KB. Max value: 2048 KB.

Type

Integer

Default Value

1024

Introduced

1.5.14

See BLOCKS_PER_SEGMENT for an example of this variable and more information.

BLOCK_SIZE_MIN_KB

Minimum size in KB to target for blocks in a segment. Range: [128; 2048]. Blocks may flush due to time, size of pre-filter bits. Default value: 384 KB.

Type

Integer

Default Value

384

Introduced

1.5.14

See BLOCKS_PER_SEGMENT for an example of this variable and more information.

BLOCKS_PER_MINISEGMENT

Desired number of blocks (each ~1 MB before compression) in a mini-segment before merge. Defaults to 128. Mini-segments will get closed earlier if expired due to FLUSH_BLOCK_SECONDS.

Type

Integer

Default Value

128

See BLOCKS_PER_SEGMENT below for an example of this variable and more information.

BLOCKS_PER_SEGMENT

The BLOCKS_PER_SEGMENT variable is used to set the desired number of blocks (each ~1 MB before compression) in a final segment after merge, Segments will get closed earlier if expired due to MAX_HOURS_SEGMENT_OPEN. Default: version < 1.15.x had 2000, 1.15+ has 8000.

Type

Integer

Default Value

8000

ini
MAX_HOURS_SEGMENT_OPEN=24
FLUSH_BLOCK_SECONDS=1800
BLOCKS_PER_SEGMENT=8000
#BLOCKS_PER_MINISEGMENT=128
#BLOCK_SIZE_MIN_KB=384
#BLOCK_SIZE_MAX_KB=1024

BLOCKS_PER_SEGMENT_MERGE_EXISTING

Type

Integer

Default Value

2000

BOOTSTRAP_HOST_ID

ID to choose for this server when starting up the first time. Leave commented out to autoselect the next available ID. If set, the server refuses to run unless the ID matches the state in data. It must be set to a positive non-zero integer. Numbers in the range of 1 through 511 are recommended.

Type

Integer

Default Value

0

ini
BOOTSTRAP_HOST_ID=1
BOOTSTRAP_HOST_UUID_COOKIE

Set the uuid of this server in the cluster to use a unique identifier of this local filesystem contents. Not set by default.

See BOOTSTRAP_HOST_ID above for an example of this variable and more information.

Type

String

Default Value

none

BUCKET_STORAGE_IGNORE_ETAG_AFTER_UPLOAD

Type

Boolean

Default Value

false

BUCKET_STORAGE_IGNORE_ETAG_UPLOAD

Type

Boolean

Default Value

false

BUCKET_STORAGE_DOWNLOAD_IN_QUERY_TIMEOUT_SECONDS

Type

Integer

Default Value

180

BUCKETSTORAGECLEANINGJOB_DELETE_UNKNOWN_SEGMENTS

Type

Boolean

Default Value

false

CACHE_STORAGE_DIRECTORY

CACHE_STORAGE_DIRECTORY enables a local cache of segment files copied from the primary/secondary storage. It only makes sense if the local NVME is ephemeral while the primary data dir is trustworthy but slow.

Type

String

Default Value

none

ini
CACHE_STORAGE_DIRECTORY=/humio-cache
CACHE_STORAGE_PERCENTAGE=90

This is generally not recommended as it is more efficient to use the fast local drive as your primary storage, use bucket storage for the long term stable storage, and USING_EPHEMERAL_DISKS set to true. Caching degrades performance if turned on in that case.

See CACHE_STORAGE_PERCENTAGE below for more information.

CACHE_STORAGE_PERCENTAGE

Enable caching of files from a slow network file system (EBS) or for a file system on spinning disks. The cache should be placed on local NVME or similar drives, providing more than 200 MB/s/core in the machine. CACHE_STORAGE_PERCENTAGE Defaults to 90 and controls how full the cache file system is allowed to become. Humio manages the files in the cache directory and will delete files when there is too little space remaining. (Do not add a RAM-disk as cache: RAM is better kept for page cache.) Caching is disabled by default as most install do not benefit from turning it on.

Type

Integer

Default Value

90

See CACHE_STORAGE_DIRECTORY above for an example of this variable and more information.

CLUSTER_PING_TIMEOUT_SECONDS

Type

Integer

Default Value

90

COMPRESSION_LEVEL

Type

Numeric

Default Value

6 or 9

Compression level for data in segment files. Range is [0 ; 9]. Defaults to 6 when COMPRESSION_TYPE is set to fast and 9 when it’s set to high or extreme.

See COMPRESSION_TYPE below for an example of this variable and more information.

COMPRESSION_LEVEL_MINI

When COMPRESSION_TYPE is set to high or extreme, this sets the compression level of the minisegments. Defaults to 0. Range is [0 ; 6].

Type

Integer

Default Value

0

See COMPRESSION_TYPE below for an example of this variable and more information.

COMPRESSION_TYPE

Type

String

Default Value

high

Compress (fast) in digest pipeline or (highly) later. fast: Compress using LZ4 in the digest pipeline. This is what all versions up to 1.5.x did. high: Compress using LZ4 in the digest pipeline, then re-compress using Zstd when merging mini-segments into proper segments later. extreme: Compress using Zstd in the digest pipeline, then re-compress using Zstd when merging mini-segments into proper segments later. Extreme is not recommended as the extra compression is not worth the extra CPU time spent.

Type

String

Default Value

high

ini
COMPRESSION_TYPE=high
COMPRESSION_LEVEL=9
COMPRESSION_LEVEL_MINI=0
#VALUE_DEDUP_LEVEL=COMPRESSION_LEVEL

Recommended setting depends on the hardware and use case. The rule of thumb is that high provides a 2x compression ratio over fast at the cost of using more CPU time for decompressing while searching. Go for high as the default for fresh installs and keep fast on existing systems to allow rolling back to 1.5.x. Default: high

CORES

You can specify the number of processors for the machine running Humio by setting the CORES property. Humio uses this number when parallelizing queries and other internal tasks.

Type

Integer

Minimum Value

2

Default Value

Number of Available Processors

By default, Humio uses the Java available processors function) to get the number of CPU cores. This is usually the optimal number. Be aware that the auto-detected number can be too high when running in a containerized environment where the JVM does not always detect the proper number of cores.

Derived from the number of CPU cores, Humio internally sets QUERY_EXECUTOR_CORES and DIGEST_EXECUTOR_CORES to half that number (but a minimum of 2) to reduce pressure on context switching due to hyper-threading since the number of CPU cores usually include hyperthreads. If the number of cores set through CORES is the number of actual physical cores and not hyperthreads, you may want to set these to the same number as CORES. Note that raising this number above the default may lead to an unstable and slow system due to context switching costs growing to a point where no real work gets done when the system gets loaded, while it may appear to work fine when not fully utilized.

CREATE_HUMIO_SEARCH_ALL

Type

Boolean

Default Value

false

DAYS_BEFORE_TOMBSTONE_DELETION

Type

Long

Default Value

14

DEFAULT_GROUPS

Default groups for all users. A comma-separated list of group names. After login an user will always be a member of those groups (if they exist) including any groups included from a given IDP.

Type

Comma-Separated List

Default Value

empty

See AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN for more information.

DEFAULT_PARTITION_COUNT

Initial partition count for storage partitions. Affects ONLY on the first start of the first node in the cluster.

Type

Integer

Default Value

24

ini
DEFAULT_PARTITION_COUNT=24
INGEST_QUEUE_INITIAL_PARTITIONS=24

See INGEST_QUEUE_INITIAL_PARTITIONS for more information.

DELETE_BACKUP_AFTER_MILLIS

Type

Long

Default Value

7L * 24 * 60 * 60 * 1000L

See BACKUP_DIR above for more information and an example.

DELETE_ON_INGEST_QUEUE

Deletes events from the ingest queue when they have been saved in Humio. It is still important to configure Kafka retention on the ingest queue.

Type

Boolean

Default Value

true

ini
DELETE_ON_INGEST_QUEUE=true

The Kafka retention defines how long data can be kept on the ingest queue and, thus, how much time Humio has to read the data and store it internally.

See KAFKA_SERVERS for more information and an example.

DELETE_UNKNOWN_LOCAL_SEGMENT_FILES

Type

Boolean

Default Value

false

DELETES_DELAY_MILLIS

Type

Long

Default Value

600 * 1000L

DIGEST_BUFFER_MAX_MILLIS

Type

Integer

Default Value

16000

DIGEST_BUFFER_MIN_MILLIS

Type

Integer

Default Value

100

DIGEST_EXECUTOR_CORES

Derived from the number of CPU cores, Humio internally sets QUERY_EXECUTOR_CORES and DIGEST_EXECUTOR_CORES to half that number (but a minimum of 2) to reduce pressure on context switching due to hyper-threading since the number of CPU cores usually include hyperthreads.

Type

Integer

Default Value

CORES divided by 2

See CORES above for more information.

DIGEST_REPLICATION_FACTOR

Sets the replication factor for digest.

Type

Default Value

ini
#DIGEST_REPLICATION_FACTOR=2

Humio can provide auto-balanced partition table suggestions based on zones and replication factor settings. Suggestions will only be enabled when DIGEST_REPLICATION_FACTOR and STORAGE_REPLICATION_FACTOR settings are set. If no host has ZONE set, then each node is considered as being in its own zone.

See ZONE for more information.

DIGESTWRITER_QUEUE_MAX

Type

Integer

Default Value

17

DIRECTORY

Type

Default Value

DUMP_THREADS_ONLY_HUMIO_THREADS

Type

Boolean

Default Value

true

DUMP_THREADS_SECONDS

Humio will write thread dumps to humio-threaddumps.log with the interval specified here. If not specified Humio will write threaddumps every 10 seconds

Type

Integer

Default Value

10

ini
DUMP_THREADS_SECONDS=10

ELASTIC_PORT

Type

Optional Integer

Default Value

none

In order to use rsyslog as a logo shipper, ElasticSearch is needed. Set the post for ElasticSearch bulk endpoint with this option, usually to port 9200.

ini
BOOTSTRAP_HOST_ID=1
DIRECTORY=/var/humio/data
HUMIO_PORT=8080
ELASTIC_PORT=9200
...

EMERGENCY_USERS

Type

Boolean

Default Value

false

If there are issues with the identity provider that Humio is configured to use, then you might not be able to log in to Humio. To mitigate this, Humio provides emergency users that can be created locally within the Humio cluster.

To enable emergency users, this environment variable must be set to true:

ini
EMERGENCY_USERS=true

This enables the emergency API endpoint found at /api/v1/emergency. This API can be used by any user with root access on the Humio instance to create and manage emergency users.

ENABLE_ALERTS

Set this option to a value of false to disable all alerts.

Type

Boolean

Default Value

true

ini
ENABLE_ALERTS=false

ENABLE_EVENT_FORWARDING

Enables event forwarding.

Type

Boolean

Default Value

false

Introduced

1.19

ENABLE_GRAPHQL_REQUEST_COUNT

Type

Boolean

Default Value

true

ENABLE_PERSONAL_API_TOKENS

Type

Boolean

Default Value

true

ini
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=false
AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN=false
ONLY_CREATE_USER_IF_SYNCED_GROUPS_HAVE_ACCESS=false
DEFAULT_GROUPS=group1, group2
ENABLE_PERSONAL_API_TOKENS = true

Allows disabling use of personal API tokens. This may be relevant when LDAP or SAML is set as the authentication mechanism, as the personal API tokens never expire and thus allow a user to access Humio even when the LDAP/SAML account has been closed or deleted. Defaults to true.

See AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN for more information.

ENABLE_QUERY_LOAD_BALANCING

Queries posted to /queryjobs such as those from the Humio UI can either start on the local node that receives the request, or get proxied to the node that is the most likely to run the query if another instance of the same search has already started. This helps sharing identical searches in a cluster. Setting this to false makes requests execute locally on the node that receives them.

Type

Boolean

Default Value

true

Introduced

1.14

ini
ENABLE_QUERY_LOAD_BALANCING=true

See QUERY_COORDINATOR and NODE_ROLES for more information.

ENABLE_SCHEDULED_SEARCHES

Controls whether scheduled searches should be executed and subsequently trigger actions. This flag is useful for when you want to halt scheduling and prevent actions from being triggered, while doing maintenance on systems in your environment.

Type

Boolean

Default Value

true

Introduced

1.19

Note that even with this flag set, no scheduled searches will be executed, if not at least one user has the ScheduledSearches feature flag enabled on the backend.

ENABLEINTERNALLOGGER

Type

Boolean

Default Value

true

ENFORCE_AUDITABLE

Type

Boolean

Default Value

false

EXACT_MATCH_LIMIT

Type

Integer

Default Value

1000 * 1000

EXTERNAL_URL

The URL that other hosts can use to reach this server. This is required. Examples: https://humio01.example.com or http://humio01:8080. Security: We recommend using a TLS endpoint.

Type

String

Default Value

http://localhost:PORT

ini
EXTERNAL_URL=http://humio01:8080

If all servers in the Humio cluster share a closed LAN, using those endpoints may be okay.

EXTRA_KAFKA_CONFIGS_FILE

It’s possible to add extra Kafka configuration properties to Humio’s Kafka-consumers and Kafka-producers by pointing to a properties file using EXTRA_KAFKA_CONFIGS_FILE. For example, this enables Humio to connect to a Kafka cluster using SSL and SASL. Remember to map the configuration file into the Humio Docker container if running Humio in a Docker container.

Type

String

Default Value

none

ini
EXTRA_KAFKA_CONFIGS_FILE=extra_kafka_properties.properties

See KAFKA_SERVERS for more information and an example.

FEDERATED_QUERY_ENABLED

Type

Boolean

Default Value

false

FLUSH_BLOCK_SECONDS

Type

Integer

Default Value

1800

How long a mini-segment can stay open. How much data needs replay from Kafka when a fail-over happens. See BLOCKS_PER_SEGMENT for an example of this variable and more information.

FORWARDING_BREAKER_EXP_BACKOFF_FACTOR

Type

Integer

Default Value

2.0

Introduced

1.19

Exponential factor used to increase reset time after each new failure.

ini
FORWARDING_BREAKER_EXP_BACKOFF_FACTOR=2.0

FORWARDING_BREAKER_FAILURES

Type

Integer

Default Value

50

Introduced

1.19

Configuration for circuit breakers used in event forwarding: Number of failures before stopping all events.

FORWARDING_BREAKER_MAX_RESET

Maximum reset time.

Type

Duration

Default Value

60 seconds

Introduced

1.19

ini
FORWARDING_BREAKER_MAX_RESET=60s

FORWARDING_BREAKER_RESET

Type

Duration

Default Value

1 second

Introduced

1.19

The remaining configurations control the reset time, which is the time spent waiting after stopping forwarding before trying to send an event again. Initial reset time.

ini
FORWARDING_BREAKER_RESET=1s

FORWARDING_BREAKER_TIMEOUT

Timeout on each call before it is considered a failure.

Type

Integer

Default Value

10

Introduced

1.19

ini
FORWARDING_BREAKER_TIMEOUT=10s

FORWARDING_MAX_CONCURRENCY

Maximum number of events waiting to be forwarded.

Type

Integer

Default Value

50000

Introduced

1.19

GITHUB_OAUTH_CLIENT_ID

Type

String

Default Value

none

GITHUB_OAUTH_CLIENT_SECRET

Type

String

Default Value

none

GOOGLE_OAUTH_CLIENT_ID

Type

String

Default Value

none

GOOGLE_OAUTH_CLIENT_SECRET

Type

String

Default Value

none

GC_KILL_FACTOR

The kill factor is a multiplier applied to the time spent GC’ing. Humio will periodically compute timeSpentOnGC * GC_KILL_FACTOR - realTime. If the accumulated sum over all computed intervals exceeds the GC_KILL_THRESHOLD_MILLIS, Humio will exit. This means that Humio will only exit if GC is consistently taking up a lot of time for a long time. The threshold is not set by default. See SHUTDOWN_ABORT_FLUSH_TIMEOUT_MILLIS.

Type

Double

Default Value

1

ini
GC_KILL_FACTOR=1.0
GC_KILL_THRESHOLD_MILLIS=60000

GC_KILL_THRESHOLD_MILLIS

Type

Long

Default Value

none

GCP_STORAGE_BUCKET

Type

Default Value

GCP_STORAGE_ENCRYPTION_KEY

Type

Default Value

GCP_STORAGE_OBJECT_KEY_PREFIX

Type

Default Value

HEALTH_CHECK__GRACE_PERIOD_SEC

Type

Default Value

HASHFILTER_FILL

Target fill percentage of pre-filter. Default value: 30. Percent of the bits to be set in the pre-filters. Range: [10; 100]. Influences block size: Lower values may trigger smaller blocks. Higher reduces efficiency of search.

Type

Integer

Default Value

30

Introduced

1.5.14

ini
#HASHFILTER_FILL=30

HASHFILTER_MAX_FILE_PERCENTAGE

Type

Integer

Default Value

50

HASHFILTER_BACKFILLING_ENABLED

Type

Boolean

Default Value

true

HTTP_PROXY_ALLOW_ACTIONS_NOT_USE

Type

Boolean

Default Value

false

HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE

Alert notifiers can be configured not to use the HTTP proxy.

Type

Boolean

Default Value

false

This is disabled by default for security reasons. However, it can be enabled by using the HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE option in the configuration file.

HTTP_PROXY_HOST

It’s possible to configure Humio to access the Internet through an HTTP proxy server. Humio will use the proxy for sending alert notifications and communicating with S3.

Type

String

Default Value

none

For using a proxy for HTTP traffic, Humio has a few options related to host and authentication. Use the HTTP_PROXY_HOST option to set an HTTP proxy for sending alert notifications. This can be useful if Humio is not allowed direct access to the internet. You can see in the options below, that these options would be set to your host URL or IP address, TCP port number used, and the user name and password for proxy authentication:

ini
HTTP_PROXY_HOST=proxy.myorganisation.com
HTTP_PROXY_PORT=3129
HTTP_PROXY_USERNAME=you
HTTP_PROXY_PASSWORD=your-secret-password
# HTTP_PROXY_ALLOW_NOTIFIERS_NOT_USE=true

This last option is to allow alert notifiers not to use, to exempt them from using the HTTP proxy. Its default value is false.

HTTP_PROXY_PASSWORD

Type

String

Default Value

none

HTTP_PROXY_PORT

Type

Integer

Default Value

3129

HTTP_PROXY_USERNAME

Type

String

Default Value

none

HUMIO_HTTP_BIND

Select the IP to bind the http listening socket to. Defaults to HUMIO_SOCKET_BIND.

Type

String

Default Value

HUMIO_SOCKET_BIND

ini
HUMIO_HTTP_BIND=0.0.0.0

HUMIO_JVM_ARGS

You can supplement or tune the Java virtual machine parameters used when running Humio with the HUMIO_JVM_ARGS environment variable. The defaults are:

Type

Default Value

ini
HUMIO_JVM_ARGS=-XX:-Xss2M

The stack size should be at least 2M. The remaining options allows better performance.

ini
HUMIO_JVM_ARGS=-Xss2M --add-exports java.base/jdk.internal.util=ALL-UNNAMED -XX:CompileCommand=dontinline,com/humio/util/HotspotUtilsJ.dontInline

HUMIO_KAFKA_TOPIC_PREFIX

Add a prefix to the topic names in Kafka. Adding a prefix is recommended if you share the Kafka installation with applications other than Humio. The default is not to add one.

Type

String

Default Value

See KAFKA_SERVERS for more information and an example.

HUMIO_PORT

Humio provides several network related options. This first option would allow notifiers to connect to services on an internal network. The default is to disallow connections them. See “IP Filter” for more information. The second option below is used to set the TCP port to listen for HTTP traffic:

Type

Integer

Default Value

8080

ini
# IP_FILTER_NOTIFIERS=allow 192.168.0.16
HUMIO_PORT=8080
ELASTIC_PORT=9200
PROMETHEUS_METRICS_PORT=8081
HUMIO_SOCKET_BIND=0.0.0.0
HUMIO_HTTP_BIND=0.0.0.0

The third option here is for setting the TCP port for Elasticsearch Bulk API. The next one is to set the TCP port for exporting Prometheus metrics. This is disabled by default.

The last two options here are for setting the IP address to bind. The first is for the UDP/TCP/HTTP listening sockets. Each listener entity has a listen-configuration. This ENV is used when that is not set. The other is to set the IP address to bind the HTTP listening socket. If not set, it uses the value from HUMIO_SOCKET_BIND.

HUMIO_SOCKET_BIND

Type

String

Default Value

0.0.0.0

IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES

For how long should dashboard queries be kept running if they are not polled. When opening a dashboard, results will be immediately ready if queries are running. Default is 3 days.

Type

Optional Integer

Default Value

3

Deprecated

1.18

ini
IDLE_POLL_TIME_BEFORE_DASHBOARD_QUERY_IS_CANCELLED_MINUTES=4320

INGEST_PRODUCER_BUFFER_MEMORY

Type

Long

Default Value

none

INGEST_QUEUE_INITIAL_PARTITIONS

Initial partition count for digest partitions. Affects ONLY on the first start of the first node in the cluster.

Type

Integer

Default Value

24

ini
DEFAULT_PARTITION_COUNT=24
INGEST_QUEUE_INITIAL_PARTITIONS=24

See DEFAULT_PARTITION_COUNT for more information.

INGEST_QUEUE_REPLICATION_FACTOR

Specify the replication factor for the Kafka ingest queue.

Type

Integer

Default Value

2

ini
INGEST_QUEUE_REPLICATION_FACTOR=2

See KAFKA_SERVERS for more information and an example.

INGESTQUEUE_COMPRESSION_LEVEL

Type

Integer

Default Value

1

INGRESS_SERVICE_HOSTNAME

Type

Default Value

IOC_CROWDSTRIKE_API_CLIENT_ID

Type

String

Default Value

See IOC_CROWDSTRIKE_API_URL.

IOC_CROWDSTRIKE_API_CLIENT_SECRET

Type

String

Default Value

See IOC_CROWDSTRIKE_API_URL.

IOC_CROWDSTRIKE_API_URL

Type

String

Default Value

The url of the CrowdStrike Intel API server that Humio downloads the database of IOCs (indicators of compromise) from. Can be used if you have your own API key for the CrowdStrike Intel API. Set the client id and client secret of the API key using [IOC_CROWDSTRIKE_API_CLIENT_ID](#ioc-crowdstrike-api-client-id) and [IOC_CROWDSTRIKE_API_CLIENT_SECRET](#ioc-crowdstrike-api-client-secret).

Do not set if IOC_UPDATE_SERVER_URL is set.

IOC_UPDATE_SERVER_URL

Type

String

Default Value

https://ioc.humio.com

The url of the server that Humio downloads the database of IOCs (indicators of compromise) from.

Do not set if IOC_CROWDSTRIKE_API_URL is set.

IOC_USE_HTTP_PROXY

Type

Boolean

Default Value

true

Whether to use the configured HTTP Proxy for updating the database of IOCs. See IOC_UPDATE_SERVER_URL or IOC_CROWDSTRIKE_API_URL.

IP_FILTER_ACTIONS

Type

Default Value

IP_FILTER_NOTIFIERS

From version 1.17, Humio includes an IP-based access control list (ACL) for outgoing connections made by notifiers. This is to protect from Humio being used to proxy requests into the same internal network as Humio and alerts being used to e.g. sending requests to Zookeeper. By default, this denies connecting to any reserved IP as defined by RFC 5735 and RFC 5156. This includes the standard ranges for internal networks, meaning that, by default, Humio will not be able to send alert notifications to other services on the same internal network.

Type

String

Default Value

The syntax of the ACL list is a sequence, separated by newlines or ;, of allow or deny actions along with a CIDR block or all. An IP address is allowed/denied by finding the first match and applying the corresponding action. all matches any IP-address (IPv4 or IPv6). If there is no match in the ACL list specified in the configuration parameter IP_FILTER_NOTIFIERS, the default ACL list will be applied. If that has no match either, the connection is allowed.

The default ACL list is as follows:

ini
# From https://tools.ietf.org/html/rfc5735
deny 0.0.0.0/8
deny 10.0.0.0/8
deny 127.0.0.0/8
deny 169.254.0.0/16
deny 172.16.0.0/12
deny 192.0.0.0/24
deny 192.0.2.0/24
deny 192.88.99.0/24
deny 192.168.0.0/16
deny 198.18.0.0/15
deny 198.51.100.0/24
deny 203.0.113.0/24
deny 224.0.0.0/4
deny 240.0.0.0/4
deny 255.255.255.255/32

# From https://tools.ietf.org/html/rfc5156
deny ::/128
deny ::1/128
deny fe80::/10
deny fc00::/7
deny ff00::/8

To get the old behavior of allowing all IP addresses in notifiers:

ini
IP_FILTER_NOTIFIERS=allow all

To only allow 192.168.0.16 but still keeping other internal addresses blocked:

ini
IP_FILTER_NOTIFIERS=allow 192.168.0.16

To only allow 192.168.0.16 and block all other addresses:

ini
IP_FILTER_NOTIFIERS=allow 192.168.0.16; deny all

JWKS_REFRESH_INTERVAL

Type

Long

Default Value

3600000

KAFKA_MANAGED_BY_HUMIO

By default, Humio will create topics and manage the number of replicas in Kafka for the topics being used. If you run Humio on top of an existing Kafka or want to manage this outside of Humio, set this to false.

Type

Boolean

Default Value

true

See KAFKA_SERVERS below for more information and an example.

KAFKA_SERVERS

Kafka bootstrap servers list. Used as bootstrap.servers towards Kafka should be set to a comma-separated host:port pairs string. Example: my-kafka01:9092 or kafkahost01:9092,kafkahost02:9092.

Type

Default Value

ini
KAFKA_SERVERS=kafkahost01:9092,kafkahost02:9092
KAFKA_MANAGED_BY_HUMIO=true
INGEST_QUEUE_REPLICATION_FACTOR=2
DELETE_ON_INGEST_QUEUE=true
EXTRA_KAFKA_CONFIGS_FILE=extra_kafka_properties.properties
HUMIO_KAFKA_TOPIC_PREFIX=

LDAP_AUTH_PRINCIPAL

This is optional. It’s provided so you can transform the username provided to Humio during login (john@example.com is the HUMIOUSERNAME john) into something that your LDAP server will authenticate. To do this, supply a pattern and include the special token HUMIOUSERNAME which Humio will replace with the username provided at login before attempting to bind to the LDAP server.

Type

Default Value

This is how you can specify the principal provided to your LDAP server. So, if you provide cn=HUMIOUSERNAME,dc=example,dc=com and attempt to log in to Humio with the username of john@example.com, Humio will bind using a principal name cn=john,dc=example,dc=com and the password provided at the login prompt. If you have users in more than one location within LDAP you can separate the multiple patterns and Humio will try to authenticate in order the options you’ve provided. Split the value set in LDAP_AUTH_PRINCIPAL using the LDAP_AUTH_PRINCIPALS_REGEX pattern. This doesn’t apply when using the ldap-search method.

ini
LDAP_AUTH_PRINCIPALS_REGEX=';'
LDAP_AUTH_PRINCIPAL='cn=HUMIOUSERNAME,dc=example,dc=com;cn=HUMIOUSERNAME,dc=foo,dc=com;cn=HUMIOUSERNAME,dc=bar,dc=com'

LDAP_AUTH_PRINCIPALS_REGEX

Type

Default Value

LDAP_AUTH_PROVIDER_CERT

Type

Default Value

LDAP_AUTH_PROVIDER_URL

This is the URL to connect to. It can start with either ldap:// or ldaps://, which selects unencrypted or TLS/SSL transport respectively. We recommend using a secure connection to ensure that authentication credentials are not transmitted in the clear.

Type

Default Value

ini
AUTHENTICATION_METHOD=ldap
LDAP_AUTH_PROVIDER_URL=your-url     # example: ldap://ldap.forumsys.com:389
LDAP_AUTH_PRINCIPAL=your-principal  # optional, example: cn=HUMIOUSERNAME,dc=example,dc=com
LDAP_DOMAIN_NAME=your-domain.com   # optional, example: example.com
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true   # default is false

LDAP_GROUP_BASE_DN

For LDAP, Humio needs to know the query to perform to get the user’s groups.

Type

Default Value

ini
LDAP_GROUP_BASE_DN="OU=User administration,DC=humio,DC=com"
LDAP_GROUP_FILTER="(& (objectClass=group) (member:1.2.840.113556.1.4.1941:={0}))"

LDAP_GROUP_SEARCH_BIND_FOR_LOOKUP

Type

Boolean

Default Value

false

LDAP_GROUP_FILTER

Type

Default Value

See LDAP_GROUP_BASE_DN above for an example.

LDAP_DOMAIN_NAME

This can be used if your directory service is only hosting a single domain (like example.com) and you’d like to allow your users to log in to Humio with their username and not domain name (such as john rather than john@example.com). If so, set this to the common domain name for all users (like example.com in this case). While this ma

Type

Default Value

See LDAP_AUTH_PROVIDER_URL for an example.

LDAP_GROUPNAME_ATTRIBUTE

This allows administrators to choose an alternate attribute on the group record in LDAP for use as the group name in Humio’s RBAC configuration. When not set, Humio will default to the full distinguished name for the group, which can be lengthy. This allows Humio administrators to use an alternate name for group identity.

Type

Default Value

Introduced

1.6.10

LDAP_SEARCH_BASE_DN

Type

Default Value

LDAP_SEARCH_DOMAIN_NAME

Type

Default Value

LDAP_SEARCH_FILTER

Type

Default Value

LDAP_USERNAME_ATTRIBUTE

This allows administrators to choose some attribute in the LDAP user record as the username in Humio. Normally, Humio will default to an email address, but in your LDAP you may have assigned user IDs and for uniformity in your organization it’s desirable to use those rather than the email address. This option allows for that case.

Type

Default Value

Introduced

1.6.10

LDAP_VERBOSE_LOGGING

Type

Boolean

Default Value

false

LIVEQUERY_CANCEL_COST_PERCENTAGE

How big a backlog of events in Humio is allowed before Humio starts canceling live queries in order to catch up with the presumed spike in inbound traffic. The check occurs every 30 seconds and cancels the queries that account to the percentage of the locally running live queries on each node that had the highest cost since last check.

Type

Long

Default Value

10

ini
# LIVEQUERY_CANCEL_TRIGGER_DELAY_MS=60000
# LIVEQUERY_CANCEL_COST_PERCENTAGE=10
# LIVEQUERY_STALE_CANCEL_TRIGGER_DELAY_MS=20000
# LIVEQUERY_STALE_CANCEL_COST_PERCENTAGE=10

How big a backlog of events in Humio is allowed before Humio starts dropping stale live queries in order to catch up with the presumed spike in inbound traffic. Stale live queries are those that have not been refresh on any UI for more than the required keep alive interval. The check occurs every 30 seconds and cancels the queries that account to the percentage of the running live queries on each node that had the highest cost since last check.

LIVEQUERY_CANCEL_TRIGGER_DELAY_MS

Type

Long

Default Value

60

LIVEQUERY_STALE_CANCEL_COST_PERCENTAGE

Type

Long

Default Value

10

LIVEQUERY_STALE_CANCEL_TRIGGER_DELAY_MS

Type

Long

Default Value

20 * 1000

LOCAL_STORAGE_MIN_AGE_DAYS

This option is used to set the minimum number of days to keep a fresh segment file before allowing it to be deleted locally after it’s uploaded to bucket storage. Setting such a lower bound can help ensure that recent files are kept on disk, even if they would otherwise be evicted due to queries on older data.

Type

Integer

Default Value

ini
LOCAL_STORAGE_PERCENTAGE=80
LOCAL_STORAGE_MIN_AGE_DAYS=0

Mini segment files are kept in any case until their merge result also exists. The age is determined using the timestamp of the most recent event in the file. Be sure to leave plenty of free space for the system to manage as a mix of recent and old files. Note, minimum age takes precedence over the fill percentage. So increasing this implies the risk of overflowing the local file system.

These settings only take effect when S3/GCP storage is enabled. Note, this allows Humio to delete files from the local storage in using the assumption that it can fetch the file from S3/GCP if it needs it at some point. Fetching the file from S3/GCP is much slower than using local storage. Segment files will be deleted in a least recently used order, in order to hit the configured fill target.

LOCAL_STORAGE_PERCENTAGE

This is used to set a limit to the percentage of disk full. This is not enabled by default.

Type

Default Value

ini
LOCAL_STORAGE_PERCENTAGE=80
LOCAL_STORAGE_MIN_AGE_DAYS=0

These settings only take effect when S3/GCP storage is enabled. Note, this allows Humio to delete files from the local storage in using the assumption that it can fetch the file from S3/GCP if it needs it at some point. Fetching the file from S3/GCP is much slower than using local storage. Segment files will be deleted in a least recently used order, in order to hit the configured fill target.

LOG4J_CONFIGURATION

By default, Humio sends its own log to the internal Humio repository and other log files. If you would rather avoid the external log files and get the output on stdout this is also possible.

Type

Default Value

ini
LOG4J_CONFIGURATION=file:///path/to/your/log4j2-custom-config.xml

MAPPER_JOB_QUEUE_LENGTH

Type

Integer

Default Value

4

MAPPER_MAX_FILES_AT_ONCE

Type

Integer

Default Value

4

MAX_BLOCKS_IN_PROGRESS_PR_CORE

Type

Integer

Default Value

8

MAX_BUCKET_POINTS

Type

Integer

Default Value

10000

MAX_CHARS_TO_FIND_TIMESTAMP

The findTimestamp function will only search this number of characters in the string for a timestamp. If not specified, it will search the first 128 characters

Type

Integer

Default Value

ini
MAX_CHARS_TO_FIND_TIMESTAMP=128

MAX_CONCURRENT_EXPORTS_PER_VIEW

Type

Integer

Default Value

10

MAX_DATASOURCES

Maximum number of data sources (unique tag combinations) in a repo. There will be a sub-directory for each combination that exists.

Type

Integer

Default Value

10000

Introduced

1.1.10

ini
MAX_DATASOURCES=10000

MAX_DISTINCT_TAG_VALUES

Humio supports auto-grouping of tags using this configuration variable and TAG_HASHING_BUCKETS.

Type

Integer

Default Value

1000

Humio checks the number of distinct values for each key in each tag combination against MAX_DISTINCT_TAG_VALUES at regular intervals. If this threshold is exceeded, a new grouping rule is added with the modulus set to the value set in TAG_HASHING_BUCKETS, but only if there is no rule for that tag key.

See TAG_HASHING_BUCKETS here and the Cluster Management API documentation page for more information.

MAX_EVENT_FIELD_COUNT

Type

Integer

Default Value

1000

MAX_EVENT_SIZE

Type

Integer

Default Value

1024<sup>2</sup>

MAX_FALLOCATE_ESTIMATE

Type

Long

Default Value

1024L<sup>2</sup>

MAX_FILEUPLOAD_SIZE

Type

Bytes

Default Value

1024L<sup>2</sup>

MAX_GRAPHQL_QUERY_DEPTH

Type

Integer

Default Value

11

MAX_HOURS_SEGMENT_OPEN

Approximate limit on the number of hours a segment file can be open for writing before being flushed even if it is not full. (Full is set using BLOCKS_PER_SEGMENT) Default: version < 1.4.x had 720, 1.4.x has 24.

Type

Integer

Default Value

24

See BLOCKS_PER_SEGMENT for an example of this variable and more information.

MAX_INGEST_DELAY_SECONDS

How big a backlog of events in Humio is allowed before Humio starts responding http-status=503 on the http interfaces and rejecting ingesting messages on HTTP? Measured in seconds worth of latency from an event arrival at Humio until it has been fully processed. (Note that typical latency in normal conditions is zero to one second.)

Type

Integer

Default Value

3600

Set to a large number, such as 31104000 (~1 year as seconds), to avoid having this kind of back pressure towards the ingest clients. Range: Min=300, Max=2147483647.

ini
MAX_INGEST_DELAY_SECONDS=3600

MAX_INTERNAL_STATESIZE

Type

Long

Default Value

MAX_JITREX_BACKTRACK

Type

Integer

Default Value

1000

MAX_JOIN_LIMIT

Type

Integer

Default Value

100000

MAX_NUMBER_OF_GLOBALDATA_DUMPS_TO_KEEP

Controls the maximum number of global data dumps to store in the runtime-data/humio-data folder.

Type

Integer

Default Value

20

ini
MAX_NUMBER_OF_GLOBALDATA_DUMPS_TO_KEEP=20

MAX_QUERIES_IN_PROGRESS

Type

Integer

Default Value

4

MAX_SERIES_LIMIT

Type

Integer

Default Value

50

MAX_SERIES_MEMLIMIT

Type

Default Value

MAX_STATE_LIMIT

Type

Integer

Default Value

20000

MAXMIND_ACCOUNT_ID

Controls if Humio should update the MaxMind ip location database automatically. This can be disabled if that update has to be done manually, by setting this to false. Defaults to true.

Type

Default Value

When auto update is disabled you must write a MaxMind database file (including city information) to the IpLocationDb.mmdb file which should be located in the humio data directory. Humio will check for changes to this file every five minutes.

ini
AUTO_UPDATE_IP_LOCATION_DB=true
MAXMIND_ACCOUNT_ID=your-account-id
MAXMIND_LICENSE_KEY=your-license-key
MAXMIND_EDITION_ID=GeoLite2-City
MAXMIND_BASE_URL=http://my-maxmind-proxy.local

By default the MaxMind database will be fetched from https://ipdb.humio.com/. These properties allow you to fetch the database directly from MaxMind instead. Note that the fetched edition must include city information.

If you’re using a custom URL for downloading the MaxMind database you can set otherwise the default https://updates.maxmind.com will be used.

MAXMIND_BASE_URL

Type

String

Default Value

MAXMIND_EDITION_ID

Type

Default Value

MAXMIND_IP_LOCATION_EDITION_ID

Type

Default Value

MAXMIND_LICENSE_KEY

Type

Default Value

MAX_ZDICT_SIZE

Type

Integer

Default Value

384 * 1024

MEASURETHREADALLOCATIONS

Type

Boolean

Default Value

true

MERGE_UNDERSIZED_SEGMENTS_ENABLED

Type

Boolean

Default Value

true

MINUTES_BEFORE_TOMBSTONE_DELETION_NO_CURRENTS

Type

Long

Default Value

240

NEW_PERMISSIONS_MODEL

Type

Boolean

Default Value

false

NODE_ROLES

Select roles for node, with current options being all or httponly. The latter allows the node to avoid spending CPU time on tasks that are irrelevant to a node that has never had any local segment files and that will never have any assigned either. Leave as “all” unless the node is a stateless http front-end or ingest listener only.

Type

String

Default Value

ini
NODE_ROLES=all
QUERY_COORDINATOR=true
ENABLE_QUERY_LOAD_BALANCING=true

See ENABLE_QUERY_LOAD_BALANCING and QUERY_COORDINATOR for more information.

OIDC_AUDIENCE

The audience to expect in a JWT. Defaults to the client ID if set and to humio otherwise.

Type

Default Value

OIDC_AUTHORIZATION_ENDPOINT

A URL to the endpoint a user should be redirected to when authorizing. Required for clients.

Type

Default Value

OIDC_CACHE_USERINFO_MS

How long user info is cached on a Humio node in milliseconds. Optional. Defaults to 600000 (10 minutes).

Type

Long

Default Value

600000

OIDC_GROUPS_CLAIM

The name of the claim to interpret as the groups in Humio. The value in the claim must be an array of strings. Optional. Defaults to humio-groups.

Type

Default Value

OIDC_JWKS_URI

A URL to the JWKS endpoint for retrieving keys for validating tokens. Required.

Type

Default Value

OIDC_OAUTH_CLIENT_ID

Client ID of your OpenID application. Required.

Type

Default Value

ini
PUBLIC_URL=$YOUR_SERVERS_BASE_URL
OIDC_PROVIDER=$PROVIDER_URL
OIDC_USERNAME_CLAIM="email"

AUTHENTICATION_METHOD=oauth
OIDC_OAUTH_CLIENT_ID=$CLIENT_ID
OIDC_OAUTH_CLIENT_SECRET=$CLIENT_SECRET
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true

To use OIDC as a client, PUBLIC_URL must be set, Humio must be registered as a client with your OpenID provider, and the provider must allow %PUBLIC_URL%/auth/oidc as a valid redirect endpoint for the client.

OIDC_OAUTH_CLIENT_SECRET

Client secret of your OpenID application. Required.

Type

Default Value

See OIDC_OAUTH_CLIENT_ID above.

OIDC_PROVIDER

URL to the OpenID Connect provider. The provider URL must match the issuer reported by the OpenID provider exactly. Required.

Type

Default Value

OIDC_SCOPES

Type

Default Value

OIDC_SERVICE_NAME

The display name of the OIDC provider on the sign in page of Humio. Optional. Defaults to “OpenID Connect”.

Type

Default Value

See OIDC_OAUTH_CLIENT_ID above.

OIDC_TOKEN_ENDPOINT

A URL to the token endpoint used to exchange a authentication code to an access token. Required for clients.

Type

Default Value

OIDC_TOKEN_ENDPOINT_AUTH_METHOD

The authorization method for a token endpoint used to exchange a authentication code to an access token.

Type

Default Value

OIDC_USERINFO_ENDPOINT

A URL to the user info endpoint used to retrieve user information from an access token. Required.

Type

Default Value

OIDC_USERNAME_CLAIM

The name of the claim to interpret as username in Humio. The value in the claim must be a string. Defaults to humio-user. Can be set to email if using emails as usernames.

Type

Default Value

ini
PUBLIC_URL=$YOUR_SERVERS_BASE_URL
OIDC_PROVIDER=$PROVIDER_URL
OIDC_USERNAME_CLAIM="email"
...

ONLY_CREATE_USER_IF_SYNCED_GROUPS_HAVE_ACCESS

If users are created automatically when log in in they will have access to their sandbox and certain system repos. If set to true users will only be created if the groups synced from the authentication mechanism have access to a view or repository.

Type

Boolean

Default Value

false

See AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN for more information.

PERMISSION_MODEL_MODE

If Humio previously used a RBAC configuration file, this can be converted to the new RBAC model with this variable set to advanced and READ_GROUP_PERMISSIONS_FROM_FILE enabled.

Type

Default Value

ini
PERMISSION_MODEL_MODE=advanced
READ_GROUP_PERMISSIONS_FROM_FILE=true

When starting Humio with this configuration, Groups and Roles will be converted and visible under Administration, but in read only mode, since it’s read from the RBAC configuration file.

POSTMARK_FROM

Let Humio send emails using the Postmark service. Create a Postmark account and insert the token here:

Type

Default Value

ini
POSTMARK_SERVER_SECRET=abc2454232
POSTMARK_FROM=Humio <humio@example.com>

POSTMARK_SERVER_SECRET

See POSTMARK_FROM above.

Type

Default Value

PREFIX_AUTHORIZATION_ENABLED

Type

Default Value

PRIMARY_STORAGE_MAX_FILL_PERCENTAGE

SECONDARY_DATA_DIRECTORY enables using a secondary file system to store segment files. When to move the files is controlled by PRIMARY_STORAGE_PERCENTAGE. Secondary storage is not enabled by default. Note, that when using Docker, make sure to mount the volume into the container as well. See the page on Secondary Storage for more information.

Type

Default Value

ini
PRIMARY_STORAGE_PERCENTAGE=80
PRIMARY_STORAGE_MAX_FILL_PERCENTAGE=95
SECONDARY_DATA_DIRECTORY=/secondaryMountPoint/humio-data2
SECONDARY_STORAGE_MAX_FILL_PERCENTAGE=95

These properties define the disk space limits at which Humio will throttle itself to avoid filling the disks. When the primary disk cap is hit, Humio will attempt to use the secondary storage instead. If both caps are hit, the affected Humio node will pause processing of logs, and will avoid downloading segments from other nodes or buckets, until disk space is freed.

PRIMARY_STORAGE_PERCENTAGE

See PRIMARY_STORAGE_MAX_FILL_PERCENTAGE above for an example and more information.

Type

Default Value

PROMETHEUS_METRICS_PORT

Setting this variable will enable Prometheus to scrape metrics from Humio.

Type

Default Value

PUBLIC_URL

The PUBLIC_URL is the URL where the Humio instance is reachable from a browser. Trailing slashes in the URL are discarded.

Type

String

Default Value

This property is only important if you plan to use OAuth Federated Login, Auth0 Login, or if you want to be able to have messages from Actions have consistent links back to the Humio User Interface. For the latter, you can also use ACTION_LINK_BASE_URL.

ini
PUBLIC_URL=https://humio.mycompany.com

Users or browsers will use this URL to reach the server. It’s used to create links to the server. It’s important to set this property when using OAuth authentication or alerts.

It’s not a problem if the URL is only reachable behind a VPN, as the user’s browser can still access it.

QUERY_CACHE_MIN_COST

Type

Long

Default Value

1000L

QUERY_COORDINATOR

Whether this node should act as a query coordinator. Query coordinators are responsible for sending subqueries to storage nodes and combining the results. In clusters with “httponly” nodes (as described above), it often makes sense to set this to false for non-httponly nodes.

Type

Boolean

Default Value

true

See ENABLE_QUERY_LOAD_BALANCING and NODE_ROLES for more information.

QUERY_EXECUTOR_CORES

Type

Integer

Default Value

Derived from the number of CPU cores, Humio internally sets QUERY_EXECUTOR_CORES and DIGEST_EXECUTOR_CORES to half that number (but a minimum of 2) to reduce pressure on context switching due to hyper-threading since the number of CPU cores usually include hyperthreads.

See CORES above for more information.

QUERY_STATE_SIZE_LOGGING_INTERVAL_SECONDS

Type

Long

Default Value

READ_GROUP_PERMISSIONS_FROM_FILE

If Humio previously used a RBAC configuration file, this can be converted to the new RBAC model with this variable is enabled and PERMISSION_MODEL_MODE is set to advanced.

Type

Boolean

Default Value

false

ini
PERMISSION_MODEL_MODE=advanced
READ_GROUP_PERMISSIONS_FROM_FILE=true

When starting Humio with this configuration, Groups and Roles will be converted and visible under Administration, but in read only mode, since it’s read from the RBAC configuration file.

S3_ARCHIVING_ACCESSKEY

Type

Default Value

S3_ARCHIVING_ENDPOINT_BASE

Type

Default Value

S3_ARCHIVING_SECRETKEY

Type

Default Value

S3_ARCHIVING_USE_HTTP_PROXY

The first two options here are for setting the S3 access keys for archiving of ingested logs in an export format.

Type

Boolean

Default Value

true

You could instead point to your own hosting endpoint for the S3 to use for archiving. To use a non-AWS endpoint with the S3_ARCHIVING_ENDPOINT_BASE, setting it to the URL (e.g., http://my-own-s3:8080).

ini
S3_ARCHIVING_ACCESSKEY=$ACCESS_KEY
S3_ARCHIVING_SECRETKEY=$SECRET_KEY
S3_ARCHIVING_WORKERCOUNT=1
S3_ARCHIVING_USE_HTTP_PROXY=false

The third option here is to set the number of parallel workers for upload. The default is 1. The fourth option is to say whether to use the globally configured HTTP proxy for communicating with S3. This is enabled by default.

The fourth option here makes Humio assume the that the primary data storage may be lost when restarting Humio. If set to true, Humio will attempt to delay shutdown until all required files have been copied to bucket storage. It also affects calculations on replicas to take into account the fact that replicas listed on other hosts cannot be trusted.

Humio can also be configured not to use the proxy server for communication with S3 for Bucket Storage, and S3 Archiving.

S3_ARCHIVING_WORKERCOUNT

Type

Default Value

S3_STORAGE_ACCESSKEY

Bucket storage (S3 variant. For Google variant, replace “S3” with “GCP” in all the following keys.) - infinite storage using local disks as cache. See the page on Bucket Storage for more information. These two take precedence over all other AWS access methods.

Type

Default Value

ini
S3_STORAGE_ACCESSKEY=$ACCESS_KEY
S3_STORAGE_SECRETKEY=$SECRET_KEY
S3_STORAGE_ENCRYPTION_KEY=$ENCRYPTION_SECRET

Also supported, are AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. The third option here is to set the encryption key, which can be any UTF-8 string. The suggested value is 64 or more random ASCII characters.

You could instead point to your own hosting endpoint for the S3 to use for storage. To use a non-AWS endpoint with the S3_STORAGE_ENDPOINT_BASE, setting it to the URL (e.g., http://my-own-s3:8080).

S3_STORAGE_BUCKET

Type

Default Value

ini
S3_STORAGE_WORKERCOUNT=1
S3_STORAGE_BUCKET=$BUCKET_NAME
S3_STORAGE_REGION=$BUCKET_REGION

Optional prefix for all object keys, empty if not set. Allows sharing a bucket for more Humio clusters by letting them each write to a unique prefix. Note, there is a performance penalty when using a non-empty prefix. Humio recommends an unset prefix. (S3_STORAGE_OBJECT_KEY_PREFIX=basefolder)

Use the globally configured HTTP proxy for communicating with S3. Default is true. (S3_STORAGE_USE_HTTP_PROXY=false)

S3_STORAGE_CHUNK_SIZE

For improved performance, you can set the S3/GCP storage sizes. The first option here sets the chunks for upload. The minimum is 5 MB, and the maximum is 8 MB — the default is 8 MB.

Type

Default Value

ini
S3_STORAGE_CHUNK_SIZE=8388608
S3_STORAGE_CHUNK_COUNT=4
S3_STORAGE_UPLOAD_CONCURRENCY=vcores/2
S3_STORAGE_DOWNLOAD_CONCURRENCY=vcores/2

The second option here is for the number of parallel chunks at a time for each file. This is only for S3. The third option is for the number of concurrent uploading files. The last is the number of concurrent downloading files.

S3_STORAGE_CHUNK_COUNT

Type

Default Value

See S3_STORAGE_CHUNK_SIZE above for more information.

S3_STORAGE_DOWNLOAD_CONCURRENCY

Type

Default Value

See S3_STORAGE_CHUNK_SIZE above for more information.

S3_STORAGE_UPLOAD_CONCURRENCY

Type

Default Value

See S3_STORAGE_CHUNK_SIZE above for more information.

S3_STORAGE_ENCRYPTION_KEY

Type

Default Value

S3_STORAGE_ENDPOINT_BASE

Type

Default Value

See S3_STORAGE_ACCESSKEY above for more information.

S3_STORAGE_HCP_COMPAT

Type

Boolean

Default Value

false

S3_STORAGE_OBJECT_KEY_PREFIX

Type

Default Value

S3_STORAGE_REGION

Type

Default Value

See S3_STORAGE_BUCKET above for more information.

S3_STORAGE_SECRETKEY

Bucket storage (S3 variant. For Google variant, replace “S3” with “GCP” in all the following keys.) - infinite storage using local disks as cache. See the page on Bucket Storage for more information. These two take precedence over all other AWS access methods.

Type

Default Value

ini
S3_STORAGE_ACCESSKEY=$ACCESS_KEY
S3_STORAGE_SECRETKEY=$SECRET_KEY
S3_STORAGE_ENCRYPTION_KEY=$ENCRYPTION_SECRET

S3_STORAGE_WORKERCOUNT

Number of parallel workers for upload.

Type

Default Value

ini
S3_STORAGE_WORKERCOUNT=1
S3_STORAGE_BUCKET=$BUCKET_NAME
S3_STORAGE_REGION=$BUCKET_REGION

See S3_STORAGE_BUCKET above for more information.

SAML_DEBUG

Type

Boolean

Default Value

false

SAML_IDP_CERTIFICATE

This variable is used to provide a certificate for authentication. It must be in PEM format (see Privacy-Enhanced Mail).

Type

Default Value

ini
AUTHENTICATION_METHOD=saml
PUBLIC_URL=$YOUR_SERVERS_BASE_URL
SAML_IDP_SIGN_ON_URL=$IDP_SIGNON_URL
SAML_IDP_ENTITY_ID=$IDP_ENTITY_ID
SAML_IDP_CERTIFICATE=$PATH_TO_PEM
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true

$PATH_TO_PEM might be /home/humio/GoogleIDPCertificate-humio.com.pem.

See SAML_IDP_SIGN_ON_URL.

SAML_IDP_ENTITY_ID

This identifies your IDP and is used internally in the authentication flow.

Type

Default Value

ini
...
SAML_IDP_ENTITY_ID=$IDP_ENTITY_ID
...

The value of $IDP_ENTITY_ID could be something like, https://accounts.google.com/o/saml2?idpid=C0453.

See SAML_IDP_SIGN_ON_URL below.

SAML_IDP_SIGN_ON_URL

When a user tries to access Humio the authentication flow will start by redirecting the user to this value of this variable.

Type

String

Default Value

ini
AUTHENTICATION_METHOD=saml
PUBLIC_URL=$YOUR_SERVERS_BASE_URL
SAML_IDP_SIGN_ON_URL=$IDP_SIGNON_URL
SAML_IDP_ENTITY_ID=$IDP_ENTITY_ID
SAML_IDP_CERTIFICATE=$PATH_TO_PEM  # /home/humio/GoogleIDPCertificate-humio.com.pem
AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true  # default is false

The value of $IDP_SIGNON_URL could be something like, https://accounts.google.com/o/saml2/idp?idpid=C0453.

SAML_GROUP_MEMBERSHIP_ATTRIBUTE

With this variable, you can configure Humio to synchronize the groups upon successful login in Humio.

Type

Default Value

ini
SAML_GROUP_MEMBERSHIP_ATTRIBUTE=http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN=true

SAML_USER_ATTRIBUTE

Instead of using NameId for mapping users from the IDP to Humio, a user attribute name can be configured to something else.

Type

Default Value

ini
SAML_USER_ATTRIBUTE=email

In this example, Humio will use the mail attribute from the IDPs SAML response after a successful authentication.

SANGRIA_LOG_SLOW_MILLIS

Type

Default Value

SCHEDULED_SEARCH_BACKFILL_LIMIT

Controls the global maximum backfill limit for scheduled searches. In cases where a scheduled search cannot be executed, such as if Humio is shut down, Humio will try to backfill missed searches one at a time from oldest to newest. With this parameter you can set the global limit for how many searches to backfill. User’s are also able to set a backfill limit for each individual search, but this is not allowed to exceed the limit defined below.

Type

Integer

Default Value

5

Introduced

1.19

If this global limit is to -1 the backfill limit on a scheduled search will take precedence. If this global limit is changed, such that the limit set on a scheduled search then exceeds the new global limit, then the backfill will be capped at this new global limit.

SCHEDULED_SEARCH_DESPITE_WARNINGS

Controls whether a scheduled search should trigger its associated action(s), even when the result of the executed query contains warnings.

Type

Boolean

Default Value

false

Introduced

1.19

SECONDARY_DATA_DIRECTORY

SECONDARY_DATA_DIRECTORY enables using a secondary file system to store segment files. When to move the files is controlled by PRIMARY_STORAGE_PERCENTAGE. Secondary storage is not enabled by default. Note, that when using Docker, make sure to mount the volume into the container as well.

Type

Default Value

See the page on Secondary Storage for more information.

ini
PRIMARY_STORAGE_PERCENTAGE=80
PRIMARY_STORAGE_MAX_FILL_PERCENTAGE=95
SECONDARY_DATA_DIRECTORY=/secondaryMountPoint/humio-data2
SECONDARY_STORAGE_MAX_FILL_PERCENTAGE=95

These properties define the disk space limits at which Humio will throttle itself to avoid filling the disks. When the primary disk cap is hit, Humio will attempt to use the secondary storage instead. If both caps are hit, the affected Humio node will pause processing of logs, and will avoid downloading segments from other nodes or buckets, until disk space is freed.

SECONDARY_STORAGE_MAX_FILL_PERCENTAGE

Type

Default Value

ini
...
SECONDARY_STORAGE_MAX_FILL_PERCENTAGE=95
...

See SECONDARY_DATA_DIRECTORY above for more information.

SEGMENT_UNDER_REPLICATION_GRACE_PERIOD_MILLIS

Type

Long

Default Value

30 * 1000

SEND_USER_INVITES

You can disable email invitations by setting this environment variable to a value of false.

Type

Boolean

Default Value

true

See the Email Configuration documentation page for more information.

SERVER

Type

Default Value

SHARED_DASHBOARDS_ENABLED

The SHARED_DASHBOARDS_ENABLED option is used to disable shared dashboards, such wall monitors.

Type

Boolean

Default Value

false

The main reason to do this is if your organization requires stricter security than what is permitted by the URL shared secret used for shared dashboards.

ini
# SHARED_DASHBOARDS_ENABLED=false

SHARED_BLOCK_INVOKER_THRESHOLD

Type

Long

Default Value

100 * 1024 * 1024 * 1024L

SHUTDOWN_ABORT_FLUSH_TIMEOUT_MILLIS

Type

Long

Default Value

30 * 1000L

How long the digest worker thread should keep working on flushing the contents of in-memory buffers when Humio is told to shut down using “sigterm” (normal shutdown). Default to 300 seconds as millis. If too low, then the next startup will need to start further back in time on the ingest queue.

ini
#SHUTDOWN_ABORT_FLUSH_TIMEOUT_MILLIS=300000

Optional: Allow the Humio JVM to exit if it detects more time is spent on GC than on actual computations. See GC_KILL_FACTOR and GC_KILL_THRESHOLD_MILLIS.

SINGLE_USER_PASSWORD

To start Humio in single-user mode, you need to set to AUTHENTICATION_METHOD to single-user and use this variable to provide the user’s password.

Type

Default Value

ini
AUTHENTICATION_METHOD=single-user
SINGLE_USER_PASSWORD=<your-password>

SMTP_HOST

Let Humio send emails using an SMTP server. ONLY put a password here if you also enable starttls. Otherwise you will expose your password. Below is an example excerpt from the Humio configuration file for a server using GMail:

Type

Default Value

ini
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SENDER_ADDRESS=you@domain.com
SMTP_USE_STARTTLS=true
SMTP_USERNAME=you@domain.com
SMTP_PASSWORD=your-secret-password

Alternatively, here’s an example excerpt using a local clear-text, non-authenticated SMTP server:

ini
SMTP_HOST=localhost
SMTP_PORT=25
SMTP_SENDER_ADDRESS=you@domain.com
SMTP_USE_STARTTLS=false

SMTP_PASSWORD

Type

Default Value

ini
...
SMTP_USERNAME=you@domain.com
SMTP_PASSWORD=your-secret-password

See SMTP_HOST above for more information and examples.

SMTP_PORT

Type

Optional Integer

Default Value

none

ini
...
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587

See SMTP_HOST above for more information and examples.

SMTP_SENDER_ADDRESS

Type

Default Value

ini
...
SMTP_SENDER_ADDRESS=you@domain.com

See SMTP_HOST above for more information and examples.

SMTP_USE_STARTTLS

Type

Default Value

ini
SMTP_USE_STARTTLS=true

See SMTP_HOST above for more information and examples.

SMTP_USERNAME

Type

Default Value

ini
...
SMTP_USERNAME=you@domain.com
SMTP_PASSWORD=your-secret-password

See SMTP_HOST above for more information and examples.

STORAGE_REPLICATION_FACTOR

Sets the replication factor for storage.

Type

Optional Integer

Default Value

ini
#STORAGE_REPLICATION_FACTOR=2

Humio can provide auto-balanced partition table suggestions based on zones and replication factor settings. Suggestions will only be enabled when DIGEST_REPLICATION_FACTOR and STORAGE_REPLICATION_FACTOR settings are set. If no host has ZONE set, then each node is considered as being in its own zone.

See ZONE for more information.

STREAMING_QUERY_KEEPALIVE_NEWLINES

Whether to emit a newline into streaming query responses every 10 seconds if there is nothing else to send.

Type

Boolean

Default Value

false

This setting applies to requests made by clients external to Humio.

ini
STREAMING_QUERY_KEEPALIVE_NEWLINES=false
STREAMING_QUERY_KEEPALIVE_NEWLINES_ON_NODES=false
STREAMING_QUERY_KEEPALIVE_TIMEOUT=10

STREAMING_QUERY_KEEPALIVE_NEWLINES_ON_NODES

Whether to emit a newline into streaming query responses for requests every 10 seconds if there is nothing else to send. This setting applies to requests made internally by Humio itself.

Type

Boolean

Default Value

false

See STREAMING_QUERY_KEEPALIVE_NEWLINES above for an example and for more information.

STREAMING_QUERY_KEEPALIVE_TIMEOUT

The keep alive duration to set on HTTP responses for streaming queries. Defaults to not being set. If unset, the keep-alive header will not be used.

Type

Optional Integer

Default Value

See STREAMING_QUERY_KEEPALIVE_NEWLINES above for an example and for more information.

TAG_HASHING_BUCKETS

Humio supports auto-grouping of tags using this configuration variable and MAX_DISTINCT_TAG_VALUES.

Type

Integer

Default Value

32

Humio checks the number of distinct values for each key in each tag combination against MAX_DISTINCT_TAG_VALUES at regular intervals. If this threshold is exceeded, a new grouping rule is added with the modulus set to the value set in TAG_HASHING_BUCKETS, but only if there is no rule for that tag key.

You can configure rules using the Cluster Management API and decide the number of buckets there. This is preferable to auto-detecting, as the auto-detection works after the fact and thus leaves a large number of unused data sources that will need to get deleted by retention at some point. The auto-grouping support is meant as a safety measure to avoid suddenly creating many data sources by mistake for a single tag key.

See the Cluster Management API documentation page for more information.

TCP_INGEST_MAX_TIMEOUT_SECONDS

Type

Long

Default Value

TLS_KEY_PASSWORD

Type

Default Value

The key password. For PKCS12, this should be the same as the keystore password.

ini
TLS_KEY_PASSWORD=somekeypassword

TLS_CIPHER_SUITES

Which TLS protocols and cipher suites to allow when communicating.

Type

Default Value

ini
TLS_PROTOCOLS=TLSv1.2,TLSv1.3
TLS_CIPHER_SUITES=TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_CLIENT_ALIAS

The alias of the key in the keystore to use when Humio makes a client request from other Humio instances or to a webhook notifier. If not set, an arbitrary key is chosen.

Type

Default Value

ini
TLS_CLIENT_ALIAS=humio.example.com

TLS_CLIENT_AUTH

Whether to require TLS client authentication. Defaults to false.

Type

Default Value

ini
TLS_CLIENT_AUTH=true

TLS_DEFAULT_ALIAS

The alias of the key in the keystore to use when a serving a client without an SNI extension header. If not set, an arbitrary key is chosen.

Type

Default Value

ini
TLS_DEFAULT_ALIAS=humio.example.com

TLS_PROTOCOLS

Which TLS protocols to allow when communicating. See TLS_CIPHER_SUITES above.

Type

Default Value

TLS_SERVER

Whether Humio should use TLS when serving the web interface, API, and internal API. This is enabled by default if keystore is provided. This is useful if you eg. want Humio to present a specific certificate when doing HTTPS client requests (for eg. TLS authentication), but do not need a fully encrypted Humio cluster.

Type

Default Value

ini
TLS_SERVER=true

TLS_TRUSTSTORE_LOCATION

The path to the truststore.

Type

Default Value

ini
TLS_TRUSTSTORE_LOCATION=/path/to/truststore

TLS_TRUSTSTORE_PASSWORD

The password to unlock the truststore, if any.

Type

Default Value

ini
TLS_TRUSTSTORE_PASSWORD=sometruststorepassword

TLS_TRUSTSTORE_TYPE

The type of the keystore. Can either be PKCS12 or JKS. If not set, the type will be inferred from the filename extension

Type

Default Value

ini
TLS_TRUSTSTORE_TYPE=PKCS12

THREAD_SIZE_LOGGING_INTERVAL_SECONDS

Type

Long

Default Value

TOP_K_MAX_MAP_SIZE_HISTORICAL

Type

Integer

Default Value

32 * 1024

TOP_K_MAX_MAP_SIZE_LIVE

Type

Integer

Default Value

8 * 1024

UI_AUTH_FLOW

Type

Boolean

Default Value

true

USE_INGEST_QUEUE

Type

Boolean

Default Value

true

USE_JAVA_REGEX

Type

Boolean

Default Value

false

USE_JAVA_REGEX_FOR_INTERNALS

Type

Boolean

Default Value

true

USING_EPHEMERAL_DISKS

The USING_EPHEMERAL_DISKS option requires S3/GCP storage. It should either be set on all nodes in a cluster, or on none of them. Don’t set it on only some nodes.

Type

Boolean

Default Value

false

ini
USING_EPHEMERAL_DISKS=false

VALUE_DEDUP_LEVEL

Many events have fields with values where one field holds a substring of the value from another. This is the case in particular if the event arrives with a @rawstring with the full event which then gets parsed using a parser that stores copies of many substrings from @rawstring in other fields. Humio removes duplication of these values before storing them in the segment files. This config limits how much cpu time is spent on that effort. The default is to follow the compression level. Default: 9. Minimum: 0. Maximum: 21. Adding one allows double the time.

Type

Integer

Default Value

ini
COMPRESSION_TYPE=high
COMPRESSION_LEVEL=9
COMPRESSION_LEVEL_MINI=0
VALUE_DEDUP_LEVEL=COMPRESSION_LEVEL

See COMPRESSION_TYPE above for more information.

VERBOSE_AUTH

Type

Boolean

Default Value

false

VERIFY_CRC32_ON_SEGMENT_FILES

Type

Boolean

Default Value

true

Introduced

1.1.16

This option below is to verify checksum of segments files when reading them. The default value is true. It allows detecting partial and malformed files.

ini
VERIFY_CRC32_ON_SEGMENT_FILES=true

WARN_ON_INGEST_DELAY_MILLIS

Warn when ingest is delayed. How much should the ingest delay fall behind before a warning is shown in the search UI.

Type

Integer

Default Value

120 * 1000

ini
WARN_ON_INGEST_DELAY_MILLIS=30000

ZONE

Humio can provide auto-balanced partition table suggestions based on zones and replication factor settings. Suggestions will only be enabled when DIGEST_REPLICATION_FACTOR and STORAGE_REPLICATION_FACTOR settings are set. If no host has ZONE set, then each node is considered as being in its own zone. If ZONE is set, Humio will spread partitions across the different zones.

Type

Default Value

Zone label, eg. ‘rack01’ or ‘rack02’. If not set, a node will be its own zone.

ini
#ZONE=rack01

ZOOKEEPER_PREFIX_FOR_NODE_UUID

To autoselect an ID in an environment where the disks are ephemeral Humio can let zookeeper assign the ID in the case where the local filesystem does not have any data files and no “cluster_membership.uuid” file.

Type

Default Value

The option ZOOKEEPER_PREFIX_FOR_NODE_UUID (defaulting to /humio_autouuid_) sets the prefix to allows rack awareness by using a value that is distinct for each rack / availability zone.

ZOOKEEPER_SESSIONTIMEOUT_FOR_NODE_UUID

Type

Integer

Default Value

5000

ZOOKEEPER_URL

Sets the Zookeeper servers. Defaults to “localhost:2181”, which is OK for a single server system, but should be set to a comma-separated host:port pairs string. Example: zoohost01:2181,zoohost02:2181,zoohost03:2181. Note, there is no security on the Zookeeper connections. Keep inside trusted LAN.

Type

String

Default Value

ini
# ZOOKEEPER_URL_FOR_NODE_UUID=host1:2181,host2:2181,host3:2181
# ZOOKEEPER_PREFIX_FOR_NODE_UUID=/humio_autouuid_
ZOOKEEPER_URL=localhost:2181

ZOOKEEPER_URL_FOR_NODE_UUID

Conflicts with BOOTSTRAP_HOST_ID and BOOTSTRAP_HOST_UUID_COOKIE This is disabled by default. Turn on only for a fresh cluster.

Type

Default Value

See ZOOKEEPER_URL above for more information.