is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = #######################################################################################
root_username = 
root_password_sha2 = ######################################
root_email = ""
root_timezone = PST8PDT
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = https://FQDN:12900/
#rest_transport_uri = http://192.168.1.1:12900/
#rest_enable_cors = false
#rest_enable_gzip = true
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/server/cert/graylog.pem
rest_tls_key_file = /etc/graylog/server/private/graylog-key.pem
#rest_tls_key_password = secret
#rest_max_header_size = 8192
#rest_max_initial_line_length = 4096
#rest_thread_pool_size = 16
web_enable = true
web_listen_uri = https://FQDN:8443/
#web_endpoint_uri =
#web_enable_cors = false
#web_enable_gzip = false
web_enable_tls = true
web_tls_cert_file = /etc/graylog/server/cert/graylog.pem
web_tls_key_file = /etc/graylog/server/private/graylog-key.pem
#web_tls_key_password = secret
#web_max_header_size = 8192
#web_max_initial_line_length = 4096
#web_thread_pool_size = 16
# elasticsearch_config_file = /etc/elasticsearch/elasticsearch.yml
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
#elasticsearch_max_size_per_index = 1073741824
#elasticsearch_max_time_per_index = 1d
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
#elasticsearch_max_size_per_index = 1073741824
#elasticsearch_max_time_per_index = 1d
#elasticsearch_disable_version_check = true
#no_retention = false
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 1
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
#elasticsearch_template_name = graylog-internal
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = graylog
elasticsearch_node_name_prefix = graylog-
elasticsearch_discovery_zen_ping_unicast_hosts = localhost:9300
#elasticsearch_node_master = false
#elasticsearch_node_data = false
#elasticsearch_transport_tcp_port = 9350
#elasticsearch_http_enabled = false
elasticsearch_discovery_zen_ping_multicast_enabled = false
#elasticsearch_cluster_discovery_timeout = 5000
#elasticsearch_network_host =
#elasticsearch_network_bind_host =
#elasticsearch_network_publish_host =
#elasticsearch_discovery_initial_state_timeout = 3s
elasticsearch_analyzer = standard
#elasticsearch_request_timeout = 1m
#index_ranges_cleanup_interval = 1h
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
#outputbuffer_processor_keep_alive_time = 5000
#outputbuffer_processor_threads_core_pool_size = 3
#outputbuffer_processor_threads_max_pool_size = 30
#udp_recvbuffer_sizes = 1048576
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
#message_journal_max_age = 12h
#message_journal_max_size = 5gb
#message_journal_flush_age = 1m
#message_journal_flush_interval = 1000000
#message_journal_segment_age = 1h
#message_journal_segment_size = 100mb
#async_eventbus_processors = 2
lb_recognition_period_seconds = 3
#stream_processing_timeout = 2000
#stream_processing_max_faults = 3
#alert_check_interval = 60
#output_module_timeout = 10000
#stale_master_timeout = 2000
#shutdown_timeout = 30000
mongodb_uri = mongodb://localhost/graylog
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog
#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
#rules_file = /etc/graylog/server/rules.drl
#transport_email_enabled = false
#transport_email_hostname = mail.example.com
#transport_email_port = 587
#transport_email_use_auth = true
#transport_email_use_tls = true
#transport_email_use_ssl = true
#transport_email_auth_username = you@example.com
#transport_email_auth_password = secret
#transport_email_subject_prefix = [graylog]
#transport_email_from_email = graylog@example.com
#transport_email_web_interface_url = https://graylog.example.com
#http_connect_timeout = 5s
#http_read_timeout = 10s
#http_write_timeout = 10s
#http_proxy_uri =
#disable_index_optimization = true
#index_optimization_max_num_segments = 1
#gc_warning_threshold = 1s
#ldap_connection_timeout = 2000
#enable_metrics_collection = false
#disable_sigar = false
#dashboard_widget_default_cache_time = 10s
#content_packs_loader_enabled = true
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json