--- description: Configuration reference for the parameters used to configure Grafana Loki. title: Grafana Loki configuration parameters --- ## Printing Loki config at runtime If you pass Loki the flag `-print-config-stderr` or `-log-config-reverse-order`, (or `-print-config-stderr=true`) Loki will dump the entire config object it has created from the built-in defaults combined first with overrides from config file, and second by overrides from flags. The result is the value for every config object in the Loki config struct, which is very large... Many values will not be relevant to your install such as storage configs which you are not using and which you did not define, this is expected as every option has a default value if it is being used or not. This config is what Loki will use to run, it can be invaluable for debugging issues related to configuration and is especially useful in making sure your config files and flags are being read and loaded properly. `-print-config-stderr` is nice when running Loki directly e.g. `./loki ` as you can get a quick output of the entire Loki config. `-log-config-reverse-order` is the flag we run Loki with in all our environments, the config entries are reversed so that the order of configs reads correctly top to bottom when viewed in Grafana's Explore. ## Configuration file reference To specify which configuration file to load, pass the `-config.file` flag at the command line. The value can be a list of comma separated paths, then the first file that exists will be used. If no `-config.file` argument is specified, Loki will look up the `config.yaml` in the current working directory and the `config/` subdirectory and try to use that. The file is written in [YAML format](https://en.wikipedia.org/wiki/YAML), defined by the scheme below. Brackets indicate that a parameter is optional. For non-list parameters the value is set to the specified default. ### Use environment variables in the configuration > **Note:** This feature is only available in Loki 2.1+. You can use environment variable references in the configuration file to set values that need to be configurable during deployment. To do this, pass `-config.expand-env=true` and use: ``` ${VAR} ``` Where VAR is the name of the environment variable. Each variable reference is replaced at startup by the value of the environment variable. The replacement is case-sensitive and occurs before the YAML file is parsed. References to undefined variables are replaced by empty strings unless you specify a default value or custom error text. To specify a default value, use: ``` ${VAR:-default_value} ``` Where default_value is the value to use if the environment variable is undefined. Pass the `-config.expand-env` flag at the command line to enable this way of setting configs. ### Generic placeholders - `` : a boolean that can take the values `true` or `false` - `` : any integer matching the regular expression `[1-9]+[0-9]*` - `` : a duration matching the regular expression `[0-9]+(ns|us|µs|ms|[smh])` - `` : a string matching the regular expression `[a-zA-Z_][a-zA-Z0-9_]*` - `` : a string of unicode characters - `` : a valid path relative to current working directory or an absolute path. - `` : a valid string consisting of a hostname or IP followed by an optional port number - `` : a string - `` : a string that represents a secret, such as a password ### Supported contents and default values of `loki.yaml` ```yaml # A comma-separated list of components to run. The default value 'all' runs Loki # in single binary mode. The value 'read' is an alias to run only read-path # related components such as the querier and query-frontend, but all in the same # process. The value 'write' is an alias to run only write-path related # components such as the distributor and compactor, but all in the same process. # Supported values: all, compactor, distributor, ingester, querier, # query-scheduler, ingester-querier, query-frontend, index-gateway, ruler, # table-manager, read, write. A full list of available targets can be printed # when running Loki with the '-list-targets' command line flag. # CLI flag: -target [target: | default = "all"] # Enables authentication through the X-Scope-OrgID header, which must be present # if true. If false, the OrgID will always be set to 'fake'. # CLI flag: -auth.enabled [auth_enabled: | default = true] # The amount of virtual memory in bytes to reserve as ballast in order to # optimize garbage collection. Larger ballasts result in fewer garbage # collection passes, reducing CPU overhead at the cost of heap size. The ballast # will not consume physical memory, because it is never read from. It will, # however, distort metrics, because it is counted as live memory. # CLI flag: -config.ballast-bytes [ballast_bytes: | default = 0] # Configures the server of the launched module(s). [server: ] # Configures the distributor. [distributor: ] # Configures the querier. Only appropriate when running all modules or just the # querier. [querier: ] querier_rf1: # Enable the RF1 querier. If set, replaces the usual querier with an RF-1 # querier. # CLI flag: -querier-rf1.enabled [enabled: | default = false] # Time to wait before sending more than the minimum successful query requests. # CLI flag: -querier-rf1.extra-query-delay [extra_query_delay: | default = 0s] engine: # The maximum amount of time to look back for log lines. Used only for # instant log queries. # CLI flag: -querier-rf1.engine.max-lookback-period [max_look_back_period: | default = 30s] # The maximum number of queries that can be simultaneously processed by the # querier. # CLI flag: -querier-rf1.max-concurrent [max_concurrent: | default = 4] # When true, querier limits sent via a header are enforced. # CLI flag: -querier-rf1.per-request-limits-enabled [per_request_limits_enabled: | default = false] # The query_scheduler block configures the Loki query scheduler. When configured # it separates the tenant query queues from the query-frontend. [query_scheduler: ] # The frontend block configures the Loki query-frontend. [frontend: ] # The query_range block configures the query splitting and caching in the Loki # query-frontend. [query_range: ] # The ruler block configures the Loki ruler. [ruler: ] # The ingester_client block configures how the distributor will connect to # ingesters. Only appropriate when running all components, the distributor, or # the querier. [ingester_client: ] # The ingester_client block configures how the distributor will connect to # ingesters. Only appropriate when running all components, the distributor, or # the querier. [ingester_rf1_client: ] # The ingester block configures the ingester and how the ingester will register # itself to a key value store. [ingester: ] ingester_rf1: # Whether the ingester is enabled. # CLI flag: -ingester-rf1.enabled [enabled: | default = false] # Configures how the lifecycle of the ingester will operate and where it will # register for discovery. lifecycler: ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, # etcd, inmemory, memberlist, multi. # CLI flag: -ingester-rf1.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -ingester-rf1.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected # kvstore is consul. # The CLI flags prefix for this block configuration is: ingester-rf1 [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected # kvstore is etcd. # The CLI flags prefix for this block configuration is: ingester-rf1 [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -ingester-rf1.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -ingester-rf1.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -ingester-rf1.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -ingester-rf1.multi.mirror-timeout [mirror_timeout: | default = 2s] # The heartbeat timeout after which ingesters are skipped for # reads/writes. 0 = never (timeout disabled). # CLI flag: -ingester-rf1.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # The number of ingesters to write to and read from. # CLI flag: -ingester-rf1.distributor.replication-factor [replication_factor: | default = 3] # True to enable the zone-awareness and replicate ingested samples across # different availability zones. # CLI flag: -ingester-rf1.distributor.zone-awareness-enabled [zone_awareness_enabled: | default = false] # Comma-separated list of zones to exclude from the ring. Instances in # excluded zones will be filtered out from the ring. # CLI flag: -ingester-rf1.distributor.excluded-zones [excluded_zones: | default = ""] # Number of tokens for each ingester. # CLI flag: -ingester-rf1.num-tokens [num_tokens: | default = 128] # Period at which to heartbeat to consul. 0 = disabled. # CLI flag: -ingester-rf1.heartbeat-period [heartbeat_period: | default = 5s] # Heartbeat timeout after which instance is assumed to be unhealthy. 0 = # disabled. # CLI flag: -ingester-rf1.heartbeat-timeout [heartbeat_timeout: | default = 1m] # Observe tokens after generating to resolve collisions. Useful when using # gossiping ring. # CLI flag: -ingester-rf1.observe-period [observe_period: | default = 0s] # Period to wait for a claim from another member; will join automatically # after this. # CLI flag: -ingester-rf1.join-after [join_after: | default = 0s] # Minimum duration to wait after the internal readiness checks have passed # but before succeeding the readiness endpoint. This is used to slowdown # deployment controllers (eg. Kubernetes) after an instance is ready and # before they proceed with a rolling update, to give the rest of the cluster # instances enough time to receive ring updates. # CLI flag: -ingester-rf1.min-ready-duration [min_ready_duration: | default = 15s] # Name of network interface to read address from. # CLI flag: -ingester-rf1.lifecycler.interface [interface_names: | default = []] # Enable IPv6 support. Required to make use of IP addresses from IPv6 # interfaces. # CLI flag: -ingester-rf1.enable-inet6 [enable_inet6: | default = false] # Duration to sleep for before exiting, to ensure metrics are scraped. # CLI flag: -ingester-rf1.final-sleep [final_sleep: | default = 0s] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. # CLI flag: -ingester-rf1.tokens-file-path [tokens_file_path: | default = ""] # The availability zone where this instance is running. # CLI flag: -ingester-rf1.availability-zone [availability_zone: | default = ""] # Unregister from the ring upon clean shutdown. It can be useful to disable # for rolling restarts with consistent naming in conjunction with # -distributor.extend-writes=false. # CLI flag: -ingester-rf1.unregister-on-shutdown [unregister_on_shutdown: | default = true] # When enabled the readiness probe succeeds only after all instances are # ACTIVE and healthy in the ring, otherwise only the instance itself is # checked. This option should be disabled if in your cluster multiple # instances can be rolled out simultaneously, otherwise rolling updates may # be slowed down. # CLI flag: -ingester-rf1.readiness-check-ring-health [readiness_check_ring_health: | default = true] # IP address to advertise in the ring. # CLI flag: -ingester-rf1.lifecycler.addr [address: | default = ""] # port to advertise in consul (defaults to server.grpc-listen-port). # CLI flag: -ingester-rf1.lifecycler.port [port: | default = 0] # ID to register in the ring. # CLI flag: -ingester-rf1.lifecycler.ID [id: | default = ""] # The maximum age of a segment before it should be flushed. Increasing this # value allows more time for a segment to grow to max-segment-size, but may # increase latency if the write volume is too small. # CLI flag: -ingester-rf1.max-segment-age [max_segment_age: | default = 500ms] # The maximum size of a segment before it should be flushed. It is not a # strict limit, and segments can exceed the maximum size when individual # appends are larger than the remaining capacity. # CLI flag: -ingester-rf1.max-segment-size [max_segment_size: | default = 8388608] # The maximum number of segments to buffer in-memory. Increasing this value # allows for large bursts of writes to be buffered in memory, but may increase # latency if the write volume exceeds the rate at which segments can be # flushed. # CLI flag: -ingester-rf1.max-segments [max_segments: | default = 10] # How many flushes can happen concurrently from each stream. # CLI flag: -ingester-rf1.concurrent-flushes [concurrent_flushes: | default = 32] # How often should the ingester see if there are any blocks to flush. The # first flush check is delayed by a random time up to 0.8x the flush check # period. Additionally, there is +/- 1% jitter added to the interval. # CLI flag: -ingester-rf1.flush-check-period [flush_check_period: | default = 500ms] flush_op_backoff: # Minimum backoff period when a flush fails. Each concurrent flush has its # own backoff, see `ingester.concurrent-flushes`. # CLI flag: -ingester-rf1.flush-op-backoff-min-period [min_period: | default = 100ms] # Maximum backoff period when a flush fails. Each concurrent flush has its # own backoff, see `ingester.concurrent-flushes`. # CLI flag: -ingester-rf1.flush-op-backoff-max-period [max_period: | default = 1m] # Maximum retries for failed flushes. # CLI flag: -ingester-rf1.flush-op-backoff-retries [max_retries: | default = 10] # The timeout for an individual flush. Will be retried up to # `flush-op-backoff-retries` times. # CLI flag: -ingester-rf1.flush-op-timeout [flush_op_timeout: | default = 10s] # Forget about ingesters having heartbeat timestamps older than # `ring.kvstore.heartbeat_timeout`. This is equivalent to clicking on the # `/ring` `forget` button in the UI: the ingester is removed from the ring. # This is a useful setting when you are sure that an unhealthy node won't # return. An example is when not using stateful sets or the equivalent. Use # `memberlist.rejoin_interval` > 0 to handle network partition cases when # using a memberlist. # CLI flag: -ingester-rf1.autoforget-unhealthy [autoforget_unhealthy: | default = false] # The maximum number of errors a stream will report to the user when a push # fails. 0 to make unlimited. # CLI flag: -ingester-rf1.max-ignored-stream-errors [max_returned_stream_errors: | default = 10] # Shard factor used in the ingesters for the in process reverse index. This # MUST be evenly divisible by ALL schema shard factors or Loki will not start. # CLI flag: -ingester-rf1.index-shards [index_shards: | default = 32] # Maximum number of dropped streams to keep in memory during tailing. # CLI flag: -ingester-rf1.tailer.max-dropped-streams [max_dropped_streams: | default = 10] # Path where the shutdown marker file is stored. If not set and # common.path_prefix is set then common.path_prefix will be used. # CLI flag: -ingester-rf1.shutdown-marker-path [shutdown_marker_path: | default = ""] # Interval at which the ingester ownedStreamService checks for changes in the # ring to recalculate owned streams. # CLI flag: -ingester-rf1.owned-streams-check-interval [owned_streams_check_interval: | default = 30s] # How long stream metadata is retained in memory after it was last seen. # CLI flag: -ingester-rf1.stream-retain-period [stream_retain_period: | default = 5m] # Configures how the pattern ingester will connect to the ingesters. client_config: # Configures how connections are pooled. pool_config: # How frequently to clean up clients for ingesters that have gone away. # CLI flag: -ingester-rf1.client-cleanup-period [client_cleanup_period: | default = 15s] # Run a health check on each ingester client during periodic cleanup. # CLI flag: -ingester-rf1.health-check-ingesters [health_check_ingesters: | default = true] # Timeout for the health check. # CLI flag: -ingester-rf1.remote-timeout [remote_timeout: | default = 1s] # The remote request timeout on the client side. # CLI flag: -ingester-rf1.client.timeout [remote_timeout: | default = 5s] # Configures how the gRPC connection to ingesters work as a client. # The CLI flags prefix for this block configuration is: # pattern-ingester.client [grpc_client_config: ] pattern_ingester: # Whether the pattern ingester is enabled. # CLI flag: -pattern-ingester.enabled [enabled: | default = false] # Configures how the lifecycle of the pattern ingester will operate and where # it will register for discovery. lifecycler: ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, # etcd, inmemory, memberlist, multi. # CLI flag: -pattern-ingester.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -pattern-ingester.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected # kvstore is consul. # The CLI flags prefix for this block configuration is: pattern-ingester [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected # kvstore is etcd. # The CLI flags prefix for this block configuration is: pattern-ingester [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -pattern-ingester.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -pattern-ingester.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -pattern-ingester.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -pattern-ingester.multi.mirror-timeout [mirror_timeout: | default = 2s] # The heartbeat timeout after which ingesters are skipped for # reads/writes. 0 = never (timeout disabled). # CLI flag: -pattern-ingester.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # The number of ingesters to write to and read from. # CLI flag: -pattern-ingester.distributor.replication-factor [replication_factor: | default = 1] # True to enable the zone-awareness and replicate ingested samples across # different availability zones. # CLI flag: -pattern-ingester.distributor.zone-awareness-enabled [zone_awareness_enabled: | default = false] # Comma-separated list of zones to exclude from the ring. Instances in # excluded zones will be filtered out from the ring. # CLI flag: -pattern-ingester.distributor.excluded-zones [excluded_zones: | default = ""] # Number of tokens for each ingester. # CLI flag: -pattern-ingester.num-tokens [num_tokens: | default = 128] # Period at which to heartbeat to consul. 0 = disabled. # CLI flag: -pattern-ingester.heartbeat-period [heartbeat_period: | default = 5s] # Heartbeat timeout after which instance is assumed to be unhealthy. 0 = # disabled. # CLI flag: -pattern-ingester.heartbeat-timeout [heartbeat_timeout: | default = 1m] # Observe tokens after generating to resolve collisions. Useful when using # gossiping ring. # CLI flag: -pattern-ingester.observe-period [observe_period: | default = 0s] # Period to wait for a claim from another member; will join automatically # after this. # CLI flag: -pattern-ingester.join-after [join_after: | default = 0s] # Minimum duration to wait after the internal readiness checks have passed # but before succeeding the readiness endpoint. This is used to slowdown # deployment controllers (eg. Kubernetes) after an instance is ready and # before they proceed with a rolling update, to give the rest of the cluster # instances enough time to receive ring updates. # CLI flag: -pattern-ingester.min-ready-duration [min_ready_duration: | default = 15s] # Name of network interface to read address from. # CLI flag: -pattern-ingester.lifecycler.interface [interface_names: | default = []] # Enable IPv6 support. Required to make use of IP addresses from IPv6 # interfaces. # CLI flag: -pattern-ingester.enable-inet6 [enable_inet6: | default = false] # Duration to sleep for before exiting, to ensure metrics are scraped. # CLI flag: -pattern-ingester.final-sleep [final_sleep: | default = 0s] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. # CLI flag: -pattern-ingester.tokens-file-path [tokens_file_path: | default = ""] # The availability zone where this instance is running. # CLI flag: -pattern-ingester.availability-zone [availability_zone: | default = ""] # Unregister from the ring upon clean shutdown. It can be useful to disable # for rolling restarts with consistent naming in conjunction with # -distributor.extend-writes=false. # CLI flag: -pattern-ingester.unregister-on-shutdown [unregister_on_shutdown: | default = true] # When enabled the readiness probe succeeds only after all instances are # ACTIVE and healthy in the ring, otherwise only the instance itself is # checked. This option should be disabled if in your cluster multiple # instances can be rolled out simultaneously, otherwise rolling updates may # be slowed down. # CLI flag: -pattern-ingester.readiness-check-ring-health [readiness_check_ring_health: | default = true] # IP address to advertise in the ring. # CLI flag: -pattern-ingester.lifecycler.addr [address: | default = ""] # port to advertise in consul (defaults to server.grpc-listen-port). # CLI flag: -pattern-ingester.lifecycler.port [port: | default = 0] # ID to register in the ring. # CLI flag: -pattern-ingester.lifecycler.ID [id: | default = ""] # Configures how the pattern ingester will connect to the ingesters. client_config: # Configures how connections are pooled. pool_config: # How frequently to clean up clients for ingesters that have gone away. # CLI flag: -pattern-ingester.client-cleanup-period [client_cleanup_period: | default = 15s] # Run a health check on each ingester client during periodic cleanup. # CLI flag: -pattern-ingester.health-check-ingesters [health_check_ingesters: | default = true] # Timeout for the health check. # CLI flag: -pattern-ingester.remote-timeout [remote_timeout: | default = 1s] # The remote request timeout on the client side. # CLI flag: -pattern-ingester.client.timeout [remote_timeout: | default = 5s] # Configures how the gRPC connection to ingesters work as a client. # The CLI flags prefix for this block configuration is: # bloom-build.builder.grpc [grpc_client_config: ] # How many flushes can happen concurrently from each stream. # CLI flag: -pattern-ingester.concurrent-flushes [concurrent_flushes: | default = 32] # How often should the ingester see if there are any blocks to flush. The # first flush check is delayed by a random time up to 0.8x the flush check # period. Additionally, there is +/- 1% jitter added to the interval. # CLI flag: -pattern-ingester.flush-check-period [flush_check_period: | default = 1m] # The maximum number of detected pattern clusters that can be created by # streams. # CLI flag: -pattern-ingester.max-clusters [max_clusters: | default = 300] # The maximum eviction ratio of patterns per stream. Once that ratio is # reached, the stream will throttled pattern detection. # CLI flag: -pattern-ingester.max-eviction-ratio [max_eviction_ratio: | default = 0.25] # Configures the metric aggregation and storage behavior of the pattern # ingester. metric_aggregation: # Whether the pattern ingester metric aggregation is enabled. # CLI flag: -pattern-ingester.metric-aggregation.enabled [enabled: | default = false] # How often to downsample metrics from raw push observations. # CLI flag: -pattern-ingester.metric-aggregation.downsample-period [downsample_period: | default = 10s] # The address of the Loki instance to push aggregated metrics to. # CLI flag: -pattern-ingester.metric-aggregation.loki-address [loki_address: | default = ""] # The timeout for writing to Loki. # CLI flag: -pattern-ingester.metric-aggregation.timeout [timeout: | default = 10s] # How long to wait in between pushes to Loki. # CLI flag: -pattern-ingester.metric-aggregation.push-period [push_period: | default = 30s] # The HTTP client configuration for pushing metrics to Loki. http_client_config: basic_auth: [username: | default = ""] [username_file: | default = ""] [username_ref: | default = ""] [password: | default = ""] [password_file: | default = ""] [password_ref: | default = ""] authorization: [type: | default = ""] [credentials: | default = ""] [credentials_file: | default = ""] [credentials_ref: | default = ""] oauth2: [client_id: | default = ""] [client_secret: | default = ""] [client_secret_file: | default = ""] [client_secret_ref: | default = ""] [scopes: ] [token_url: | default = ""] [endpoint_params: ] tls_config: [ca: | default = ""] [cert: | default = ""] [key: | default = ""] [ca_file: | default = ""] [cert_file: | default = ""] [key_file: | default = ""] [ca_ref: | default = ""] [cert_ref: | default = ""] [key_ref: | default = ""] [server_name: | default = ""] [insecure_skip_verify: ] [min_version: ] [max_version: ] proxy_url: [url: ] [no_proxy: | default = ""] [proxy_from_environment: ] [proxy_connect_header: ] [bearer_token: | default = ""] [bearer_token_file: | default = ""] tls_config: [ca: | default = ""] [cert: | default = ""] [key: | default = ""] [ca_file: | default = ""] [cert_file: | default = ""] [key_file: | default = ""] [ca_ref: | default = ""] [cert_ref: | default = ""] [key_ref: | default = ""] [server_name: | default = ""] [insecure_skip_verify: ] [min_version: ] [max_version: ] [follow_redirects: ] [enable_http2: ] proxy_url: [url: ] [no_proxy: | default = ""] [proxy_from_environment: ] [proxy_connect_header: ] http_headers: [: ] # Whether to use TLS for pushing metrics to Loki. # CLI flag: -pattern-ingester.metric-aggregation.tls [use_tls: | default = false] # The basic auth configuration for pushing metrics to Loki. basic_auth: # Basic auth username for sending aggregations back to Loki. # CLI flag: -pattern-ingester.metric-aggregation.basic-auth.username [username: | default = ""] # Basic auth password for sending aggregations back to Loki. # CLI flag: -pattern-ingester.metric-aggregation.basic-auth.password [password: | default = ""] # The backoff configuration for pushing metrics to Loki. backoff_config: # Minimum delay when backing off. # CLI flag: -pattern-ingester.metric-aggregation.backoff-min-period [min_period: | default = 100ms] # Maximum delay when backing off. # CLI flag: -pattern-ingester.metric-aggregation.backoff-max-period [max_period: | default = 10s] # Number of times to backoff and retry before failing. # CLI flag: -pattern-ingester.metric-aggregation.backoff-retries [max_retries: | default = 10] # Configures the pattern tee which forwards requests to the pattern ingester. tee_config: # The size of the batch of raw logs to send for template mining # CLI flag: -pattern-ingester.tee.batch-size [batch_size: | default = 5000] # The max time between batches of raw logs to send for template mining # CLI flag: -pattern-ingester.tee.batch-flush-interval [batch_flush_interval: | default = 1s] # The number of log flushes to queue before dropping # CLI flag: -pattern-ingester.tee.flush-queue-size [flush_queue_size: | default = 1000] # the number of concurrent workers sending logs to the template service # CLI flag: -pattern-ingester.tee.flush-worker-count [flush_worker_count: | default = 100] # The max time we will try to flush any remaining logs to be mined when the # service is stopped # CLI flag: -pattern-ingester.tee.stop-flush-timeout [stop_flush_timeout: | default = 30s] # Timeout for connections between the Loki and the pattern ingester. # CLI flag: -pattern-ingester.connection-timeout [connection_timeout: | default = 2s] # The index_gateway block configures the Loki index gateway server, responsible # for serving index queries without the need to constantly interact with the # object store. [index_gateway: ] # Experimental: The bloom_compactor block configures the Loki bloom compactor # server, responsible for compacting stream indexes into bloom filters and # merging them as bloom blocks. [bloom_compactor: ] bloom_build: # Flag to enable or disable the usage of the bloom-planner and bloom-builder # components. # CLI flag: -bloom-build.enabled [enabled: | default = false] planner: # Interval at which to re-run the bloom creation planning. # CLI flag: -bloom-build.planner.interval [planning_interval: | default = 8h] # Newest day-table offset (from today, inclusive) to build blooms for. # Increase to lower cost by not re-writing data to object storage too # frequently since recent data changes more often at the cost of not having # blooms available as quickly. # CLI flag: -bloom-build.planner.min-table-offset [min_table_offset: | default = 1] # Oldest day-table offset (from today, inclusive) to compact. This can be # used to lower cost by not trying to compact older data which doesn't # change. This can be optimized by aligning it with the maximum # `reject_old_samples_max_age` setting of any tenant. # CLI flag: -bloom-build.planner.max-table-offset [max_table_offset: | default = 2] # Maximum number of tasks to queue per tenant. # CLI flag: -bloom-build.planner.max-tasks-per-tenant [max_queued_tasks_per_tenant: | default = 30000] retention: # Enable bloom retention. # CLI flag: -bloom-build.planner.retention.enabled [enabled: | default = false] builder: # The grpc_client block configures the gRPC client used to communicate # between a client and server component in Loki. # The CLI flags prefix for this block configuration is: # bloom-gateway-client.grpc [grpc_config: ] # Hostname (and port) of the bloom planner # CLI flag: -bloom-build.builder.planner-address [planner_address: | default = ""] backoff_config: # Minimum delay when backing off. # CLI flag: -bloom-build.builder.backoff.backoff-min-period [min_period: | default = 100ms] # Maximum delay when backing off. # CLI flag: -bloom-build.builder.backoff.backoff-max-period [max_period: | default = 10s] # Number of times to backoff and retry before failing. # CLI flag: -bloom-build.builder.backoff.backoff-retries [max_retries: | default = 10] # Experimental: The bloom_gateway block configures the Loki bloom gateway # server, responsible for serving queries for filtering chunks based on filter # expressions. [bloom_gateway: ] # The storage_config block configures one of many possible stores for both the # index and chunks. Which configuration to be picked should be defined in # schema_config block. [storage_config: ] # The chunk_store_config block configures how chunks will be cached and how long # to wait before saving them to the backing store. [chunk_store_config: ] # Configures the chunk index schema and where it is stored. [schema_config: ] # The compactor block configures the compactor component, which compacts index # shards for performance. [compactor: ] compactor_grpc_client: # gRPC client max receive message size (bytes). # CLI flag: -compactor.grpc-client.grpc-max-recv-msg-size [max_recv_msg_size: | default = 104857600] # gRPC client max send message size (bytes). # CLI flag: -compactor.grpc-client.grpc-max-send-msg-size [max_send_msg_size: | default = 104857600] # Use compression when sending messages. Supported values are: 'gzip', # 'snappy' and '' (disable compression) # CLI flag: -compactor.grpc-client.grpc-compression [grpc_compression: | default = ""] # Rate limit for gRPC client; 0 means disabled. # CLI flag: -compactor.grpc-client.grpc-client-rate-limit [rate_limit: | default = 0] # Rate limit burst for gRPC client. # CLI flag: -compactor.grpc-client.grpc-client-rate-limit-burst [rate_limit_burst: | default = 0] # Enable backoff and retry when we hit rate limits. # CLI flag: -compactor.grpc-client.backoff-on-ratelimits [backoff_on_ratelimits: | default = false] backoff_config: # Minimum delay when backing off. # CLI flag: -compactor.grpc-client.backoff-min-period [min_period: | default = 100ms] # Maximum delay when backing off. # CLI flag: -compactor.grpc-client.backoff-max-period [max_period: | default = 10s] # Number of times to backoff and retry before failing. # CLI flag: -compactor.grpc-client.backoff-retries [max_retries: | default = 10] # Initial stream window size. Values less than the default are not supported # and are ignored. Setting this to a value other than the default disables the # BDP estimator. # CLI flag: -compactor.grpc-client.initial-stream-window-size [initial_stream_window_size: | default = 63KiB1023B] # Initial connection window size. Values less than the default are not # supported and are ignored. Setting this to a value other than the default # disables the BDP estimator. # CLI flag: -compactor.grpc-client.initial-connection-window-size [initial_connection_window_size: | default = 63KiB1023B] # Enable TLS in the gRPC client. This flag needs to be enabled when any other # TLS flag is set. If set to false, insecure connection to gRPC server will be # used. # CLI flag: -compactor.grpc-client.tls-enabled [tls_enabled: | default = false] # Path to the client certificate, which will be used for authenticating with # the server. Also requires the key path to be configured. # CLI flag: -compactor.grpc-client.tls-cert-path [tls_cert_path: | default = ""] # Path to the key for the client certificate. Also requires the client # certificate to be configured. # CLI flag: -compactor.grpc-client.tls-key-path [tls_key_path: | default = ""] # Path to the CA certificates to validate server certificate against. If not # set, the host's root CA certificates are used. # CLI flag: -compactor.grpc-client.tls-ca-path [tls_ca_path: | default = ""] # Override the expected name on the server certificate. # CLI flag: -compactor.grpc-client.tls-server-name [tls_server_name: | default = ""] # Skip validating server certificate. # CLI flag: -compactor.grpc-client.tls-insecure-skip-verify [tls_insecure_skip_verify: | default = false] # Override the default cipher suite list (separated by commas). Allowed # values: # # Secure Ciphers: # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 # # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 # - TLS_RSA_WITH_AES_128_GCM_SHA256 # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 # CLI flag: -compactor.grpc-client.tls-cipher-suites [tls_cipher_suites: | default = ""] # Override the default minimum TLS version. Allowed values: VersionTLS10, # VersionTLS11, VersionTLS12, VersionTLS13 # CLI flag: -compactor.grpc-client.tls-min-version [tls_min_version: | default = ""] # The maximum amount of time to establish a connection. A value of 0 means # default gRPC client connect timeout and backoff. # CLI flag: -compactor.grpc-client.connect-timeout [connect_timeout: | default = 5s] # Initial backoff delay after first connection failure. Only relevant if # ConnectTimeout > 0. # CLI flag: -compactor.grpc-client.connect-backoff-base-delay [connect_backoff_base_delay: | default = 1s] # Maximum backoff delay when establishing a connection. Only relevant if # ConnectTimeout > 0. # CLI flag: -compactor.grpc-client.connect-backoff-max-delay [connect_backoff_max_delay: | default = 5s] # The limits_config block configures global and per-tenant limits in Loki. The # values here can be overridden in the `overrides` section of the runtime_config # file [limits_config: ] # The frontend_worker configures the worker - running within the Loki querier - # picking up and executing queries enqueued by the query-frontend. [frontend_worker: ] # The table_manager block configures the table manager for retention. [table_manager: ] # Configuration for memberlist client. Only applies if the selected kvstore is # memberlist. # # When a memberlist config with atleast 1 join_members is defined, kvstore of # type memberlist is automatically selected for all the components that require # a ring unless otherwise specified in the component's configuration section. [memberlist: ] metastore: # CLI flag: -metastore.data-dir [data_dir: | default = "./data-metastore/data"] raft: # CLI flag: -metastore.raft.dir [dir: | default = "./data-metastore/raft"] # CLI flag: -metastore.raft.bootstrap-peers [bootstrap_peers: | default = []] # CLI flag: -metastore.raft.server-id [server_id: | default = "localhost:9099"] # CLI flag: -metastore.raft.bind-address [bind_address: | default = "localhost:9099"] # CLI flag: -metastore.raft.advertise-address [advertise_address: | default = "localhost:9099"] metastore_client: # CLI flag: -metastore.address [address: | default = "localhost:9095"] # Configures the gRPC client used to communicate with the metastore. [grpc_client_config: ] # Configuration for 'runtime config' module, responsible for reloading runtime # configuration file. [runtime_config: ] # These are values which allow you to control aspects of Loki's operation, most # commonly used for controlling types of higher verbosity logging, the values # here can be overridden in the `configs` section of the `runtime_config` file. [operational_config: ] # Configuration for tracing. [tracing: ] # Configuration for analytics. [analytics: ] # Configuration for profiling options. [profiling: ] # Common configuration to be shared between multiple modules. If a more specific # configuration is given in other sections, the related configuration within # this section will be ignored. [common: ] # How long to wait between SIGTERM and shutdown. After receiving SIGTERM, Loki # will report 503 Service Unavailable status via /ready endpoint. # CLI flag: -shutdown-delay [shutdown_delay: | default = 0s] # Namespace of the metrics that in previous releases had cortex as namespace. # This setting is deprecated and will be removed in the next minor release. # CLI flag: -metrics-namespace [metrics_namespace: | default = "loki"] ``` ### alibabacloud_storage_config The `alibabacloud_storage_config` block configures the connection to Alibaba Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: - `common` - `ruler`   ```yaml # Name of OSS bucket. # CLI flag: -.storage.oss.bucketname [bucket: | default = ""] # oss Endpoint to connect to. # CLI flag: -.storage.oss.endpoint [endpoint: | default = ""] # alibabacloud Access Key ID # CLI flag: -.storage.oss.access-key-id [access_key_id: | default = ""] # alibabacloud Secret Access Key # CLI flag: -.storage.oss.secret-access-key [secret_access_key: | default = ""] ``` ### analytics Configuration for `analytics`. ```yaml # Enable anonymous usage reporting. # CLI flag: -reporting.enabled [reporting_enabled: | default = true] # URL to which reports are sent # CLI flag: -reporting.usage-stats-url [usage_stats_url: | default = "https://stats.grafana.org/loki-usage-report"] ``` ### attributes_config Define actions for matching OpenTelemetry (OTEL) attributes. ```yaml # Configures action to take on matching attributes. It allows one of # [structured_metadata, drop] for all attribute types. It additionally allows # index_label action for resource attributes [action: | default = ""] # List of attributes to configure how to store them or drop them altogether [attributes: ] # Regex to choose attributes to configure how to store them or drop them # altogether [regex: ] ``` ### aws_storage_config The `aws_storage_config` block configures the connection to dynamoDB and S3 object storage. Either one of them or both can be configured. ```yaml # Deprecated: Configures storing indexes in DynamoDB. dynamodb: # DynamoDB endpoint URL with escaped Key and Secret encoded. If only region is # specified as a host, proper endpoint will be deduced. Use # inmemory:/// to use a mock in-memory implementation. # CLI flag: -dynamodb.url [dynamodb_url: ] # DynamoDB table management requests per second limit. # CLI flag: -dynamodb.api-limit [api_limit: | default = 2] # DynamoDB rate cap to back off when throttled. # CLI flag: -dynamodb.throttle-limit [throttle_limit: | default = 10] metrics: # Use metrics-based autoscaling, via this query URL # CLI flag: -metrics.url [url: | default = ""] # Queue length above which we will scale up capacity # CLI flag: -metrics.target-queue-length [target_queue_length: | default = 100000] # Scale up capacity by this multiple # CLI flag: -metrics.scale-up-factor [scale_up_factor: | default = 1.3] # Ignore throttling below this level (rate per second) # CLI flag: -metrics.ignore-throttle-below [ignore_throttle_below: | default = 1] # query to fetch ingester queue length # CLI flag: -metrics.queue-length-query [queue_length_query: | default = "sum(avg_over_time(loki_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m])) or sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"] # query to fetch throttle rates per table # CLI flag: -metrics.write-throttle-query [write_throttle_query: | default = "sum(rate(cortex_dynamo_throttled_total{operation=\"DynamoDB.BatchWriteItem\"}[1m])) by (table) > 0"] # query to fetch write capacity usage per table # CLI flag: -metrics.usage-query [write_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.BatchWriteItem\"}[15m])) by (table) > 0"] # query to fetch read capacity usage per table # CLI flag: -metrics.read-usage-query [read_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.QueryPages\"}[1h])) by (table) > 0"] # query to fetch read errors per table # CLI flag: -metrics.read-error-query [read_error_query: | default = "sum(increase(cortex_dynamo_failures_total{operation=\"DynamoDB.QueryPages\",error=\"ProvisionedThroughputExceededException\"}[1m])) by (table) > 0"] # Number of chunks to group together to parallelise fetches (zero to disable) # CLI flag: -dynamodb.chunk-gang-size [chunk_gang_size: | default = 10] # Max number of chunk-get operations to start in parallel # CLI flag: -dynamodb.chunk.get-max-parallelism [chunk_get_max_parallelism: | default = 32] backoff_config: # Minimum backoff time # CLI flag: -dynamodb.min-backoff [min_period: | default = 100ms] # Maximum backoff time # CLI flag: -dynamodb.max-backoff [max_period: | default = 50s] # Maximum number of times to retry an operation # CLI flag: -dynamodb.max-retries [max_retries: | default = 20] # KMS key used for encrypting DynamoDB items. DynamoDB will use an Amazon # owned KMS key if not provided. # CLI flag: -dynamodb.kms-key-id [kms_key_id: | default = ""] # S3 endpoint URL with escaped Key and Secret encoded. If only region is # specified as a host, proper endpoint will be deduced. Use # inmemory:/// to use a mock in-memory implementation. # CLI flag: -s3.url [s3: ] # Set this to `true` to force the request to use path-style addressing. # CLI flag: -s3.force-path-style [s3forcepathstyle: | default = false] # Comma separated list of bucket names to evenly distribute chunks over. # Overrides any buckets specified in s3.url flag # CLI flag: -s3.buckets [bucketnames: | default = ""] # S3 Endpoint to connect to. # CLI flag: -s3.endpoint [endpoint: | default = ""] # AWS region to use. # CLI flag: -s3.region [region: | default = ""] # AWS Access Key ID # CLI flag: -s3.access-key-id [access_key_id: | default = ""] # AWS Secret Access Key # CLI flag: -s3.secret-access-key [secret_access_key: | default = ""] # AWS Session Token # CLI flag: -s3.session-token [session_token: | default = ""] # Disable https on s3 connection. # CLI flag: -s3.insecure [insecure: | default = false] http_config: # Timeout specifies a time limit for requests made by s3 Client. # CLI flag: -s3.http.timeout [timeout: | default = 0s] # The maximum amount of time an idle connection will be held open. # CLI flag: -s3.http.idle-conn-timeout [idle_conn_timeout: | default = 1m30s] # If non-zero, specifies the amount of time to wait for a server's response # headers after fully writing the request. # CLI flag: -s3.http.response-header-timeout [response_header_timeout: | default = 0s] # Set to true to skip verifying the certificate chain and hostname. # CLI flag: -s3.http.insecure-skip-verify [insecure_skip_verify: | default = false] # Path to the trusted CA file that signed the SSL certificate of the S3 # endpoint. # CLI flag: -s3.http.ca-file [ca_file: | default = ""] # The signature version to use for authenticating against S3. Supported values # are: v4. # CLI flag: -s3.signature-version [signature_version: | default = "v4"] # The S3 storage class which objects will use. Supported values are: GLACIER, # DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS, # REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. # CLI flag: -s3.storage-class [storage_class: | default = "STANDARD"] sse: # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. # CLI flag: -s3.sse.type [type: | default = ""] # KMS Key ID used to encrypt objects in S3 # CLI flag: -s3.sse.kms-key-id [kms_key_id: | default = ""] # KMS Encryption Context used for object encryption. It expects JSON formatted # string. # CLI flag: -s3.sse.kms-encryption-context [kms_encryption_context: | default = ""] # Configures back off when S3 get Object. backoff_config: # Minimum backoff time when s3 get Object # CLI flag: -s3.min-backoff [min_period: | default = 100ms] # Maximum backoff time when s3 get Object # CLI flag: -s3.max-backoff [max_period: | default = 3s] # Maximum number of times to retry when s3 get Object # CLI flag: -s3.max-retries [max_retries: | default = 5] # Disable forcing S3 dualstack endpoint usage. # CLI flag: -s3.disable-dualstack [disable_dualstack: | default = false] ``` ### azure_storage_config The `azure_storage_config` block configures the connection to Azure object storage backend. The supported CLI flags `` used to reference this configuration block are: - `common.storage` - `ruler.storage`   ```yaml # Azure Cloud environment. Supported values are: AzureGlobal, AzureChinaCloud, # AzureGermanCloud, AzureUSGovernment. # CLI flag: -.azure.environment [environment: | default = "AzureGlobal"] # Azure storage account name. # CLI flag: -.azure.account-name [account_name: | default = ""] # Azure storage account key. # CLI flag: -.azure.account-key [account_key: | default = ""] # If `connection-string` is set, the values of `account-name` and # `endpoint-suffix` values will not be used. Use this method over `account-key` # if you need to authenticate via a SAS token. Or if you use the Azurite # emulator. # CLI flag: -.azure.connection-string [connection_string: | default = ""] # Name of the storage account blob container used to store chunks. This # container must be created before running cortex. # CLI flag: -.azure.container-name [container_name: | default = "loki"] # Azure storage endpoint suffix without schema. The storage account name will be # prefixed to this value to create the FQDN. # CLI flag: -.azure.endpoint-suffix [endpoint_suffix: | default = ""] # Use Managed Identity to authenticate to the Azure storage account. # CLI flag: -.azure.use-managed-identity [use_managed_identity: | default = false] # Use Federated Token to authenticate to the Azure storage account. # CLI flag: -.azure.use-federated-token [use_federated_token: | default = false] # User assigned identity ID to authenticate to the Azure storage account. # CLI flag: -.azure.user-assigned-id [user_assigned_id: | default = ""] # Use Service Principal to authenticate through Azure OAuth. # CLI flag: -.azure.use-service-principal [use_service_principal: | default = false] # Azure Service Principal ID(GUID). # CLI flag: -.azure.client-id [client_id: | default = ""] # Azure Service Principal secret key. # CLI flag: -.azure.client-secret [client_secret: | default = ""] # Azure Tenant ID is used to authenticate through Azure OAuth. # CLI flag: -.azure.tenant-id [tenant_id: | default = ""] # Chunk delimiter for blob ID to be used # CLI flag: -.azure.chunk-delimiter [chunk_delimiter: | default = "-"] # Preallocated buffer size for downloads. # CLI flag: -.azure.download-buffer-size [download_buffer_size: | default = 512000] # Preallocated buffer size for uploads. # CLI flag: -.azure.upload-buffer-size [upload_buffer_size: | default = 256000] # Number of buffers used to used to upload a chunk. # CLI flag: -.azure.download-buffer-count [upload_buffer_count: | default = 1] # Timeout for requests made against azure blob storage. # CLI flag: -.azure.request-timeout [request_timeout: | default = 30s] # Number of retries for a request which times out. # CLI flag: -.azure.max-retries [max_retries: | default = 5] # Minimum time to wait before retrying a request. # CLI flag: -.azure.min-retry-delay [min_retry_delay: | default = 10ms] # Maximum time to wait before retrying a request. # CLI flag: -.azure.max-retry-delay [max_retry_delay: | default = 500ms] ``` ### bloom_compactor Experimental: The `bloom_compactor` block configures the Loki bloom compactor server, responsible for compacting stream indexes into bloom filters and merging them as bloom blocks. ```yaml # Defines the ring to be used by the bloom-compactor servers. In case this isn't # configured, this block supports inheriting configuration from the common ring # section. ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. # CLI flag: -bloom-compactor.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -bloom-compactor.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. # The CLI flags prefix for this block configuration is: bloom-compactor.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. # The CLI flags prefix for this block configuration is: bloom-compactor.ring [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -bloom-compactor.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -bloom-compactor.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -bloom-compactor.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -bloom-compactor.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. # CLI flag: -bloom-compactor.ring.heartbeat-period [heartbeat_period: | default = 15s] # The heartbeat timeout after which compactors are considered unhealthy within # the ring. 0 = never (timeout disabled). # CLI flag: -bloom-compactor.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. # CLI flag: -bloom-compactor.ring.tokens-file-path [tokens_file_path: | default = ""] # True to enable zone-awareness and replicate blocks across different # availability zones. # CLI flag: -bloom-compactor.ring.zone-awareness-enabled [zone_awareness_enabled: | default = false] # Number of tokens to use in the ring per compactor. Higher number of tokens # will result in more and smaller files (metas and blocks.) # CLI flag: -bloom-compactor.ring.num-tokens [num_tokens: | default = 10] # Instance ID to register in the ring. # CLI flag: -bloom-compactor.ring.instance-id [instance_id: | default = ""] # Name of network interface to read address from. # CLI flag: -bloom-compactor.ring.instance-interface-names [instance_interface_names: | default = []] # Port to advertise in the ring (defaults to server.grpc-listen-port). # CLI flag: -bloom-compactor.ring.instance-port [instance_port: | default = 0] # IP address to advertise in the ring. # CLI flag: -bloom-compactor.ring.instance-addr [instance_addr: | default = ""] # The availability zone where this instance is running. Required if # zone-awareness is enabled. # CLI flag: -bloom-compactor.ring.instance-availability-zone [instance_availability_zone: | default = ""] # Enable using a IPv6 instance address. # CLI flag: -bloom-compactor.ring.instance-enable-ipv6 [instance_enable_ipv6: | default = false] # Flag to enable or disable the usage of the bloom-compactor component. # CLI flag: -bloom-compactor.enabled [enabled: | default = false] # Interval at which to re-run the compaction operation. # CLI flag: -bloom-compactor.compaction-interval [compaction_interval: | default = 10m] # Newest day-table offset (from today, inclusive) to compact. Increase to lower # cost by not re-writing data to object storage too frequently since recent data # changes more often at the cost of not having blooms available as quickly. # CLI flag: -bloom-compactor.min-table-offset [min_table_offset: | default = 1] # Oldest day-table offset (from today, inclusive) to compact. This can be used # to lower cost by not trying to compact older data which doesn't change. This # can be optimized by aligning it with the maximum `reject_old_samples_max_age` # setting of any tenant. # CLI flag: -bloom-compactor.max-table-offset [max_table_offset: | default = 2] # Number of workers to run in parallel for compaction. # CLI flag: -bloom-compactor.worker-parallelism [worker_parallelism: | default = 1] # Minimum backoff time between retries. # CLI flag: -bloom-compactor.compaction-retries-min-backoff [compaction_retries_min_backoff: | default = 10s] # Maximum backoff time between retries. # CLI flag: -bloom-compactor.compaction-retries-max-backoff [compaction_retries_max_backoff: | default = 1m] # Number of retries to perform when compaction fails. # CLI flag: -bloom-compactor.compaction-retries [compaction_retries: | default = 3] # Maximum number of tables to compact in parallel. While increasing this value, # please make sure compactor has enough disk space allocated to be able to store # and compact as many tables. # CLI flag: -bloom-compactor.max-compaction-parallelism [max_compaction_parallelism: | default = 1] retention: # Enable bloom retention. # CLI flag: -bloom-compactor.retention.enabled [enabled: | default = false] # Max lookback days for retention. # CLI flag: -bloom-compactor.retention.max-lookback-days [max_lookback_days: | default = 365] ``` ### bloom_gateway Experimental: The `bloom_gateway` block configures the Loki bloom gateway server, responsible for serving queries for filtering chunks based on filter expressions. ```yaml # Flag to enable or disable the bloom gateway component globally. # CLI flag: -bloom-gateway.enabled [enabled: | default = false] client: # Configures the behavior of the connection pool. pool_config: # How frequently to clean up clients for servers that have gone away or are # unhealthy. # CLI flag: -bloom-gateway-client.pool.check-interval [check_interval: | default = 10s] # Run a health check on each server during periodic cleanup. # CLI flag: -bloom-gateway-client.pool.enable-health-check [enable_health_check: | default = true] # Timeout for the health check if health check is enabled. # CLI flag: -bloom-gateway-client.pool.health-check-timeout [health_check_timeout: | default = 1s] # The grpc_client block configures the gRPC client used to communicate between # a client and server component in Loki. # The CLI flags prefix for this block configuration is: bigtable [grpc_client_config: ] results_cache: # The cache_config block configures the cache backend for a specific Loki # component. # The CLI flags prefix for this block configuration is: # bloom-gateway-client.cache [cache: ] # Use compression in cache. The default is an empty value '', which disables # compression. Supported values are: 'snappy' and ''. # CLI flag: -bloom-gateway-client.cache.compression [compression: | default = ""] # Flag to control whether to cache bloom gateway client requests/responses. # CLI flag: -bloom-gateway-client.cache_results [cache_results: | default = false] # Comma separated addresses list in DNS Service Discovery format: # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes # CLI flag: -bloom-gateway-client.addresses [addresses: | default = ""] # Number of workers to use for filtering chunks concurrently. Usually set to 1x # number of CPU cores. # CLI flag: -bloom-gateway.worker-concurrency [worker_concurrency: | default = 4] # Number of blocks processed concurrently on a single worker. Usually set to 2x # number of CPU cores. # CLI flag: -bloom-gateway.block-query-concurrency [block_query_concurrency: | default = 8] # Maximum number of outstanding tasks per tenant. # CLI flag: -bloom-gateway.max-outstanding-per-tenant [max_outstanding_per_tenant: | default = 1024] # How many tasks are multiplexed at once. # CLI flag: -bloom-gateway.num-multiplex-tasks [num_multiplex_tasks: | default = 512] ``` ### bos_storage_config The `bos_storage_config` block configures the connection to Baidu Object Storage (BOS) object storage backend. The supported CLI flags `` used to reference this configuration block are: - `common.storage` - `ruler.storage`   ```yaml # Name of BOS bucket. # CLI flag: -.bos.bucket-name [bucket_name: | default = ""] # BOS endpoint to connect to. # CLI flag: -.bos.endpoint [endpoint: | default = "bj.bcebos.com"] # Baidu Cloud Engine (BCE) Access Key ID. # CLI flag: -.bos.access-key-id [access_key_id: | default = ""] # Baidu Cloud Engine (BCE) Secret Access Key. # CLI flag: -.bos.secret-access-key [secret_access_key: | default = ""] ``` ### cache_config The `cache_config` block configures the cache backend for a specific Loki component. The supported CLI flags `` used to reference this configuration block are: - `bloom-gateway-client.cache` - `bloom.metas-cache` - `frontend` - `frontend.index-stats-results-cache` - `frontend.instant-metric-results-cache` - `frontend.label-results-cache` - `frontend.series-results-cache` - `frontend.volume-results-cache` - `store.chunks-cache` - `store.chunks-cache-l2` - `store.index-cache-read` - `store.index-cache-write`   ```yaml # The default validity of entries for caches unless overridden. # CLI flag: -.default-validity [default_validity: | default = 1h] background: # At what concurrency to write back to cache. # CLI flag: -.background.write-back-concurrency [writeback_goroutines: | default = 1] # How many key batches to buffer for background write-back. Default is large # to prefer size based limiting. # CLI flag: -.background.write-back-buffer [writeback_buffer: | default = 500000] # Size limit in bytes for background write-back. # CLI flag: -.background.write-back-size-limit [writeback_size_limit: | default = 500MB] memcached: # How long keys stay in the memcache. # CLI flag: -.memcached.expiration [expiration: | default = 0s] # How many keys to fetch in each batch. # CLI flag: -.memcached.batchsize [batch_size: | default = 4] # Maximum active requests to memcache. # CLI flag: -.memcached.parallelism [parallelism: | default = 5] memcached_client: # Hostname for memcached service to use. If empty and if addresses is unset, # no memcached will be used. # CLI flag: -.memcached.hostname [host: | default = ""] # SRV service used to discover memcache servers. # CLI flag: -.memcached.service [service: | default = "memcached"] # Comma separated addresses list in DNS Service Discovery format: # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes # CLI flag: -.memcached.addresses [addresses: | default = ""] # Maximum time to wait before giving up on memcached requests. # CLI flag: -.memcached.timeout [timeout: | default = 100ms] # Maximum number of idle connections in pool. # CLI flag: -.memcached.max-idle-conns [max_idle_conns: | default = 16] # The maximum size of an item stored in memcached. Bigger items are not # stored. If set to 0, no maximum size is enforced. # CLI flag: -.memcached.max-item-size [max_item_size: | default = 0] # Period with which to poll DNS for memcache servers. # CLI flag: -.memcached.update-interval [update_interval: | default = 1m] # Use consistent hashing to distribute to memcache servers. # CLI flag: -.memcached.consistent-hash [consistent_hash: | default = true] # Trip circuit-breaker after this number of consecutive dial failures (if zero # then circuit-breaker is disabled). # CLI flag: -.memcached.circuit-breaker-consecutive-failures [circuit_breaker_consecutive_failures: | default = 10] # Duration circuit-breaker remains open after tripping (if zero then 60 # seconds is used). # CLI flag: -.memcached.circuit-breaker-timeout [circuit_breaker_timeout: | default = 10s] # Reset circuit-breaker counts after this long (if zero then never reset). # CLI flag: -.memcached.circuit-breaker-interval [circuit_breaker_interval: | default = 10s] # Enable connecting to Memcached with TLS. # CLI flag: -.memcached.tls-enabled [tls_enabled: | default = false] # Path to the client certificate, which will be used for authenticating with # the server. Also requires the key path to be configured. # CLI flag: -.memcached.tls-cert-path [tls_cert_path: | default = ""] # Path to the key for the client certificate. Also requires the client # certificate to be configured. # CLI flag: -.memcached.tls-key-path [tls_key_path: | default = ""] # Path to the CA certificates to validate server certificate against. If not # set, the host's root CA certificates are used. # CLI flag: -.memcached.tls-ca-path [tls_ca_path: | default = ""] # Override the expected name on the server certificate. # CLI flag: -.memcached.tls-server-name [tls_server_name: | default = ""] # Skip validating server certificate. # CLI flag: -.memcached.tls-insecure-skip-verify [tls_insecure_skip_verify: | default = false] # Override the default cipher suite list (separated by commas). Allowed # values: # # Secure Ciphers: # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 # # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 # - TLS_RSA_WITH_AES_128_GCM_SHA256 # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 # CLI flag: -.memcached.tls-cipher-suites [tls_cipher_suites: | default = ""] # Override the default minimum TLS version. Allowed values: VersionTLS10, # VersionTLS11, VersionTLS12, VersionTLS13 # CLI flag: -.memcached.tls-min-version [tls_min_version: | default = ""] redis: # Redis Server or Cluster configuration endpoint to use for caching. A # comma-separated list of endpoints for Redis Cluster or Redis Sentinel. If # empty, no redis will be used. # CLI flag: -.redis.endpoint [endpoint: | default = ""] # Redis Sentinel master name. An empty string for Redis Server or Redis # Cluster. # CLI flag: -.redis.master-name [master_name: | default = ""] # Maximum time to wait before giving up on redis requests. # CLI flag: -.redis.timeout [timeout: | default = 500ms] # How long keys stay in the redis. # CLI flag: -.redis.expiration [expiration: | default = 0s] # Database index. # CLI flag: -.redis.db [db: | default = 0] # Maximum number of connections in the pool. # CLI flag: -.redis.pool-size [pool_size: | default = 0] # Username to use when connecting to redis. # CLI flag: -.redis.username [username: | default = ""] # Password to use when connecting to redis. # CLI flag: -.redis.password [password: | default = ""] # Enable connecting to redis with TLS. # CLI flag: -.redis.tls-enabled [tls_enabled: | default = false] # Skip validating server certificate. # CLI flag: -.redis.tls-insecure-skip-verify [tls_insecure_skip_verify: | default = false] # Close connections after remaining idle for this duration. If the value is # zero, then idle connections are not closed. # CLI flag: -.redis.idle-timeout [idle_timeout: | default = 0s] # Close connections older than this duration. If the value is zero, then the # pool does not close connections based on age. # CLI flag: -.redis.max-connection-age [max_connection_age: | default = 0s] # By default, the Redis client only reads from the master node. Enabling this # option can lower pressure on the master node by randomly routing read-only # commands to the master and any available replicas. # CLI flag: -.redis.route-randomly [route_randomly: | default = false] embedded_cache: # Whether embedded cache is enabled. # CLI flag: -.embedded-cache.enabled [enabled: | default = false] # Maximum memory size of the cache in MB. # CLI flag: -.embedded-cache.max-size-mb [max_size_mb: | default = 100] # Maximum number of entries in the cache. # CLI flag: -.embedded-cache.max-size-items [max_size_items: | default = 0] # The time to live for items in the cache before they get purged. # CLI flag: -.embedded-cache.ttl [ttl: | default = 1h] ``` ### chunk_store_config The `chunk_store_config` block configures how chunks will be cached and how long to wait before saving them to the backing store. ```yaml # The cache_config block configures the cache backend for a specific Loki # component. # The CLI flags prefix for this block configuration is: store.chunks-cache [chunk_cache_config: ] # The cache_config block configures the cache backend for a specific Loki # component. # The CLI flags prefix for this block configuration is: store.chunks-cache-l2 [chunk_cache_config_l2: ] # Write dedupe cache is deprecated along with legacy index types (aws, # aws-dynamo, bigtable, bigtable-hashed, cassandra, gcp, gcp-columnkey, # grpc-store). # Consider using TSDB index which does not require a write dedupe cache. # The CLI flags prefix for this block configuration is: store.index-cache-write [write_dedupe_cache_config: ] # Chunks will be handed off to the L2 cache after this duration. 0 to disable L2 # cache. # CLI flag: -store.chunks-cache-l2.handoff [l2_chunk_cache_handoff: | default = 0s] # Cache index entries older than this period. 0 to disable. # CLI flag: -store.cache-lookups-older-than [cache_lookups_older_than: | default = 0s] ``` ### common Common configuration to be shared between multiple modules. If a more specific configuration is given in other sections, the related configuration within this section will be ignored. ```yaml [path_prefix: | default = ""] storage: # The s3_storage_config block configures the connection to Amazon S3 object # storage backend. # The CLI flags prefix for this block configuration is: common [s3: ] # The gcs_storage_config block configures the connection to Google Cloud # Storage object storage backend. # The CLI flags prefix for this block configuration is: common.storage [gcs: ] # The azure_storage_config block configures the connection to Azure object # storage backend. # The CLI flags prefix for this block configuration is: common.storage [azure: ] # The alibabacloud_storage_config block configures the connection to Alibaba # Cloud Storage object storage backend. [alibabacloud: ] # The bos_storage_config block configures the connection to Baidu Object # Storage (BOS) object storage backend. # The CLI flags prefix for this block configuration is: common.storage [bos: ] # The swift_storage_config block configures the connection to OpenStack Object # Storage (Swift) object storage backend. # The CLI flags prefix for this block configuration is: common.storage [swift: ] filesystem: # Directory to store chunks in. # CLI flag: -common.storage.filesystem.chunk-directory [chunks_directory: | default = ""] # Directory to store rules in. # CLI flag: -common.storage.filesystem.rules-directory [rules_directory: | default = ""] hedging: # If set to a non-zero value a second request will be issued at the provided # duration. Default is 0 (disabled) # CLI flag: -common.storage.hedge-requests-at [at: | default = 0s] # The maximum of hedge requests allowed. # CLI flag: -common.storage.hedge-requests-up-to [up_to: | default = 2] # The maximum of hedge requests allowed per seconds. # CLI flag: -common.storage.hedge-max-per-second [max_per_second: | default = 5] # The cos_storage_config block configures the connection to IBM Cloud Object # Storage (COS) backend. # The CLI flags prefix for this block configuration is: common.storage [cos: ] congestion_control: # Use storage congestion control (default: disabled). # CLI flag: -common.storage.congestion-control.enabled [enabled: | default = false] controller: # Congestion control strategy to use (default: none, options: 'aimd'). # CLI flag: -common.storage.congestion-control.strategy [strategy: | default = ""] aimd: # AIMD starting throughput window size: how many requests can be sent # per second (default: 2000). # CLI flag: -common.storage.congestion-control.strategy.aimd.start [start: | default = 2000] # AIMD maximum throughput window size: upper limit of requests sent per # second (default: 10000). # CLI flag: -common.storage.congestion-control.strategy.aimd.upper-bound [upper_bound: | default = 10000] # AIMD backoff factor when upstream service is throttled to decrease # number of requests sent per second (default: 0.5). # CLI flag: -common.storage.congestion-control.strategy.aimd.backoff-factor [backoff_factor: | default = 0.5] retry: # Congestion control retry strategy to use (default: none, options: # 'limited'). # CLI flag: -common.storage.congestion-control.retry.strategy [strategy: | default = ""] # Maximum number of retries allowed. # CLI flag: -common.storage.congestion-control.retry.strategy.limited.limit [limit: | default = 2] hedging: config: [at: ] [up_to: ] [max_per_second: ] # Congestion control hedge strategy to use (default: none, options: # 'limited'). # CLI flag: -common.storage.congestion-control.hedge.strategy [strategy: | default = ""] [persist_tokens: ] [replication_factor: ] ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. # CLI flag: -common.storage.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -common.storage.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. # The CLI flags prefix for this block configuration is: common.storage.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. # The CLI flags prefix for this block configuration is: common.storage.ring [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -common.storage.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -common.storage.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -common.storage.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -common.storage.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. # CLI flag: -common.storage.ring.heartbeat-period [heartbeat_period: | default = 15s] # The heartbeat timeout after which compactors are considered unhealthy within # the ring. 0 = never (timeout disabled). # CLI flag: -common.storage.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. # CLI flag: -common.storage.ring.tokens-file-path [tokens_file_path: | default = ""] # True to enable zone-awareness and replicate blocks across different # availability zones. # CLI flag: -common.storage.ring.zone-awareness-enabled [zone_awareness_enabled: | default = false] # Number of tokens to own in the ring. # CLI flag: -common.storage.ring.num-tokens [num_tokens: | default = 128] # Factor for data replication. # CLI flag: -common.storage.ring.replication-factor [replication_factor: | default = 3] # Instance ID to register in the ring. # CLI flag: -common.storage.ring.instance-id [instance_id: | default = ""] # Name of network interface to read address from. # CLI flag: -common.storage.ring.instance-interface-names [instance_interface_names: | default = []] # Port to advertise in the ring (defaults to server.grpc-listen-port). # CLI flag: -common.storage.ring.instance-port [instance_port: | default = 0] # IP address to advertise in the ring. # CLI flag: -common.storage.ring.instance-addr [instance_addr: | default = ""] # The availability zone where this instance is running. Required if # zone-awareness is enabled. # CLI flag: -common.storage.ring.instance-availability-zone [instance_availability_zone: | default = ""] # Enable using a IPv6 instance address. # CLI flag: -common.storage.ring.instance-enable-ipv6 [instance_enable_ipv6: | default = false] [instance_interface_names: | default = []] [instance_addr: | default = ""] # the http address of the compactor in the form http://host:port # CLI flag: -common.compactor-address [compactor_address: | default = ""] # the grpc address of the compactor in the form host:port # CLI flag: -common.compactor-grpc-address [compactor_grpc_address: | default = ""] ``` ### compactor The `compactor` block configures the compactor component, which compacts index shards for performance. ```yaml # Directory where files can be downloaded for compaction. # CLI flag: -compactor.working-directory [working_directory: | default = ""] # Interval at which to re-run the compaction operation. # CLI flag: -compactor.compaction-interval [compaction_interval: | default = 10m] # Interval at which to apply/enforce retention. 0 means run at same interval as # compaction. If non-zero, it should always be a multiple of compaction # interval. # CLI flag: -compactor.apply-retention-interval [apply_retention_interval: | default = 0s] # Activate custom (per-stream,per-tenant) retention. # CLI flag: -compactor.retention-enabled [retention_enabled: | default = false] # Delay after which chunks will be fully deleted during retention. # CLI flag: -compactor.retention-delete-delay [retention_delete_delay: | default = 2h] # The total amount of worker to use to delete chunks. # CLI flag: -compactor.retention-delete-worker-count [retention_delete_worker_count: | default = 150] # The maximum amount of time to spend running retention and deletion on any # given table in the index. # CLI flag: -compactor.retention-table-timeout [retention_table_timeout: | default = 0s] # Store used for managing delete requests. # CLI flag: -compactor.delete-request-store [delete_request_store: | default = ""] # Path prefix for storing delete requests. # CLI flag: -compactor.delete-request-store.key-prefix [delete_request_store_key_prefix: | default = "index/"] # The max number of delete requests to run per compaction cycle. # CLI flag: -compactor.delete-batch-size [delete_batch_size: | default = 70] # Allow cancellation of delete request until duration after they are created. # Data would be deleted only after delete requests have been older than this # duration. Ideally this should be set to at least 24h. # CLI flag: -compactor.delete-request-cancel-period [delete_request_cancel_period: | default = 24h] # Constrain the size of any single delete request with line filters. When a # delete request > delete_max_interval is input, the request is sharded into # smaller requests of no more than delete_max_interval # CLI flag: -compactor.delete-max-interval [delete_max_interval: | default = 24h] # Maximum number of tables to compact in parallel. While increasing this value, # please make sure compactor has enough disk space allocated to be able to store # and compact as many tables. # CLI flag: -compactor.max-compaction-parallelism [max_compaction_parallelism: | default = 1] # Number of upload/remove operations to execute in parallel when finalizing a # compaction. NOTE: This setting is per compaction operation, which can be # executed in parallel. The upper bound on the number of concurrent uploads is # upload_parallelism * max_compaction_parallelism. # CLI flag: -compactor.upload-parallelism [upload_parallelism: | default = 10] # The hash ring configuration used by compactors to elect a single instance for # running compactions. The CLI flags prefix for this block config is: # compactor.ring compactor_ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. # CLI flag: -compactor.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -compactor.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. # The CLI flags prefix for this block configuration is: compactor.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. # The CLI flags prefix for this block configuration is: compactor.ring [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -compactor.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -compactor.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -compactor.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -compactor.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. # CLI flag: -compactor.ring.heartbeat-period [heartbeat_period: | default = 15s] # The heartbeat timeout after which compactors are considered unhealthy within # the ring. 0 = never (timeout disabled). # CLI flag: -compactor.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. # CLI flag: -compactor.ring.tokens-file-path [tokens_file_path: | default = ""] # True to enable zone-awareness and replicate blocks across different # availability zones. # CLI flag: -compactor.ring.zone-awareness-enabled [zone_awareness_enabled: | default = false] # Instance ID to register in the ring. # CLI flag: -compactor.ring.instance-id [instance_id: | default = ""] # Name of network interface to read address from. # CLI flag: -compactor.ring.instance-interface-names [instance_interface_names: | default = []] # Port to advertise in the ring (defaults to server.grpc-listen-port). # CLI flag: -compactor.ring.instance-port [instance_port: | default = 0] # IP address to advertise in the ring. # CLI flag: -compactor.ring.instance-addr [instance_addr: | default = ""] # The availability zone where this instance is running. Required if # zone-awareness is enabled. # CLI flag: -compactor.ring.instance-availability-zone [instance_availability_zone: | default = ""] # Enable using a IPv6 instance address. # CLI flag: -compactor.ring.instance-enable-ipv6 [instance_enable_ipv6: | default = false] # Number of tables that compactor will try to compact. Newer tables are chosen # when this is less than the number of tables available. # CLI flag: -compactor.tables-to-compact [tables_to_compact: | default = 0] # Do not compact N latest tables. Together with -compactor.run-once and # -compactor.tables-to-compact, this is useful when clearing compactor backlogs. # CLI flag: -compactor.skip-latest-n-tables [skip_latest_n_tables: | default = 0] ``` ### consul Configuration for a Consul client. Only applies if the selected kvstore is `consul`. The supported CLI flags `` used to reference this configuration block are: - `bloom-compactor.ring` - `common.storage.ring` - `compactor.ring` - `distributor.ring` - `index-gateway.ring` - `ingester-rf1` - `pattern-ingester` - `query-scheduler.ring` - `ruler.ring`   ```yaml # Hostname and port of Consul. # CLI flag: -.consul.hostname [host: | default = "localhost:8500"] # ACL Token used to interact with Consul. # CLI flag: -.consul.acl-token [acl_token: | default = ""] # HTTP timeout when talking to Consul # CLI flag: -.consul.client-timeout [http_client_timeout: | default = 20s] # Enable consistent reads to Consul. # CLI flag: -.consul.consistent-reads [consistent_reads: | default = false] # Rate limit when watching key or prefix in Consul, in requests per second. 0 # disables the rate limit. # CLI flag: -.consul.watch-rate-limit [watch_rate_limit: | default = 1] # Burst size used in rate limit. Values less than 1 are treated as 1. # CLI flag: -.consul.watch-burst-size [watch_burst_size: | default = 1] # Maximum duration to wait before retrying a Compare And Swap (CAS) operation. # CLI flag: -.consul.cas-retry-delay [cas_retry_delay: | default = 1s] ``` ### cos_storage_config The `cos_storage_config` block configures the connection to IBM Cloud Object Storage (COS) backend. The supported CLI flags `` used to reference this configuration block are: - `common.storage` - `ruler.storage`   ```yaml # Set this to `true` to force the request to use path-style addressing. # CLI flag: -.cos.force-path-style [forcepathstyle: | default = false] # Comma separated list of bucket names to evenly distribute chunks over. # CLI flag: -.cos.buckets [bucketnames: | default = ""] # COS Endpoint to connect to. # CLI flag: -.cos.endpoint [endpoint: | default = ""] # COS region to use. # CLI flag: -.cos.region [region: | default = ""] # COS HMAC Access Key ID. # CLI flag: -.cos.access-key-id [access_key_id: | default = ""] # COS HMAC Secret Access Key. # CLI flag: -.cos.secret-access-key [secret_access_key: | default = ""] http_config: # The maximum amount of time an idle connection will be held open. # CLI flag: -.cos.http.idle-conn-timeout [idle_conn_timeout: | default = 1m30s] # If non-zero, specifies the amount of time to wait for a server's response # headers after fully writing the request. # CLI flag: -.cos.http.response-header-timeout [response_header_timeout: | default = 0s] # Configures back off when cos get Object. backoff_config: # Minimum backoff time when cos get Object. # CLI flag: -.cos.min-backoff [min_period: | default = 100ms] # Maximum backoff time when cos get Object. # CLI flag: -.cos.max-backoff [max_period: | default = 3s] # Maximum number of times to retry when cos get Object. # CLI flag: -.cos.max-retries [max_retries: | default = 5] # IAM API key to access COS. # CLI flag: -.cos.api-key [api_key: | default = ""] # COS service instance id to use. # CLI flag: -.cos.service-instance-id [service_instance_id: | default = ""] # IAM Auth Endpoint for authentication. # CLI flag: -.cos.auth-endpoint [auth_endpoint: | default = "https://iam.cloud.ibm.com/identity/token"] # Compute resource token file path. # CLI flag: -.cos.cr-token-file-path [cr_token_file_path: | default = ""] # Name of the trusted profile. # CLI flag: -.cos.trusted-profile-name [trusted_profile_name: | default = ""] # ID of the trusted profile. # CLI flag: -.cos.trusted-profile-id [trusted_profile_id: | default = ""] ``` ### distributor Configures the `distributor`. ```yaml ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. # CLI flag: -distributor.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -distributor.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. # The CLI flags prefix for this block configuration is: distributor.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. # The CLI flags prefix for this block configuration is: distributor.ring [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -distributor.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -distributor.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -distributor.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -distributor.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. # CLI flag: -distributor.ring.heartbeat-period [heartbeat_period: | default = 5s] # The heartbeat timeout after which distributors are considered unhealthy # within the ring. 0 = never (timeout disabled). # CLI flag: -distributor.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # Name of network interface to read address from. # CLI flag: -distributor.ring.instance-interface-names [instance_interface_names: | default = []] rate_store: # The max number of concurrent requests to make to ingester stream apis # CLI flag: -distributor.rate-store.max-request-parallelism [max_request_parallelism: | default = 200] # The interval on which distributors will update current stream rates from # ingesters # CLI flag: -distributor.rate-store.stream-rate-update-interval [stream_rate_update_interval: | default = 1s] # Timeout for communication between distributors and any given ingester when # updating rates # CLI flag: -distributor.rate-store.ingester-request-timeout [ingester_request_timeout: | default = 500ms] # If enabled, detailed logs and spans will be emitted. # CLI flag: -distributor.rate-store.debug [debug: | default = false] # Customize the logging of write failures. write_failures_logging: # Log volume allowed (per second). Default: 1KB. # CLI flag: -distributor.write-failures-logging.rate [rate: | default = 1KB] # Whether a insight=true key should be logged or not. Default: false. # CLI flag: -distributor.write-failures-logging.add-insights-label [add_insights_label: | default = false] otlp_config: # List of default otlp resource attributes to be picked as index labels # CLI flag: -distributor.otlp.default_resource_attributes_as_index_labels [default_resource_attributes_as_index_labels: | default = [service.name service.namespace service.instance.id deployment.environment cloud.region cloud.availability_zone k8s.cluster.name k8s.namespace.name k8s.pod.name k8s.container.name container.name k8s.replicaset.name k8s.deployment.name k8s.statefulset.name k8s.daemonset.name k8s.cronjob.name k8s.job.name]] ``` ### etcd Configuration for an ETCD v3 client. Only applies if the selected kvstore is `etcd`. The supported CLI flags `` used to reference this configuration block are: - `bloom-compactor.ring` - `common.storage.ring` - `compactor.ring` - `distributor.ring` - `index-gateway.ring` - `ingester-rf1` - `pattern-ingester` - `query-scheduler.ring` - `ruler.ring`   ```yaml # The etcd endpoints to connect to. # CLI flag: -.etcd.endpoints [endpoints: | default = []] # The dial timeout for the etcd connection. # CLI flag: -.etcd.dial-timeout [dial_timeout: | default = 10s] # The maximum number of retries to do for failed ops. # CLI flag: -.etcd.max-retries [max_retries: | default = 10] # Enable TLS. # CLI flag: -.etcd.tls-enabled [tls_enabled: | default = false] # Path to the client certificate, which will be used for authenticating with the # server. Also requires the key path to be configured. # CLI flag: -.etcd.tls-cert-path [tls_cert_path: | default = ""] # Path to the key for the client certificate. Also requires the client # certificate to be configured. # CLI flag: -.etcd.tls-key-path [tls_key_path: | default = ""] # Path to the CA certificates to validate server certificate against. If not # set, the host's root CA certificates are used. # CLI flag: -.etcd.tls-ca-path [tls_ca_path: | default = ""] # Override the expected name on the server certificate. # CLI flag: -.etcd.tls-server-name [tls_server_name: | default = ""] # Skip validating server certificate. # CLI flag: -.etcd.tls-insecure-skip-verify [tls_insecure_skip_verify: | default = false] # Override the default cipher suite list (separated by commas). Allowed values: # # Secure Ciphers: # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 # # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 # - TLS_RSA_WITH_AES_128_GCM_SHA256 # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 # CLI flag: -.etcd.tls-cipher-suites [tls_cipher_suites: | default = ""] # Override the default minimum TLS version. Allowed values: VersionTLS10, # VersionTLS11, VersionTLS12, VersionTLS13 # CLI flag: -.etcd.tls-min-version [tls_min_version: | default = ""] # Etcd username. # CLI flag: -.etcd.username [username: | default = ""] # Etcd password. # CLI flag: -.etcd.password [password: | default = ""] ``` ### frontend The `frontend` block configures the Loki query-frontend. ```yaml # Log queries that are slower than the specified duration. Set to 0 to disable. # Set to < 0 to enable on all queries. # CLI flag: -frontend.log-queries-longer-than [log_queries_longer_than: | default = 0s] # Comma-separated list of request header names to include in query logs. Applies # to both query stats and slow queries logs. # CLI flag: -frontend.log-query-request-headers [log_query_request_headers: | default = ""] # Max body size for downstream prometheus. # CLI flag: -frontend.max-body-size [max_body_size: | default = 10485760] # True to enable query statistics tracking. When enabled, a message with some # statistics is logged for every query. # CLI flag: -frontend.query-stats-enabled [query_stats_enabled: | default = false] # Maximum number of outstanding requests per tenant per frontend; requests # beyond this error with HTTP 429. # CLI flag: -querier.max-outstanding-requests-per-tenant [max_outstanding_per_tenant: | default = 2048] # In the event a tenant is repeatedly sending queries that lead the querier to # crash or be killed due to an out-of-memory error, the crashed querier will be # disconnected from the query frontend and a new querier will be immediately # assigned to the tenant’s shard. This invalidates the assumption that shuffle # sharding can be used to reduce the impact on tenants. This option mitigates # the impact by configuring a delay between when a querier disconnects because # of a crash and when the crashed querier is actually removed from the tenant's # shard. # CLI flag: -query-frontend.querier-forget-delay [querier_forget_delay: | default = 0s] # DNS hostname used for finding query-schedulers. # CLI flag: -frontend.scheduler-address [scheduler_address: | default = ""] # How often to resolve the scheduler-address, in order to look for new # query-scheduler instances. Also used to determine how often to poll the # scheduler-ring for addresses if the scheduler-ring is configured. # CLI flag: -frontend.scheduler-dns-lookup-period [scheduler_dns_lookup_period: | default = 10s] # Number of concurrent workers forwarding queries to single query-scheduler. # CLI flag: -frontend.scheduler-worker-concurrency [scheduler_worker_concurrency: | default = 5] # The grpc_client block configures the gRPC client used to communicate between a # client and server component in Loki. # The CLI flags prefix for this block configuration is: # frontend.grpc-client-config [grpc_client_config: ] # Time to wait for inflight requests to finish before forcefully shutting down. # This needs to be aligned with the query timeout and the graceful termination # period of the process orchestrator. # CLI flag: -frontend.graceful-shutdown-timeout [graceful_shutdown_timeout: | default = 5m] # Name of network interface to read address from. This address is sent to # query-scheduler and querier, which uses it to send the query response back to # query-frontend. # CLI flag: -frontend.instance-interface-names [instance_interface_names: | default = []] # Defines the encoding for requests to and responses from the scheduler and # querier. Can be 'json' or 'protobuf' (defaults to 'json'). # CLI flag: -frontend.encoding [encoding: | default = "json"] # Compress HTTP responses. # CLI flag: -querier.compress-http-responses [compress_responses: | default = true] # URL of downstream Loki. # CLI flag: -frontend.downstream-url [downstream_url: | default = ""] # URL of querier for tail proxy. # CLI flag: -frontend.tail-proxy-url [tail_proxy_url: | default = ""] # The TLS configuration. [tail_tls_config: ] ``` ### frontend_worker The `frontend_worker` configures the worker - running within the Loki querier - picking up and executing queries enqueued by the query-frontend. ```yaml # Address of query frontend service, in host:port format. If # -querier.scheduler-address is set as well, querier will use scheduler instead. # Only one of -querier.frontend-address or -querier.scheduler-address can be # set. If neither is set, queries are only received via HTTP endpoint. # CLI flag: -querier.frontend-address [frontend_address: | default = ""] # Hostname (and port) of scheduler that querier will periodically resolve, # connect to and receive queries from. Only one of -querier.frontend-address or # -querier.scheduler-address can be set. If neither is set, queries are only # received via HTTP endpoint. # CLI flag: -querier.scheduler-address [scheduler_address: | default = ""] # How often to query DNS for query-frontend or query-scheduler address. Also # used to determine how often to poll the scheduler-ring for addresses if the # scheduler-ring is configured. # CLI flag: -querier.dns-lookup-period [dns_lookup_duration: | default = 3s] # Querier ID, sent to frontend service to identify requests from the same # querier. Defaults to hostname. # CLI flag: -querier.id [id: | default = ""] # Configures the querier gRPC client used to communicate with the # query-frontend. This can't be used in conjunction with 'grpc_client_config'. # The CLI flags prefix for this block configuration is: querier.frontend-client [query_frontend_grpc_client: ] # Configures the querier gRPC client used to communicate with the query-frontend # and with the query-scheduler. This can't be used in conjunction with # 'query_frontend_grpc_client' or 'query_scheduler_grpc_client'. # The CLI flags prefix for this block configuration is: # querier.scheduler-grpc-client [grpc_client_config: ] # Configures the querier gRPC client used to communicate with the # query-scheduler. This can't be used in conjunction with 'grpc_client_config'. # The CLI flags prefix for this block configuration is: # metastore.grpc-client-config [query_scheduler_grpc_client: ] ``` ### gcs_storage_config The `gcs_storage_config` block configures the connection to Google Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: - `common.storage` - `ruler.storage`   ```yaml # Name of GCS bucket. Please refer to # https://cloud.google.com/docs/authentication/production for more information # about how to configure authentication. # CLI flag: -.gcs.bucketname [bucket_name: | default = ""] # Service account key content in JSON format, refer to # https://cloud.google.com/iam/docs/creating-managing-service-account-keys for # creation. # CLI flag: -.gcs.service-account [service_account: | default = ""] # The size of the buffer that GCS client for each PUT request. 0 to disable # buffering. # CLI flag: -.gcs.chunk-buffer-size [chunk_buffer_size: | default = 0] # The duration after which the requests to GCS should be timed out. # CLI flag: -.gcs.request-timeout [request_timeout: | default = 0s] # Enable OpenCensus (OC) instrumentation for all requests. # CLI flag: -.gcs.enable-opencensus [enable_opencensus: | default = true] # Enable HTTP2 connections. # CLI flag: -.gcs.enable-http2 [enable_http2: | default = true] # Enable automatic retries of failed idempotent requests. # CLI flag: -.gcs.enable-retries [enable_retries: | default = true] ``` ### grpc_client The `grpc_client` block configures the gRPC client used to communicate between a client and server component in Loki. The supported CLI flags `` used to reference this configuration block are: - `bigtable` - `bloom-build.builder.grpc` - `bloom-gateway-client.grpc` - `boltdb.shipper.index-gateway-client.grpc` - `frontend.grpc-client-config` - `ingester-rf1.client` - `ingester.client` - `metastore.grpc-client-config` - `pattern-ingester.client` - `querier.frontend-client` - `querier.frontend-grpc-client` - `querier.scheduler-grpc-client` - `query-scheduler.grpc-client-config` - `ruler.client` - `tsdb.shipper.index-gateway-client.grpc`   ```yaml # gRPC client max receive message size (bytes). # CLI flag: -boltdb.shipper.index-gateway-client.grpc.grpc-max-recv-msg-size [max_recv_msg_size: | default = 104857600] # gRPC client max send message size (bytes). # CLI flag: -boltdb.shipper.index-gateway-client.grpc.grpc-max-send-msg-size [max_send_msg_size: | default = 104857600] # Use compression when sending messages. Supported values are: 'gzip', 'snappy' # and '' (disable compression) # CLI flag: -boltdb.shipper.index-gateway-client.grpc.grpc-compression [grpc_compression: | default = ""] # Rate limit for gRPC client; 0 means disabled. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.grpc-client-rate-limit [rate_limit: | default = 0] # Rate limit burst for gRPC client. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.grpc-client-rate-limit-burst [rate_limit_burst: | default = 0] # Enable backoff and retry when we hit rate limits. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.backoff-on-ratelimits [backoff_on_ratelimits: | default = false] backoff_config: # Minimum delay when backing off. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.backoff-min-period [min_period: | default = 100ms] # Maximum delay when backing off. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.backoff-max-period [max_period: | default = 10s] # Number of times to backoff and retry before failing. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.backoff-retries [max_retries: | default = 10] # Initial stream window size. Values less than the default are not supported and # are ignored. Setting this to a value other than the default disables the BDP # estimator. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.initial-stream-window-size [initial_stream_window_size: | default = 63KiB1023B] # Initial connection window size. Values less than the default are not supported # and are ignored. Setting this to a value other than the default disables the # BDP estimator. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.initial-connection-window-size [initial_connection_window_size: | default = 63KiB1023B] # Enable TLS in the gRPC client. This flag needs to be enabled when any other # TLS flag is set. If set to false, insecure connection to gRPC server will be # used. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-enabled [tls_enabled: | default = false] # Path to the client certificate, which will be used for authenticating with the # server. Also requires the key path to be configured. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-cert-path [tls_cert_path: | default = ""] # Path to the key for the client certificate. Also requires the client # certificate to be configured. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-key-path [tls_key_path: | default = ""] # Path to the CA certificates to validate server certificate against. If not # set, the host's root CA certificates are used. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-ca-path [tls_ca_path: | default = ""] # Override the expected name on the server certificate. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-server-name [tls_server_name: | default = ""] # Skip validating server certificate. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-insecure-skip-verify [tls_insecure_skip_verify: | default = false] # Override the default cipher suite list (separated by commas). Allowed values: # # Secure Ciphers: # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 # # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 # - TLS_RSA_WITH_AES_128_GCM_SHA256 # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-cipher-suites [tls_cipher_suites: | default = ""] # Override the default minimum TLS version. Allowed values: VersionTLS10, # VersionTLS11, VersionTLS12, VersionTLS13 # CLI flag: -boltdb.shipper.index-gateway-client.grpc.tls-min-version [tls_min_version: | default = ""] # The maximum amount of time to establish a connection. A value of 0 means # default gRPC client connect timeout and backoff. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.connect-timeout [connect_timeout: | default = 5s] # Initial backoff delay after first connection failure. Only relevant if # ConnectTimeout > 0. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.connect-backoff-base-delay [connect_backoff_base_delay: | default = 1s] # Maximum backoff delay when establishing a connection. Only relevant if # ConnectTimeout > 0. # CLI flag: -boltdb.shipper.index-gateway-client.grpc.connect-backoff-max-delay [connect_backoff_max_delay: | default = 5s] ``` ### index_gateway The `index_gateway` block configures the Loki index gateway server, responsible for serving index queries without the need to constantly interact with the object store. ```yaml # Defines in which mode the index gateway server will operate (default to # 'simple'). It supports two modes: # - 'simple': an index gateway server instance is responsible for handling, # storing and returning requests for all indices for all tenants. # - 'ring': an index gateway server instance is responsible for a subset of # tenants instead of all tenants. # CLI flag: -index-gateway.mode [mode: | default = "simple"] # Defines the ring to be used by the index gateway servers and clients in case # the servers are configured to run in 'ring' mode. In case this isn't # configured, this block supports inheriting configuration from the common ring # section. ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. # CLI flag: -index-gateway.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -index-gateway.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. # The CLI flags prefix for this block configuration is: index-gateway.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. # The CLI flags prefix for this block configuration is: index-gateway.ring [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -index-gateway.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -index-gateway.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -index-gateway.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -index-gateway.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. # CLI flag: -index-gateway.ring.heartbeat-period [heartbeat_period: | default = 15s] # The heartbeat timeout after which compactors are considered unhealthy within # the ring. 0 = never (timeout disabled). # CLI flag: -index-gateway.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. # CLI flag: -index-gateway.ring.tokens-file-path [tokens_file_path: | default = ""] # True to enable zone-awareness and replicate blocks across different # availability zones. # CLI flag: -index-gateway.ring.zone-awareness-enabled [zone_awareness_enabled: | default = false] # Deprecated: How many index gateway instances are assigned to each tenant. # Use -index-gateway.shard-size instead. The shard size is also a per-tenant # setting. # CLI flag: -replication-factor [replication_factor: | default = 3] # Instance ID to register in the ring. # CLI flag: -index-gateway.ring.instance-id [instance_id: | default = ""] # Name of network interface to read address from. # CLI flag: -index-gateway.ring.instance-interface-names [instance_interface_names: | default = []] # Port to advertise in the ring (defaults to server.grpc-listen-port). # CLI flag: -index-gateway.ring.instance-port [instance_port: | default = 0] # IP address to advertise in the ring. # CLI flag: -index-gateway.ring.instance-addr [instance_addr: | default = ""] # The availability zone where this instance is running. Required if # zone-awareness is enabled. # CLI flag: -index-gateway.ring.instance-availability-zone [instance_availability_zone: | default = ""] # Enable using a IPv6 instance address. # CLI flag: -index-gateway.ring.instance-enable-ipv6 [instance_enable_ipv6: | default = false] ``` ### ingester The `ingester` block configures the ingester and how the ingester will register itself to a key value store. ```yaml # Configures how the lifecycle of the ingester will operate and where it will # register for discovery. lifecycler: ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. # CLI flag: -ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. # CLI flag: -ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore # is consul. [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected # kvstore is etcd. [etcd: ] multi: # Primary backend storage used by multi-client. # CLI flag: -multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. # CLI flag: -multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. # CLI flag: -multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. # CLI flag: -multi.mirror-timeout [mirror_timeout: | default = 2s] # The heartbeat timeout after which ingesters are skipped for reads/writes. # 0 = never (timeout disabled). # CLI flag: -ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # The number of ingesters to write to and read from. # CLI flag: -distributor.replication-factor [replication_factor: | default = 3] # True to enable the zone-awareness and replicate ingested samples across # different availability zones. # CLI flag: -distributor.zone-awareness-enabled [zone_awareness_enabled: | default = false] # Comma-separated list of zones to exclude from the ring. Instances in # excluded zones will be filtered out from the ring. # CLI flag: -distributor.excluded-zones [excluded_zones: | default = ""] # Number of tokens for each ingester. # CLI flag: -ingester.num-tokens [num_tokens: | default = 128] # Period at which to heartbeat to consul. 0 = disabled. # CLI flag: -ingester.heartbeat-period [heartbeat_period: | default = 5s] # Heartbeat timeout after which instance is assumed to be unhealthy. 0 = # disabled. # CLI flag: -ingester.heartbeat-timeout [heartbeat_timeout: | default = 1m] # Observe tokens after generating to resolve collisions. Useful when using # gossiping ring. # CLI flag: -ingester.observe-period [observe_period: | default = 0s] # Period to wait for a claim from another member; will join automatically # after this. # CLI flag: -ingester.join-after [join_after: | default = 0s] # Minimum duration to wait after the internal readiness checks have passed but # before succeeding the readiness endpoint. This is used to slowdown # deployment controllers (eg. Kubernetes) after an instance is ready and # before they proceed with a rolling update, to give the rest of the cluster # instances enough time to receive ring updates. # CLI flag: -ingester.min-ready-duration [min_ready_duration: | default = 15s] # Name of network interface to read address from. # CLI flag: -ingester.lifecycler.interface [interface_names: | default = []] # Enable IPv6 support. Required to make use of IP addresses from IPv6 # interfaces. # CLI flag: -ingester.enable-inet6 [enable_inet6: | default = false] # Duration to sleep for before exiting, to ensure metrics are scraped. # CLI flag: -ingester.final-sleep [final_sleep: | default = 0s] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. # CLI flag: -ingester.tokens-file-path [tokens_file_path: | default = ""] # The availability zone where this instance is running. # CLI flag: -ingester.availability-zone [availability_zone: | default = ""] # Unregister from the ring upon clean shutdown. It can be useful to disable # for rolling restarts with consistent naming in conjunction with # -distributor.extend-writes=false. # CLI flag: -ingester.unregister-on-shutdown [unregister_on_shutdown: | default = true] # When enabled the readiness probe succeeds only after all instances are # ACTIVE and healthy in the ring, otherwise only the instance itself is # checked. This option should be disabled if in your cluster multiple # instances can be rolled out simultaneously, otherwise rolling updates may be # slowed down. # CLI flag: -ingester.readiness-check-ring-health [readiness_check_ring_health: | default = true] # IP address to advertise in the ring. # CLI flag: -ingester.lifecycler.addr [address: | default = ""] # port to advertise in consul (defaults to server.grpc-listen-port). # CLI flag: -ingester.lifecycler.port [port: | default = 0] # ID to register in the ring. # CLI flag: -ingester.lifecycler.ID [id: | default = ""] # How many flushes can happen concurrently from each stream. # CLI flag: -ingester.concurrent-flushes [concurrent_flushes: | default = 32] # How often should the ingester see if there are any blocks to flush. The first # flush check is delayed by a random time up to 0.8x the flush check period. # Additionally, there is +/- 1% jitter added to the interval. # CLI flag: -ingester.flush-check-period [flush_check_period: | default = 30s] flush_op_backoff: # Minimum backoff period when a flush fails. Each concurrent flush has its own # backoff, see `ingester.concurrent-flushes`. # CLI flag: -ingester.flush-op-backoff-min-period [min_period: | default = 10s] # Maximum backoff period when a flush fails. Each concurrent flush has its own # backoff, see `ingester.concurrent-flushes`. # CLI flag: -ingester.flush-op-backoff-max-period [max_period: | default = 1m] # Maximum retries for failed flushes. # CLI flag: -ingester.flush-op-backoff-retries [max_retries: | default = 10] # The timeout for an individual flush. Will be retried up to # `flush-op-backoff-retries` times. # CLI flag: -ingester.flush-op-timeout [flush_op_timeout: | default = 10m] # How long chunks should be retained in-memory after they've been flushed. # CLI flag: -ingester.chunks-retain-period [chunk_retain_period: | default = 0s] # How long chunks should sit in-memory with no updates before being flushed if # they don't hit the max block size. This means that half-empty chunks will # still be flushed after a certain period as long as they receive no further # activity. # CLI flag: -ingester.chunks-idle-period [chunk_idle_period: | default = 30m] # The targeted _uncompressed_ size in bytes of a chunk block When this threshold # is exceeded the head block will be cut and compressed inside the chunk. # CLI flag: -ingester.chunks-block-size [chunk_block_size: | default = 262144] # A target _compressed_ size in bytes for chunks. This is a desired size not an # exact size, chunks may be slightly bigger or significantly smaller if they get # flushed for other reasons (e.g. chunk_idle_period). A value of 0 creates # chunks with a fixed 10 blocks, a non zero value will create chunks with a # variable number of blocks to meet the target size. # CLI flag: -ingester.chunk-target-size [chunk_target_size: | default = 1572864] # The algorithm to use for compressing chunk. (none, gzip, lz4-64k, snappy, # lz4-256k, lz4-1M, lz4, flate, zstd) # CLI flag: -ingester.chunk-encoding [chunk_encoding: | default = "gzip"] # The maximum duration of a timeseries chunk in memory. If a timeseries runs for # longer than this, the current chunk will be flushed to the store and a new # chunk created. # CLI flag: -ingester.max-chunk-age [max_chunk_age: | default = 2h] # Forget about ingesters having heartbeat timestamps older than # `ring.kvstore.heartbeat_timeout`. This is equivalent to clicking on the # `/ring` `forget` button in the UI: the ingester is removed from the ring. This # is a useful setting when you are sure that an unhealthy node won't return. An # example is when not using stateful sets or the equivalent. Use # `memberlist.rejoin_interval` > 0 to handle network partition cases when using # a memberlist. # CLI flag: -ingester.autoforget-unhealthy [autoforget_unhealthy: | default = false] # Parameters used to synchronize ingesters to cut chunks at the same moment. # Sync period is used to roll over incoming entry to a new chunk. If chunk's # utilization isn't high enough (eg. less than 50% when sync_min_utilization is # set to 0.5), then this chunk rollover doesn't happen. # CLI flag: -ingester.sync-period [sync_period: | default = 1h] # Minimum utilization of chunk when doing synchronization. # CLI flag: -ingester.sync-min-utilization [sync_min_utilization: | default = 0.1] # The maximum number of errors a stream will report to the user when a push # fails. 0 to make unlimited. # CLI flag: -ingester.max-ignored-stream-errors [max_returned_stream_errors: | default = 10] # How far back should an ingester be allowed to query the store for data, for # use only with boltdb-shipper/tsdb index and filesystem object store. -1 for # infinite. # CLI flag: -ingester.query-store-max-look-back-period [query_store_max_look_back_period: | default = 0s] # The ingester WAL (Write Ahead Log) records incoming logs and stores them on # the local file systems in order to guarantee persistence of acknowledged data # in the event of a process crash. wal: # Enable writing of ingested data into WAL. # CLI flag: -ingester.wal-enabled [enabled: | default = true] # Directory where the WAL data is stored and/or recovered from. # CLI flag: -ingester.wal-dir [dir: | default = "wal"] # Interval at which checkpoints should be created. # CLI flag: -ingester.checkpoint-duration [checkpoint_duration: | default = 5m] # When WAL is enabled, should chunks be flushed to long-term storage on # shutdown. # CLI flag: -ingester.flush-on-shutdown [flush_on_shutdown: | default = false] # Maximum memory size the WAL may use during replay. After hitting this, it # will flush data to storage before continuing. A unit suffix (KB, MB, GB) may # be applied. # CLI flag: -ingester.wal-replay-memory-ceiling [replay_memory_ceiling: | default = 4GB] # Shard factor used in the ingesters for the in process reverse index. This MUST # be evenly divisible by ALL schema shard factors or Loki will not start. # CLI flag: -ingester.index-shards [index_shards: | default = 32] # Maximum number of dropped streams to keep in memory during tailing. # CLI flag: -ingester.tailer.max-dropped-streams [max_dropped_streams: | default = 10] # Path where the shutdown marker file is stored. If not set and # common.path_prefix is set then common.path_prefix will be used. # CLI flag: -ingester.shutdown-marker-path [shutdown_marker_path: | default = ""] # Interval at which the ingester ownedStreamService checks for changes in the # ring to recalculate owned streams. # CLI flag: -ingester.owned-streams-check-interval [owned_streams_check_interval: | default = 30s] ``` ### ingester_client The `ingester_client` block configures how the distributor will connect to ingesters. Only appropriate when running all components, the distributor, or the querier. ```yaml # Configures how connections are pooled. pool_config: [client_cleanup_period: ] [health_check_ingesters: ] [remote_timeout: ] [remote_timeout: ] # Configures how the gRPC connection to ingesters work as a client. # The CLI flags prefix for this block configuration is: ingester-rf1.client [grpc_client_config: ] ``` ### limits_config The `limits_config` block configures global and per-tenant limits in Loki. The values here can be overridden in the `overrides` section of the runtime_config file ```yaml # Whether the ingestion rate limit should be applied individually to each # distributor instance (local), or evenly shared across the cluster (global). # The ingestion rate strategy cannot be overridden on a per-tenant basis. # - local: enforces the limit on a per distributor basis. The actual effective # rate limit will be N times higher, where N is the number of distributor # replicas. # - global: enforces the limit globally, configuring a per-distributor local # rate limiter as 'ingestion_rate / N', where N is the number of distributor # replicas (it's automatically adjusted if the number of replicas change). The # global strategy requires the distributors to form their own ring, which is # used to keep track of the current number of healthy distributor replicas. # CLI flag: -distributor.ingestion-rate-limit-strategy [ingestion_rate_strategy: | default = "global"] # Per-user ingestion rate limit in sample size per second. Units in MB. # CLI flag: -distributor.ingestion-rate-limit-mb [ingestion_rate_mb: | default = 4] # Per-user allowed ingestion burst size (in sample size). Units in MB. The burst # size refers to the per-distributor local rate limiter even in the case of the # 'global' strategy, and should be set at least to the maximum logs size # expected in a single push request. # CLI flag: -distributor.ingestion-burst-size-mb [ingestion_burst_size_mb: | default = 6] # Maximum length accepted for label names. # CLI flag: -validation.max-length-label-name [max_label_name_length: | default = 1024] # Maximum length accepted for label value. This setting also applies to the # metric name. # CLI flag: -validation.max-length-label-value [max_label_value_length: | default = 2048] # Maximum number of label names per series. # CLI flag: -validation.max-label-names-per-series [max_label_names_per_series: | default = 15] # Whether or not old samples will be rejected. # CLI flag: -validation.reject-old-samples [reject_old_samples: | default = true] # Maximum accepted sample age before rejecting. # CLI flag: -validation.reject-old-samples.max-age [reject_old_samples_max_age: | default = 1w] # Duration which table will be created/deleted before/after it's needed; we # won't accept sample from before this time. # CLI flag: -validation.create-grace-period [creation_grace_period: | default = 10m] # Maximum line size on ingestion path. Example: 256kb. Any log line exceeding # this limit will be discarded unless `distributor.max-line-size-truncate` is # set which in case it is truncated instead of discarding it completely. There # is no limit when unset or set to 0. # CLI flag: -distributor.max-line-size [max_line_size: | default = 256KB] # Whether to truncate lines that exceed max_line_size. # CLI flag: -distributor.max-line-size-truncate [max_line_size_truncate: | default = false] # Alter the log line timestamp during ingestion when the timestamp is the same # as the previous entry for the same stream. When enabled, if a log line in a # push request has the same timestamp as the previous line for the same stream, # one nanosecond is added to the log line. This will preserve the received order # of log lines with the exact same timestamp when they are queried, by slightly # altering their stored timestamp. NOTE: This is imperfect, because Loki accepts # out of order writes, and another push request for the same stream could # contain duplicate timestamps to existing entries and they will not be # incremented. # CLI flag: -validation.increment-duplicate-timestamps [increment_duplicate_timestamp: | default = false] # If no service_name label exists, Loki maps a single label from the configured # list to service_name. If none of the configured labels exist in the stream, # label is set to unknown_service. Empty list disables setting the label. # CLI flag: -validation.discover-service-name [discover_service_name: | default = [service app application name app_kubernetes_io_name container container_name component workload job]] # Discover and add log levels during ingestion, if not present already. Levels # would be added to Structured Metadata with name # level/LEVEL/Level/Severity/severity/SEVERITY/lvl/LVL/Lvl (case-sensitive) and # one of the values from 'trace', 'debug', 'info', 'warn', 'error', 'critical', # 'fatal' (case insensitive). # CLI flag: -validation.discover-log-levels [discover_log_levels: | default = true] # When true an ingester takes into account only the streams that it owns # according to the ring while applying the stream limit. # CLI flag: -ingester.use-owned-stream-count [use_owned_stream_count: | default = false] # Maximum number of active streams per user, per ingester. 0 to disable. # CLI flag: -ingester.max-streams-per-user [max_streams_per_user: | default = 0] # Maximum number of active streams per user, across the cluster. 0 to disable. # When the global limit is enabled, each ingester is configured with a dynamic # local limit based on the replication factor and the current number of healthy # ingesters, and is kept updated whenever the number of ingesters change. # CLI flag: -ingester.max-global-streams-per-user [max_global_streams_per_user: | default = 5000] # Deprecated. When true, out-of-order writes are accepted. # CLI flag: -ingester.unordered-writes [unordered_writes: | default = true] # Maximum byte rate per second per stream, also expressible in human readable # forms (1MB, 256KB, etc). # CLI flag: -ingester.per-stream-rate-limit [per_stream_rate_limit: | default = 3MB] # Maximum burst bytes per stream, also expressible in human readable forms (1MB, # 256KB, etc). This is how far above the rate limit a stream can 'burst' before # the stream is limited. # CLI flag: -ingester.per-stream-rate-limit-burst [per_stream_rate_limit_burst: | default = 15MB] # Maximum number of chunks that can be fetched in a single query. # CLI flag: -store.query-chunk-limit [max_chunks_per_query: | default = 2000000] # Limit the maximum of unique series that is returned by a metric query. When # the limit is reached an error is returned. # CLI flag: -querier.max-query-series [max_query_series: | default = 500] # Limit how far back in time series data and metadata can be queried, up until # lookback duration ago. This limit is enforced in the query frontend, the # querier and the ruler. If the requested time range is outside the allowed # range, the request will not fail, but will be modified to only query data # within the allowed time range. The default value of 0 does not set a limit. # CLI flag: -querier.max-query-lookback [max_query_lookback: | default = 0s] # The limit to length of chunk store queries. 0 to disable. # CLI flag: -store.max-query-length [max_query_length: | default = 30d1h] # Limit the length of the [range] inside a range query. Default is 0 or # unlimited # CLI flag: -querier.max-query-range [max_query_range: | default = 0s] # Maximum number of queries that will be scheduled in parallel by the frontend. # CLI flag: -querier.max-query-parallelism [max_query_parallelism: | default = 32] # Maximum number of queries will be scheduled in parallel by the frontend for # TSDB schemas. # CLI flag: -querier.tsdb-max-query-parallelism [tsdb_max_query_parallelism: | default = 128] # Target maximum number of bytes assigned to a single sharded query. Also # expressible in human readable forms (1GB, etc). Note: This is a _target_ and # not an absolute limit. The actual limit can be higher, but the query planner # will try to build shards up to this limit. # CLI flag: -querier.tsdb-max-bytes-per-shard [tsdb_max_bytes_per_shard: | default = 600MB] # sharding strategy to use in query planning. Suggested to use bounded once all # nodes can recognize it. # CLI flag: -limits.tsdb-sharding-strategy [tsdb_sharding_strategy: | default = "power_of_two"] # Precompute chunks for TSDB queries. This can improve query performance at the # cost of increased memory usage by computing chunks once during planning, # reducing index calls. # CLI flag: -querier.tsdb-precompute-chunks [tsdb_precompute_chunks: | default = false] # Cardinality limit for index queries. # CLI flag: -store.cardinality-limit [cardinality_limit: | default = 100000] # Maximum number of stream matchers per query. # CLI flag: -querier.max-streams-matcher-per-query [max_streams_matchers_per_query: | default = 1000] # Maximum number of concurrent tail requests. # CLI flag: -querier.max-concurrent-tail-requests [max_concurrent_tail_requests: | default = 10] # Maximum number of log entries that will be returned for a query. # CLI flag: -validation.max-entries-limit [max_entries_limit_per_query: | default = 5000] # Most recent allowed cacheable result per-tenant, to prevent caching very # recent results that might still be in flux. # CLI flag: -frontend.max-cache-freshness [max_cache_freshness_per_query: | default = 10m] # Do not cache metadata request if the end time is within the # frontend.max-metadata-cache-freshness window. Set this to 0 to apply no such # limits. Defaults to 24h. # CLI flag: -frontend.max-metadata-cache-freshness [max_metadata_cache_freshness: | default = 1d] # Do not cache requests with an end time that falls within Now minus this # duration. 0 disables this feature (default). # CLI flag: -frontend.max-stats-cache-freshness [max_stats_cache_freshness: | default = 10m] # Maximum number of queriers that can handle requests for a single tenant. If # set to 0 or value higher than number of available queriers, *all* queriers # will handle requests for the tenant. Each frontend (or query-scheduler, if # used) will select the same set of queriers for the same tenant (given that all # queriers are connected to all frontends / query-schedulers). This option only # works with queriers connecting to the query-frontend / query-scheduler, not # when using downstream URL. # CLI flag: -frontend.max-queriers-per-tenant [max_queriers_per_tenant: | default = 0] # How much of the available query capacity ("querier" components in distributed # mode, "read" components in SSD mode) can be used by a single tenant. Allowed # values are 0.0 to 1.0. For example, setting this to 0.5 would allow a tenant # to use half of the available queriers for processing the query workload. If # set to 0, query capacity is determined by frontend.max-queriers-per-tenant. # When both frontend.max-queriers-per-tenant and frontend.max-query-capacity are # configured, smaller value of the resulting querier replica count is # considered: min(frontend.max-queriers-per-tenant, ceil(querier_replicas * # frontend.max-query-capacity)). *All* queriers will handle requests for the # tenant if neither limits are applied. This option only works with queriers # connecting to the query-frontend / query-scheduler, not when using downstream # URL. Use this feature in a multi-tenant setup where you need to limit query # capacity for certain tenants. # CLI flag: -frontend.max-query-capacity [max_query_capacity: | default = 0] # Number of days of index to be kept always downloaded for queries. Applies only # to per user index in boltdb-shipper index store. 0 to disable. # CLI flag: -store.query-ready-index-num-days [query_ready_index_num_days: | default = 0] # Timeout when querying backends (ingesters or storage) during the execution of # a query request. When a specific per-tenant timeout is used, the global # timeout is ignored. # CLI flag: -querier.query-timeout [query_timeout: | default = 1m] # Split queries by a time interval and execute in parallel. The value 0 disables # splitting by time. This also determines how cache keys are chosen when result # caching is enabled. # CLI flag: -querier.split-queries-by-interval [split_queries_by_interval: | default = 1h] # Split metadata queries by a time interval and execute in parallel. The value 0 # disables splitting metadata queries by time. This also determines how cache # keys are chosen when label/series result caching is enabled. # CLI flag: -querier.split-metadata-queries-by-interval [split_metadata_queries_by_interval: | default = 1d] # Experimental. Split interval to use for the portion of metadata request that # falls within `recent_metadata_query_window`. Rest of the request which is # outside the window still uses `split_metadata_queries_by_interval`. If set to # 0, the entire request defaults to using a split interval of # `split_metadata_queries_by_interval.`. # CLI flag: -experimental.querier.split-recent-metadata-queries-by-interval [split_recent_metadata_queries_by_interval: | default = 1h] # Experimental. Metadata query window inside which # `split_recent_metadata_queries_by_interval` gets applied, portion of the # metadata request that falls in this window is split using # `split_recent_metadata_queries_by_interval`. The value 0 disables using a # different split interval for recent metadata queries. # # This is added to improve cacheability of recent metadata queries. Query split # interval also determines the interval used in cache key. The default split # interval of 24h is useful for caching long queries, each cache key holding 1 # day's results. But metadata queries are often shorter than 24h, to cache them # effectively we need a smaller split interval. `recent_metadata_query_window` # along with `split_recent_metadata_queries_by_interval` help configure a # shorter split interval for recent metadata queries. # CLI flag: -experimental.querier.recent-metadata-query-window [recent_metadata_query_window: | default = 0s] # Split instant metric queries by a time interval and execute in parallel. The # value 0 disables splitting instant metric queries by time. This also # determines how cache keys are chosen when instant metric query result caching # is enabled. # CLI flag: -querier.split-instant-metric-queries-by-interval [split_instant_metric_queries_by_interval: | default = 1h] # Interval to use for time-based splitting when a request is within the # `query_ingesters_within` window; defaults to `split-queries-by-interval` by # setting to 0. # CLI flag: -querier.split-ingester-queries-by-interval [split_ingester_queries_by_interval: | default = 0s] # Limit queries that can be sharded. Queries within the time range of now and # now minus this sharding lookback are not sharded. The default value of 0s # disables the lookback, causing sharding of all queries at all times. # CLI flag: -frontend.min-sharding-lookback [min_sharding_lookback: | default = 0s] # Max number of bytes a query can fetch. Enforced in log and metric queries only # when TSDB is used. This limit is not enforced on log queries without filters. # The default value of 0 disables this limit. # CLI flag: -frontend.max-query-bytes-read [max_query_bytes_read: | default = 0B] # Max number of bytes a query can fetch after splitting and sharding. Enforced # in log and metric queries only when TSDB is used. This limit is not enforced # on log queries without filters. The default value of 0 disables this limit. # CLI flag: -frontend.max-querier-bytes-read [max_querier_bytes_read: | default = 150GB] # Enable log-volume endpoints. # CLI flag: -limits.volume-enabled [volume_enabled: | default = true] # The maximum number of aggregated series in a log-volume response # CLI flag: -limits.volume-max-series [volume_max_series: | default = 1000] # Maximum number of rules per rule group per-tenant. 0 to disable. # CLI flag: -ruler.max-rules-per-rule-group [ruler_max_rules_per_rule_group: | default = 0] # Maximum number of rule groups per-tenant. 0 to disable. # CLI flag: -ruler.max-rule-groups-per-tenant [ruler_max_rule_groups_per_tenant: | default = 0] # The default tenant's shard size when shuffle-sharding is enabled in the ruler. # When this setting is specified in the per-tenant overrides, a value of 0 # disables shuffle sharding for the tenant. # CLI flag: -ruler.tenant-shard-size [ruler_tenant_shard_size: | default = 0] # Disable recording rules remote-write. [ruler_remote_write_disabled: ] # Deprecated: Use 'ruler_remote_write_config' instead. The URL of the endpoint # to send samples to. [ruler_remote_write_url: | default = ""] # Deprecated: Use 'ruler_remote_write_config' instead. Timeout for requests to # the remote write endpoint. [ruler_remote_write_timeout: ] # Deprecated: Use 'ruler_remote_write_config' instead. Custom HTTP headers to be # sent along with each remote write request. Be aware that headers that are set # by Loki itself can't be overwritten. [ruler_remote_write_headers: ] # Deprecated: Use 'ruler_remote_write_config' instead. List of remote write # relabel configurations. [ruler_remote_write_relabel_configs: ] # Deprecated: Use 'ruler_remote_write_config' instead. Number of samples to # buffer per shard before we block reading of more samples from the WAL. It is # recommended to have enough capacity in each shard to buffer several requests # to keep throughput up while processing occasional slow remote requests. [ruler_remote_write_queue_capacity: ] # Deprecated: Use 'ruler_remote_write_config' instead. Minimum number of shards, # i.e. amount of concurrency. [ruler_remote_write_queue_min_shards: ] # Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of shards, # i.e. amount of concurrency. [ruler_remote_write_queue_max_shards: ] # Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of samples # per send. [ruler_remote_write_queue_max_samples_per_send: ] # Deprecated: Use 'ruler_remote_write_config' instead. Maximum time a sample # will wait in buffer. [ruler_remote_write_queue_batch_send_deadline: ] # Deprecated: Use 'ruler_remote_write_config' instead. Initial retry delay. Gets # doubled for every retry. [ruler_remote_write_queue_min_backoff: ] # Deprecated: Use 'ruler_remote_write_config' instead. Maximum retry delay. [ruler_remote_write_queue_max_backoff: ] # Deprecated: Use 'ruler_remote_write_config' instead. Retry upon receiving a # 429 status code from the remote-write storage. This is experimental and might # change in the future. [ruler_remote_write_queue_retry_on_ratelimit: ] # Deprecated: Use 'ruler_remote_write_config' instead. Configures AWS's # Signature Verification 4 signing process to sign every remote write request. ruler_remote_write_sigv4_config: [region: | default = ""] [access_key: | default = ""] [secret_key: | default = ""] [profile: | default = ""] [role_arn: | default = ""] # Configures global and per-tenant limits for remote write clients. A map with # remote client id as key. [ruler_remote_write_config: ] # Timeout for a remote rule evaluation. Defaults to the value of # 'querier.query-timeout'. [ruler_remote_evaluation_timeout: ] # Maximum size (in bytes) of the allowable response size from a remote rule # evaluation. Set to 0 to allow any response size (default). [ruler_remote_evaluation_max_response_size: ] # Deletion mode. Can be one of 'disabled', 'filter-only', or # 'filter-and-delete'. When set to 'filter-only' or 'filter-and-delete', and if # retention_enabled is true, then the log entry deletion API endpoints are # available. # CLI flag: -compactor.deletion-mode [deletion_mode: | default = "filter-and-delete"] # Retention period to apply to stored data, only applies if retention_enabled is # true in the compactor config. As of version 2.8.0, a zero value of 0 or 0s # disables retention. In previous releases, Loki did not properly honor a zero # value to disable retention and a really large value should be used instead. # CLI flag: -store.retention [retention_period: | default = 0s] # Per-stream retention to apply, if the retention is enable on the compactor # side. # Example: # retention_stream: # - selector: '{namespace="dev"}' # priority: 1 # period: 24h # - selector: '{container="nginx"}' # priority: 1 # period: 744h # Selector is a Prometheus labels matchers that will apply the 'period' # retention only if the stream is matching. In case multiple stream are # matching, the highest priority will be picked. If no rule is matched the # 'retention_period' is used. [retention_stream: ] # Feature renamed to 'runtime configuration', flag deprecated in favor of # -runtime-config.file (runtime_config.file in YAML). # CLI flag: -limits.per-user-override-config [per_tenant_override_config: | default = ""] # Feature renamed to 'runtime configuration'; flag deprecated in favor of # -runtime-config.reload-period (runtime_config.period in YAML). # CLI flag: -limits.per-user-override-period [per_tenant_override_period: | default = 10s] # Deprecated: Use deletion_mode per tenant configuration instead. [allow_deletes: ] # Define streams sharding behavior. shard_streams: # Automatically shard streams to keep them under the per-stream rate limit. # Sharding is dictated by the desired rate. # CLI flag: -shard-streams.enabled [enabled: | default = true] # Whether to log sharding streams behavior or not. Not recommended for # production environments. # CLI flag: -shard-streams.logging-enabled [logging_enabled: | default = false] # Threshold used to cut a new shard. Default (1536KB) means if a rate is above # 1536KB/s, it will be sharded into two streams. # CLI flag: -shard-streams.desired-rate [desired_rate: | default = 1536KB] [blocked_queries: ] # Define a list of required selector labels. [required_labels: ] # Minimum number of label matchers a query should contain. [minimum_labels_number: ] # The shard size defines how many index gateways should be used by a tenant for # querying. If the global shard factor is 0, the global shard factor is set to # the deprecated -replication-factor for backwards compatibility reasons. # CLI flag: -index-gateway.shard-size [index_gateway_shard_size: | default = 0] # Experimental. The shard size defines how many bloom gateways should be used by # a tenant for querying. # CLI flag: -bloom-gateway.shard-size [bloom_gateway_shard_size: | default = 0] # Experimental. Whether to use the bloom gateway component in the read path to # filter chunks. # CLI flag: -bloom-gateway.enable-filtering [bloom_gateway_enable_filtering: | default = false] # Experimental. Interval for computing the cache key in the Bloom Gateway. # CLI flag: -bloom-gateway.cache-key-interval [bloom_gateway_cache_key_interval: | default = 15m] # Experimental. The shard size defines how many bloom compactors should be used # by a tenant when computing blooms. If it's set to 0, shuffle sharding is # disabled. # CLI flag: -bloom-compactor.shard-size [bloom_compactor_shard_size: | default = 0] # Experimental. Whether to compact chunks into bloom filters. # CLI flag: -bloom-compactor.enable-compaction [bloom_compactor_enable_compaction: | default = false] # Experimental. The maximum bloom block size. A value of 0 sets an unlimited # size. Default is 200MB. The actual block size might exceed this limit since # blooms will be added to blocks until the block exceeds the maximum block size. # CLI flag: -bloom-compactor.max-block-size [bloom_compactor_max_block_size: | default = 200MB] # Experimental. The maximum bloom size per log stream. A log stream whose # generated bloom filter exceeds this size will be discarded. A value of 0 sets # an unlimited size. Default is 128MB. # CLI flag: -bloom-compactor.max-bloom-size [bloom_compactor_max_bloom_size: | default = 128MB] # Experimental. Whether to create blooms for the tenant. # CLI flag: -bloom-build.enable [bloom_creation_enabled: | default = false] # Experimental. Number of splits to create for the series keyspace when building # blooms. The series keyspace is split into this many parts to parallelize bloom # creation. # CLI flag: -bloom-build.split-keyspace-by [bloom_split_series_keyspace_by: | default = 256] # Experimental. Maximum number of builders to use when building blooms. 0 allows # unlimited builders. # CLI flag: -bloom-build.max-builders [bloom_build_max_builders: | default = 0] # Experimental. Timeout for a builder to finish a task. If a builder does not # respond within this time, it is considered failed and the task will be # requeued. 0 disables the timeout. # CLI flag: -bloom-build.builder-response-timeout [bloom_build_builder_response_timeout: | default = 0s] # Experimental. Maximum number of retries for a failed task. If a task fails # more than this number of times, it is considered failed and will not be # retried. A value of 0 disables this limit. # CLI flag: -bloom-build.task-max-retries [bloom_build_task_max_retries: | default = 3] # Experimental. Length of the n-grams created when computing blooms from log # lines. # CLI flag: -bloom-compactor.ngram-length [bloom_ngram_length: | default = 4] # Experimental. Skip factor for the n-grams created when computing blooms from # log lines. # CLI flag: -bloom-compactor.ngram-skip [bloom_ngram_skip: | default = 1] # Experimental. Scalable Bloom Filter desired false-positive rate. # CLI flag: -bloom-compactor.false-positive-rate [bloom_false_positive_rate: | default = 0.01] # Experimental. Compression algorithm for bloom block pages. # CLI flag: -bloom-compactor.block-encoding [bloom_block_encoding: | default = "none"] # Allow user to send structured metadata in push payload. # CLI flag: -validation.allow-structured-metadata [allow_structured_metadata: | default = true] # Maximum size accepted for structured metadata per log line. # CLI flag: -limits.max-structured-metadata-size [max_structured_metadata_size: | default = 64KB] # Maximum number of structured metadata entries per log line. # CLI flag: -limits.max-structured-metadata-entries-count [max_structured_metadata_entries_count: | default = 128] # OTLP log ingestion configurations otlp_config: # Configuration for resource attributes to store them as index labels or # Structured Metadata or drop them altogether resource_attributes: # Configure whether to ignore the default list of resource attributes set in # 'distributor.otlp.default_resource_attributes_as_index_labels' to be # stored as index labels and only use the given resource attributes config [ignore_defaults: | default = false] [attributes_config: ] # Configuration for scope attributes to store them as Structured Metadata or # drop them altogether [scope_attributes: ] # Configuration for log attributes to store them as Structured Metadata or # drop them altogether [log_attributes: ] # Block ingestion until the configured date. The time should be in RFC3339 # format. # CLI flag: -limits.block-ingestion-until [block_ingestion_until: