github.com/muhammadn/cortex@v1.9.1-0.20220510110439-46bb7000d03d/docs/configuration/config-file-reference.md (about) 1 --- 2 title: "Configuration file" 3 linkTitle: "Configuration file" 4 weight: 1 5 slug: configuration-file 6 --- 7 8 <!-- DO NOT EDIT THIS FILE - This file has been automatically generated from its .template --> 9 10 Cortex can be configured using a YAML file - specified using the `-config.file` flag - or CLI flags. In case you combine both, CLI flags take precedence over the YAML config file. 11 12 The current configuration of any Cortex component can be seen by visiting the `/config` HTTP path. 13 Passwords are filtered out of this endpoint. 14 15 ## Reference 16 17 To specify which configuration file to load, pass the `-config.file` flag at the command line. The file is written in [YAML format](https://en.wikipedia.org/wiki/YAML), defined by the scheme below. Brackets indicate that a parameter is optional. 18 19 ### Generic placeholders 20 21 * `<boolean>`: a boolean that can take the values `true` or `false` 22 * `<int>`: any integer matching the regular expression `[1-9]+[0-9]*` 23 * `<duration>`: a duration matching the regular expression `[0-9]+(ns|us|µs|ms|s|m|h|d|w|y)` where y = 365 days. 24 * `<string>`: a regular string 25 * `<url>`: an URL 26 * `<prefix>`: a CLI flag prefix based on the context (look at the parent configuration block to see which CLI flags prefix should be used) 27 * `<relabel_config>`: a [Prometheus relabeling configuration](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config). 28 * `<time>`: a timestamp, with available formats: `2006-01-20` (midnight, local timezone), `2006-01-20T15:04` (local timezone), and RFC 3339 formats: `2006-01-20T15:04:05Z` (UTC) or `2006-01-20T15:04:05+07:00` (explicit timezone) 29 30 ### Use environment variables in the configuration 31 32 You can use environment variable references in the config file to set values that need to be configurable during deployment by using the `-config.expand-env` flag. 33 To do this, use: 34 35 ``` 36 ${VAR} 37 ``` 38 39 Where VAR is the name of the environment variable. 40 41 Each variable reference is replaced at startup by the value of the environment variable. 42 The replacement is case-sensitive and occurs before the YAML file is parsed. 43 References to undefined variables are replaced by empty strings unless you specify a default value or custom error text. 44 45 To specify a default value, use: 46 47 ``` 48 ${VAR:default_value} 49 ``` 50 51 Where default_value is the value to use if the environment variable is undefined. 52 53 ### Supported contents and default values of the config file 54 55 ```yaml 56 # Comma-separated list of Cortex modules to load. The alias 'all' can be used in 57 # the list to load a number of core modules and will enable single-binary mode. 58 # Use '-modules' command line flag to get a list of available modules, and to 59 # see which modules are included in 'all'. 60 # CLI flag: -target 61 [target: <string> | default = "all"] 62 63 # Set to false to disable auth. 64 # CLI flag: -auth.enabled 65 [auth_enabled: <boolean> | default = true] 66 67 # HTTP path prefix for Cortex API. 68 # CLI flag: -http.prefix 69 [http_prefix: <string> | default = "/api/prom"] 70 71 api: 72 # Use GZIP compression for API responses. Some endpoints serve large YAML or 73 # JSON blobs which can benefit from compression. 74 # CLI flag: -api.response-compression-enabled 75 [response_compression_enabled: <boolean> | default = false] 76 77 # HTTP URL path under which the Alertmanager ui and api will be served. 78 # CLI flag: -http.alertmanager-http-prefix 79 [alertmanager_http_prefix: <string> | default = "/alertmanager"] 80 81 # HTTP URL path under which the Prometheus api will be served. 82 # CLI flag: -http.prometheus-http-prefix 83 [prometheus_http_prefix: <string> | default = "/prometheus"] 84 85 # The server_config configures the HTTP and gRPC server of the launched 86 # service(s). 87 [server: <server_config>] 88 89 # The distributor_config configures the Cortex distributor. 90 [distributor: <distributor_config>] 91 92 # The querier_config configures the Cortex querier. 93 [querier: <querier_config>] 94 95 # The ingester_client_config configures how the Cortex distributors connect to 96 # the ingesters. 97 [ingester_client: <ingester_client_config>] 98 99 # The ingester_config configures the Cortex ingester. 100 [ingester: <ingester_config>] 101 102 # The flusher_config configures the WAL flusher target, used to manually run 103 # one-time flushes when scaling down ingesters. 104 [flusher: <flusher_config>] 105 106 # The storage_config configures where Cortex stores the data (chunks storage 107 # engine). 108 [storage: <storage_config>] 109 110 # The chunk_store_config configures how Cortex stores the data (chunks storage 111 # engine). 112 [chunk_store: <chunk_store_config>] 113 114 # The limits_config configures default and per-tenant limits imposed by Cortex 115 # services (ie. distributor, ingester, ...). 116 [limits: <limits_config>] 117 118 # The frontend_worker_config configures the worker - running within the Cortex 119 # querier - picking up and executing queries enqueued by the query-frontend or 120 # query-scheduler. 121 [frontend_worker: <frontend_worker_config>] 122 123 # The query_frontend_config configures the Cortex query-frontend. 124 [frontend: <query_frontend_config>] 125 126 # The query_range_config configures the query splitting and caching in the 127 # Cortex query-frontend. 128 [query_range: <query_range_config>] 129 130 # The table_manager_config configures the Cortex table-manager. 131 [table_manager: <table_manager_config>] 132 133 # The blocks_storage_config configures the blocks storage. 134 [blocks_storage: <blocks_storage_config>] 135 136 # The compactor_config configures the compactor for the blocks storage. 137 [compactor: <compactor_config>] 138 139 # The store_gateway_config configures the store-gateway service used by the 140 # blocks storage. 141 [store_gateway: <store_gateway_config>] 142 143 # The purger_config configures the purger which takes care of delete requests. 144 [purger: <purger_config>] 145 146 tenant_federation: 147 # If enabled on all Cortex services, queries can be federated across multiple 148 # tenants. The tenant IDs involved need to be specified separated by a `|` 149 # character in the `X-Scope-OrgID` header (experimental). 150 # CLI flag: -tenant-federation.enabled 151 [enabled: <boolean> | default = false] 152 153 # The ruler_config configures the Cortex ruler. 154 [ruler: <ruler_config>] 155 156 # The ruler_storage_config configures the Cortex ruler storage backend. 157 [ruler_storage: <ruler_storage_config>] 158 159 # The configs_config configures the Cortex Configs DB and API. 160 [configs: <configs_config>] 161 162 # The alertmanager_config configures the Cortex alertmanager. 163 [alertmanager: <alertmanager_config>] 164 165 # The alertmanager_storage_config configures the Cortex alertmanager storage 166 # backend. 167 [alertmanager_storage: <alertmanager_storage_config>] 168 169 runtime_config: 170 # How often to check runtime config file. 171 # CLI flag: -runtime-config.reload-period 172 [period: <duration> | default = 10s] 173 174 # File with the configuration that can be updated in runtime. 175 # CLI flag: -runtime-config.file 176 [file: <string> | default = ""] 177 178 # The memberlist_config configures the Gossip memberlist. 179 [memberlist: <memberlist_config>] 180 181 query_scheduler: 182 # Maximum number of outstanding requests per tenant per query-scheduler. 183 # In-flight requests above this limit will fail with HTTP response status code 184 # 429. 185 # CLI flag: -query-scheduler.max-outstanding-requests-per-tenant 186 [max_outstanding_requests_per_tenant: <int> | default = 100] 187 188 # If a querier disconnects without sending notification about graceful 189 # shutdown, the query-scheduler will keep the querier in the tenant's shard 190 # until the forget delay has passed. This feature is useful to reduce the 191 # blast radius when shuffle-sharding is enabled. 192 # CLI flag: -query-scheduler.querier-forget-delay 193 [querier_forget_delay: <duration> | default = 0s] 194 195 # This configures the gRPC client used to report errors back to the 196 # query-frontend. 197 grpc_client_config: 198 # gRPC client max receive message size (bytes). 199 # CLI flag: -query-scheduler.grpc-client-config.grpc-max-recv-msg-size 200 [max_recv_msg_size: <int> | default = 104857600] 201 202 # gRPC client max send message size (bytes). 203 # CLI flag: -query-scheduler.grpc-client-config.grpc-max-send-msg-size 204 [max_send_msg_size: <int> | default = 16777216] 205 206 # Use compression when sending messages. Supported values are: 'gzip', 207 # 'snappy' and '' (disable compression) 208 # CLI flag: -query-scheduler.grpc-client-config.grpc-compression 209 [grpc_compression: <string> | default = ""] 210 211 # Rate limit for gRPC client; 0 means disabled. 212 # CLI flag: -query-scheduler.grpc-client-config.grpc-client-rate-limit 213 [rate_limit: <float> | default = 0] 214 215 # Rate limit burst for gRPC client. 216 # CLI flag: -query-scheduler.grpc-client-config.grpc-client-rate-limit-burst 217 [rate_limit_burst: <int> | default = 0] 218 219 # Enable backoff and retry when we hit ratelimits. 220 # CLI flag: -query-scheduler.grpc-client-config.backoff-on-ratelimits 221 [backoff_on_ratelimits: <boolean> | default = false] 222 223 backoff_config: 224 # Minimum delay when backing off. 225 # CLI flag: -query-scheduler.grpc-client-config.backoff-min-period 226 [min_period: <duration> | default = 100ms] 227 228 # Maximum delay when backing off. 229 # CLI flag: -query-scheduler.grpc-client-config.backoff-max-period 230 [max_period: <duration> | default = 10s] 231 232 # Number of times to backoff and retry before failing. 233 # CLI flag: -query-scheduler.grpc-client-config.backoff-retries 234 [max_retries: <int> | default = 10] 235 236 # Enable TLS in the GRPC client. This flag needs to be enabled when any 237 # other TLS flag is set. If set to false, insecure connection to gRPC server 238 # will be used. 239 # CLI flag: -query-scheduler.grpc-client-config.tls-enabled 240 [tls_enabled: <boolean> | default = false] 241 242 # Path to the client certificate file, which will be used for authenticating 243 # with the server. Also requires the key path to be configured. 244 # CLI flag: -query-scheduler.grpc-client-config.tls-cert-path 245 [tls_cert_path: <string> | default = ""] 246 247 # Path to the key file for the client certificate. Also requires the client 248 # certificate to be configured. 249 # CLI flag: -query-scheduler.grpc-client-config.tls-key-path 250 [tls_key_path: <string> | default = ""] 251 252 # Path to the CA certificates file to validate server certificate against. 253 # If not set, the host's root CA certificates are used. 254 # CLI flag: -query-scheduler.grpc-client-config.tls-ca-path 255 [tls_ca_path: <string> | default = ""] 256 257 # Override the expected name on the server certificate. 258 # CLI flag: -query-scheduler.grpc-client-config.tls-server-name 259 [tls_server_name: <string> | default = ""] 260 261 # Skip validating server certificate. 262 # CLI flag: -query-scheduler.grpc-client-config.tls-insecure-skip-verify 263 [tls_insecure_skip_verify: <boolean> | default = false] 264 ``` 265 266 ### `server_config` 267 268 The `server_config` configures the HTTP and gRPC server of the launched service(s). 269 270 ```yaml 271 # HTTP server listen network, default tcp 272 # CLI flag: -server.http-listen-network 273 [http_listen_network: <string> | default = "tcp"] 274 275 # HTTP server listen address. 276 # CLI flag: -server.http-listen-address 277 [http_listen_address: <string> | default = ""] 278 279 # HTTP server listen port. 280 # CLI flag: -server.http-listen-port 281 [http_listen_port: <int> | default = 80] 282 283 # Maximum number of simultaneous http connections, <=0 to disable 284 # CLI flag: -server.http-conn-limit 285 [http_listen_conn_limit: <int> | default = 0] 286 287 # gRPC server listen network 288 # CLI flag: -server.grpc-listen-network 289 [grpc_listen_network: <string> | default = "tcp"] 290 291 # gRPC server listen address. 292 # CLI flag: -server.grpc-listen-address 293 [grpc_listen_address: <string> | default = ""] 294 295 # gRPC server listen port. 296 # CLI flag: -server.grpc-listen-port 297 [grpc_listen_port: <int> | default = 9095] 298 299 # Maximum number of simultaneous grpc connections, <=0 to disable 300 # CLI flag: -server.grpc-conn-limit 301 [grpc_listen_conn_limit: <int> | default = 0] 302 303 http_tls_config: 304 # HTTP server cert path. 305 # CLI flag: -server.http-tls-cert-path 306 [cert_file: <string> | default = ""] 307 308 # HTTP server key path. 309 # CLI flag: -server.http-tls-key-path 310 [key_file: <string> | default = ""] 311 312 # HTTP TLS Client Auth type. 313 # CLI flag: -server.http-tls-client-auth 314 [client_auth_type: <string> | default = ""] 315 316 # HTTP TLS Client CA path. 317 # CLI flag: -server.http-tls-ca-path 318 [client_ca_file: <string> | default = ""] 319 320 grpc_tls_config: 321 # GRPC TLS server cert path. 322 # CLI flag: -server.grpc-tls-cert-path 323 [cert_file: <string> | default = ""] 324 325 # GRPC TLS server key path. 326 # CLI flag: -server.grpc-tls-key-path 327 [key_file: <string> | default = ""] 328 329 # GRPC TLS Client Auth type. 330 # CLI flag: -server.grpc-tls-client-auth 331 [client_auth_type: <string> | default = ""] 332 333 # GRPC TLS Client CA path. 334 # CLI flag: -server.grpc-tls-ca-path 335 [client_ca_file: <string> | default = ""] 336 337 # Register the intrumentation handlers (/metrics etc). 338 # CLI flag: -server.register-instrumentation 339 [register_instrumentation: <boolean> | default = true] 340 341 # Timeout for graceful shutdowns 342 # CLI flag: -server.graceful-shutdown-timeout 343 [graceful_shutdown_timeout: <duration> | default = 30s] 344 345 # Read timeout for HTTP server 346 # CLI flag: -server.http-read-timeout 347 [http_server_read_timeout: <duration> | default = 30s] 348 349 # Write timeout for HTTP server 350 # CLI flag: -server.http-write-timeout 351 [http_server_write_timeout: <duration> | default = 30s] 352 353 # Idle timeout for HTTP server 354 # CLI flag: -server.http-idle-timeout 355 [http_server_idle_timeout: <duration> | default = 2m] 356 357 # Limit on the size of a gRPC message this server can receive (bytes). 358 # CLI flag: -server.grpc-max-recv-msg-size-bytes 359 [grpc_server_max_recv_msg_size: <int> | default = 4194304] 360 361 # Limit on the size of a gRPC message this server can send (bytes). 362 # CLI flag: -server.grpc-max-send-msg-size-bytes 363 [grpc_server_max_send_msg_size: <int> | default = 4194304] 364 365 # Limit on the number of concurrent streams for gRPC calls (0 = unlimited) 366 # CLI flag: -server.grpc-max-concurrent-streams 367 [grpc_server_max_concurrent_streams: <int> | default = 100] 368 369 # The duration after which an idle connection should be closed. Default: 370 # infinity 371 # CLI flag: -server.grpc.keepalive.max-connection-idle 372 [grpc_server_max_connection_idle: <duration> | default = 2562047h47m16.854775807s] 373 374 # The duration for the maximum amount of time a connection may exist before it 375 # will be closed. Default: infinity 376 # CLI flag: -server.grpc.keepalive.max-connection-age 377 [grpc_server_max_connection_age: <duration> | default = 2562047h47m16.854775807s] 378 379 # An additive period after max-connection-age after which the connection will be 380 # forcibly closed. Default: infinity 381 # CLI flag: -server.grpc.keepalive.max-connection-age-grace 382 [grpc_server_max_connection_age_grace: <duration> | default = 2562047h47m16.854775807s] 383 384 # Duration after which a keepalive probe is sent in case of no activity over the 385 # connection., Default: 2h 386 # CLI flag: -server.grpc.keepalive.time 387 [grpc_server_keepalive_time: <duration> | default = 2h] 388 389 # After having pinged for keepalive check, the duration after which an idle 390 # connection should be closed, Default: 20s 391 # CLI flag: -server.grpc.keepalive.timeout 392 [grpc_server_keepalive_timeout: <duration> | default = 20s] 393 394 # Minimum amount of time a client should wait before sending a keepalive ping. 395 # If client sends keepalive ping more often, server will send GOAWAY and close 396 # the connection. 397 # CLI flag: -server.grpc.keepalive.min-time-between-pings 398 [grpc_server_min_time_between_pings: <duration> | default = 10s] 399 400 # If true, server allows keepalive pings even when there are no active 401 # streams(RPCs). If false, and client sends ping when there are no active 402 # streams, server will send GOAWAY and close the connection. 403 # CLI flag: -server.grpc.keepalive.ping-without-stream-allowed 404 [grpc_server_ping_without_stream_allowed: <boolean> | default = true] 405 406 # Output log messages in the given format. Valid formats: [logfmt, json] 407 # CLI flag: -log.format 408 [log_format: <string> | default = "logfmt"] 409 410 # Only log messages with the given severity or above. Valid levels: [debug, 411 # info, warn, error] 412 # CLI flag: -log.level 413 [log_level: <string> | default = "info"] 414 415 # Optionally log the source IPs. 416 # CLI flag: -server.log-source-ips-enabled 417 [log_source_ips_enabled: <boolean> | default = false] 418 419 # Header field storing the source IPs. Only used if 420 # server.log-source-ips-enabled is true. If not set the default Forwarded, 421 # X-Real-IP and X-Forwarded-For headers are used 422 # CLI flag: -server.log-source-ips-header 423 [log_source_ips_header: <string> | default = ""] 424 425 # Regex for matching the source IPs. Only used if server.log-source-ips-enabled 426 # is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For 427 # headers are used 428 # CLI flag: -server.log-source-ips-regex 429 [log_source_ips_regex: <string> | default = ""] 430 431 # Base path to serve all API routes from (e.g. /v1/) 432 # CLI flag: -server.path-prefix 433 [http_path_prefix: <string> | default = ""] 434 ``` 435 436 ### `distributor_config` 437 438 The `distributor_config` configures the Cortex distributor. 439 440 ```yaml 441 pool: 442 # How frequently to clean up clients for ingesters that have gone away. 443 # CLI flag: -distributor.client-cleanup-period 444 [client_cleanup_period: <duration> | default = 15s] 445 446 # Run a health check on each ingester client during periodic cleanup. 447 # CLI flag: -distributor.health-check-ingesters 448 [health_check_ingesters: <boolean> | default = true] 449 450 ha_tracker: 451 # Enable the distributors HA tracker so that it can accept samples from 452 # Prometheus HA replicas gracefully (requires labels). 453 # CLI flag: -distributor.ha-tracker.enable 454 [enable_ha_tracker: <boolean> | default = false] 455 456 # Update the timestamp in the KV store for a given cluster/replica only after 457 # this amount of time has passed since the current stored timestamp. 458 # CLI flag: -distributor.ha-tracker.update-timeout 459 [ha_tracker_update_timeout: <duration> | default = 15s] 460 461 # Maximum jitter applied to the update timeout, in order to spread the HA 462 # heartbeats over time. 463 # CLI flag: -distributor.ha-tracker.update-timeout-jitter-max 464 [ha_tracker_update_timeout_jitter_max: <duration> | default = 5s] 465 466 # If we don't receive any samples from the accepted replica for a cluster in 467 # this amount of time we will failover to the next replica we receive a sample 468 # from. This value must be greater than the update timeout 469 # CLI flag: -distributor.ha-tracker.failover-timeout 470 [ha_tracker_failover_timeout: <duration> | default = 30s] 471 472 # Backend storage to use for the ring. Please be aware that memberlist is not 473 # supported by the HA tracker since gossip propagation is too slow for HA 474 # purposes. 475 kvstore: 476 # Backend storage to use for the ring. Supported values are: consul, etcd, 477 # inmemory, memberlist, multi. 478 # CLI flag: -distributor.ha-tracker.store 479 [store: <string> | default = "consul"] 480 481 # The prefix for the keys in the store. Should end with a /. 482 # CLI flag: -distributor.ha-tracker.prefix 483 [prefix: <string> | default = "ha-tracker/"] 484 485 # The consul_config configures the consul client. 486 # The CLI flags prefix for this block config is: distributor.ha-tracker 487 [consul: <consul_config>] 488 489 # The etcd_config configures the etcd client. 490 # The CLI flags prefix for this block config is: distributor.ha-tracker 491 [etcd: <etcd_config>] 492 493 multi: 494 # Primary backend storage used by multi-client. 495 # CLI flag: -distributor.ha-tracker.multi.primary 496 [primary: <string> | default = ""] 497 498 # Secondary backend storage used by multi-client. 499 # CLI flag: -distributor.ha-tracker.multi.secondary 500 [secondary: <string> | default = ""] 501 502 # Mirror writes to secondary store. 503 # CLI flag: -distributor.ha-tracker.multi.mirror-enabled 504 [mirror_enabled: <boolean> | default = false] 505 506 # Timeout for storing value to secondary store. 507 # CLI flag: -distributor.ha-tracker.multi.mirror-timeout 508 [mirror_timeout: <duration> | default = 2s] 509 510 # remote_write API max receive message size (bytes). 511 # CLI flag: -distributor.max-recv-msg-size 512 [max_recv_msg_size: <int> | default = 104857600] 513 514 # Timeout for downstream ingesters. 515 # CLI flag: -distributor.remote-timeout 516 [remote_timeout: <duration> | default = 2s] 517 518 # Time to wait before sending more than the minimum successful query requests. 519 # CLI flag: -distributor.extra-query-delay 520 [extra_queue_delay: <duration> | default = 0s] 521 522 # The sharding strategy to use. Supported values are: default, shuffle-sharding. 523 # CLI flag: -distributor.sharding-strategy 524 [sharding_strategy: <string> | default = "default"] 525 526 # Distribute samples based on all labels, as opposed to solely by user and 527 # metric name. 528 # CLI flag: -distributor.shard-by-all-labels 529 [shard_by_all_labels: <boolean> | default = false] 530 531 # Try writing to an additional ingester in the presence of an ingester not in 532 # the ACTIVE state. It is useful to disable this along with 533 # -ingester.unregister-on-shutdown=false in order to not spread samples to extra 534 # ingesters during rolling restarts with consistent naming. 535 # CLI flag: -distributor.extend-writes 536 [extend_writes: <boolean> | default = true] 537 538 ring: 539 kvstore: 540 # Backend storage to use for the ring. Supported values are: consul, etcd, 541 # inmemory, memberlist, multi. 542 # CLI flag: -distributor.ring.store 543 [store: <string> | default = "consul"] 544 545 # The prefix for the keys in the store. Should end with a /. 546 # CLI flag: -distributor.ring.prefix 547 [prefix: <string> | default = "collectors/"] 548 549 # The consul_config configures the consul client. 550 # The CLI flags prefix for this block config is: distributor.ring 551 [consul: <consul_config>] 552 553 # The etcd_config configures the etcd client. 554 # The CLI flags prefix for this block config is: distributor.ring 555 [etcd: <etcd_config>] 556 557 multi: 558 # Primary backend storage used by multi-client. 559 # CLI flag: -distributor.ring.multi.primary 560 [primary: <string> | default = ""] 561 562 # Secondary backend storage used by multi-client. 563 # CLI flag: -distributor.ring.multi.secondary 564 [secondary: <string> | default = ""] 565 566 # Mirror writes to secondary store. 567 # CLI flag: -distributor.ring.multi.mirror-enabled 568 [mirror_enabled: <boolean> | default = false] 569 570 # Timeout for storing value to secondary store. 571 # CLI flag: -distributor.ring.multi.mirror-timeout 572 [mirror_timeout: <duration> | default = 2s] 573 574 # Period at which to heartbeat to the ring. 0 = disabled. 575 # CLI flag: -distributor.ring.heartbeat-period 576 [heartbeat_period: <duration> | default = 5s] 577 578 # The heartbeat timeout after which distributors are considered unhealthy 579 # within the ring. 0 = never (timeout disabled). 580 # CLI flag: -distributor.ring.heartbeat-timeout 581 [heartbeat_timeout: <duration> | default = 1m] 582 583 # Name of network interface to read address from. 584 # CLI flag: -distributor.ring.instance-interface-names 585 [instance_interface_names: <list of string> | default = [eth0 en0]] 586 587 instance_limits: 588 # Max ingestion rate (samples/sec) that this distributor will accept. This 589 # limit is per-distributor, not per-tenant. Additional push requests will be 590 # rejected. Current ingestion rate is computed as exponentially weighted 591 # moving average, updated every second. 0 = unlimited. 592 # CLI flag: -distributor.instance-limits.max-ingestion-rate 593 [max_ingestion_rate: <float> | default = 0] 594 595 # Max inflight push requests that this distributor can handle. This limit is 596 # per-distributor, not per-tenant. Additional requests will be rejected. 0 = 597 # unlimited. 598 # CLI flag: -distributor.instance-limits.max-inflight-push-requests 599 [max_inflight_push_requests: <int> | default = 0] 600 ``` 601 602 ### `ingester_config` 603 604 The `ingester_config` configures the Cortex ingester. 605 606 ```yaml 607 # Configures the Write-Ahead Log (WAL) for the Cortex chunks storage. This 608 # config is ignored when running the Cortex blocks storage. 609 walconfig: 610 # Enable writing of ingested data into WAL. 611 # CLI flag: -ingester.wal-enabled 612 [wal_enabled: <boolean> | default = false] 613 614 # Enable checkpointing of in-memory chunks. It should always be true when 615 # using normally. Set it to false iff you are doing some small tests as there 616 # is no mechanism to delete the old WAL yet if checkpoint is disabled. 617 # CLI flag: -ingester.checkpoint-enabled 618 [checkpoint_enabled: <boolean> | default = true] 619 620 # Recover data from existing WAL irrespective of WAL enabled/disabled. 621 # CLI flag: -ingester.recover-from-wal 622 [recover_from_wal: <boolean> | default = false] 623 624 # Directory to store the WAL and/or recover from WAL. 625 # CLI flag: -ingester.wal-dir 626 [wal_dir: <string> | default = "wal"] 627 628 # Interval at which checkpoints should be created. 629 # CLI flag: -ingester.checkpoint-duration 630 [checkpoint_duration: <duration> | default = 30m] 631 632 # When WAL is enabled, should chunks be flushed to long-term storage on 633 # shutdown. Useful eg. for migration to blocks engine. 634 # CLI flag: -ingester.flush-on-shutdown-with-wal-enabled 635 [flush_on_shutdown_with_wal_enabled: <boolean> | default = false] 636 637 lifecycler: 638 ring: 639 kvstore: 640 # Backend storage to use for the ring. Supported values are: consul, etcd, 641 # inmemory, memberlist, multi. 642 # CLI flag: -ring.store 643 [store: <string> | default = "consul"] 644 645 # The prefix for the keys in the store. Should end with a /. 646 # CLI flag: -ring.prefix 647 [prefix: <string> | default = "collectors/"] 648 649 # The consul_config configures the consul client. 650 [consul: <consul_config>] 651 652 # The etcd_config configures the etcd client. 653 [etcd: <etcd_config>] 654 655 multi: 656 # Primary backend storage used by multi-client. 657 # CLI flag: -multi.primary 658 [primary: <string> | default = ""] 659 660 # Secondary backend storage used by multi-client. 661 # CLI flag: -multi.secondary 662 [secondary: <string> | default = ""] 663 664 # Mirror writes to secondary store. 665 # CLI flag: -multi.mirror-enabled 666 [mirror_enabled: <boolean> | default = false] 667 668 # Timeout for storing value to secondary store. 669 # CLI flag: -multi.mirror-timeout 670 [mirror_timeout: <duration> | default = 2s] 671 672 # The heartbeat timeout after which ingesters are skipped for reads/writes. 673 # 0 = never (timeout disabled). 674 # CLI flag: -ring.heartbeat-timeout 675 [heartbeat_timeout: <duration> | default = 1m] 676 677 # The number of ingesters to write to and read from. 678 # CLI flag: -distributor.replication-factor 679 [replication_factor: <int> | default = 3] 680 681 # True to enable the zone-awareness and replicate ingested samples across 682 # different availability zones. 683 # CLI flag: -distributor.zone-awareness-enabled 684 [zone_awareness_enabled: <boolean> | default = false] 685 686 # Comma-separated list of zones to exclude from the ring. Instances in 687 # excluded zones will be filtered out from the ring. 688 # CLI flag: -distributor.excluded-zones 689 [excluded_zones: <string> | default = ""] 690 691 # Number of tokens for each ingester. 692 # CLI flag: -ingester.num-tokens 693 [num_tokens: <int> | default = 128] 694 695 # Period at which to heartbeat to consul. 0 = disabled. 696 # CLI flag: -ingester.heartbeat-period 697 [heartbeat_period: <duration> | default = 5s] 698 699 # Observe tokens after generating to resolve collisions. Useful when using 700 # gossiping ring. 701 # CLI flag: -ingester.observe-period 702 [observe_period: <duration> | default = 0s] 703 704 # Period to wait for a claim from another member; will join automatically 705 # after this. 706 # CLI flag: -ingester.join-after 707 [join_after: <duration> | default = 0s] 708 709 # Minimum duration to wait after the internal readiness checks have passed but 710 # before succeeding the readiness endpoint. This is used to slowdown 711 # deployment controllers (eg. Kubernetes) after an instance is ready and 712 # before they proceed with a rolling update, to give the rest of the cluster 713 # instances enough time to receive ring updates. 714 # CLI flag: -ingester.min-ready-duration 715 [min_ready_duration: <duration> | default = 15s] 716 717 # Name of network interface to read address from. 718 # CLI flag: -ingester.lifecycler.interface 719 [interface_names: <list of string> | default = [eth0 en0]] 720 721 # Duration to sleep for before exiting, to ensure metrics are scraped. 722 # CLI flag: -ingester.final-sleep 723 [final_sleep: <duration> | default = 30s] 724 725 # File path where tokens are stored. If empty, tokens are not stored at 726 # shutdown and restored at startup. 727 # CLI flag: -ingester.tokens-file-path 728 [tokens_file_path: <string> | default = ""] 729 730 # The availability zone where this instance is running. 731 # CLI flag: -ingester.availability-zone 732 [availability_zone: <string> | default = ""] 733 734 # Unregister from the ring upon clean shutdown. It can be useful to disable 735 # for rolling restarts with consistent naming in conjunction with 736 # -distributor.extend-writes=false. 737 # CLI flag: -ingester.unregister-on-shutdown 738 [unregister_on_shutdown: <boolean> | default = true] 739 740 # When enabled the readiness probe succeeds only after all instances are 741 # ACTIVE and healthy in the ring, otherwise only the instance itself is 742 # checked. This option should be disabled if in your cluster multiple 743 # instances can be rolled out simultaneously, otherwise rolling updates may be 744 # slowed down. 745 # CLI flag: -ingester.readiness-check-ring-health 746 [readiness_check_ring_health: <boolean> | default = true] 747 748 # Number of times to try and transfer chunks before falling back to flushing. 749 # Negative value or zero disables hand-over. This feature is supported only by 750 # the chunks storage. 751 # CLI flag: -ingester.max-transfer-retries 752 [max_transfer_retries: <int> | default = 10] 753 754 # Period with which to attempt to flush chunks. 755 # CLI flag: -ingester.flush-period 756 [flush_period: <duration> | default = 1m] 757 758 # Period chunks will remain in memory after flushing. 759 # CLI flag: -ingester.retain-period 760 [retain_period: <duration> | default = 5m] 761 762 # Maximum chunk idle time before flushing. 763 # CLI flag: -ingester.max-chunk-idle 764 [max_chunk_idle_time: <duration> | default = 5m] 765 766 # Maximum chunk idle time for chunks terminating in stale markers before 767 # flushing. 0 disables it and a stale series is not flushed until the 768 # max-chunk-idle timeout is reached. 769 # CLI flag: -ingester.max-stale-chunk-idle 770 [max_stale_chunk_idle_time: <duration> | default = 2m] 771 772 # Timeout for individual flush operations. 773 # CLI flag: -ingester.flush-op-timeout 774 [flush_op_timeout: <duration> | default = 1m] 775 776 # Maximum chunk age before flushing. 777 # CLI flag: -ingester.max-chunk-age 778 [max_chunk_age: <duration> | default = 12h] 779 780 # Range of time to subtract from -ingester.max-chunk-age to spread out flushes 781 # CLI flag: -ingester.chunk-age-jitter 782 [chunk_age_jitter: <duration> | default = 0s] 783 784 # Number of concurrent goroutines flushing to dynamodb. 785 # CLI flag: -ingester.concurrent-flushes 786 [concurrent_flushes: <int> | default = 50] 787 788 # If true, spread series flushes across the whole period of 789 # -ingester.max-chunk-age. 790 # CLI flag: -ingester.spread-flushes 791 [spread_flushes: <boolean> | default = true] 792 793 # Period at which metadata we have not seen will remain in memory before being 794 # deleted. 795 # CLI flag: -ingester.metadata-retain-period 796 [metadata_retain_period: <duration> | default = 10m] 797 798 # Period with which to update the per-user ingestion rates. 799 # CLI flag: -ingester.rate-update-period 800 [rate_update_period: <duration> | default = 15s] 801 802 # Enable tracking of active series and export them as metrics. 803 # CLI flag: -ingester.active-series-metrics-enabled 804 [active_series_metrics_enabled: <boolean> | default = true] 805 806 # How often to update active series metrics. 807 # CLI flag: -ingester.active-series-metrics-update-period 808 [active_series_metrics_update_period: <duration> | default = 1m] 809 810 # After what time a series is considered to be inactive. 811 # CLI flag: -ingester.active-series-metrics-idle-timeout 812 [active_series_metrics_idle_timeout: <duration> | default = 10m] 813 814 instance_limits: 815 # Max ingestion rate (samples/sec) that ingester will accept. This limit is 816 # per-ingester, not per-tenant. Additional push requests will be rejected. 817 # Current ingestion rate is computed as exponentially weighted moving average, 818 # updated every second. This limit only works when using blocks engine. 0 = 819 # unlimited. 820 # CLI flag: -ingester.instance-limits.max-ingestion-rate 821 [max_ingestion_rate: <float> | default = 0] 822 823 # Max users that this ingester can hold. Requests from additional users will 824 # be rejected. This limit only works when using blocks engine. 0 = unlimited. 825 # CLI flag: -ingester.instance-limits.max-tenants 826 [max_tenants: <int> | default = 0] 827 828 # Max series that this ingester can hold (across all tenants). Requests to 829 # create additional series will be rejected. This limit only works when using 830 # blocks engine. 0 = unlimited. 831 # CLI flag: -ingester.instance-limits.max-series 832 [max_series: <int> | default = 0] 833 834 # Max inflight push requests that this ingester can handle (across all 835 # tenants). Additional requests will be rejected. 0 = unlimited. 836 # CLI flag: -ingester.instance-limits.max-inflight-push-requests 837 [max_inflight_push_requests: <int> | default = 0] 838 839 # Comma-separated list of metric names, for which 840 # -ingester.max-series-per-metric and -ingester.max-global-series-per-metric 841 # limits will be ignored. Does not affect max-series-per-user or 842 # max-global-series-per-metric limits. 843 # CLI flag: -ingester.ignore-series-limit-for-metric-names 844 [ignore_series_limit_for_metric_names: <string> | default = ""] 845 ``` 846 847 ### `querier_config` 848 849 The `querier_config` configures the Cortex querier. 850 851 ```yaml 852 # The maximum number of concurrent queries. 853 # CLI flag: -querier.max-concurrent 854 [max_concurrent: <int> | default = 20] 855 856 # The timeout for a query. 857 # CLI flag: -querier.timeout 858 [timeout: <duration> | default = 2m] 859 860 # Use iterators to execute query, as opposed to fully materialising the series 861 # in memory. 862 # CLI flag: -querier.iterators 863 [iterators: <boolean> | default = false] 864 865 # Use batch iterators to execute query, as opposed to fully materialising the 866 # series in memory. Takes precedent over the -querier.iterators flag. 867 # CLI flag: -querier.batch-iterators 868 [batch_iterators: <boolean> | default = true] 869 870 # Use streaming RPCs to query ingester. 871 # CLI flag: -querier.ingester-streaming 872 [ingester_streaming: <boolean> | default = true] 873 874 # Maximum number of samples a single query can load into memory. 875 # CLI flag: -querier.max-samples 876 [max_samples: <int> | default = 50000000] 877 878 # Maximum lookback beyond which queries are not sent to ingester. 0 means all 879 # queries are sent to ingester. 880 # CLI flag: -querier.query-ingesters-within 881 [query_ingesters_within: <duration> | default = 0s] 882 883 # Query long-term store for series, label values and label names APIs. Works 884 # only with blocks engine. 885 # CLI flag: -querier.query-store-for-labels-enabled 886 [query_store_for_labels_enabled: <boolean> | default = false] 887 888 # Enable the @ modifier in PromQL. 889 # CLI flag: -querier.at-modifier-enabled 890 [at_modifier_enabled: <boolean> | default = false] 891 892 # The time after which a metric should be queried from storage and not just 893 # ingesters. 0 means all queries are sent to store. When running the blocks 894 # storage, if this option is enabled, the time range of the query sent to the 895 # store will be manipulated to ensure the query end is not more recent than 'now 896 # - query-store-after'. 897 # CLI flag: -querier.query-store-after 898 [query_store_after: <duration> | default = 0s] 899 900 # Maximum duration into the future you can query. 0 to disable. 901 # CLI flag: -querier.max-query-into-future 902 [max_query_into_future: <duration> | default = 10m] 903 904 # The default evaluation interval or step size for subqueries. 905 # CLI flag: -querier.default-evaluation-interval 906 [default_evaluation_interval: <duration> | default = 1m] 907 908 # Active query tracker monitors active queries, and writes them to the file in 909 # given directory. If Cortex discovers any queries in this log during startup, 910 # it will log them to the log file. Setting to empty value disables active query 911 # tracker, which also disables -querier.max-concurrent option. 912 # CLI flag: -querier.active-query-tracker-dir 913 [active_query_tracker_dir: <string> | default = "./active-query-tracker"] 914 915 # Time since the last sample after which a time series is considered stale and 916 # ignored by expression evaluations. 917 # CLI flag: -querier.lookback-delta 918 [lookback_delta: <duration> | default = 5m] 919 920 # Comma separated list of store-gateway addresses in DNS Service Discovery 921 # format. This option should be set when using the blocks storage and the 922 # store-gateway sharding is disabled (when enabled, the store-gateway instances 923 # form a ring and addresses are picked from the ring). 924 # CLI flag: -querier.store-gateway-addresses 925 [store_gateway_addresses: <string> | default = ""] 926 927 store_gateway_client: 928 # Enable TLS for gRPC client connecting to store-gateway. 929 # CLI flag: -querier.store-gateway-client.tls-enabled 930 [tls_enabled: <boolean> | default = false] 931 932 # Path to the client certificate file, which will be used for authenticating 933 # with the server. Also requires the key path to be configured. 934 # CLI flag: -querier.store-gateway-client.tls-cert-path 935 [tls_cert_path: <string> | default = ""] 936 937 # Path to the key file for the client certificate. Also requires the client 938 # certificate to be configured. 939 # CLI flag: -querier.store-gateway-client.tls-key-path 940 [tls_key_path: <string> | default = ""] 941 942 # Path to the CA certificates file to validate server certificate against. If 943 # not set, the host's root CA certificates are used. 944 # CLI flag: -querier.store-gateway-client.tls-ca-path 945 [tls_ca_path: <string> | default = ""] 946 947 # Override the expected name on the server certificate. 948 # CLI flag: -querier.store-gateway-client.tls-server-name 949 [tls_server_name: <string> | default = ""] 950 951 # Skip validating server certificate. 952 # CLI flag: -querier.store-gateway-client.tls-insecure-skip-verify 953 [tls_insecure_skip_verify: <boolean> | default = false] 954 955 # Second store engine to use for querying. Empty = disabled. 956 # CLI flag: -querier.second-store-engine 957 [second_store_engine: <string> | default = ""] 958 959 # If specified, second store is only used for queries before this timestamp. 960 # Default value 0 means secondary store is always queried. 961 # CLI flag: -querier.use-second-store-before-time 962 [use_second_store_before_time: <time> | default = 0] 963 964 # When distributor's sharding strategy is shuffle-sharding and this setting is > 965 # 0, queriers fetch in-memory series from the minimum set of required ingesters, 966 # selecting only ingesters which may have received series since 'now - lookback 967 # period'. The lookback period should be greater or equal than the configured 968 # 'query store after' and 'query ingesters within'. If this setting is 0, 969 # queriers always query all ingesters (ingesters shuffle sharding on read path 970 # is disabled). 971 # CLI flag: -querier.shuffle-sharding-ingesters-lookback-period 972 [shuffle_sharding_ingesters_lookback_period: <duration> | default = 0s] 973 ``` 974 975 ### `query_frontend_config` 976 977 The `query_frontend_config` configures the Cortex query-frontend. 978 979 ```yaml 980 # Log queries that are slower than the specified duration. Set to 0 to disable. 981 # Set to < 0 to enable on all queries. 982 # CLI flag: -frontend.log-queries-longer-than 983 [log_queries_longer_than: <duration> | default = 0s] 984 985 # Max body size for downstream prometheus. 986 # CLI flag: -frontend.max-body-size 987 [max_body_size: <int> | default = 10485760] 988 989 # True to enable query statistics tracking. When enabled, a message with some 990 # statistics is logged for every query. 991 # CLI flag: -frontend.query-stats-enabled 992 [query_stats_enabled: <boolean> | default = false] 993 994 # Maximum number of outstanding requests per tenant per frontend; requests 995 # beyond this error with HTTP 429. 996 # CLI flag: -querier.max-outstanding-requests-per-tenant 997 [max_outstanding_per_tenant: <int> | default = 100] 998 999 # If a querier disconnects without sending notification about graceful shutdown, 1000 # the query-frontend will keep the querier in the tenant's shard until the 1001 # forget delay has passed. This feature is useful to reduce the blast radius 1002 # when shuffle-sharding is enabled. 1003 # CLI flag: -query-frontend.querier-forget-delay 1004 [querier_forget_delay: <duration> | default = 0s] 1005 1006 # DNS hostname used for finding query-schedulers. 1007 # CLI flag: -frontend.scheduler-address 1008 [scheduler_address: <string> | default = ""] 1009 1010 # How often to resolve the scheduler-address, in order to look for new 1011 # query-scheduler instances. 1012 # CLI flag: -frontend.scheduler-dns-lookup-period 1013 [scheduler_dns_lookup_period: <duration> | default = 10s] 1014 1015 # Number of concurrent workers forwarding queries to single query-scheduler. 1016 # CLI flag: -frontend.scheduler-worker-concurrency 1017 [scheduler_worker_concurrency: <int> | default = 5] 1018 1019 grpc_client_config: 1020 # gRPC client max receive message size (bytes). 1021 # CLI flag: -frontend.grpc-client-config.grpc-max-recv-msg-size 1022 [max_recv_msg_size: <int> | default = 104857600] 1023 1024 # gRPC client max send message size (bytes). 1025 # CLI flag: -frontend.grpc-client-config.grpc-max-send-msg-size 1026 [max_send_msg_size: <int> | default = 16777216] 1027 1028 # Use compression when sending messages. Supported values are: 'gzip', 1029 # 'snappy' and '' (disable compression) 1030 # CLI flag: -frontend.grpc-client-config.grpc-compression 1031 [grpc_compression: <string> | default = ""] 1032 1033 # Rate limit for gRPC client; 0 means disabled. 1034 # CLI flag: -frontend.grpc-client-config.grpc-client-rate-limit 1035 [rate_limit: <float> | default = 0] 1036 1037 # Rate limit burst for gRPC client. 1038 # CLI flag: -frontend.grpc-client-config.grpc-client-rate-limit-burst 1039 [rate_limit_burst: <int> | default = 0] 1040 1041 # Enable backoff and retry when we hit ratelimits. 1042 # CLI flag: -frontend.grpc-client-config.backoff-on-ratelimits 1043 [backoff_on_ratelimits: <boolean> | default = false] 1044 1045 backoff_config: 1046 # Minimum delay when backing off. 1047 # CLI flag: -frontend.grpc-client-config.backoff-min-period 1048 [min_period: <duration> | default = 100ms] 1049 1050 # Maximum delay when backing off. 1051 # CLI flag: -frontend.grpc-client-config.backoff-max-period 1052 [max_period: <duration> | default = 10s] 1053 1054 # Number of times to backoff and retry before failing. 1055 # CLI flag: -frontend.grpc-client-config.backoff-retries 1056 [max_retries: <int> | default = 10] 1057 1058 # Enable TLS in the GRPC client. This flag needs to be enabled when any other 1059 # TLS flag is set. If set to false, insecure connection to gRPC server will be 1060 # used. 1061 # CLI flag: -frontend.grpc-client-config.tls-enabled 1062 [tls_enabled: <boolean> | default = false] 1063 1064 # Path to the client certificate file, which will be used for authenticating 1065 # with the server. Also requires the key path to be configured. 1066 # CLI flag: -frontend.grpc-client-config.tls-cert-path 1067 [tls_cert_path: <string> | default = ""] 1068 1069 # Path to the key file for the client certificate. Also requires the client 1070 # certificate to be configured. 1071 # CLI flag: -frontend.grpc-client-config.tls-key-path 1072 [tls_key_path: <string> | default = ""] 1073 1074 # Path to the CA certificates file to validate server certificate against. If 1075 # not set, the host's root CA certificates are used. 1076 # CLI flag: -frontend.grpc-client-config.tls-ca-path 1077 [tls_ca_path: <string> | default = ""] 1078 1079 # Override the expected name on the server certificate. 1080 # CLI flag: -frontend.grpc-client-config.tls-server-name 1081 [tls_server_name: <string> | default = ""] 1082 1083 # Skip validating server certificate. 1084 # CLI flag: -frontend.grpc-client-config.tls-insecure-skip-verify 1085 [tls_insecure_skip_verify: <boolean> | default = false] 1086 1087 # Name of network interface to read address from. This address is sent to 1088 # query-scheduler and querier, which uses it to send the query response back to 1089 # query-frontend. 1090 # CLI flag: -frontend.instance-interface-names 1091 [instance_interface_names: <list of string> | default = [eth0 en0]] 1092 1093 # URL of downstream Prometheus. 1094 # CLI flag: -frontend.downstream-url 1095 [downstream_url: <string> | default = ""] 1096 ``` 1097 1098 ### `query_range_config` 1099 1100 The `query_range_config` configures the query splitting and caching in the Cortex query-frontend. 1101 1102 ```yaml 1103 # Split queries by an interval and execute in parallel, 0 disables it. You 1104 # should use an a multiple of 24 hours (same as the storage bucketing scheme), 1105 # to avoid queriers downloading and processing the same chunks. This also 1106 # determines how cache keys are chosen when result caching is enabled 1107 # CLI flag: -querier.split-queries-by-interval 1108 [split_queries_by_interval: <duration> | default = 0s] 1109 1110 # Mutate incoming queries to align their start and end with their step. 1111 # CLI flag: -querier.align-querier-with-step 1112 [align_queries_with_step: <boolean> | default = false] 1113 1114 results_cache: 1115 cache: 1116 # Enable in-memory cache. 1117 # CLI flag: -frontend.cache.enable-fifocache 1118 [enable_fifocache: <boolean> | default = false] 1119 1120 # The default validity of entries for caches unless overridden. 1121 # CLI flag: -frontend.default-validity 1122 [default_validity: <duration> | default = 0s] 1123 1124 background: 1125 # At what concurrency to write back to cache. 1126 # CLI flag: -frontend.background.write-back-concurrency 1127 [writeback_goroutines: <int> | default = 10] 1128 1129 # How many key batches to buffer for background write-back. 1130 # CLI flag: -frontend.background.write-back-buffer 1131 [writeback_buffer: <int> | default = 10000] 1132 1133 # The memcached_config block configures how data is stored in Memcached (ie. 1134 # expiration). 1135 # The CLI flags prefix for this block config is: frontend 1136 [memcached: <memcached_config>] 1137 1138 # The memcached_client_config configures the client used to connect to 1139 # Memcached. 1140 # The CLI flags prefix for this block config is: frontend 1141 [memcached_client: <memcached_client_config>] 1142 1143 # The redis_config configures the Redis backend cache. 1144 # The CLI flags prefix for this block config is: frontend 1145 [redis: <redis_config>] 1146 1147 # The fifo_cache_config configures the local in-memory cache. 1148 # The CLI flags prefix for this block config is: frontend 1149 [fifocache: <fifo_cache_config>] 1150 1151 # Use compression in results cache. Supported values are: 'snappy' and '' 1152 # (disable compression). 1153 # CLI flag: -frontend.compression 1154 [compression: <string> | default = ""] 1155 1156 # Cache query results. 1157 # CLI flag: -querier.cache-results 1158 [cache_results: <boolean> | default = false] 1159 1160 # Maximum number of retries for a single request; beyond this, the downstream 1161 # error is returned. 1162 # CLI flag: -querier.max-retries-per-request 1163 [max_retries: <int> | default = 5] 1164 1165 # Perform query parallelisations based on storage sharding configuration and 1166 # query ASTs. This feature is supported only by the chunks storage engine. 1167 # CLI flag: -querier.parallelise-shardable-queries 1168 [parallelise_shardable_queries: <boolean> | default = false] 1169 ``` 1170 1171 ### `ruler_config` 1172 1173 The `ruler_config` configures the Cortex ruler. 1174 1175 ```yaml 1176 # URL of alerts return path. 1177 # CLI flag: -ruler.external.url 1178 [external_url: <url> | default = ] 1179 1180 ruler_client: 1181 # gRPC client max receive message size (bytes). 1182 # CLI flag: -ruler.client.grpc-max-recv-msg-size 1183 [max_recv_msg_size: <int> | default = 104857600] 1184 1185 # gRPC client max send message size (bytes). 1186 # CLI flag: -ruler.client.grpc-max-send-msg-size 1187 [max_send_msg_size: <int> | default = 16777216] 1188 1189 # Use compression when sending messages. Supported values are: 'gzip', 1190 # 'snappy' and '' (disable compression) 1191 # CLI flag: -ruler.client.grpc-compression 1192 [grpc_compression: <string> | default = ""] 1193 1194 # Rate limit for gRPC client; 0 means disabled. 1195 # CLI flag: -ruler.client.grpc-client-rate-limit 1196 [rate_limit: <float> | default = 0] 1197 1198 # Rate limit burst for gRPC client. 1199 # CLI flag: -ruler.client.grpc-client-rate-limit-burst 1200 [rate_limit_burst: <int> | default = 0] 1201 1202 # Enable backoff and retry when we hit ratelimits. 1203 # CLI flag: -ruler.client.backoff-on-ratelimits 1204 [backoff_on_ratelimits: <boolean> | default = false] 1205 1206 backoff_config: 1207 # Minimum delay when backing off. 1208 # CLI flag: -ruler.client.backoff-min-period 1209 [min_period: <duration> | default = 100ms] 1210 1211 # Maximum delay when backing off. 1212 # CLI flag: -ruler.client.backoff-max-period 1213 [max_period: <duration> | default = 10s] 1214 1215 # Number of times to backoff and retry before failing. 1216 # CLI flag: -ruler.client.backoff-retries 1217 [max_retries: <int> | default = 10] 1218 1219 # Enable TLS in the GRPC client. This flag needs to be enabled when any other 1220 # TLS flag is set. If set to false, insecure connection to gRPC server will be 1221 # used. 1222 # CLI flag: -ruler.client.tls-enabled 1223 [tls_enabled: <boolean> | default = false] 1224 1225 # Path to the client certificate file, which will be used for authenticating 1226 # with the server. Also requires the key path to be configured. 1227 # CLI flag: -ruler.client.tls-cert-path 1228 [tls_cert_path: <string> | default = ""] 1229 1230 # Path to the key file for the client certificate. Also requires the client 1231 # certificate to be configured. 1232 # CLI flag: -ruler.client.tls-key-path 1233 [tls_key_path: <string> | default = ""] 1234 1235 # Path to the CA certificates file to validate server certificate against. If 1236 # not set, the host's root CA certificates are used. 1237 # CLI flag: -ruler.client.tls-ca-path 1238 [tls_ca_path: <string> | default = ""] 1239 1240 # Override the expected name on the server certificate. 1241 # CLI flag: -ruler.client.tls-server-name 1242 [tls_server_name: <string> | default = ""] 1243 1244 # Skip validating server certificate. 1245 # CLI flag: -ruler.client.tls-insecure-skip-verify 1246 [tls_insecure_skip_verify: <boolean> | default = false] 1247 1248 # How frequently to evaluate rules 1249 # CLI flag: -ruler.evaluation-interval 1250 [evaluation_interval: <duration> | default = 1m] 1251 1252 # How frequently to poll for rule changes 1253 # CLI flag: -ruler.poll-interval 1254 [poll_interval: <duration> | default = 1m] 1255 1256 # Deprecated. Use -ruler-storage.* CLI flags and their respective YAML config 1257 # options instead. 1258 storage: 1259 # Method to use for backend rule storage (configdb, azure, gcs, s3, swift, 1260 # local) 1261 # CLI flag: -ruler.storage.type 1262 [type: <string> | default = "configdb"] 1263 1264 # The configstore_config configures the config database storing rules and 1265 # alerts, and is used by the Cortex alertmanager. 1266 # The CLI flags prefix for this block config is: ruler 1267 [configdb: <configstore_config>] 1268 1269 azure: 1270 # Azure Cloud environment. Supported values are: AzureGlobal, 1271 # AzureChinaCloud, AzureGermanCloud, AzureUSGovernment. 1272 # CLI flag: -ruler.storage.azure.environment 1273 [environment: <string> | default = "AzureGlobal"] 1274 1275 # Name of the blob container used to store chunks. This container must be 1276 # created before running cortex. 1277 # CLI flag: -ruler.storage.azure.container-name 1278 [container_name: <string> | default = "cortex"] 1279 1280 # The Microsoft Azure account name to be used 1281 # CLI flag: -ruler.storage.azure.account-name 1282 [account_name: <string> | default = ""] 1283 1284 # The Microsoft Azure account key to use. 1285 # CLI flag: -ruler.storage.azure.account-key 1286 [account_key: <string> | default = ""] 1287 1288 # Preallocated buffer size for downloads. 1289 # CLI flag: -ruler.storage.azure.download-buffer-size 1290 [download_buffer_size: <int> | default = 512000] 1291 1292 # Preallocated buffer size for uploads. 1293 # CLI flag: -ruler.storage.azure.upload-buffer-size 1294 [upload_buffer_size: <int> | default = 256000] 1295 1296 # Number of buffers used to used to upload a chunk. 1297 # CLI flag: -ruler.storage.azure.download-buffer-count 1298 [upload_buffer_count: <int> | default = 1] 1299 1300 # Timeout for requests made against azure blob storage. 1301 # CLI flag: -ruler.storage.azure.request-timeout 1302 [request_timeout: <duration> | default = 30s] 1303 1304 # Number of retries for a request which times out. 1305 # CLI flag: -ruler.storage.azure.max-retries 1306 [max_retries: <int> | default = 5] 1307 1308 # Minimum time to wait before retrying a request. 1309 # CLI flag: -ruler.storage.azure.min-retry-delay 1310 [min_retry_delay: <duration> | default = 10ms] 1311 1312 # Maximum time to wait before retrying a request. 1313 # CLI flag: -ruler.storage.azure.max-retry-delay 1314 [max_retry_delay: <duration> | default = 500ms] 1315 1316 gcs: 1317 # Name of GCS bucket. Please refer to 1318 # https://cloud.google.com/docs/authentication/production for more 1319 # information about how to configure authentication. 1320 # CLI flag: -ruler.storage.gcs.bucketname 1321 [bucket_name: <string> | default = ""] 1322 1323 # The size of the buffer that GCS client for each PUT request. 0 to disable 1324 # buffering. 1325 # CLI flag: -ruler.storage.gcs.chunk-buffer-size 1326 [chunk_buffer_size: <int> | default = 0] 1327 1328 # The duration after which the requests to GCS should be timed out. 1329 # CLI flag: -ruler.storage.gcs.request-timeout 1330 [request_timeout: <duration> | default = 0s] 1331 1332 # Enabled OpenCensus (OC) instrumentation for all requests. 1333 # CLI flag: -ruler.storage.gcs.enable-opencensus 1334 [enable_opencensus: <boolean> | default = true] 1335 1336 s3: 1337 # S3 endpoint URL with escaped Key and Secret encoded. If only region is 1338 # specified as a host, proper endpoint will be deduced. Use 1339 # inmemory:///<bucket-name> to use a mock in-memory implementation. 1340 # CLI flag: -ruler.storage.s3.url 1341 [s3: <url> | default = ] 1342 1343 # Set this to `true` to force the request to use path-style addressing. 1344 # CLI flag: -ruler.storage.s3.force-path-style 1345 [s3forcepathstyle: <boolean> | default = false] 1346 1347 # Comma separated list of bucket names to evenly distribute chunks over. 1348 # Overrides any buckets specified in s3.url flag 1349 # CLI flag: -ruler.storage.s3.buckets 1350 [bucketnames: <string> | default = ""] 1351 1352 # S3 Endpoint to connect to. 1353 # CLI flag: -ruler.storage.s3.endpoint 1354 [endpoint: <string> | default = ""] 1355 1356 # AWS region to use. 1357 # CLI flag: -ruler.storage.s3.region 1358 [region: <string> | default = ""] 1359 1360 # AWS Access Key ID 1361 # CLI flag: -ruler.storage.s3.access-key-id 1362 [access_key_id: <string> | default = ""] 1363 1364 # AWS Secret Access Key 1365 # CLI flag: -ruler.storage.s3.secret-access-key 1366 [secret_access_key: <string> | default = ""] 1367 1368 # Disable https on s3 connection. 1369 # CLI flag: -ruler.storage.s3.insecure 1370 [insecure: <boolean> | default = false] 1371 1372 # Enable AWS Server Side Encryption [Deprecated: Use .sse instead. if 1373 # s3.sse-encryption is enabled, it assumes .sse.type SSE-S3] 1374 # CLI flag: -ruler.storage.s3.sse-encryption 1375 [sse_encryption: <boolean> | default = false] 1376 1377 http_config: 1378 # The maximum amount of time an idle connection will be held open. 1379 # CLI flag: -ruler.storage.s3.http.idle-conn-timeout 1380 [idle_conn_timeout: <duration> | default = 1m30s] 1381 1382 # If non-zero, specifies the amount of time to wait for a server's 1383 # response headers after fully writing the request. 1384 # CLI flag: -ruler.storage.s3.http.response-header-timeout 1385 [response_header_timeout: <duration> | default = 0s] 1386 1387 # Set to false to skip verifying the certificate chain and hostname. 1388 # CLI flag: -ruler.storage.s3.http.insecure-skip-verify 1389 [insecure_skip_verify: <boolean> | default = false] 1390 1391 # The signature version to use for authenticating against S3. Supported 1392 # values are: v4, v2. 1393 # CLI flag: -ruler.storage.s3.signature-version 1394 [signature_version: <string> | default = "v4"] 1395 1396 # The s3_sse_config configures the S3 server-side encryption. 1397 # The CLI flags prefix for this block config is: ruler.storage 1398 [sse: <s3_sse_config>] 1399 1400 swift: 1401 # OpenStack Swift authentication API version. 0 to autodetect. 1402 # CLI flag: -ruler.storage.swift.auth-version 1403 [auth_version: <int> | default = 0] 1404 1405 # OpenStack Swift authentication URL 1406 # CLI flag: -ruler.storage.swift.auth-url 1407 [auth_url: <string> | default = ""] 1408 1409 # OpenStack Swift username. 1410 # CLI flag: -ruler.storage.swift.username 1411 [username: <string> | default = ""] 1412 1413 # OpenStack Swift user's domain name. 1414 # CLI flag: -ruler.storage.swift.user-domain-name 1415 [user_domain_name: <string> | default = ""] 1416 1417 # OpenStack Swift user's domain ID. 1418 # CLI flag: -ruler.storage.swift.user-domain-id 1419 [user_domain_id: <string> | default = ""] 1420 1421 # OpenStack Swift user ID. 1422 # CLI flag: -ruler.storage.swift.user-id 1423 [user_id: <string> | default = ""] 1424 1425 # OpenStack Swift API key. 1426 # CLI flag: -ruler.storage.swift.password 1427 [password: <string> | default = ""] 1428 1429 # OpenStack Swift user's domain ID. 1430 # CLI flag: -ruler.storage.swift.domain-id 1431 [domain_id: <string> | default = ""] 1432 1433 # OpenStack Swift user's domain name. 1434 # CLI flag: -ruler.storage.swift.domain-name 1435 [domain_name: <string> | default = ""] 1436 1437 # OpenStack Swift project ID (v2,v3 auth only). 1438 # CLI flag: -ruler.storage.swift.project-id 1439 [project_id: <string> | default = ""] 1440 1441 # OpenStack Swift project name (v2,v3 auth only). 1442 # CLI flag: -ruler.storage.swift.project-name 1443 [project_name: <string> | default = ""] 1444 1445 # ID of the OpenStack Swift project's domain (v3 auth only), only needed if 1446 # it differs the from user domain. 1447 # CLI flag: -ruler.storage.swift.project-domain-id 1448 [project_domain_id: <string> | default = ""] 1449 1450 # Name of the OpenStack Swift project's domain (v3 auth only), only needed 1451 # if it differs from the user domain. 1452 # CLI flag: -ruler.storage.swift.project-domain-name 1453 [project_domain_name: <string> | default = ""] 1454 1455 # OpenStack Swift Region to use (v2,v3 auth only). 1456 # CLI flag: -ruler.storage.swift.region-name 1457 [region_name: <string> | default = ""] 1458 1459 # Name of the OpenStack Swift container to put chunks in. 1460 # CLI flag: -ruler.storage.swift.container-name 1461 [container_name: <string> | default = ""] 1462 1463 # Max retries on requests error. 1464 # CLI flag: -ruler.storage.swift.max-retries 1465 [max_retries: <int> | default = 3] 1466 1467 # Time after which a connection attempt is aborted. 1468 # CLI flag: -ruler.storage.swift.connect-timeout 1469 [connect_timeout: <duration> | default = 10s] 1470 1471 # Time after which an idle request is aborted. The timeout watchdog is reset 1472 # each time some data is received, so the timeout triggers after X time no 1473 # data is received on a request. 1474 # CLI flag: -ruler.storage.swift.request-timeout 1475 [request_timeout: <duration> | default = 5s] 1476 1477 local: 1478 # Directory to scan for rules 1479 # CLI flag: -ruler.storage.local.directory 1480 [directory: <string> | default = ""] 1481 1482 # file path to store temporary rule files for the prometheus rule managers 1483 # CLI flag: -ruler.rule-path 1484 [rule_path: <string> | default = "/rules"] 1485 1486 # Comma-separated list of URL(s) of the Alertmanager(s) to send notifications 1487 # to. Each Alertmanager URL is treated as a separate group in the configuration. 1488 # Multiple Alertmanagers in HA per group can be supported by using DNS 1489 # resolution via -ruler.alertmanager-discovery. 1490 # CLI flag: -ruler.alertmanager-url 1491 [alertmanager_url: <string> | default = ""] 1492 1493 # Use DNS SRV records to discover Alertmanager hosts. 1494 # CLI flag: -ruler.alertmanager-discovery 1495 [enable_alertmanager_discovery: <boolean> | default = false] 1496 1497 # How long to wait between refreshing DNS resolutions of Alertmanager hosts. 1498 # CLI flag: -ruler.alertmanager-refresh-interval 1499 [alertmanager_refresh_interval: <duration> | default = 1m] 1500 1501 # If enabled requests to Alertmanager will utilize the V2 API. 1502 # CLI flag: -ruler.alertmanager-use-v2 1503 [enable_alertmanager_v2: <boolean> | default = false] 1504 1505 # Capacity of the queue for notifications to be sent to the Alertmanager. 1506 # CLI flag: -ruler.notification-queue-capacity 1507 [notification_queue_capacity: <int> | default = 10000] 1508 1509 # HTTP timeout duration when sending notifications to the Alertmanager. 1510 # CLI flag: -ruler.notification-timeout 1511 [notification_timeout: <duration> | default = 10s] 1512 1513 alertmanager_client: 1514 # Path to the client certificate file, which will be used for authenticating 1515 # with the server. Also requires the key path to be configured. 1516 # CLI flag: -ruler.alertmanager-client.tls-cert-path 1517 [tls_cert_path: <string> | default = ""] 1518 1519 # Path to the key file for the client certificate. Also requires the client 1520 # certificate to be configured. 1521 # CLI flag: -ruler.alertmanager-client.tls-key-path 1522 [tls_key_path: <string> | default = ""] 1523 1524 # Path to the CA certificates file to validate server certificate against. If 1525 # not set, the host's root CA certificates are used. 1526 # CLI flag: -ruler.alertmanager-client.tls-ca-path 1527 [tls_ca_path: <string> | default = ""] 1528 1529 # Override the expected name on the server certificate. 1530 # CLI flag: -ruler.alertmanager-client.tls-server-name 1531 [tls_server_name: <string> | default = ""] 1532 1533 # Skip validating server certificate. 1534 # CLI flag: -ruler.alertmanager-client.tls-insecure-skip-verify 1535 [tls_insecure_skip_verify: <boolean> | default = false] 1536 1537 # HTTP Basic authentication username. It overrides the username set in the URL 1538 # (if any). 1539 # CLI flag: -ruler.alertmanager-client.basic-auth-username 1540 [basic_auth_username: <string> | default = ""] 1541 1542 # HTTP Basic authentication password. It overrides the password set in the URL 1543 # (if any). 1544 # CLI flag: -ruler.alertmanager-client.basic-auth-password 1545 [basic_auth_password: <string> | default = ""] 1546 1547 # Max time to tolerate outage for restoring "for" state of alert. 1548 # CLI flag: -ruler.for-outage-tolerance 1549 [for_outage_tolerance: <duration> | default = 1h] 1550 1551 # Minimum duration between alert and restored "for" state. This is maintained 1552 # only for alerts with configured "for" time greater than grace period. 1553 # CLI flag: -ruler.for-grace-period 1554 [for_grace_period: <duration> | default = 10m] 1555 1556 # Minimum amount of time to wait before resending an alert to Alertmanager. 1557 # CLI flag: -ruler.resend-delay 1558 [resend_delay: <duration> | default = 1m] 1559 1560 # Distribute rule evaluation using ring backend 1561 # CLI flag: -ruler.enable-sharding 1562 [enable_sharding: <boolean> | default = false] 1563 1564 # The sharding strategy to use. Supported values are: default, shuffle-sharding. 1565 # CLI flag: -ruler.sharding-strategy 1566 [sharding_strategy: <string> | default = "default"] 1567 1568 # Time to spend searching for a pending ruler when shutting down. 1569 # CLI flag: -ruler.search-pending-for 1570 [search_pending_for: <duration> | default = 5m] 1571 1572 ring: 1573 kvstore: 1574 # Backend storage to use for the ring. Supported values are: consul, etcd, 1575 # inmemory, memberlist, multi. 1576 # CLI flag: -ruler.ring.store 1577 [store: <string> | default = "consul"] 1578 1579 # The prefix for the keys in the store. Should end with a /. 1580 # CLI flag: -ruler.ring.prefix 1581 [prefix: <string> | default = "rulers/"] 1582 1583 # The consul_config configures the consul client. 1584 # The CLI flags prefix for this block config is: ruler.ring 1585 [consul: <consul_config>] 1586 1587 # The etcd_config configures the etcd client. 1588 # The CLI flags prefix for this block config is: ruler.ring 1589 [etcd: <etcd_config>] 1590 1591 multi: 1592 # Primary backend storage used by multi-client. 1593 # CLI flag: -ruler.ring.multi.primary 1594 [primary: <string> | default = ""] 1595 1596 # Secondary backend storage used by multi-client. 1597 # CLI flag: -ruler.ring.multi.secondary 1598 [secondary: <string> | default = ""] 1599 1600 # Mirror writes to secondary store. 1601 # CLI flag: -ruler.ring.multi.mirror-enabled 1602 [mirror_enabled: <boolean> | default = false] 1603 1604 # Timeout for storing value to secondary store. 1605 # CLI flag: -ruler.ring.multi.mirror-timeout 1606 [mirror_timeout: <duration> | default = 2s] 1607 1608 # Period at which to heartbeat to the ring. 0 = disabled. 1609 # CLI flag: -ruler.ring.heartbeat-period 1610 [heartbeat_period: <duration> | default = 5s] 1611 1612 # The heartbeat timeout after which rulers are considered unhealthy within the 1613 # ring. 0 = never (timeout disabled). 1614 # CLI flag: -ruler.ring.heartbeat-timeout 1615 [heartbeat_timeout: <duration> | default = 1m] 1616 1617 # Name of network interface to read address from. 1618 # CLI flag: -ruler.ring.instance-interface-names 1619 [instance_interface_names: <list of string> | default = [eth0 en0]] 1620 1621 # Number of tokens for each ruler. 1622 # CLI flag: -ruler.ring.num-tokens 1623 [num_tokens: <int> | default = 128] 1624 1625 # Period with which to attempt to flush rule groups. 1626 # CLI flag: -ruler.flush-period 1627 [flush_period: <duration> | default = 1m] 1628 1629 # Enable the ruler api 1630 # CLI flag: -experimental.ruler.enable-api 1631 [enable_api: <boolean> | default = false] 1632 1633 # Comma separated list of tenants whose rules this ruler can evaluate. If 1634 # specified, only these tenants will be handled by ruler, otherwise this ruler 1635 # can process rules from all tenants. Subject to sharding. 1636 # CLI flag: -ruler.enabled-tenants 1637 [enabled_tenants: <string> | default = ""] 1638 1639 # Comma separated list of tenants whose rules this ruler cannot evaluate. If 1640 # specified, a ruler that would normally pick the specified tenant(s) for 1641 # processing will ignore them instead. Subject to sharding. 1642 # CLI flag: -ruler.disabled-tenants 1643 [disabled_tenants: <string> | default = ""] 1644 1645 # Report the wall time for ruler queries to complete as a per user metric and as 1646 # an info level log message. 1647 # CLI flag: -ruler.query-stats-enabled 1648 [query_stats_enabled: <boolean> | default = false] 1649 ``` 1650 1651 ### `ruler_storage_config` 1652 1653 The `ruler_storage_config` configures the Cortex ruler storage backend. 1654 1655 ```yaml 1656 # Backend storage to use. Supported backends are: s3, gcs, azure, swift, 1657 # filesystem, configdb, local. 1658 # CLI flag: -ruler-storage.backend 1659 [backend: <string> | default = "s3"] 1660 1661 s3: 1662 # The S3 bucket endpoint. It could be an AWS S3 endpoint listed at 1663 # https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an 1664 # S3-compatible service in hostname:port format. 1665 # CLI flag: -ruler-storage.s3.endpoint 1666 [endpoint: <string> | default = ""] 1667 1668 # S3 region. If unset, the client will issue a S3 GetBucketLocation API call 1669 # to autodetect it. 1670 # CLI flag: -ruler-storage.s3.region 1671 [region: <string> | default = ""] 1672 1673 # S3 bucket name 1674 # CLI flag: -ruler-storage.s3.bucket-name 1675 [bucket_name: <string> | default = ""] 1676 1677 # S3 secret access key 1678 # CLI flag: -ruler-storage.s3.secret-access-key 1679 [secret_access_key: <string> | default = ""] 1680 1681 # S3 access key ID 1682 # CLI flag: -ruler-storage.s3.access-key-id 1683 [access_key_id: <string> | default = ""] 1684 1685 # If enabled, use http:// for the S3 endpoint instead of https://. This could 1686 # be useful in local dev/test environments while using an S3-compatible 1687 # backend storage, like Minio. 1688 # CLI flag: -ruler-storage.s3.insecure 1689 [insecure: <boolean> | default = false] 1690 1691 # The signature version to use for authenticating against S3. Supported values 1692 # are: v4, v2. 1693 # CLI flag: -ruler-storage.s3.signature-version 1694 [signature_version: <string> | default = "v4"] 1695 1696 # The s3_sse_config configures the S3 server-side encryption. 1697 # The CLI flags prefix for this block config is: ruler-storage 1698 [sse: <s3_sse_config>] 1699 1700 http: 1701 # The time an idle connection will remain idle before closing. 1702 # CLI flag: -ruler-storage.s3.http.idle-conn-timeout 1703 [idle_conn_timeout: <duration> | default = 1m30s] 1704 1705 # The amount of time the client will wait for a servers response headers. 1706 # CLI flag: -ruler-storage.s3.http.response-header-timeout 1707 [response_header_timeout: <duration> | default = 2m] 1708 1709 # If the client connects to S3 via HTTPS and this option is enabled, the 1710 # client will accept any certificate and hostname. 1711 # CLI flag: -ruler-storage.s3.http.insecure-skip-verify 1712 [insecure_skip_verify: <boolean> | default = false] 1713 1714 # Maximum time to wait for a TLS handshake. 0 means no limit. 1715 # CLI flag: -ruler-storage.s3.tls-handshake-timeout 1716 [tls_handshake_timeout: <duration> | default = 10s] 1717 1718 # The time to wait for a server's first response headers after fully writing 1719 # the request headers if the request has an Expect header. 0 to send the 1720 # request body immediately. 1721 # CLI flag: -ruler-storage.s3.expect-continue-timeout 1722 [expect_continue_timeout: <duration> | default = 1s] 1723 1724 # Maximum number of idle (keep-alive) connections across all hosts. 0 means 1725 # no limit. 1726 # CLI flag: -ruler-storage.s3.max-idle-connections 1727 [max_idle_connections: <int> | default = 100] 1728 1729 # Maximum number of idle (keep-alive) connections to keep per-host. If 0, a 1730 # built-in default value is used. 1731 # CLI flag: -ruler-storage.s3.max-idle-connections-per-host 1732 [max_idle_connections_per_host: <int> | default = 100] 1733 1734 # Maximum number of connections per host. 0 means no limit. 1735 # CLI flag: -ruler-storage.s3.max-connections-per-host 1736 [max_connections_per_host: <int> | default = 0] 1737 1738 gcs: 1739 # GCS bucket name 1740 # CLI flag: -ruler-storage.gcs.bucket-name 1741 [bucket_name: <string> | default = ""] 1742 1743 # JSON representing either a Google Developers Console client_credentials.json 1744 # file or a Google Developers service account key file. If empty, fallback to 1745 # Google default logic. 1746 # CLI flag: -ruler-storage.gcs.service-account 1747 [service_account: <string> | default = ""] 1748 1749 azure: 1750 # Azure storage account name 1751 # CLI flag: -ruler-storage.azure.account-name 1752 [account_name: <string> | default = ""] 1753 1754 # Azure storage account key 1755 # CLI flag: -ruler-storage.azure.account-key 1756 [account_key: <string> | default = ""] 1757 1758 # Azure storage container name 1759 # CLI flag: -ruler-storage.azure.container-name 1760 [container_name: <string> | default = ""] 1761 1762 # Azure storage endpoint suffix without schema. The account name will be 1763 # prefixed to this value to create the FQDN 1764 # CLI flag: -ruler-storage.azure.endpoint-suffix 1765 [endpoint_suffix: <string> | default = ""] 1766 1767 # Number of retries for recoverable errors 1768 # CLI flag: -ruler-storage.azure.max-retries 1769 [max_retries: <int> | default = 20] 1770 1771 swift: 1772 # OpenStack Swift authentication API version. 0 to autodetect. 1773 # CLI flag: -ruler-storage.swift.auth-version 1774 [auth_version: <int> | default = 0] 1775 1776 # OpenStack Swift authentication URL 1777 # CLI flag: -ruler-storage.swift.auth-url 1778 [auth_url: <string> | default = ""] 1779 1780 # OpenStack Swift username. 1781 # CLI flag: -ruler-storage.swift.username 1782 [username: <string> | default = ""] 1783 1784 # OpenStack Swift user's domain name. 1785 # CLI flag: -ruler-storage.swift.user-domain-name 1786 [user_domain_name: <string> | default = ""] 1787 1788 # OpenStack Swift user's domain ID. 1789 # CLI flag: -ruler-storage.swift.user-domain-id 1790 [user_domain_id: <string> | default = ""] 1791 1792 # OpenStack Swift user ID. 1793 # CLI flag: -ruler-storage.swift.user-id 1794 [user_id: <string> | default = ""] 1795 1796 # OpenStack Swift API key. 1797 # CLI flag: -ruler-storage.swift.password 1798 [password: <string> | default = ""] 1799 1800 # OpenStack Swift user's domain ID. 1801 # CLI flag: -ruler-storage.swift.domain-id 1802 [domain_id: <string> | default = ""] 1803 1804 # OpenStack Swift user's domain name. 1805 # CLI flag: -ruler-storage.swift.domain-name 1806 [domain_name: <string> | default = ""] 1807 1808 # OpenStack Swift project ID (v2,v3 auth only). 1809 # CLI flag: -ruler-storage.swift.project-id 1810 [project_id: <string> | default = ""] 1811 1812 # OpenStack Swift project name (v2,v3 auth only). 1813 # CLI flag: -ruler-storage.swift.project-name 1814 [project_name: <string> | default = ""] 1815 1816 # ID of the OpenStack Swift project's domain (v3 auth only), only needed if it 1817 # differs the from user domain. 1818 # CLI flag: -ruler-storage.swift.project-domain-id 1819 [project_domain_id: <string> | default = ""] 1820 1821 # Name of the OpenStack Swift project's domain (v3 auth only), only needed if 1822 # it differs from the user domain. 1823 # CLI flag: -ruler-storage.swift.project-domain-name 1824 [project_domain_name: <string> | default = ""] 1825 1826 # OpenStack Swift Region to use (v2,v3 auth only). 1827 # CLI flag: -ruler-storage.swift.region-name 1828 [region_name: <string> | default = ""] 1829 1830 # Name of the OpenStack Swift container to put chunks in. 1831 # CLI flag: -ruler-storage.swift.container-name 1832 [container_name: <string> | default = ""] 1833 1834 # Max retries on requests error. 1835 # CLI flag: -ruler-storage.swift.max-retries 1836 [max_retries: <int> | default = 3] 1837 1838 # Time after which a connection attempt is aborted. 1839 # CLI flag: -ruler-storage.swift.connect-timeout 1840 [connect_timeout: <duration> | default = 10s] 1841 1842 # Time after which an idle request is aborted. The timeout watchdog is reset 1843 # each time some data is received, so the timeout triggers after X time no 1844 # data is received on a request. 1845 # CLI flag: -ruler-storage.swift.request-timeout 1846 [request_timeout: <duration> | default = 5s] 1847 1848 filesystem: 1849 # Local filesystem storage directory. 1850 # CLI flag: -ruler-storage.filesystem.dir 1851 [dir: <string> | default = ""] 1852 1853 # The configstore_config configures the config database storing rules and 1854 # alerts, and is used by the Cortex alertmanager. 1855 # The CLI flags prefix for this block config is: ruler-storage 1856 [configdb: <configstore_config>] 1857 1858 local: 1859 # Directory to scan for rules 1860 # CLI flag: -ruler-storage.local.directory 1861 [directory: <string> | default = ""] 1862 ``` 1863 1864 ### `alertmanager_config` 1865 1866 The `alertmanager_config` configures the Cortex alertmanager. 1867 1868 ```yaml 1869 # Base path for data storage. 1870 # CLI flag: -alertmanager.storage.path 1871 [data_dir: <string> | default = "data/"] 1872 1873 # How long to keep data for. 1874 # CLI flag: -alertmanager.storage.retention 1875 [retention: <duration> | default = 120h] 1876 1877 # The URL under which Alertmanager is externally reachable (for example, if 1878 # Alertmanager is served via a reverse proxy). Used for generating relative and 1879 # absolute links back to Alertmanager itself. If the URL has a path portion, it 1880 # will be used to prefix all HTTP endpoints served by Alertmanager. If omitted, 1881 # relevant URL components will be derived automatically. 1882 # CLI flag: -alertmanager.web.external-url 1883 [external_url: <url> | default = ] 1884 1885 # How frequently to poll Cortex configs 1886 # CLI flag: -alertmanager.configs.poll-interval 1887 [poll_interval: <duration> | default = 15s] 1888 1889 # Maximum size (bytes) of an accepted HTTP request body. 1890 # CLI flag: -alertmanager.max-recv-msg-size 1891 [max_recv_msg_size: <int> | default = 16777216] 1892 1893 # Shard tenants across multiple alertmanager instances. 1894 # CLI flag: -alertmanager.sharding-enabled 1895 [sharding_enabled: <boolean> | default = false] 1896 1897 sharding_ring: 1898 # The key-value store used to share the hash ring across multiple instances. 1899 kvstore: 1900 # Backend storage to use for the ring. Supported values are: consul, etcd, 1901 # inmemory, memberlist, multi. 1902 # CLI flag: -alertmanager.sharding-ring.store 1903 [store: <string> | default = "consul"] 1904 1905 # The prefix for the keys in the store. Should end with a /. 1906 # CLI flag: -alertmanager.sharding-ring.prefix 1907 [prefix: <string> | default = "alertmanagers/"] 1908 1909 # The consul_config configures the consul client. 1910 # The CLI flags prefix for this block config is: alertmanager.sharding-ring 1911 [consul: <consul_config>] 1912 1913 # The etcd_config configures the etcd client. 1914 # The CLI flags prefix for this block config is: alertmanager.sharding-ring 1915 [etcd: <etcd_config>] 1916 1917 multi: 1918 # Primary backend storage used by multi-client. 1919 # CLI flag: -alertmanager.sharding-ring.multi.primary 1920 [primary: <string> | default = ""] 1921 1922 # Secondary backend storage used by multi-client. 1923 # CLI flag: -alertmanager.sharding-ring.multi.secondary 1924 [secondary: <string> | default = ""] 1925 1926 # Mirror writes to secondary store. 1927 # CLI flag: -alertmanager.sharding-ring.multi.mirror-enabled 1928 [mirror_enabled: <boolean> | default = false] 1929 1930 # Timeout for storing value to secondary store. 1931 # CLI flag: -alertmanager.sharding-ring.multi.mirror-timeout 1932 [mirror_timeout: <duration> | default = 2s] 1933 1934 # Period at which to heartbeat to the ring. 0 = disabled. 1935 # CLI flag: -alertmanager.sharding-ring.heartbeat-period 1936 [heartbeat_period: <duration> | default = 15s] 1937 1938 # The heartbeat timeout after which alertmanagers are considered unhealthy 1939 # within the ring. 0 = never (timeout disabled). 1940 # CLI flag: -alertmanager.sharding-ring.heartbeat-timeout 1941 [heartbeat_timeout: <duration> | default = 1m] 1942 1943 # The replication factor to use when sharding the alertmanager. 1944 # CLI flag: -alertmanager.sharding-ring.replication-factor 1945 [replication_factor: <int> | default = 3] 1946 1947 # True to enable zone-awareness and replicate alerts across different 1948 # availability zones. 1949 # CLI flag: -alertmanager.sharding-ring.zone-awareness-enabled 1950 [zone_awareness_enabled: <boolean> | default = false] 1951 1952 # Name of network interface to read address from. 1953 # CLI flag: -alertmanager.sharding-ring.instance-interface-names 1954 [instance_interface_names: <list of string> | default = [eth0 en0]] 1955 1956 # The availability zone where this instance is running. Required if 1957 # zone-awareness is enabled. 1958 # CLI flag: -alertmanager.sharding-ring.instance-availability-zone 1959 [instance_availability_zone: <string> | default = ""] 1960 1961 # Filename of fallback config to use if none specified for instance. 1962 # CLI flag: -alertmanager.configs.fallback 1963 [fallback_config_file: <string> | default = ""] 1964 1965 # Root of URL to generate if config is http://internal.monitor 1966 # CLI flag: -alertmanager.configs.auto-webhook-root 1967 [auto_webhook_root: <string> | default = ""] 1968 1969 # Deprecated. Use -alertmanager-storage.* CLI flags and their respective YAML 1970 # config options instead. 1971 storage: 1972 # Type of backend to use to store alertmanager configs. Supported values are: 1973 # "configdb", "gcs", "s3", "local". 1974 # CLI flag: -alertmanager.storage.type 1975 [type: <string> | default = "configdb"] 1976 1977 # The configstore_config configures the config database storing rules and 1978 # alerts, and is used by the Cortex alertmanager. 1979 # The CLI flags prefix for this block config is: alertmanager 1980 [configdb: <configstore_config>] 1981 1982 azure: 1983 # Azure Cloud environment. Supported values are: AzureGlobal, 1984 # AzureChinaCloud, AzureGermanCloud, AzureUSGovernment. 1985 # CLI flag: -alertmanager.storage.azure.environment 1986 [environment: <string> | default = "AzureGlobal"] 1987 1988 # Name of the blob container used to store chunks. This container must be 1989 # created before running cortex. 1990 # CLI flag: -alertmanager.storage.azure.container-name 1991 [container_name: <string> | default = "cortex"] 1992 1993 # The Microsoft Azure account name to be used 1994 # CLI flag: -alertmanager.storage.azure.account-name 1995 [account_name: <string> | default = ""] 1996 1997 # The Microsoft Azure account key to use. 1998 # CLI flag: -alertmanager.storage.azure.account-key 1999 [account_key: <string> | default = ""] 2000 2001 # Preallocated buffer size for downloads. 2002 # CLI flag: -alertmanager.storage.azure.download-buffer-size 2003 [download_buffer_size: <int> | default = 512000] 2004 2005 # Preallocated buffer size for uploads. 2006 # CLI flag: -alertmanager.storage.azure.upload-buffer-size 2007 [upload_buffer_size: <int> | default = 256000] 2008 2009 # Number of buffers used to used to upload a chunk. 2010 # CLI flag: -alertmanager.storage.azure.download-buffer-count 2011 [upload_buffer_count: <int> | default = 1] 2012 2013 # Timeout for requests made against azure blob storage. 2014 # CLI flag: -alertmanager.storage.azure.request-timeout 2015 [request_timeout: <duration> | default = 30s] 2016 2017 # Number of retries for a request which times out. 2018 # CLI flag: -alertmanager.storage.azure.max-retries 2019 [max_retries: <int> | default = 5] 2020 2021 # Minimum time to wait before retrying a request. 2022 # CLI flag: -alertmanager.storage.azure.min-retry-delay 2023 [min_retry_delay: <duration> | default = 10ms] 2024 2025 # Maximum time to wait before retrying a request. 2026 # CLI flag: -alertmanager.storage.azure.max-retry-delay 2027 [max_retry_delay: <duration> | default = 500ms] 2028 2029 gcs: 2030 # Name of GCS bucket. Please refer to 2031 # https://cloud.google.com/docs/authentication/production for more 2032 # information about how to configure authentication. 2033 # CLI flag: -alertmanager.storage.gcs.bucketname 2034 [bucket_name: <string> | default = ""] 2035 2036 # The size of the buffer that GCS client for each PUT request. 0 to disable 2037 # buffering. 2038 # CLI flag: -alertmanager.storage.gcs.chunk-buffer-size 2039 [chunk_buffer_size: <int> | default = 0] 2040 2041 # The duration after which the requests to GCS should be timed out. 2042 # CLI flag: -alertmanager.storage.gcs.request-timeout 2043 [request_timeout: <duration> | default = 0s] 2044 2045 # Enabled OpenCensus (OC) instrumentation for all requests. 2046 # CLI flag: -alertmanager.storage.gcs.enable-opencensus 2047 [enable_opencensus: <boolean> | default = true] 2048 2049 s3: 2050 # S3 endpoint URL with escaped Key and Secret encoded. If only region is 2051 # specified as a host, proper endpoint will be deduced. Use 2052 # inmemory:///<bucket-name> to use a mock in-memory implementation. 2053 # CLI flag: -alertmanager.storage.s3.url 2054 [s3: <url> | default = ] 2055 2056 # Set this to `true` to force the request to use path-style addressing. 2057 # CLI flag: -alertmanager.storage.s3.force-path-style 2058 [s3forcepathstyle: <boolean> | default = false] 2059 2060 # Comma separated list of bucket names to evenly distribute chunks over. 2061 # Overrides any buckets specified in s3.url flag 2062 # CLI flag: -alertmanager.storage.s3.buckets 2063 [bucketnames: <string> | default = ""] 2064 2065 # S3 Endpoint to connect to. 2066 # CLI flag: -alertmanager.storage.s3.endpoint 2067 [endpoint: <string> | default = ""] 2068 2069 # AWS region to use. 2070 # CLI flag: -alertmanager.storage.s3.region 2071 [region: <string> | default = ""] 2072 2073 # AWS Access Key ID 2074 # CLI flag: -alertmanager.storage.s3.access-key-id 2075 [access_key_id: <string> | default = ""] 2076 2077 # AWS Secret Access Key 2078 # CLI flag: -alertmanager.storage.s3.secret-access-key 2079 [secret_access_key: <string> | default = ""] 2080 2081 # Disable https on s3 connection. 2082 # CLI flag: -alertmanager.storage.s3.insecure 2083 [insecure: <boolean> | default = false] 2084 2085 # Enable AWS Server Side Encryption [Deprecated: Use .sse instead. if 2086 # s3.sse-encryption is enabled, it assumes .sse.type SSE-S3] 2087 # CLI flag: -alertmanager.storage.s3.sse-encryption 2088 [sse_encryption: <boolean> | default = false] 2089 2090 http_config: 2091 # The maximum amount of time an idle connection will be held open. 2092 # CLI flag: -alertmanager.storage.s3.http.idle-conn-timeout 2093 [idle_conn_timeout: <duration> | default = 1m30s] 2094 2095 # If non-zero, specifies the amount of time to wait for a server's 2096 # response headers after fully writing the request. 2097 # CLI flag: -alertmanager.storage.s3.http.response-header-timeout 2098 [response_header_timeout: <duration> | default = 0s] 2099 2100 # Set to false to skip verifying the certificate chain and hostname. 2101 # CLI flag: -alertmanager.storage.s3.http.insecure-skip-verify 2102 [insecure_skip_verify: <boolean> | default = false] 2103 2104 # The signature version to use for authenticating against S3. Supported 2105 # values are: v4, v2. 2106 # CLI flag: -alertmanager.storage.s3.signature-version 2107 [signature_version: <string> | default = "v4"] 2108 2109 # The s3_sse_config configures the S3 server-side encryption. 2110 # The CLI flags prefix for this block config is: alertmanager.storage 2111 [sse: <s3_sse_config>] 2112 2113 local: 2114 # Path at which alertmanager configurations are stored. 2115 # CLI flag: -alertmanager.storage.local.path 2116 [path: <string> | default = ""] 2117 2118 cluster: 2119 # Listen address and port for the cluster. Not specifying this flag disables 2120 # high-availability mode. 2121 # CLI flag: -alertmanager.cluster.listen-address 2122 [listen_address: <string> | default = "0.0.0.0:9094"] 2123 2124 # Explicit address or hostname to advertise in cluster. 2125 # CLI flag: -alertmanager.cluster.advertise-address 2126 [advertise_address: <string> | default = ""] 2127 2128 # Comma-separated list of initial peers. 2129 # CLI flag: -alertmanager.cluster.peers 2130 [peers: <string> | default = ""] 2131 2132 # Time to wait between peers to send notifications. 2133 # CLI flag: -alertmanager.cluster.peer-timeout 2134 [peer_timeout: <duration> | default = 15s] 2135 2136 # The interval between sending gossip messages. By lowering this value (more 2137 # frequent) gossip messages are propagated across cluster more quickly at the 2138 # expense of increased bandwidth usage. 2139 # CLI flag: -alertmanager.cluster.gossip-interval 2140 [gossip_interval: <duration> | default = 200ms] 2141 2142 # The interval between gossip state syncs. Setting this interval lower (more 2143 # frequent) will increase convergence speeds across larger clusters at the 2144 # expense of increased bandwidth usage. 2145 # CLI flag: -alertmanager.cluster.push-pull-interval 2146 [push_pull_interval: <duration> | default = 1m] 2147 2148 # Enable the experimental alertmanager config api. 2149 # CLI flag: -experimental.alertmanager.enable-api 2150 [enable_api: <boolean> | default = false] 2151 2152 alertmanager_client: 2153 # Timeout for downstream alertmanagers. 2154 # CLI flag: -alertmanager.alertmanager-client.remote-timeout 2155 [remote_timeout: <duration> | default = 2s] 2156 2157 # Enable TLS in the GRPC client. This flag needs to be enabled when any other 2158 # TLS flag is set. If set to false, insecure connection to gRPC server will be 2159 # used. 2160 # CLI flag: -alertmanager.alertmanager-client.tls-enabled 2161 [tls_enabled: <boolean> | default = false] 2162 2163 # Path to the client certificate file, which will be used for authenticating 2164 # with the server. Also requires the key path to be configured. 2165 # CLI flag: -alertmanager.alertmanager-client.tls-cert-path 2166 [tls_cert_path: <string> | default = ""] 2167 2168 # Path to the key file for the client certificate. Also requires the client 2169 # certificate to be configured. 2170 # CLI flag: -alertmanager.alertmanager-client.tls-key-path 2171 [tls_key_path: <string> | default = ""] 2172 2173 # Path to the CA certificates file to validate server certificate against. If 2174 # not set, the host's root CA certificates are used. 2175 # CLI flag: -alertmanager.alertmanager-client.tls-ca-path 2176 [tls_ca_path: <string> | default = ""] 2177 2178 # Override the expected name on the server certificate. 2179 # CLI flag: -alertmanager.alertmanager-client.tls-server-name 2180 [tls_server_name: <string> | default = ""] 2181 2182 # Skip validating server certificate. 2183 # CLI flag: -alertmanager.alertmanager-client.tls-insecure-skip-verify 2184 [tls_insecure_skip_verify: <boolean> | default = false] 2185 2186 # The interval between persisting the current alertmanager state (notification 2187 # log and silences) to object storage. This is only used when sharding is 2188 # enabled. This state is read when all replicas for a shard can not be 2189 # contacted. In this scenario, having persisted the state more frequently will 2190 # result in potentially fewer lost silences, and fewer duplicate notifications. 2191 # CLI flag: -alertmanager.persist-interval 2192 [persist_interval: <duration> | default = 15m] 2193 ``` 2194 2195 ### `alertmanager_storage_config` 2196 2197 The `alertmanager_storage_config` configures the Cortex alertmanager storage backend. 2198 2199 ```yaml 2200 # Backend storage to use. Supported backends are: s3, gcs, azure, swift, 2201 # filesystem, configdb, local. 2202 # CLI flag: -alertmanager-storage.backend 2203 [backend: <string> | default = "s3"] 2204 2205 s3: 2206 # The S3 bucket endpoint. It could be an AWS S3 endpoint listed at 2207 # https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an 2208 # S3-compatible service in hostname:port format. 2209 # CLI flag: -alertmanager-storage.s3.endpoint 2210 [endpoint: <string> | default = ""] 2211 2212 # S3 region. If unset, the client will issue a S3 GetBucketLocation API call 2213 # to autodetect it. 2214 # CLI flag: -alertmanager-storage.s3.region 2215 [region: <string> | default = ""] 2216 2217 # S3 bucket name 2218 # CLI flag: -alertmanager-storage.s3.bucket-name 2219 [bucket_name: <string> | default = ""] 2220 2221 # S3 secret access key 2222 # CLI flag: -alertmanager-storage.s3.secret-access-key 2223 [secret_access_key: <string> | default = ""] 2224 2225 # S3 access key ID 2226 # CLI flag: -alertmanager-storage.s3.access-key-id 2227 [access_key_id: <string> | default = ""] 2228 2229 # If enabled, use http:// for the S3 endpoint instead of https://. This could 2230 # be useful in local dev/test environments while using an S3-compatible 2231 # backend storage, like Minio. 2232 # CLI flag: -alertmanager-storage.s3.insecure 2233 [insecure: <boolean> | default = false] 2234 2235 # The signature version to use for authenticating against S3. Supported values 2236 # are: v4, v2. 2237 # CLI flag: -alertmanager-storage.s3.signature-version 2238 [signature_version: <string> | default = "v4"] 2239 2240 # The s3_sse_config configures the S3 server-side encryption. 2241 # The CLI flags prefix for this block config is: alertmanager-storage 2242 [sse: <s3_sse_config>] 2243 2244 http: 2245 # The time an idle connection will remain idle before closing. 2246 # CLI flag: -alertmanager-storage.s3.http.idle-conn-timeout 2247 [idle_conn_timeout: <duration> | default = 1m30s] 2248 2249 # The amount of time the client will wait for a servers response headers. 2250 # CLI flag: -alertmanager-storage.s3.http.response-header-timeout 2251 [response_header_timeout: <duration> | default = 2m] 2252 2253 # If the client connects to S3 via HTTPS and this option is enabled, the 2254 # client will accept any certificate and hostname. 2255 # CLI flag: -alertmanager-storage.s3.http.insecure-skip-verify 2256 [insecure_skip_verify: <boolean> | default = false] 2257 2258 # Maximum time to wait for a TLS handshake. 0 means no limit. 2259 # CLI flag: -alertmanager-storage.s3.tls-handshake-timeout 2260 [tls_handshake_timeout: <duration> | default = 10s] 2261 2262 # The time to wait for a server's first response headers after fully writing 2263 # the request headers if the request has an Expect header. 0 to send the 2264 # request body immediately. 2265 # CLI flag: -alertmanager-storage.s3.expect-continue-timeout 2266 [expect_continue_timeout: <duration> | default = 1s] 2267 2268 # Maximum number of idle (keep-alive) connections across all hosts. 0 means 2269 # no limit. 2270 # CLI flag: -alertmanager-storage.s3.max-idle-connections 2271 [max_idle_connections: <int> | default = 100] 2272 2273 # Maximum number of idle (keep-alive) connections to keep per-host. If 0, a 2274 # built-in default value is used. 2275 # CLI flag: -alertmanager-storage.s3.max-idle-connections-per-host 2276 [max_idle_connections_per_host: <int> | default = 100] 2277 2278 # Maximum number of connections per host. 0 means no limit. 2279 # CLI flag: -alertmanager-storage.s3.max-connections-per-host 2280 [max_connections_per_host: <int> | default = 0] 2281 2282 gcs: 2283 # GCS bucket name 2284 # CLI flag: -alertmanager-storage.gcs.bucket-name 2285 [bucket_name: <string> | default = ""] 2286 2287 # JSON representing either a Google Developers Console client_credentials.json 2288 # file or a Google Developers service account key file. If empty, fallback to 2289 # Google default logic. 2290 # CLI flag: -alertmanager-storage.gcs.service-account 2291 [service_account: <string> | default = ""] 2292 2293 azure: 2294 # Azure storage account name 2295 # CLI flag: -alertmanager-storage.azure.account-name 2296 [account_name: <string> | default = ""] 2297 2298 # Azure storage account key 2299 # CLI flag: -alertmanager-storage.azure.account-key 2300 [account_key: <string> | default = ""] 2301 2302 # Azure storage container name 2303 # CLI flag: -alertmanager-storage.azure.container-name 2304 [container_name: <string> | default = ""] 2305 2306 # Azure storage endpoint suffix without schema. The account name will be 2307 # prefixed to this value to create the FQDN 2308 # CLI flag: -alertmanager-storage.azure.endpoint-suffix 2309 [endpoint_suffix: <string> | default = ""] 2310 2311 # Number of retries for recoverable errors 2312 # CLI flag: -alertmanager-storage.azure.max-retries 2313 [max_retries: <int> | default = 20] 2314 2315 swift: 2316 # OpenStack Swift authentication API version. 0 to autodetect. 2317 # CLI flag: -alertmanager-storage.swift.auth-version 2318 [auth_version: <int> | default = 0] 2319 2320 # OpenStack Swift authentication URL 2321 # CLI flag: -alertmanager-storage.swift.auth-url 2322 [auth_url: <string> | default = ""] 2323 2324 # OpenStack Swift username. 2325 # CLI flag: -alertmanager-storage.swift.username 2326 [username: <string> | default = ""] 2327 2328 # OpenStack Swift user's domain name. 2329 # CLI flag: -alertmanager-storage.swift.user-domain-name 2330 [user_domain_name: <string> | default = ""] 2331 2332 # OpenStack Swift user's domain ID. 2333 # CLI flag: -alertmanager-storage.swift.user-domain-id 2334 [user_domain_id: <string> | default = ""] 2335 2336 # OpenStack Swift user ID. 2337 # CLI flag: -alertmanager-storage.swift.user-id 2338 [user_id: <string> | default = ""] 2339 2340 # OpenStack Swift API key. 2341 # CLI flag: -alertmanager-storage.swift.password 2342 [password: <string> | default = ""] 2343 2344 # OpenStack Swift user's domain ID. 2345 # CLI flag: -alertmanager-storage.swift.domain-id 2346 [domain_id: <string> | default = ""] 2347 2348 # OpenStack Swift user's domain name. 2349 # CLI flag: -alertmanager-storage.swift.domain-name 2350 [domain_name: <string> | default = ""] 2351 2352 # OpenStack Swift project ID (v2,v3 auth only). 2353 # CLI flag: -alertmanager-storage.swift.project-id 2354 [project_id: <string> | default = ""] 2355 2356 # OpenStack Swift project name (v2,v3 auth only). 2357 # CLI flag: -alertmanager-storage.swift.project-name 2358 [project_name: <string> | default = ""] 2359 2360 # ID of the OpenStack Swift project's domain (v3 auth only), only needed if it 2361 # differs the from user domain. 2362 # CLI flag: -alertmanager-storage.swift.project-domain-id 2363 [project_domain_id: <string> | default = ""] 2364 2365 # Name of the OpenStack Swift project's domain (v3 auth only), only needed if 2366 # it differs from the user domain. 2367 # CLI flag: -alertmanager-storage.swift.project-domain-name 2368 [project_domain_name: <string> | default = ""] 2369 2370 # OpenStack Swift Region to use (v2,v3 auth only). 2371 # CLI flag: -alertmanager-storage.swift.region-name 2372 [region_name: <string> | default = ""] 2373 2374 # Name of the OpenStack Swift container to put chunks in. 2375 # CLI flag: -alertmanager-storage.swift.container-name 2376 [container_name: <string> | default = ""] 2377 2378 # Max retries on requests error. 2379 # CLI flag: -alertmanager-storage.swift.max-retries 2380 [max_retries: <int> | default = 3] 2381 2382 # Time after which a connection attempt is aborted. 2383 # CLI flag: -alertmanager-storage.swift.connect-timeout 2384 [connect_timeout: <duration> | default = 10s] 2385 2386 # Time after which an idle request is aborted. The timeout watchdog is reset 2387 # each time some data is received, so the timeout triggers after X time no 2388 # data is received on a request. 2389 # CLI flag: -alertmanager-storage.swift.request-timeout 2390 [request_timeout: <duration> | default = 5s] 2391 2392 filesystem: 2393 # Local filesystem storage directory. 2394 # CLI flag: -alertmanager-storage.filesystem.dir 2395 [dir: <string> | default = ""] 2396 2397 # The configstore_config configures the config database storing rules and 2398 # alerts, and is used by the Cortex alertmanager. 2399 # The CLI flags prefix for this block config is: alertmanager-storage 2400 [configdb: <configstore_config>] 2401 2402 local: 2403 # Path at which alertmanager configurations are stored. 2404 # CLI flag: -alertmanager-storage.local.path 2405 [path: <string> | default = ""] 2406 ``` 2407 2408 ### `table_manager_config` 2409 2410 The `table_manager_config` configures the Cortex table-manager. 2411 2412 ```yaml 2413 # If true, disable all changes to DB capacity 2414 # CLI flag: -table-manager.throughput-updates-disabled 2415 [throughput_updates_disabled: <boolean> | default = false] 2416 2417 # If true, enables retention deletes of DB tables 2418 # CLI flag: -table-manager.retention-deletes-enabled 2419 [retention_deletes_enabled: <boolean> | default = false] 2420 2421 # Tables older than this retention period are deleted. Must be either 0 2422 # (disabled) or a multiple of 24h. When enabled, be aware this setting is 2423 # destructive to data! 2424 # CLI flag: -table-manager.retention-period 2425 [retention_period: <duration> | default = 0s] 2426 2427 # How frequently to poll backend to learn our capacity. 2428 # CLI flag: -table-manager.poll-interval 2429 [poll_interval: <duration> | default = 2m] 2430 2431 # Periodic tables grace period (duration which table will be created/deleted 2432 # before/after it's needed). 2433 # CLI flag: -table-manager.periodic-table.grace-period 2434 [creation_grace_period: <duration> | default = 10m] 2435 2436 index_tables_provisioning: 2437 # Enables on demand throughput provisioning for the storage provider (if 2438 # supported). Applies only to tables which are not autoscaled. Supported by 2439 # DynamoDB 2440 # CLI flag: -table-manager.index-table.enable-ondemand-throughput-mode 2441 [enable_ondemand_throughput_mode: <boolean> | default = false] 2442 2443 # Table default write throughput. Supported by DynamoDB 2444 # CLI flag: -table-manager.index-table.write-throughput 2445 [provisioned_write_throughput: <int> | default = 1000] 2446 2447 # Table default read throughput. Supported by DynamoDB 2448 # CLI flag: -table-manager.index-table.read-throughput 2449 [provisioned_read_throughput: <int> | default = 300] 2450 2451 write_scale: 2452 # Should we enable autoscale for the table. 2453 # CLI flag: -table-manager.index-table.write-throughput.scale.enabled 2454 [enabled: <boolean> | default = false] 2455 2456 # AWS AutoScaling role ARN 2457 # CLI flag: -table-manager.index-table.write-throughput.scale.role-arn 2458 [role_arn: <string> | default = ""] 2459 2460 # DynamoDB minimum provision capacity. 2461 # CLI flag: -table-manager.index-table.write-throughput.scale.min-capacity 2462 [min_capacity: <int> | default = 3000] 2463 2464 # DynamoDB maximum provision capacity. 2465 # CLI flag: -table-manager.index-table.write-throughput.scale.max-capacity 2466 [max_capacity: <int> | default = 6000] 2467 2468 # DynamoDB minimum seconds between each autoscale up. 2469 # CLI flag: -table-manager.index-table.write-throughput.scale.out-cooldown 2470 [out_cooldown: <int> | default = 1800] 2471 2472 # DynamoDB minimum seconds between each autoscale down. 2473 # CLI flag: -table-manager.index-table.write-throughput.scale.in-cooldown 2474 [in_cooldown: <int> | default = 1800] 2475 2476 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2477 # CLI flag: -table-manager.index-table.write-throughput.scale.target-value 2478 [target: <float> | default = 80] 2479 2480 read_scale: 2481 # Should we enable autoscale for the table. 2482 # CLI flag: -table-manager.index-table.read-throughput.scale.enabled 2483 [enabled: <boolean> | default = false] 2484 2485 # AWS AutoScaling role ARN 2486 # CLI flag: -table-manager.index-table.read-throughput.scale.role-arn 2487 [role_arn: <string> | default = ""] 2488 2489 # DynamoDB minimum provision capacity. 2490 # CLI flag: -table-manager.index-table.read-throughput.scale.min-capacity 2491 [min_capacity: <int> | default = 3000] 2492 2493 # DynamoDB maximum provision capacity. 2494 # CLI flag: -table-manager.index-table.read-throughput.scale.max-capacity 2495 [max_capacity: <int> | default = 6000] 2496 2497 # DynamoDB minimum seconds between each autoscale up. 2498 # CLI flag: -table-manager.index-table.read-throughput.scale.out-cooldown 2499 [out_cooldown: <int> | default = 1800] 2500 2501 # DynamoDB minimum seconds between each autoscale down. 2502 # CLI flag: -table-manager.index-table.read-throughput.scale.in-cooldown 2503 [in_cooldown: <int> | default = 1800] 2504 2505 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2506 # CLI flag: -table-manager.index-table.read-throughput.scale.target-value 2507 [target: <float> | default = 80] 2508 2509 # Enables on demand throughput provisioning for the storage provider (if 2510 # supported). Applies only to tables which are not autoscaled. Supported by 2511 # DynamoDB 2512 # CLI flag: -table-manager.index-table.inactive-enable-ondemand-throughput-mode 2513 [enable_inactive_throughput_on_demand_mode: <boolean> | default = false] 2514 2515 # Table write throughput for inactive tables. Supported by DynamoDB 2516 # CLI flag: -table-manager.index-table.inactive-write-throughput 2517 [inactive_write_throughput: <int> | default = 1] 2518 2519 # Table read throughput for inactive tables. Supported by DynamoDB 2520 # CLI flag: -table-manager.index-table.inactive-read-throughput 2521 [inactive_read_throughput: <int> | default = 300] 2522 2523 inactive_write_scale: 2524 # Should we enable autoscale for the table. 2525 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.enabled 2526 [enabled: <boolean> | default = false] 2527 2528 # AWS AutoScaling role ARN 2529 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.role-arn 2530 [role_arn: <string> | default = ""] 2531 2532 # DynamoDB minimum provision capacity. 2533 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.min-capacity 2534 [min_capacity: <int> | default = 3000] 2535 2536 # DynamoDB maximum provision capacity. 2537 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.max-capacity 2538 [max_capacity: <int> | default = 6000] 2539 2540 # DynamoDB minimum seconds between each autoscale up. 2541 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.out-cooldown 2542 [out_cooldown: <int> | default = 1800] 2543 2544 # DynamoDB minimum seconds between each autoscale down. 2545 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.in-cooldown 2546 [in_cooldown: <int> | default = 1800] 2547 2548 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2549 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.target-value 2550 [target: <float> | default = 80] 2551 2552 inactive_read_scale: 2553 # Should we enable autoscale for the table. 2554 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.enabled 2555 [enabled: <boolean> | default = false] 2556 2557 # AWS AutoScaling role ARN 2558 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.role-arn 2559 [role_arn: <string> | default = ""] 2560 2561 # DynamoDB minimum provision capacity. 2562 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.min-capacity 2563 [min_capacity: <int> | default = 3000] 2564 2565 # DynamoDB maximum provision capacity. 2566 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.max-capacity 2567 [max_capacity: <int> | default = 6000] 2568 2569 # DynamoDB minimum seconds between each autoscale up. 2570 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.out-cooldown 2571 [out_cooldown: <int> | default = 1800] 2572 2573 # DynamoDB minimum seconds between each autoscale down. 2574 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.in-cooldown 2575 [in_cooldown: <int> | default = 1800] 2576 2577 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2578 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.target-value 2579 [target: <float> | default = 80] 2580 2581 # Number of last inactive tables to enable write autoscale. 2582 # CLI flag: -table-manager.index-table.inactive-write-throughput.scale-last-n 2583 [inactive_write_scale_lastn: <int> | default = 4] 2584 2585 # Number of last inactive tables to enable read autoscale. 2586 # CLI flag: -table-manager.index-table.inactive-read-throughput.scale-last-n 2587 [inactive_read_scale_lastn: <int> | default = 4] 2588 2589 chunk_tables_provisioning: 2590 # Enables on demand throughput provisioning for the storage provider (if 2591 # supported). Applies only to tables which are not autoscaled. Supported by 2592 # DynamoDB 2593 # CLI flag: -table-manager.chunk-table.enable-ondemand-throughput-mode 2594 [enable_ondemand_throughput_mode: <boolean> | default = false] 2595 2596 # Table default write throughput. Supported by DynamoDB 2597 # CLI flag: -table-manager.chunk-table.write-throughput 2598 [provisioned_write_throughput: <int> | default = 1000] 2599 2600 # Table default read throughput. Supported by DynamoDB 2601 # CLI flag: -table-manager.chunk-table.read-throughput 2602 [provisioned_read_throughput: <int> | default = 300] 2603 2604 write_scale: 2605 # Should we enable autoscale for the table. 2606 # CLI flag: -table-manager.chunk-table.write-throughput.scale.enabled 2607 [enabled: <boolean> | default = false] 2608 2609 # AWS AutoScaling role ARN 2610 # CLI flag: -table-manager.chunk-table.write-throughput.scale.role-arn 2611 [role_arn: <string> | default = ""] 2612 2613 # DynamoDB minimum provision capacity. 2614 # CLI flag: -table-manager.chunk-table.write-throughput.scale.min-capacity 2615 [min_capacity: <int> | default = 3000] 2616 2617 # DynamoDB maximum provision capacity. 2618 # CLI flag: -table-manager.chunk-table.write-throughput.scale.max-capacity 2619 [max_capacity: <int> | default = 6000] 2620 2621 # DynamoDB minimum seconds between each autoscale up. 2622 # CLI flag: -table-manager.chunk-table.write-throughput.scale.out-cooldown 2623 [out_cooldown: <int> | default = 1800] 2624 2625 # DynamoDB minimum seconds between each autoscale down. 2626 # CLI flag: -table-manager.chunk-table.write-throughput.scale.in-cooldown 2627 [in_cooldown: <int> | default = 1800] 2628 2629 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2630 # CLI flag: -table-manager.chunk-table.write-throughput.scale.target-value 2631 [target: <float> | default = 80] 2632 2633 read_scale: 2634 # Should we enable autoscale for the table. 2635 # CLI flag: -table-manager.chunk-table.read-throughput.scale.enabled 2636 [enabled: <boolean> | default = false] 2637 2638 # AWS AutoScaling role ARN 2639 # CLI flag: -table-manager.chunk-table.read-throughput.scale.role-arn 2640 [role_arn: <string> | default = ""] 2641 2642 # DynamoDB minimum provision capacity. 2643 # CLI flag: -table-manager.chunk-table.read-throughput.scale.min-capacity 2644 [min_capacity: <int> | default = 3000] 2645 2646 # DynamoDB maximum provision capacity. 2647 # CLI flag: -table-manager.chunk-table.read-throughput.scale.max-capacity 2648 [max_capacity: <int> | default = 6000] 2649 2650 # DynamoDB minimum seconds between each autoscale up. 2651 # CLI flag: -table-manager.chunk-table.read-throughput.scale.out-cooldown 2652 [out_cooldown: <int> | default = 1800] 2653 2654 # DynamoDB minimum seconds between each autoscale down. 2655 # CLI flag: -table-manager.chunk-table.read-throughput.scale.in-cooldown 2656 [in_cooldown: <int> | default = 1800] 2657 2658 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2659 # CLI flag: -table-manager.chunk-table.read-throughput.scale.target-value 2660 [target: <float> | default = 80] 2661 2662 # Enables on demand throughput provisioning for the storage provider (if 2663 # supported). Applies only to tables which are not autoscaled. Supported by 2664 # DynamoDB 2665 # CLI flag: -table-manager.chunk-table.inactive-enable-ondemand-throughput-mode 2666 [enable_inactive_throughput_on_demand_mode: <boolean> | default = false] 2667 2668 # Table write throughput for inactive tables. Supported by DynamoDB 2669 # CLI flag: -table-manager.chunk-table.inactive-write-throughput 2670 [inactive_write_throughput: <int> | default = 1] 2671 2672 # Table read throughput for inactive tables. Supported by DynamoDB 2673 # CLI flag: -table-manager.chunk-table.inactive-read-throughput 2674 [inactive_read_throughput: <int> | default = 300] 2675 2676 inactive_write_scale: 2677 # Should we enable autoscale for the table. 2678 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.enabled 2679 [enabled: <boolean> | default = false] 2680 2681 # AWS AutoScaling role ARN 2682 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.role-arn 2683 [role_arn: <string> | default = ""] 2684 2685 # DynamoDB minimum provision capacity. 2686 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.min-capacity 2687 [min_capacity: <int> | default = 3000] 2688 2689 # DynamoDB maximum provision capacity. 2690 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.max-capacity 2691 [max_capacity: <int> | default = 6000] 2692 2693 # DynamoDB minimum seconds between each autoscale up. 2694 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.out-cooldown 2695 [out_cooldown: <int> | default = 1800] 2696 2697 # DynamoDB minimum seconds between each autoscale down. 2698 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.in-cooldown 2699 [in_cooldown: <int> | default = 1800] 2700 2701 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2702 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.target-value 2703 [target: <float> | default = 80] 2704 2705 inactive_read_scale: 2706 # Should we enable autoscale for the table. 2707 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.enabled 2708 [enabled: <boolean> | default = false] 2709 2710 # AWS AutoScaling role ARN 2711 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.role-arn 2712 [role_arn: <string> | default = ""] 2713 2714 # DynamoDB minimum provision capacity. 2715 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.min-capacity 2716 [min_capacity: <int> | default = 3000] 2717 2718 # DynamoDB maximum provision capacity. 2719 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.max-capacity 2720 [max_capacity: <int> | default = 6000] 2721 2722 # DynamoDB minimum seconds between each autoscale up. 2723 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.out-cooldown 2724 [out_cooldown: <int> | default = 1800] 2725 2726 # DynamoDB minimum seconds between each autoscale down. 2727 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.in-cooldown 2728 [in_cooldown: <int> | default = 1800] 2729 2730 # DynamoDB target ratio of consumed capacity to provisioned capacity. 2731 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.target-value 2732 [target: <float> | default = 80] 2733 2734 # Number of last inactive tables to enable write autoscale. 2735 # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale-last-n 2736 [inactive_write_scale_lastn: <int> | default = 4] 2737 2738 # Number of last inactive tables to enable read autoscale. 2739 # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale-last-n 2740 [inactive_read_scale_lastn: <int> | default = 4] 2741 ``` 2742 2743 ### `storage_config` 2744 2745 The `storage_config` configures where Cortex stores the data (chunks storage engine). 2746 2747 ```yaml 2748 # The storage engine to use: chunks (deprecated) or blocks. 2749 # CLI flag: -store.engine 2750 [engine: <string> | default = "chunks"] 2751 2752 aws: 2753 dynamodb: 2754 # DynamoDB endpoint URL with escaped Key and Secret encoded. If only region 2755 # is specified as a host, proper endpoint will be deduced. Use 2756 # inmemory:///<table-name> to use a mock in-memory implementation. 2757 # CLI flag: -dynamodb.url 2758 [dynamodb_url: <url> | default = ] 2759 2760 # DynamoDB table management requests per second limit. 2761 # CLI flag: -dynamodb.api-limit 2762 [api_limit: <float> | default = 2] 2763 2764 # DynamoDB rate cap to back off when throttled. 2765 # CLI flag: -dynamodb.throttle-limit 2766 [throttle_limit: <float> | default = 10] 2767 2768 metrics: 2769 # Use metrics-based autoscaling, via this query URL 2770 # CLI flag: -metrics.url 2771 [url: <string> | default = ""] 2772 2773 # Queue length above which we will scale up capacity 2774 # CLI flag: -metrics.target-queue-length 2775 [target_queue_length: <int> | default = 100000] 2776 2777 # Scale up capacity by this multiple 2778 # CLI flag: -metrics.scale-up-factor 2779 [scale_up_factor: <float> | default = 1.3] 2780 2781 # Ignore throttling below this level (rate per second) 2782 # CLI flag: -metrics.ignore-throttle-below 2783 [ignore_throttle_below: <float> | default = 1] 2784 2785 # query to fetch ingester queue length 2786 # CLI flag: -metrics.queue-length-query 2787 [queue_length_query: <string> | default = "sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"] 2788 2789 # query to fetch throttle rates per table 2790 # CLI flag: -metrics.write-throttle-query 2791 [write_throttle_query: <string> | default = "sum(rate(cortex_dynamo_throttled_total{operation=\"DynamoDB.BatchWriteItem\"}[1m])) by (table) > 0"] 2792 2793 # query to fetch write capacity usage per table 2794 # CLI flag: -metrics.usage-query 2795 [write_usage_query: <string> | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.BatchWriteItem\"}[15m])) by (table) > 0"] 2796 2797 # query to fetch read capacity usage per table 2798 # CLI flag: -metrics.read-usage-query 2799 [read_usage_query: <string> | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.QueryPages\"}[1h])) by (table) > 0"] 2800 2801 # query to fetch read errors per table 2802 # CLI flag: -metrics.read-error-query 2803 [read_error_query: <string> | default = "sum(increase(cortex_dynamo_failures_total{operation=\"DynamoDB.QueryPages\",error=\"ProvisionedThroughputExceededException\"}[1m])) by (table) > 0"] 2804 2805 # Number of chunks to group together to parallelise fetches (zero to 2806 # disable) 2807 # CLI flag: -dynamodb.chunk-gang-size 2808 [chunk_gang_size: <int> | default = 10] 2809 2810 # Max number of chunk-get operations to start in parallel 2811 # CLI flag: -dynamodb.chunk.get-max-parallelism 2812 [chunk_get_max_parallelism: <int> | default = 32] 2813 2814 backoff_config: 2815 # Minimum backoff time 2816 # CLI flag: -dynamodb.min-backoff 2817 [min_period: <duration> | default = 100ms] 2818 2819 # Maximum backoff time 2820 # CLI flag: -dynamodb.max-backoff 2821 [max_period: <duration> | default = 50s] 2822 2823 # Maximum number of times to retry an operation 2824 # CLI flag: -dynamodb.max-retries 2825 [max_retries: <int> | default = 20] 2826 2827 # S3 endpoint URL with escaped Key and Secret encoded. If only region is 2828 # specified as a host, proper endpoint will be deduced. Use 2829 # inmemory:///<bucket-name> to use a mock in-memory implementation. 2830 # CLI flag: -s3.url 2831 [s3: <url> | default = ] 2832 2833 # Set this to `true` to force the request to use path-style addressing. 2834 # CLI flag: -s3.force-path-style 2835 [s3forcepathstyle: <boolean> | default = false] 2836 2837 # Comma separated list of bucket names to evenly distribute chunks over. 2838 # Overrides any buckets specified in s3.url flag 2839 # CLI flag: -s3.buckets 2840 [bucketnames: <string> | default = ""] 2841 2842 # S3 Endpoint to connect to. 2843 # CLI flag: -s3.endpoint 2844 [endpoint: <string> | default = ""] 2845 2846 # AWS region to use. 2847 # CLI flag: -s3.region 2848 [region: <string> | default = ""] 2849 2850 # AWS Access Key ID 2851 # CLI flag: -s3.access-key-id 2852 [access_key_id: <string> | default = ""] 2853 2854 # AWS Secret Access Key 2855 # CLI flag: -s3.secret-access-key 2856 [secret_access_key: <string> | default = ""] 2857 2858 # Disable https on s3 connection. 2859 # CLI flag: -s3.insecure 2860 [insecure: <boolean> | default = false] 2861 2862 # Enable AWS Server Side Encryption [Deprecated: Use .sse instead. if 2863 # s3.sse-encryption is enabled, it assumes .sse.type SSE-S3] 2864 # CLI flag: -s3.sse-encryption 2865 [sse_encryption: <boolean> | default = false] 2866 2867 http_config: 2868 # The maximum amount of time an idle connection will be held open. 2869 # CLI flag: -s3.http.idle-conn-timeout 2870 [idle_conn_timeout: <duration> | default = 1m30s] 2871 2872 # If non-zero, specifies the amount of time to wait for a server's response 2873 # headers after fully writing the request. 2874 # CLI flag: -s3.http.response-header-timeout 2875 [response_header_timeout: <duration> | default = 0s] 2876 2877 # Set to false to skip verifying the certificate chain and hostname. 2878 # CLI flag: -s3.http.insecure-skip-verify 2879 [insecure_skip_verify: <boolean> | default = false] 2880 2881 # The signature version to use for authenticating against S3. Supported values 2882 # are: v4, v2. 2883 # CLI flag: -s3.signature-version 2884 [signature_version: <string> | default = "v4"] 2885 2886 # The s3_sse_config configures the S3 server-side encryption. 2887 [sse: <s3_sse_config>] 2888 2889 azure: 2890 # Azure Cloud environment. Supported values are: AzureGlobal, AzureChinaCloud, 2891 # AzureGermanCloud, AzureUSGovernment. 2892 # CLI flag: -azure.environment 2893 [environment: <string> | default = "AzureGlobal"] 2894 2895 # Name of the blob container used to store chunks. This container must be 2896 # created before running cortex. 2897 # CLI flag: -azure.container-name 2898 [container_name: <string> | default = "cortex"] 2899 2900 # The Microsoft Azure account name to be used 2901 # CLI flag: -azure.account-name 2902 [account_name: <string> | default = ""] 2903 2904 # The Microsoft Azure account key to use. 2905 # CLI flag: -azure.account-key 2906 [account_key: <string> | default = ""] 2907 2908 # Preallocated buffer size for downloads. 2909 # CLI flag: -azure.download-buffer-size 2910 [download_buffer_size: <int> | default = 512000] 2911 2912 # Preallocated buffer size for uploads. 2913 # CLI flag: -azure.upload-buffer-size 2914 [upload_buffer_size: <int> | default = 256000] 2915 2916 # Number of buffers used to used to upload a chunk. 2917 # CLI flag: -azure.download-buffer-count 2918 [upload_buffer_count: <int> | default = 1] 2919 2920 # Timeout for requests made against azure blob storage. 2921 # CLI flag: -azure.request-timeout 2922 [request_timeout: <duration> | default = 30s] 2923 2924 # Number of retries for a request which times out. 2925 # CLI flag: -azure.max-retries 2926 [max_retries: <int> | default = 5] 2927 2928 # Minimum time to wait before retrying a request. 2929 # CLI flag: -azure.min-retry-delay 2930 [min_retry_delay: <duration> | default = 10ms] 2931 2932 # Maximum time to wait before retrying a request. 2933 # CLI flag: -azure.max-retry-delay 2934 [max_retry_delay: <duration> | default = 500ms] 2935 2936 bigtable: 2937 # Bigtable project ID. 2938 # CLI flag: -bigtable.project 2939 [project: <string> | default = ""] 2940 2941 # Bigtable instance ID. Please refer to 2942 # https://cloud.google.com/docs/authentication/production for more information 2943 # about how to configure authentication. 2944 # CLI flag: -bigtable.instance 2945 [instance: <string> | default = ""] 2946 2947 grpc_client_config: 2948 # gRPC client max receive message size (bytes). 2949 # CLI flag: -bigtable.grpc-max-recv-msg-size 2950 [max_recv_msg_size: <int> | default = 104857600] 2951 2952 # gRPC client max send message size (bytes). 2953 # CLI flag: -bigtable.grpc-max-send-msg-size 2954 [max_send_msg_size: <int> | default = 16777216] 2955 2956 # Use compression when sending messages. Supported values are: 'gzip', 2957 # 'snappy' and '' (disable compression) 2958 # CLI flag: -bigtable.grpc-compression 2959 [grpc_compression: <string> | default = ""] 2960 2961 # Rate limit for gRPC client; 0 means disabled. 2962 # CLI flag: -bigtable.grpc-client-rate-limit 2963 [rate_limit: <float> | default = 0] 2964 2965 # Rate limit burst for gRPC client. 2966 # CLI flag: -bigtable.grpc-client-rate-limit-burst 2967 [rate_limit_burst: <int> | default = 0] 2968 2969 # Enable backoff and retry when we hit ratelimits. 2970 # CLI flag: -bigtable.backoff-on-ratelimits 2971 [backoff_on_ratelimits: <boolean> | default = false] 2972 2973 backoff_config: 2974 # Minimum delay when backing off. 2975 # CLI flag: -bigtable.backoff-min-period 2976 [min_period: <duration> | default = 100ms] 2977 2978 # Maximum delay when backing off. 2979 # CLI flag: -bigtable.backoff-max-period 2980 [max_period: <duration> | default = 10s] 2981 2982 # Number of times to backoff and retry before failing. 2983 # CLI flag: -bigtable.backoff-retries 2984 [max_retries: <int> | default = 10] 2985 2986 # Enable TLS in the GRPC client. This flag needs to be enabled when any 2987 # other TLS flag is set. If set to false, insecure connection to gRPC server 2988 # will be used. 2989 # CLI flag: -bigtable.tls-enabled 2990 [tls_enabled: <boolean> | default = true] 2991 2992 # Path to the client certificate file, which will be used for authenticating 2993 # with the server. Also requires the key path to be configured. 2994 # CLI flag: -bigtable.tls-cert-path 2995 [tls_cert_path: <string> | default = ""] 2996 2997 # Path to the key file for the client certificate. Also requires the client 2998 # certificate to be configured. 2999 # CLI flag: -bigtable.tls-key-path 3000 [tls_key_path: <string> | default = ""] 3001 3002 # Path to the CA certificates file to validate server certificate against. 3003 # If not set, the host's root CA certificates are used. 3004 # CLI flag: -bigtable.tls-ca-path 3005 [tls_ca_path: <string> | default = ""] 3006 3007 # Override the expected name on the server certificate. 3008 # CLI flag: -bigtable.tls-server-name 3009 [tls_server_name: <string> | default = ""] 3010 3011 # Skip validating server certificate. 3012 # CLI flag: -bigtable.tls-insecure-skip-verify 3013 [tls_insecure_skip_verify: <boolean> | default = false] 3014 3015 # If enabled, once a tables info is fetched, it is cached. 3016 # CLI flag: -bigtable.table-cache.enabled 3017 [table_cache_enabled: <boolean> | default = true] 3018 3019 # Duration to cache tables before checking again. 3020 # CLI flag: -bigtable.table-cache.expiration 3021 [table_cache_expiration: <duration> | default = 30m] 3022 3023 gcs: 3024 # Name of GCS bucket. Please refer to 3025 # https://cloud.google.com/docs/authentication/production for more information 3026 # about how to configure authentication. 3027 # CLI flag: -gcs.bucketname 3028 [bucket_name: <string> | default = ""] 3029 3030 # The size of the buffer that GCS client for each PUT request. 0 to disable 3031 # buffering. 3032 # CLI flag: -gcs.chunk-buffer-size 3033 [chunk_buffer_size: <int> | default = 0] 3034 3035 # The duration after which the requests to GCS should be timed out. 3036 # CLI flag: -gcs.request-timeout 3037 [request_timeout: <duration> | default = 0s] 3038 3039 # Enabled OpenCensus (OC) instrumentation for all requests. 3040 # CLI flag: -gcs.enable-opencensus 3041 [enable_opencensus: <boolean> | default = true] 3042 3043 cassandra: 3044 # Comma-separated hostnames or IPs of Cassandra instances. 3045 # CLI flag: -cassandra.addresses 3046 [addresses: <string> | default = ""] 3047 3048 # Port that Cassandra is running on 3049 # CLI flag: -cassandra.port 3050 [port: <int> | default = 9042] 3051 3052 # Keyspace to use in Cassandra. 3053 # CLI flag: -cassandra.keyspace 3054 [keyspace: <string> | default = ""] 3055 3056 # Consistency level for Cassandra. 3057 # CLI flag: -cassandra.consistency 3058 [consistency: <string> | default = "QUORUM"] 3059 3060 # Replication factor to use in Cassandra. 3061 # CLI flag: -cassandra.replication-factor 3062 [replication_factor: <int> | default = 3] 3063 3064 # Instruct the cassandra driver to not attempt to get host info from the 3065 # system.peers table. 3066 # CLI flag: -cassandra.disable-initial-host-lookup 3067 [disable_initial_host_lookup: <boolean> | default = false] 3068 3069 # Use SSL when connecting to cassandra instances. 3070 # CLI flag: -cassandra.ssl 3071 [SSL: <boolean> | default = false] 3072 3073 # Require SSL certificate validation. 3074 # CLI flag: -cassandra.host-verification 3075 [host_verification: <boolean> | default = true] 3076 3077 # Policy for selecting Cassandra host. Supported values are: round-robin, 3078 # token-aware. 3079 # CLI flag: -cassandra.host-selection-policy 3080 [host_selection_policy: <string> | default = "round-robin"] 3081 3082 # Path to certificate file to verify the peer. 3083 # CLI flag: -cassandra.ca-path 3084 [CA_path: <string> | default = ""] 3085 3086 # Path to certificate file used by TLS. 3087 # CLI flag: -cassandra.tls-cert-path 3088 [tls_cert_path: <string> | default = ""] 3089 3090 # Path to private key file used by TLS. 3091 # CLI flag: -cassandra.tls-key-path 3092 [tls_key_path: <string> | default = ""] 3093 3094 # Enable password authentication when connecting to cassandra. 3095 # CLI flag: -cassandra.auth 3096 [auth: <boolean> | default = false] 3097 3098 # Username to use when connecting to cassandra. 3099 # CLI flag: -cassandra.username 3100 [username: <string> | default = ""] 3101 3102 # Password to use when connecting to cassandra. 3103 # CLI flag: -cassandra.password 3104 [password: <string> | default = ""] 3105 3106 # File containing password to use when connecting to cassandra. 3107 # CLI flag: -cassandra.password-file 3108 [password_file: <string> | default = ""] 3109 3110 # If set, when authenticating with cassandra a custom authenticator will be 3111 # expected during the handshake. This flag can be set multiple times. 3112 # CLI flag: -cassandra.custom-authenticator 3113 [custom_authenticators: <list of string> | default = []] 3114 3115 # Timeout when connecting to cassandra. 3116 # CLI flag: -cassandra.timeout 3117 [timeout: <duration> | default = 2s] 3118 3119 # Initial connection timeout, used during initial dial to server. 3120 # CLI flag: -cassandra.connect-timeout 3121 [connect_timeout: <duration> | default = 5s] 3122 3123 # Interval to retry connecting to cassandra nodes marked as DOWN. 3124 # CLI flag: -cassandra.reconnent-interval 3125 [reconnect_interval: <duration> | default = 1s] 3126 3127 # Number of retries to perform on a request. Set to 0 to disable retries. 3128 # CLI flag: -cassandra.max-retries 3129 [max_retries: <int> | default = 0] 3130 3131 # Maximum time to wait before retrying a failed request. 3132 # CLI flag: -cassandra.retry-max-backoff 3133 [retry_max_backoff: <duration> | default = 10s] 3134 3135 # Minimum time to wait before retrying a failed request. 3136 # CLI flag: -cassandra.retry-min-backoff 3137 [retry_min_backoff: <duration> | default = 100ms] 3138 3139 # Limit number of concurrent queries to Cassandra. Set to 0 to disable the 3140 # limit. 3141 # CLI flag: -cassandra.query-concurrency 3142 [query_concurrency: <int> | default = 0] 3143 3144 # Number of TCP connections per host. 3145 # CLI flag: -cassandra.num-connections 3146 [num_connections: <int> | default = 2] 3147 3148 # Convict hosts of being down on failure. 3149 # CLI flag: -cassandra.convict-hosts-on-failure 3150 [convict_hosts_on_failure: <boolean> | default = true] 3151 3152 # Table options used to create index or chunk tables. This value is used as 3153 # plain text in the table `WITH` like this, "CREATE TABLE 3154 # <generated_by_cortex> (...) WITH <cassandra.table-options>". For details, 3155 # see https://cortexmetrics.io/docs/production/cassandra. By default it will 3156 # use the default table options of your Cassandra cluster. 3157 # CLI flag: -cassandra.table-options 3158 [table_options: <string> | default = ""] 3159 3160 boltdb: 3161 # Location of BoltDB index files. 3162 # CLI flag: -boltdb.dir 3163 [directory: <string> | default = ""] 3164 3165 filesystem: 3166 # Directory to store chunks in. 3167 # CLI flag: -local.chunk-directory 3168 [directory: <string> | default = ""] 3169 3170 swift: 3171 # OpenStack Swift authentication API version. 0 to autodetect. 3172 # CLI flag: -swift.auth-version 3173 [auth_version: <int> | default = 0] 3174 3175 # OpenStack Swift authentication URL 3176 # CLI flag: -swift.auth-url 3177 [auth_url: <string> | default = ""] 3178 3179 # OpenStack Swift username. 3180 # CLI flag: -swift.username 3181 [username: <string> | default = ""] 3182 3183 # OpenStack Swift user's domain name. 3184 # CLI flag: -swift.user-domain-name 3185 [user_domain_name: <string> | default = ""] 3186 3187 # OpenStack Swift user's domain ID. 3188 # CLI flag: -swift.user-domain-id 3189 [user_domain_id: <string> | default = ""] 3190 3191 # OpenStack Swift user ID. 3192 # CLI flag: -swift.user-id 3193 [user_id: <string> | default = ""] 3194 3195 # OpenStack Swift API key. 3196 # CLI flag: -swift.password 3197 [password: <string> | default = ""] 3198 3199 # OpenStack Swift user's domain ID. 3200 # CLI flag: -swift.domain-id 3201 [domain_id: <string> | default = ""] 3202 3203 # OpenStack Swift user's domain name. 3204 # CLI flag: -swift.domain-name 3205 [domain_name: <string> | default = ""] 3206 3207 # OpenStack Swift project ID (v2,v3 auth only). 3208 # CLI flag: -swift.project-id 3209 [project_id: <string> | default = ""] 3210 3211 # OpenStack Swift project name (v2,v3 auth only). 3212 # CLI flag: -swift.project-name 3213 [project_name: <string> | default = ""] 3214 3215 # ID of the OpenStack Swift project's domain (v3 auth only), only needed if it 3216 # differs the from user domain. 3217 # CLI flag: -swift.project-domain-id 3218 [project_domain_id: <string> | default = ""] 3219 3220 # Name of the OpenStack Swift project's domain (v3 auth only), only needed if 3221 # it differs from the user domain. 3222 # CLI flag: -swift.project-domain-name 3223 [project_domain_name: <string> | default = ""] 3224 3225 # OpenStack Swift Region to use (v2,v3 auth only). 3226 # CLI flag: -swift.region-name 3227 [region_name: <string> | default = ""] 3228 3229 # Name of the OpenStack Swift container to put chunks in. 3230 # CLI flag: -swift.container-name 3231 [container_name: <string> | default = ""] 3232 3233 # Max retries on requests error. 3234 # CLI flag: -swift.max-retries 3235 [max_retries: <int> | default = 3] 3236 3237 # Time after which a connection attempt is aborted. 3238 # CLI flag: -swift.connect-timeout 3239 [connect_timeout: <duration> | default = 10s] 3240 3241 # Time after which an idle request is aborted. The timeout watchdog is reset 3242 # each time some data is received, so the timeout triggers after X time no 3243 # data is received on a request. 3244 # CLI flag: -swift.request-timeout 3245 [request_timeout: <duration> | default = 5s] 3246 3247 # Cache validity for active index entries. Should be no higher than 3248 # -ingester.max-chunk-idle. 3249 # CLI flag: -store.index-cache-validity 3250 [index_cache_validity: <duration> | default = 5m] 3251 3252 index_queries_cache_config: 3253 # Cache config for index entry reading. Enable in-memory cache. 3254 # CLI flag: -store.index-cache-read.cache.enable-fifocache 3255 [enable_fifocache: <boolean> | default = false] 3256 3257 # Cache config for index entry reading. The default validity of entries for 3258 # caches unless overridden. 3259 # CLI flag: -store.index-cache-read.default-validity 3260 [default_validity: <duration> | default = 0s] 3261 3262 background: 3263 # Cache config for index entry reading. At what concurrency to write back to 3264 # cache. 3265 # CLI flag: -store.index-cache-read.background.write-back-concurrency 3266 [writeback_goroutines: <int> | default = 10] 3267 3268 # Cache config for index entry reading. How many key batches to buffer for 3269 # background write-back. 3270 # CLI flag: -store.index-cache-read.background.write-back-buffer 3271 [writeback_buffer: <int> | default = 10000] 3272 3273 # The memcached_config block configures how data is stored in Memcached (ie. 3274 # expiration). 3275 # The CLI flags prefix for this block config is: store.index-cache-read 3276 [memcached: <memcached_config>] 3277 3278 # The memcached_client_config configures the client used to connect to 3279 # Memcached. 3280 # The CLI flags prefix for this block config is: store.index-cache-read 3281 [memcached_client: <memcached_client_config>] 3282 3283 # The redis_config configures the Redis backend cache. 3284 # The CLI flags prefix for this block config is: store.index-cache-read 3285 [redis: <redis_config>] 3286 3287 # The fifo_cache_config configures the local in-memory cache. 3288 # The CLI flags prefix for this block config is: store.index-cache-read 3289 [fifocache: <fifo_cache_config>] 3290 3291 delete_store: 3292 # Store for keeping delete request 3293 # CLI flag: -deletes.store 3294 [store: <string> | default = ""] 3295 3296 # Name of the table which stores delete requests 3297 # CLI flag: -deletes.requests-table-name 3298 [requests_table_name: <string> | default = "delete_requests"] 3299 3300 table_provisioning: 3301 # Enables on demand throughput provisioning for the storage provider (if 3302 # supported). Applies only to tables which are not autoscaled. Supported by 3303 # DynamoDB 3304 # CLI flag: -deletes.table.enable-ondemand-throughput-mode 3305 [enable_ondemand_throughput_mode: <boolean> | default = false] 3306 3307 # Table default write throughput. Supported by DynamoDB 3308 # CLI flag: -deletes.table.write-throughput 3309 [provisioned_write_throughput: <int> | default = 1] 3310 3311 # Table default read throughput. Supported by DynamoDB 3312 # CLI flag: -deletes.table.read-throughput 3313 [provisioned_read_throughput: <int> | default = 300] 3314 3315 write_scale: 3316 # Should we enable autoscale for the table. 3317 # CLI flag: -deletes.table.write-throughput.scale.enabled 3318 [enabled: <boolean> | default = false] 3319 3320 # AWS AutoScaling role ARN 3321 # CLI flag: -deletes.table.write-throughput.scale.role-arn 3322 [role_arn: <string> | default = ""] 3323 3324 # DynamoDB minimum provision capacity. 3325 # CLI flag: -deletes.table.write-throughput.scale.min-capacity 3326 [min_capacity: <int> | default = 3000] 3327 3328 # DynamoDB maximum provision capacity. 3329 # CLI flag: -deletes.table.write-throughput.scale.max-capacity 3330 [max_capacity: <int> | default = 6000] 3331 3332 # DynamoDB minimum seconds between each autoscale up. 3333 # CLI flag: -deletes.table.write-throughput.scale.out-cooldown 3334 [out_cooldown: <int> | default = 1800] 3335 3336 # DynamoDB minimum seconds between each autoscale down. 3337 # CLI flag: -deletes.table.write-throughput.scale.in-cooldown 3338 [in_cooldown: <int> | default = 1800] 3339 3340 # DynamoDB target ratio of consumed capacity to provisioned capacity. 3341 # CLI flag: -deletes.table.write-throughput.scale.target-value 3342 [target: <float> | default = 80] 3343 3344 read_scale: 3345 # Should we enable autoscale for the table. 3346 # CLI flag: -deletes.table.read-throughput.scale.enabled 3347 [enabled: <boolean> | default = false] 3348 3349 # AWS AutoScaling role ARN 3350 # CLI flag: -deletes.table.read-throughput.scale.role-arn 3351 [role_arn: <string> | default = ""] 3352 3353 # DynamoDB minimum provision capacity. 3354 # CLI flag: -deletes.table.read-throughput.scale.min-capacity 3355 [min_capacity: <int> | default = 3000] 3356 3357 # DynamoDB maximum provision capacity. 3358 # CLI flag: -deletes.table.read-throughput.scale.max-capacity 3359 [max_capacity: <int> | default = 6000] 3360 3361 # DynamoDB minimum seconds between each autoscale up. 3362 # CLI flag: -deletes.table.read-throughput.scale.out-cooldown 3363 [out_cooldown: <int> | default = 1800] 3364 3365 # DynamoDB minimum seconds between each autoscale down. 3366 # CLI flag: -deletes.table.read-throughput.scale.in-cooldown 3367 [in_cooldown: <int> | default = 1800] 3368 3369 # DynamoDB target ratio of consumed capacity to provisioned capacity. 3370 # CLI flag: -deletes.table.read-throughput.scale.target-value 3371 [target: <float> | default = 80] 3372 3373 # Tag (of the form key=value) to be added to the tables. Supported by 3374 # DynamoDB 3375 # CLI flag: -deletes.table.tags 3376 [tags: <map of string to string> | default = ] 3377 3378 grpc_store: 3379 # Hostname or IP of the gRPC store instance. 3380 # CLI flag: -grpc-store.server-address 3381 [server_address: <string> | default = ""] 3382 ``` 3383 3384 ### `flusher_config` 3385 3386 The `flusher_config` configures the WAL flusher target, used to manually run one-time flushes when scaling down ingesters. 3387 3388 ```yaml 3389 # Directory to read WAL from (chunks storage engine only). 3390 # CLI flag: -flusher.wal-dir 3391 [wal_dir: <string> | default = "wal"] 3392 3393 # Number of concurrent goroutines flushing to storage (chunks storage engine 3394 # only). 3395 # CLI flag: -flusher.concurrent-flushes 3396 [concurrent_flushes: <int> | default = 50] 3397 3398 # Timeout for individual flush operations (chunks storage engine only). 3399 # CLI flag: -flusher.flush-op-timeout 3400 [flush_op_timeout: <duration> | default = 2m] 3401 3402 # Stop Cortex after flush has finished. If false, Cortex process will keep 3403 # running, doing nothing. 3404 # CLI flag: -flusher.exit-after-flush 3405 [exit_after_flush: <boolean> | default = true] 3406 ``` 3407 3408 ### `chunk_store_config` 3409 3410 The `chunk_store_config` configures how Cortex stores the data (chunks storage engine). 3411 3412 ```yaml 3413 chunk_cache_config: 3414 # Cache config for chunks. Enable in-memory cache. 3415 # CLI flag: -store.chunks-cache.cache.enable-fifocache 3416 [enable_fifocache: <boolean> | default = false] 3417 3418 # Cache config for chunks. The default validity of entries for caches unless 3419 # overridden. 3420 # CLI flag: -store.chunks-cache.default-validity 3421 [default_validity: <duration> | default = 0s] 3422 3423 background: 3424 # Cache config for chunks. At what concurrency to write back to cache. 3425 # CLI flag: -store.chunks-cache.background.write-back-concurrency 3426 [writeback_goroutines: <int> | default = 10] 3427 3428 # Cache config for chunks. How many key batches to buffer for background 3429 # write-back. 3430 # CLI flag: -store.chunks-cache.background.write-back-buffer 3431 [writeback_buffer: <int> | default = 10000] 3432 3433 # The memcached_config block configures how data is stored in Memcached (ie. 3434 # expiration). 3435 # The CLI flags prefix for this block config is: store.chunks-cache 3436 [memcached: <memcached_config>] 3437 3438 # The memcached_client_config configures the client used to connect to 3439 # Memcached. 3440 # The CLI flags prefix for this block config is: store.chunks-cache 3441 [memcached_client: <memcached_client_config>] 3442 3443 # The redis_config configures the Redis backend cache. 3444 # The CLI flags prefix for this block config is: store.chunks-cache 3445 [redis: <redis_config>] 3446 3447 # The fifo_cache_config configures the local in-memory cache. 3448 # The CLI flags prefix for this block config is: store.chunks-cache 3449 [fifocache: <fifo_cache_config>] 3450 3451 write_dedupe_cache_config: 3452 # Cache config for index entry writing. Enable in-memory cache. 3453 # CLI flag: -store.index-cache-write.cache.enable-fifocache 3454 [enable_fifocache: <boolean> | default = false] 3455 3456 # Cache config for index entry writing. The default validity of entries for 3457 # caches unless overridden. 3458 # CLI flag: -store.index-cache-write.default-validity 3459 [default_validity: <duration> | default = 0s] 3460 3461 background: 3462 # Cache config for index entry writing. At what concurrency to write back to 3463 # cache. 3464 # CLI flag: -store.index-cache-write.background.write-back-concurrency 3465 [writeback_goroutines: <int> | default = 10] 3466 3467 # Cache config for index entry writing. How many key batches to buffer for 3468 # background write-back. 3469 # CLI flag: -store.index-cache-write.background.write-back-buffer 3470 [writeback_buffer: <int> | default = 10000] 3471 3472 # The memcached_config block configures how data is stored in Memcached (ie. 3473 # expiration). 3474 # The CLI flags prefix for this block config is: store.index-cache-write 3475 [memcached: <memcached_config>] 3476 3477 # The memcached_client_config configures the client used to connect to 3478 # Memcached. 3479 # The CLI flags prefix for this block config is: store.index-cache-write 3480 [memcached_client: <memcached_client_config>] 3481 3482 # The redis_config configures the Redis backend cache. 3483 # The CLI flags prefix for this block config is: store.index-cache-write 3484 [redis: <redis_config>] 3485 3486 # The fifo_cache_config configures the local in-memory cache. 3487 # The CLI flags prefix for this block config is: store.index-cache-write 3488 [fifocache: <fifo_cache_config>] 3489 3490 # Cache index entries older than this period. 0 to disable. 3491 # CLI flag: -store.cache-lookups-older-than 3492 [cache_lookups_older_than: <duration> | default = 0s] 3493 ``` 3494 3495 ### `ingester_client_config` 3496 3497 The `ingester_client_config` configures how the Cortex distributors connect to the ingesters. 3498 3499 ```yaml 3500 grpc_client_config: 3501 # gRPC client max receive message size (bytes). 3502 # CLI flag: -ingester.client.grpc-max-recv-msg-size 3503 [max_recv_msg_size: <int> | default = 104857600] 3504 3505 # gRPC client max send message size (bytes). 3506 # CLI flag: -ingester.client.grpc-max-send-msg-size 3507 [max_send_msg_size: <int> | default = 16777216] 3508 3509 # Use compression when sending messages. Supported values are: 'gzip', 3510 # 'snappy' and '' (disable compression) 3511 # CLI flag: -ingester.client.grpc-compression 3512 [grpc_compression: <string> | default = ""] 3513 3514 # Rate limit for gRPC client; 0 means disabled. 3515 # CLI flag: -ingester.client.grpc-client-rate-limit 3516 [rate_limit: <float> | default = 0] 3517 3518 # Rate limit burst for gRPC client. 3519 # CLI flag: -ingester.client.grpc-client-rate-limit-burst 3520 [rate_limit_burst: <int> | default = 0] 3521 3522 # Enable backoff and retry when we hit ratelimits. 3523 # CLI flag: -ingester.client.backoff-on-ratelimits 3524 [backoff_on_ratelimits: <boolean> | default = false] 3525 3526 backoff_config: 3527 # Minimum delay when backing off. 3528 # CLI flag: -ingester.client.backoff-min-period 3529 [min_period: <duration> | default = 100ms] 3530 3531 # Maximum delay when backing off. 3532 # CLI flag: -ingester.client.backoff-max-period 3533 [max_period: <duration> | default = 10s] 3534 3535 # Number of times to backoff and retry before failing. 3536 # CLI flag: -ingester.client.backoff-retries 3537 [max_retries: <int> | default = 10] 3538 3539 # Enable TLS in the GRPC client. This flag needs to be enabled when any other 3540 # TLS flag is set. If set to false, insecure connection to gRPC server will be 3541 # used. 3542 # CLI flag: -ingester.client.tls-enabled 3543 [tls_enabled: <boolean> | default = false] 3544 3545 # Path to the client certificate file, which will be used for authenticating 3546 # with the server. Also requires the key path to be configured. 3547 # CLI flag: -ingester.client.tls-cert-path 3548 [tls_cert_path: <string> | default = ""] 3549 3550 # Path to the key file for the client certificate. Also requires the client 3551 # certificate to be configured. 3552 # CLI flag: -ingester.client.tls-key-path 3553 [tls_key_path: <string> | default = ""] 3554 3555 # Path to the CA certificates file to validate server certificate against. If 3556 # not set, the host's root CA certificates are used. 3557 # CLI flag: -ingester.client.tls-ca-path 3558 [tls_ca_path: <string> | default = ""] 3559 3560 # Override the expected name on the server certificate. 3561 # CLI flag: -ingester.client.tls-server-name 3562 [tls_server_name: <string> | default = ""] 3563 3564 # Skip validating server certificate. 3565 # CLI flag: -ingester.client.tls-insecure-skip-verify 3566 [tls_insecure_skip_verify: <boolean> | default = false] 3567 ``` 3568 3569 ### `frontend_worker_config` 3570 3571 The `frontend_worker_config` configures the worker - running within the Cortex querier - picking up and executing queries enqueued by the query-frontend or query-scheduler. 3572 3573 ```yaml 3574 # Address of query frontend service, in host:port format. If 3575 # -querier.scheduler-address is set as well, querier will use scheduler instead. 3576 # Only one of -querier.frontend-address or -querier.scheduler-address can be 3577 # set. If neither is set, queries are only received via HTTP endpoint. 3578 # CLI flag: -querier.frontend-address 3579 [frontend_address: <string> | default = ""] 3580 3581 # Hostname (and port) of scheduler that querier will periodically resolve, 3582 # connect to and receive queries from. Only one of -querier.frontend-address or 3583 # -querier.scheduler-address can be set. If neither is set, queries are only 3584 # received via HTTP endpoint. 3585 # CLI flag: -querier.scheduler-address 3586 [scheduler_address: <string> | default = ""] 3587 3588 # How often to query DNS for query-frontend or query-scheduler address. 3589 # CLI flag: -querier.dns-lookup-period 3590 [dns_lookup_duration: <duration> | default = 10s] 3591 3592 # Number of simultaneous queries to process per query-frontend or 3593 # query-scheduler. 3594 # CLI flag: -querier.worker-parallelism 3595 [parallelism: <int> | default = 10] 3596 3597 # Force worker concurrency to match the -querier.max-concurrent option. 3598 # Overrides querier.worker-parallelism. 3599 # CLI flag: -querier.worker-match-max-concurrent 3600 [match_max_concurrent: <boolean> | default = false] 3601 3602 # Querier ID, sent to frontend service to identify requests from the same 3603 # querier. Defaults to hostname. 3604 # CLI flag: -querier.id 3605 [id: <string> | default = ""] 3606 3607 grpc_client_config: 3608 # gRPC client max receive message size (bytes). 3609 # CLI flag: -querier.frontend-client.grpc-max-recv-msg-size 3610 [max_recv_msg_size: <int> | default = 104857600] 3611 3612 # gRPC client max send message size (bytes). 3613 # CLI flag: -querier.frontend-client.grpc-max-send-msg-size 3614 [max_send_msg_size: <int> | default = 16777216] 3615 3616 # Use compression when sending messages. Supported values are: 'gzip', 3617 # 'snappy' and '' (disable compression) 3618 # CLI flag: -querier.frontend-client.grpc-compression 3619 [grpc_compression: <string> | default = ""] 3620 3621 # Rate limit for gRPC client; 0 means disabled. 3622 # CLI flag: -querier.frontend-client.grpc-client-rate-limit 3623 [rate_limit: <float> | default = 0] 3624 3625 # Rate limit burst for gRPC client. 3626 # CLI flag: -querier.frontend-client.grpc-client-rate-limit-burst 3627 [rate_limit_burst: <int> | default = 0] 3628 3629 # Enable backoff and retry when we hit ratelimits. 3630 # CLI flag: -querier.frontend-client.backoff-on-ratelimits 3631 [backoff_on_ratelimits: <boolean> | default = false] 3632 3633 backoff_config: 3634 # Minimum delay when backing off. 3635 # CLI flag: -querier.frontend-client.backoff-min-period 3636 [min_period: <duration> | default = 100ms] 3637 3638 # Maximum delay when backing off. 3639 # CLI flag: -querier.frontend-client.backoff-max-period 3640 [max_period: <duration> | default = 10s] 3641 3642 # Number of times to backoff and retry before failing. 3643 # CLI flag: -querier.frontend-client.backoff-retries 3644 [max_retries: <int> | default = 10] 3645 3646 # Enable TLS in the GRPC client. This flag needs to be enabled when any other 3647 # TLS flag is set. If set to false, insecure connection to gRPC server will be 3648 # used. 3649 # CLI flag: -querier.frontend-client.tls-enabled 3650 [tls_enabled: <boolean> | default = false] 3651 3652 # Path to the client certificate file, which will be used for authenticating 3653 # with the server. Also requires the key path to be configured. 3654 # CLI flag: -querier.frontend-client.tls-cert-path 3655 [tls_cert_path: <string> | default = ""] 3656 3657 # Path to the key file for the client certificate. Also requires the client 3658 # certificate to be configured. 3659 # CLI flag: -querier.frontend-client.tls-key-path 3660 [tls_key_path: <string> | default = ""] 3661 3662 # Path to the CA certificates file to validate server certificate against. If 3663 # not set, the host's root CA certificates are used. 3664 # CLI flag: -querier.frontend-client.tls-ca-path 3665 [tls_ca_path: <string> | default = ""] 3666 3667 # Override the expected name on the server certificate. 3668 # CLI flag: -querier.frontend-client.tls-server-name 3669 [tls_server_name: <string> | default = ""] 3670 3671 # Skip validating server certificate. 3672 # CLI flag: -querier.frontend-client.tls-insecure-skip-verify 3673 [tls_insecure_skip_verify: <boolean> | default = false] 3674 ``` 3675 3676 ### `etcd_config` 3677 3678 The `etcd_config` configures the etcd client. The supported CLI flags `<prefix>` used to reference this config block are: 3679 3680 - _no prefix_ 3681 - `alertmanager.sharding-ring` 3682 - `compactor.ring` 3683 - `distributor.ha-tracker` 3684 - `distributor.ring` 3685 - `ruler.ring` 3686 - `store-gateway.sharding-ring` 3687 3688 3689 3690 ```yaml 3691 # The etcd endpoints to connect to. 3692 # CLI flag: -<prefix>.etcd.endpoints 3693 [endpoints: <list of string> | default = []] 3694 3695 # The dial timeout for the etcd connection. 3696 # CLI flag: -<prefix>.etcd.dial-timeout 3697 [dial_timeout: <duration> | default = 10s] 3698 3699 # The maximum number of retries to do for failed ops. 3700 # CLI flag: -<prefix>.etcd.max-retries 3701 [max_retries: <int> | default = 10] 3702 3703 # Enable TLS. 3704 # CLI flag: -<prefix>.etcd.tls-enabled 3705 [tls_enabled: <boolean> | default = false] 3706 3707 # Path to the client certificate file, which will be used for authenticating 3708 # with the server. Also requires the key path to be configured. 3709 # CLI flag: -<prefix>.etcd.tls-cert-path 3710 [tls_cert_path: <string> | default = ""] 3711 3712 # Path to the key file for the client certificate. Also requires the client 3713 # certificate to be configured. 3714 # CLI flag: -<prefix>.etcd.tls-key-path 3715 [tls_key_path: <string> | default = ""] 3716 3717 # Path to the CA certificates file to validate server certificate against. If 3718 # not set, the host's root CA certificates are used. 3719 # CLI flag: -<prefix>.etcd.tls-ca-path 3720 [tls_ca_path: <string> | default = ""] 3721 3722 # Override the expected name on the server certificate. 3723 # CLI flag: -<prefix>.etcd.tls-server-name 3724 [tls_server_name: <string> | default = ""] 3725 3726 # Skip validating server certificate. 3727 # CLI flag: -<prefix>.etcd.tls-insecure-skip-verify 3728 [tls_insecure_skip_verify: <boolean> | default = false] 3729 3730 # Etcd username. 3731 # CLI flag: -<prefix>.etcd.username 3732 [username: <string> | default = ""] 3733 3734 # Etcd password. 3735 # CLI flag: -<prefix>.etcd.password 3736 [password: <string> | default = ""] 3737 ``` 3738 3739 ### `consul_config` 3740 3741 The `consul_config` configures the consul client. The supported CLI flags `<prefix>` used to reference this config block are: 3742 3743 - _no prefix_ 3744 - `alertmanager.sharding-ring` 3745 - `compactor.ring` 3746 - `distributor.ha-tracker` 3747 - `distributor.ring` 3748 - `ruler.ring` 3749 - `store-gateway.sharding-ring` 3750 3751 3752 3753 ```yaml 3754 # Hostname and port of Consul. 3755 # CLI flag: -<prefix>.consul.hostname 3756 [host: <string> | default = "localhost:8500"] 3757 3758 # ACL Token used to interact with Consul. 3759 # CLI flag: -<prefix>.consul.acl-token 3760 [acl_token: <string> | default = ""] 3761 3762 # HTTP timeout when talking to Consul 3763 # CLI flag: -<prefix>.consul.client-timeout 3764 [http_client_timeout: <duration> | default = 20s] 3765 3766 # Enable consistent reads to Consul. 3767 # CLI flag: -<prefix>.consul.consistent-reads 3768 [consistent_reads: <boolean> | default = false] 3769 3770 # Rate limit when watching key or prefix in Consul, in requests per second. 0 3771 # disables the rate limit. 3772 # CLI flag: -<prefix>.consul.watch-rate-limit 3773 [watch_rate_limit: <float> | default = 1] 3774 3775 # Burst size used in rate limit. Values less than 1 are treated as 1. 3776 # CLI flag: -<prefix>.consul.watch-burst-size 3777 [watch_burst_size: <int> | default = 1] 3778 ``` 3779 3780 ### `memberlist_config` 3781 3782 The `memberlist_config` configures the Gossip memberlist. 3783 3784 ```yaml 3785 # Name of the node in memberlist cluster. Defaults to hostname. 3786 # CLI flag: -memberlist.nodename 3787 [node_name: <string> | default = ""] 3788 3789 # Add random suffix to the node name. 3790 # CLI flag: -memberlist.randomize-node-name 3791 [randomize_node_name: <boolean> | default = true] 3792 3793 # The timeout for establishing a connection with a remote node, and for 3794 # read/write operations. 3795 # CLI flag: -memberlist.stream-timeout 3796 [stream_timeout: <duration> | default = 10s] 3797 3798 # Multiplication factor used when sending out messages (factor * log(N+1)). 3799 # CLI flag: -memberlist.retransmit-factor 3800 [retransmit_factor: <int> | default = 4] 3801 3802 # How often to use pull/push sync. 3803 # CLI flag: -memberlist.pullpush-interval 3804 [pull_push_interval: <duration> | default = 30s] 3805 3806 # How often to gossip. 3807 # CLI flag: -memberlist.gossip-interval 3808 [gossip_interval: <duration> | default = 200ms] 3809 3810 # How many nodes to gossip to. 3811 # CLI flag: -memberlist.gossip-nodes 3812 [gossip_nodes: <int> | default = 3] 3813 3814 # How long to keep gossiping to dead nodes, to give them chance to refute their 3815 # death. 3816 # CLI flag: -memberlist.gossip-to-dead-nodes-time 3817 [gossip_to_dead_nodes_time: <duration> | default = 30s] 3818 3819 # How soon can dead node's name be reclaimed with new address. 0 to disable. 3820 # CLI flag: -memberlist.dead-node-reclaim-time 3821 [dead_node_reclaim_time: <duration> | default = 0s] 3822 3823 # Enable message compression. This can be used to reduce bandwidth usage at the 3824 # cost of slightly more CPU utilization. 3825 # CLI flag: -memberlist.compression-enabled 3826 [compression_enabled: <boolean> | default = true] 3827 3828 # Gossip address to advertise to other members in the cluster. Used for NAT 3829 # traversal. 3830 # CLI flag: -memberlist.advertise-addr 3831 [advertise_addr: <string> | default = ""] 3832 3833 # Gossip port to advertise to other members in the cluster. Used for NAT 3834 # traversal. 3835 # CLI flag: -memberlist.advertise-port 3836 [advertise_port: <int> | default = 7946] 3837 3838 # Other cluster members to join. Can be specified multiple times. It can be an 3839 # IP, hostname or an entry specified in the DNS Service Discovery format. 3840 # CLI flag: -memberlist.join 3841 [join_members: <list of string> | default = []] 3842 3843 # Min backoff duration to join other cluster members. 3844 # CLI flag: -memberlist.min-join-backoff 3845 [min_join_backoff: <duration> | default = 1s] 3846 3847 # Max backoff duration to join other cluster members. 3848 # CLI flag: -memberlist.max-join-backoff 3849 [max_join_backoff: <duration> | default = 1m] 3850 3851 # Max number of retries to join other cluster members. 3852 # CLI flag: -memberlist.max-join-retries 3853 [max_join_retries: <int> | default = 10] 3854 3855 # If this node fails to join memberlist cluster, abort. 3856 # CLI flag: -memberlist.abort-if-join-fails 3857 [abort_if_cluster_join_fails: <boolean> | default = true] 3858 3859 # If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix 3860 # the cluster split issue, and is harmless otherwise. For example when using 3861 # only few components as a seed nodes (via -memberlist.join), then it's 3862 # recommended to use rejoin. If -memberlist.join points to dynamic service that 3863 # resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin 3864 # is not needed. 3865 # CLI flag: -memberlist.rejoin-interval 3866 [rejoin_interval: <duration> | default = 0s] 3867 3868 # How long to keep LEFT ingesters in the ring. 3869 # CLI flag: -memberlist.left-ingesters-timeout 3870 [left_ingesters_timeout: <duration> | default = 5m] 3871 3872 # Timeout for leaving memberlist cluster. 3873 # CLI flag: -memberlist.leave-timeout 3874 [leave_timeout: <duration> | default = 5s] 3875 3876 # How much space to use for keeping received and sent messages in memory for 3877 # troubleshooting (two buffers). 0 to disable. 3878 # CLI flag: -memberlist.message-history-buffer-bytes 3879 [message_history_buffer_bytes: <int> | default = 0] 3880 3881 # IP address to listen on for gossip messages. Multiple addresses may be 3882 # specified. Defaults to 0.0.0.0 3883 # CLI flag: -memberlist.bind-addr 3884 [bind_addr: <list of string> | default = []] 3885 3886 # Port to listen on for gossip messages. 3887 # CLI flag: -memberlist.bind-port 3888 [bind_port: <int> | default = 7946] 3889 3890 # Timeout used when connecting to other nodes to send packet. 3891 # CLI flag: -memberlist.packet-dial-timeout 3892 [packet_dial_timeout: <duration> | default = 5s] 3893 3894 # Timeout for writing 'packet' data. 3895 # CLI flag: -memberlist.packet-write-timeout 3896 [packet_write_timeout: <duration> | default = 5s] 3897 3898 # Enable TLS on the memberlist transport layer. 3899 # CLI flag: -memberlist.tls-enabled 3900 [tls_enabled: <boolean> | default = false] 3901 3902 # Path to the client certificate file, which will be used for authenticating 3903 # with the server. Also requires the key path to be configured. 3904 # CLI flag: -memberlist.tls-cert-path 3905 [tls_cert_path: <string> | default = ""] 3906 3907 # Path to the key file for the client certificate. Also requires the client 3908 # certificate to be configured. 3909 # CLI flag: -memberlist.tls-key-path 3910 [tls_key_path: <string> | default = ""] 3911 3912 # Path to the CA certificates file to validate server certificate against. If 3913 # not set, the host's root CA certificates are used. 3914 # CLI flag: -memberlist.tls-ca-path 3915 [tls_ca_path: <string> | default = ""] 3916 3917 # Override the expected name on the server certificate. 3918 # CLI flag: -memberlist.tls-server-name 3919 [tls_server_name: <string> | default = ""] 3920 3921 # Skip validating server certificate. 3922 # CLI flag: -memberlist.tls-insecure-skip-verify 3923 [tls_insecure_skip_verify: <boolean> | default = false] 3924 ``` 3925 3926 ### `limits_config` 3927 3928 The `limits_config` configures default and per-tenant limits imposed by Cortex services (ie. distributor, ingester, ...). 3929 3930 ```yaml 3931 # Per-user ingestion rate limit in samples per second. 3932 # CLI flag: -distributor.ingestion-rate-limit 3933 [ingestion_rate: <float> | default = 25000] 3934 3935 # Whether the ingestion rate limit should be applied individually to each 3936 # distributor instance (local), or evenly shared across the cluster (global). 3937 # CLI flag: -distributor.ingestion-rate-limit-strategy 3938 [ingestion_rate_strategy: <string> | default = "local"] 3939 3940 # Per-user allowed ingestion burst size (in number of samples). 3941 # CLI flag: -distributor.ingestion-burst-size 3942 [ingestion_burst_size: <int> | default = 50000] 3943 3944 # Flag to enable, for all users, handling of samples with external labels 3945 # identifying replicas in an HA Prometheus setup. 3946 # CLI flag: -distributor.ha-tracker.enable-for-all-users 3947 [accept_ha_samples: <boolean> | default = false] 3948 3949 # Prometheus label to look for in samples to identify a Prometheus HA cluster. 3950 # CLI flag: -distributor.ha-tracker.cluster 3951 [ha_cluster_label: <string> | default = "cluster"] 3952 3953 # Prometheus label to look for in samples to identify a Prometheus HA replica. 3954 # CLI flag: -distributor.ha-tracker.replica 3955 [ha_replica_label: <string> | default = "__replica__"] 3956 3957 # Maximum number of clusters that HA tracker will keep track of for single user. 3958 # 0 to disable the limit. 3959 # CLI flag: -distributor.ha-tracker.max-clusters 3960 [ha_max_clusters: <int> | default = 0] 3961 3962 # This flag can be used to specify label names that to drop during sample 3963 # ingestion within the distributor and can be repeated in order to drop multiple 3964 # labels. 3965 # CLI flag: -distributor.drop-label 3966 [drop_labels: <list of string> | default = []] 3967 3968 # Maximum length accepted for label names 3969 # CLI flag: -validation.max-length-label-name 3970 [max_label_name_length: <int> | default = 1024] 3971 3972 # Maximum length accepted for label value. This setting also applies to the 3973 # metric name 3974 # CLI flag: -validation.max-length-label-value 3975 [max_label_value_length: <int> | default = 2048] 3976 3977 # Maximum number of label names per series. 3978 # CLI flag: -validation.max-label-names-per-series 3979 [max_label_names_per_series: <int> | default = 30] 3980 3981 # Maximum length accepted for metric metadata. Metadata refers to Metric Name, 3982 # HELP and UNIT. 3983 # CLI flag: -validation.max-metadata-length 3984 [max_metadata_length: <int> | default = 1024] 3985 3986 # Reject old samples. 3987 # CLI flag: -validation.reject-old-samples 3988 [reject_old_samples: <boolean> | default = false] 3989 3990 # Maximum accepted sample age before rejecting. 3991 # CLI flag: -validation.reject-old-samples.max-age 3992 [reject_old_samples_max_age: <duration> | default = 2w] 3993 3994 # Duration which table will be created/deleted before/after it's needed; we 3995 # won't accept sample from before this time. 3996 # CLI flag: -validation.create-grace-period 3997 [creation_grace_period: <duration> | default = 10m] 3998 3999 # Enforce every metadata has a metric name. 4000 # CLI flag: -validation.enforce-metadata-metric-name 4001 [enforce_metadata_metric_name: <boolean> | default = true] 4002 4003 # Enforce every sample has a metric name. 4004 # CLI flag: -validation.enforce-metric-name 4005 [enforce_metric_name: <boolean> | default = true] 4006 4007 # The default tenant's shard size when the shuffle-sharding strategy is used. 4008 # Must be set both on ingesters and distributors. When this setting is specified 4009 # in the per-tenant overrides, a value of 0 disables shuffle sharding for the 4010 # tenant. 4011 # CLI flag: -distributor.ingestion-tenant-shard-size 4012 [ingestion_tenant_shard_size: <int> | default = 0] 4013 4014 # List of metric relabel configurations. Note that in most situations, it is 4015 # more effective to use metrics relabeling directly in the Prometheus server, 4016 # e.g. remote_write.write_relabel_configs. 4017 [metric_relabel_configs: <relabel_config...> | default = ] 4018 4019 # The maximum number of series for which a query can fetch samples from each 4020 # ingester. This limit is enforced only in the ingesters (when querying samples 4021 # not flushed to the storage yet) and it's a per-instance limit. This limit is 4022 # ignored when running the Cortex blocks storage. When running Cortex with 4023 # blocks storage use -querier.max-fetched-series-per-query limit instead. 4024 # CLI flag: -ingester.max-series-per-query 4025 [max_series_per_query: <int> | default = 100000] 4026 4027 # The maximum number of samples that a query can return. This limit only applies 4028 # when running the Cortex chunks storage with -querier.ingester-streaming=false. 4029 # CLI flag: -ingester.max-samples-per-query 4030 [max_samples_per_query: <int> | default = 1000000] 4031 4032 # The maximum number of active series per user, per ingester. 0 to disable. 4033 # CLI flag: -ingester.max-series-per-user 4034 [max_series_per_user: <int> | default = 5000000] 4035 4036 # The maximum number of active series per metric name, per ingester. 0 to 4037 # disable. 4038 # CLI flag: -ingester.max-series-per-metric 4039 [max_series_per_metric: <int> | default = 50000] 4040 4041 # The maximum number of active series per user, across the cluster before 4042 # replication. 0 to disable. Supported only if -distributor.shard-by-all-labels 4043 # is true. 4044 # CLI flag: -ingester.max-global-series-per-user 4045 [max_global_series_per_user: <int> | default = 0] 4046 4047 # The maximum number of active series per metric name, across the cluster before 4048 # replication. 0 to disable. 4049 # CLI flag: -ingester.max-global-series-per-metric 4050 [max_global_series_per_metric: <int> | default = 0] 4051 4052 # Minimum number of samples in an idle chunk to flush it to the store. Use with 4053 # care, if chunks are less than this size they will be discarded. This option is 4054 # ignored when running the Cortex blocks storage. 0 to disable. 4055 # CLI flag: -ingester.min-chunk-length 4056 [min_chunk_length: <int> | default = 0] 4057 4058 # The maximum number of active metrics with metadata per user, per ingester. 0 4059 # to disable. 4060 # CLI flag: -ingester.max-metadata-per-user 4061 [max_metadata_per_user: <int> | default = 8000] 4062 4063 # The maximum number of metadata per metric, per ingester. 0 to disable. 4064 # CLI flag: -ingester.max-metadata-per-metric 4065 [max_metadata_per_metric: <int> | default = 10] 4066 4067 # The maximum number of active metrics with metadata per user, across the 4068 # cluster. 0 to disable. Supported only if -distributor.shard-by-all-labels is 4069 # true. 4070 # CLI flag: -ingester.max-global-metadata-per-user 4071 [max_global_metadata_per_user: <int> | default = 0] 4072 4073 # The maximum number of metadata per metric, across the cluster. 0 to disable. 4074 # CLI flag: -ingester.max-global-metadata-per-metric 4075 [max_global_metadata_per_metric: <int> | default = 0] 4076 4077 # Deprecated. Use -querier.max-fetched-chunks-per-query CLI flag and its 4078 # respective YAML config option instead. Maximum number of chunks that can be 4079 # fetched in a single query. This limit is enforced when fetching chunks from 4080 # the long-term storage only. When running the Cortex chunks storage, this limit 4081 # is enforced in the querier and ruler, while when running the Cortex blocks 4082 # storage this limit is enforced in the querier, ruler and store-gateway. 0 to 4083 # disable. 4084 # CLI flag: -store.query-chunk-limit 4085 [max_chunks_per_query: <int> | default = 2000000] 4086 4087 # Maximum number of chunks that can be fetched in a single query from ingesters 4088 # and long-term storage. This limit is enforced in the querier, ruler and 4089 # store-gateway. Takes precedence over the deprecated -store.query-chunk-limit. 4090 # 0 to disable. 4091 # CLI flag: -querier.max-fetched-chunks-per-query 4092 [max_fetched_chunks_per_query: <int> | default = 0] 4093 4094 # The maximum number of unique series for which a query can fetch samples from 4095 # each ingesters and blocks storage. This limit is enforced in the querier only 4096 # when running Cortex with blocks storage. 0 to disable 4097 # CLI flag: -querier.max-fetched-series-per-query 4098 [max_fetched_series_per_query: <int> | default = 0] 4099 4100 # The maximum size of all chunks in bytes that a query can fetch from each 4101 # ingester and storage. This limit is enforced in the querier and ruler only 4102 # when running Cortex with blocks storage. 0 to disable. 4103 # CLI flag: -querier.max-fetched-chunk-bytes-per-query 4104 [max_fetched_chunk_bytes_per_query: <int> | default = 0] 4105 4106 # Limit how long back data (series and metadata) can be queried, up until 4107 # <lookback> duration ago. This limit is enforced in the query-frontend, querier 4108 # and ruler. If the requested time range is outside the allowed range, the 4109 # request will not fail but will be manipulated to only query data within the 4110 # allowed time range. 0 to disable. 4111 # CLI flag: -querier.max-query-lookback 4112 [max_query_lookback: <duration> | default = 0s] 4113 4114 # Limit the query time range (end - start time). This limit is enforced in the 4115 # query-frontend (on the received query), in the querier (on the query possibly 4116 # split by the query-frontend) and in the chunks storage. 0 to disable. 4117 # CLI flag: -store.max-query-length 4118 [max_query_length: <duration> | default = 0s] 4119 4120 # Maximum number of split queries will be scheduled in parallel by the frontend. 4121 # CLI flag: -querier.max-query-parallelism 4122 [max_query_parallelism: <int> | default = 14] 4123 4124 # Cardinality limit for index queries. This limit is ignored when running the 4125 # Cortex blocks storage. 0 to disable. 4126 # CLI flag: -store.cardinality-limit 4127 [cardinality_limit: <int> | default = 100000] 4128 4129 # Most recent allowed cacheable result per-tenant, to prevent caching very 4130 # recent results that might still be in flux. 4131 # CLI flag: -frontend.max-cache-freshness 4132 [max_cache_freshness: <duration> | default = 1m] 4133 4134 # Maximum number of queriers that can handle requests for a single tenant. If 4135 # set to 0 or value higher than number of available queriers, *all* queriers 4136 # will handle requests for the tenant. Each frontend (or query-scheduler, if 4137 # used) will select the same set of queriers for the same tenant (given that all 4138 # queriers are connected to all frontends / query-schedulers). This option only 4139 # works with queriers connecting to the query-frontend / query-scheduler, not 4140 # when using downstream URL. 4141 # CLI flag: -frontend.max-queriers-per-tenant 4142 [max_queriers_per_tenant: <int> | default = 0] 4143 4144 # Duration to delay the evaluation of rules to ensure the underlying metrics 4145 # have been pushed to Cortex. 4146 # CLI flag: -ruler.evaluation-delay-duration 4147 [ruler_evaluation_delay_duration: <duration> | default = 0s] 4148 4149 # The default tenant's shard size when the shuffle-sharding strategy is used by 4150 # ruler. When this setting is specified in the per-tenant overrides, a value of 4151 # 0 disables shuffle sharding for the tenant. 4152 # CLI flag: -ruler.tenant-shard-size 4153 [ruler_tenant_shard_size: <int> | default = 0] 4154 4155 # Maximum number of rules per rule group per-tenant. 0 to disable. 4156 # CLI flag: -ruler.max-rules-per-rule-group 4157 [ruler_max_rules_per_rule_group: <int> | default = 0] 4158 4159 # Maximum number of rule groups per-tenant. 0 to disable. 4160 # CLI flag: -ruler.max-rule-groups-per-tenant 4161 [ruler_max_rule_groups_per_tenant: <int> | default = 0] 4162 4163 # The default tenant's shard size when the shuffle-sharding strategy is used. 4164 # Must be set when the store-gateway sharding is enabled with the 4165 # shuffle-sharding strategy. When this setting is specified in the per-tenant 4166 # overrides, a value of 0 disables shuffle sharding for the tenant. 4167 # CLI flag: -store-gateway.tenant-shard-size 4168 [store_gateway_tenant_shard_size: <int> | default = 0] 4169 4170 # Delete blocks containing samples older than the specified retention period. 0 4171 # to disable. 4172 # CLI flag: -compactor.blocks-retention-period 4173 [compactor_blocks_retention_period: <duration> | default = 0s] 4174 4175 # S3 server-side encryption type. Required to enable server-side encryption 4176 # overrides for a specific tenant. If not set, the default S3 client settings 4177 # are used. 4178 [s3_sse_type: <string> | default = ""] 4179 4180 # S3 server-side encryption KMS Key ID. Ignored if the SSE type override is not 4181 # set. 4182 [s3_sse_kms_key_id: <string> | default = ""] 4183 4184 # S3 server-side encryption KMS encryption context. If unset and the key ID 4185 # override is set, the encryption context will not be provided to S3. Ignored if 4186 # the SSE type override is not set. 4187 [s3_sse_kms_encryption_context: <string> | default = ""] 4188 4189 # Comma-separated list of network CIDRs to block in Alertmanager receiver 4190 # integrations. 4191 # CLI flag: -alertmanager.receivers-firewall-block-cidr-networks 4192 [alertmanager_receivers_firewall_block_cidr_networks: <string> | default = ""] 4193 4194 # True to block private and local addresses in Alertmanager receiver 4195 # integrations. It blocks private addresses defined by RFC 1918 (IPv4 4196 # addresses) and RFC 4193 (IPv6 addresses), as well as loopback, local unicast 4197 # and local multicast addresses. 4198 # CLI flag: -alertmanager.receivers-firewall-block-private-addresses 4199 [alertmanager_receivers_firewall_block_private_addresses: <boolean> | default = false] 4200 4201 # Per-user rate limit for sending notifications from Alertmanager in 4202 # notifications/sec. 0 = rate limit disabled. Negative value = no notifications 4203 # are allowed. 4204 # CLI flag: -alertmanager.notification-rate-limit 4205 [alertmanager_notification_rate_limit: <float> | default = 0] 4206 4207 # Per-integration notification rate limits. Value is a map, where each key is 4208 # integration name and value is a rate-limit (float). On command line, this map 4209 # is given in JSON format. Rate limit has the same meaning as 4210 # -alertmanager.notification-rate-limit, but only applies for specific 4211 # integration. Allowed integration names: webhook, email, pagerduty, opsgenie, 4212 # wechat, slack, victorops, pushover, sns. 4213 # CLI flag: -alertmanager.notification-rate-limit-per-integration 4214 [alertmanager_notification_rate_limit_per_integration: <map of string to float64> | default = {}] 4215 4216 # Maximum size of configuration file for Alertmanager that tenant can upload via 4217 # Alertmanager API. 0 = no limit. 4218 # CLI flag: -alertmanager.max-config-size-bytes 4219 [alertmanager_max_config_size_bytes: <int> | default = 0] 4220 4221 # Maximum number of templates in tenant's Alertmanager configuration uploaded 4222 # via Alertmanager API. 0 = no limit. 4223 # CLI flag: -alertmanager.max-templates-count 4224 [alertmanager_max_templates_count: <int> | default = 0] 4225 4226 # Maximum size of single template in tenant's Alertmanager configuration 4227 # uploaded via Alertmanager API. 0 = no limit. 4228 # CLI flag: -alertmanager.max-template-size-bytes 4229 [alertmanager_max_template_size_bytes: <int> | default = 0] 4230 4231 # Maximum number of aggregation groups in Alertmanager's dispatcher that a 4232 # tenant can have. Each active aggregation group uses single goroutine. When the 4233 # limit is reached, dispatcher will not dispatch alerts that belong to 4234 # additional aggregation groups, but existing groups will keep working properly. 4235 # 0 = no limit. 4236 # CLI flag: -alertmanager.max-dispatcher-aggregation-groups 4237 [alertmanager_max_dispatcher_aggregation_groups: <int> | default = 0] 4238 4239 # Maximum number of alerts that a single user can have. Inserting more alerts 4240 # will fail with a log message and metric increment. 0 = no limit. 4241 # CLI flag: -alertmanager.max-alerts-count 4242 [alertmanager_max_alerts_count: <int> | default = 0] 4243 4244 # Maximum total size of alerts that a single user can have, alert size is the 4245 # sum of the bytes of its labels, annotations and generatorURL. Inserting more 4246 # alerts will fail with a log message and metric increment. 0 = no limit. 4247 # CLI flag: -alertmanager.max-alerts-size-bytes 4248 [alertmanager_max_alerts_size_bytes: <int> | default = 0] 4249 ``` 4250 4251 ### `redis_config` 4252 4253 The `redis_config` configures the Redis backend cache. The supported CLI flags `<prefix>` used to reference this config block are: 4254 4255 - `frontend` 4256 - `store.chunks-cache` 4257 - `store.index-cache-read` 4258 - `store.index-cache-write` 4259 4260 4261 4262 ```yaml 4263 # Redis Server endpoint to use for caching. A comma-separated list of endpoints 4264 # for Redis Cluster or Redis Sentinel. If empty, no redis will be used. 4265 # CLI flag: -<prefix>.redis.endpoint 4266 [endpoint: <string> | default = ""] 4267 4268 # Redis Sentinel master name. An empty string for Redis Server or Redis Cluster. 4269 # CLI flag: -<prefix>.redis.master-name 4270 [master_name: <string> | default = ""] 4271 4272 # Maximum time to wait before giving up on redis requests. 4273 # CLI flag: -<prefix>.redis.timeout 4274 [timeout: <duration> | default = 500ms] 4275 4276 # How long keys stay in the redis. 4277 # CLI flag: -<prefix>.redis.expiration 4278 [expiration: <duration> | default = 0s] 4279 4280 # Database index. 4281 # CLI flag: -<prefix>.redis.db 4282 [db: <int> | default = 0] 4283 4284 # Maximum number of connections in the pool. 4285 # CLI flag: -<prefix>.redis.pool-size 4286 [pool_size: <int> | default = 0] 4287 4288 # Password to use when connecting to redis. 4289 # CLI flag: -<prefix>.redis.password 4290 [password: <string> | default = ""] 4291 4292 # Enable connecting to redis with TLS. 4293 # CLI flag: -<prefix>.redis.tls-enabled 4294 [tls_enabled: <boolean> | default = false] 4295 4296 # Skip validating server certificate. 4297 # CLI flag: -<prefix>.redis.tls-insecure-skip-verify 4298 [tls_insecure_skip_verify: <boolean> | default = false] 4299 4300 # Close connections after remaining idle for this duration. If the value is 4301 # zero, then idle connections are not closed. 4302 # CLI flag: -<prefix>.redis.idle-timeout 4303 [idle_timeout: <duration> | default = 0s] 4304 4305 # Close connections older than this duration. If the value is zero, then the 4306 # pool does not close connections based on age. 4307 # CLI flag: -<prefix>.redis.max-connection-age 4308 [max_connection_age: <duration> | default = 0s] 4309 ``` 4310 4311 ### `memcached_config` 4312 4313 The `memcached_config` block configures how data is stored in Memcached (ie. expiration). The supported CLI flags `<prefix>` used to reference this config block are: 4314 4315 - `frontend` 4316 - `store.chunks-cache` 4317 - `store.index-cache-read` 4318 - `store.index-cache-write` 4319 4320 4321 4322 ```yaml 4323 # How long keys stay in the memcache. 4324 # CLI flag: -<prefix>.memcached.expiration 4325 [expiration: <duration> | default = 0s] 4326 4327 # How many keys to fetch in each batch. 4328 # CLI flag: -<prefix>.memcached.batchsize 4329 [batch_size: <int> | default = 1024] 4330 4331 # Maximum active requests to memcache. 4332 # CLI flag: -<prefix>.memcached.parallelism 4333 [parallelism: <int> | default = 100] 4334 ``` 4335 4336 ### `memcached_client_config` 4337 4338 The `memcached_client_config` configures the client used to connect to Memcached. The supported CLI flags `<prefix>` used to reference this config block are: 4339 4340 - `frontend` 4341 - `store.chunks-cache` 4342 - `store.index-cache-read` 4343 - `store.index-cache-write` 4344 4345 4346 4347 ```yaml 4348 # Hostname for memcached service to use. If empty and if addresses is unset, no 4349 # memcached will be used. 4350 # CLI flag: -<prefix>.memcached.hostname 4351 [host: <string> | default = ""] 4352 4353 # SRV service used to discover memcache servers. 4354 # CLI flag: -<prefix>.memcached.service 4355 [service: <string> | default = "memcached"] 4356 4357 # EXPERIMENTAL: Comma separated addresses list in DNS Service Discovery format: 4358 # https://cortexmetrics.io/docs/configuration/arguments/#dns-service-discovery 4359 # CLI flag: -<prefix>.memcached.addresses 4360 [addresses: <string> | default = ""] 4361 4362 # Maximum time to wait before giving up on memcached requests. 4363 # CLI flag: -<prefix>.memcached.timeout 4364 [timeout: <duration> | default = 100ms] 4365 4366 # Maximum number of idle connections in pool. 4367 # CLI flag: -<prefix>.memcached.max-idle-conns 4368 [max_idle_conns: <int> | default = 16] 4369 4370 # The maximum size of an item stored in memcached. Bigger items are not stored. 4371 # If set to 0, no maximum size is enforced. 4372 # CLI flag: -<prefix>.memcached.max-item-size 4373 [max_item_size: <int> | default = 0] 4374 4375 # Period with which to poll DNS for memcache servers. 4376 # CLI flag: -<prefix>.memcached.update-interval 4377 [update_interval: <duration> | default = 1m] 4378 4379 # Use consistent hashing to distribute to memcache servers. 4380 # CLI flag: -<prefix>.memcached.consistent-hash 4381 [consistent_hash: <boolean> | default = true] 4382 4383 # Trip circuit-breaker after this number of consecutive dial failures (if zero 4384 # then circuit-breaker is disabled). 4385 # CLI flag: -<prefix>.memcached.circuit-breaker-consecutive-failures 4386 [circuit_breaker_consecutive_failures: <int> | default = 10] 4387 4388 # Duration circuit-breaker remains open after tripping (if zero then 60 seconds 4389 # is used). 4390 # CLI flag: -<prefix>.memcached.circuit-breaker-timeout 4391 [circuit_breaker_timeout: <duration> | default = 10s] 4392 4393 # Reset circuit-breaker counts after this long (if zero then never reset). 4394 # CLI flag: -<prefix>.memcached.circuit-breaker-interval 4395 [circuit_breaker_interval: <duration> | default = 10s] 4396 ``` 4397 4398 ### `fifo_cache_config` 4399 4400 The `fifo_cache_config` configures the local in-memory cache. The supported CLI flags `<prefix>` used to reference this config block are: 4401 4402 - `frontend` 4403 - `store.chunks-cache` 4404 - `store.index-cache-read` 4405 - `store.index-cache-write` 4406 4407 4408 4409 ```yaml 4410 # Maximum memory size of the cache in bytes. A unit suffix (KB, MB, GB) may be 4411 # applied. 4412 # CLI flag: -<prefix>.fifocache.max-size-bytes 4413 [max_size_bytes: <string> | default = ""] 4414 4415 # Maximum number of entries in the cache. 4416 # CLI flag: -<prefix>.fifocache.max-size-items 4417 [max_size_items: <int> | default = 0] 4418 4419 # The expiry duration for the cache. 4420 # CLI flag: -<prefix>.fifocache.duration 4421 [validity: <duration> | default = 0s] 4422 4423 # Deprecated (use max-size-items or max-size-bytes instead): The number of 4424 # entries to cache. 4425 # CLI flag: -<prefix>.fifocache.size 4426 [size: <int> | default = 0] 4427 ``` 4428 4429 ### `configs_config` 4430 4431 The `configs_config` configures the Cortex Configs DB and API. 4432 4433 ```yaml 4434 database: 4435 # URI where the database can be found (for dev you can use memory://) 4436 # CLI flag: -configs.database.uri 4437 [uri: <string> | default = "postgres://postgres@configs-db.weave.local/configs?sslmode=disable"] 4438 4439 # Path where the database migration files can be found 4440 # CLI flag: -configs.database.migrations-dir 4441 [migrations_dir: <string> | default = ""] 4442 4443 # File containing password (username goes in URI) 4444 # CLI flag: -configs.database.password-file 4445 [password_file: <string> | default = ""] 4446 4447 api: 4448 notifications: 4449 # Disable Email notifications for Alertmanager. 4450 # CLI flag: -configs.notifications.disable-email 4451 [disable_email: <boolean> | default = false] 4452 4453 # Disable WebHook notifications for Alertmanager. 4454 # CLI flag: -configs.notifications.disable-webhook 4455 [disable_webhook: <boolean> | default = false] 4456 ``` 4457 4458 ### `configstore_config` 4459 4460 The `configstore_config` configures the config database storing rules and alerts, and is used by the Cortex alertmanager. The supported CLI flags `<prefix>` used to reference this config block are: 4461 4462 - `alertmanager` 4463 - `alertmanager-storage` 4464 - `ruler` 4465 - `ruler-storage` 4466 4467 4468 4469 ```yaml 4470 # URL of configs API server. 4471 # CLI flag: -<prefix>.configs.url 4472 [configs_api_url: <url> | default = ] 4473 4474 # Timeout for requests to Weave Cloud configs service. 4475 # CLI flag: -<prefix>.configs.client-timeout 4476 [client_timeout: <duration> | default = 5s] 4477 4478 # Path to the client certificate file, which will be used for authenticating 4479 # with the server. Also requires the key path to be configured. 4480 # CLI flag: -<prefix>.configs.tls-cert-path 4481 [tls_cert_path: <string> | default = ""] 4482 4483 # Path to the key file for the client certificate. Also requires the client 4484 # certificate to be configured. 4485 # CLI flag: -<prefix>.configs.tls-key-path 4486 [tls_key_path: <string> | default = ""] 4487 4488 # Path to the CA certificates file to validate server certificate against. If 4489 # not set, the host's root CA certificates are used. 4490 # CLI flag: -<prefix>.configs.tls-ca-path 4491 [tls_ca_path: <string> | default = ""] 4492 4493 # Override the expected name on the server certificate. 4494 # CLI flag: -<prefix>.configs.tls-server-name 4495 [tls_server_name: <string> | default = ""] 4496 4497 # Skip validating server certificate. 4498 # CLI flag: -<prefix>.configs.tls-insecure-skip-verify 4499 [tls_insecure_skip_verify: <boolean> | default = false] 4500 ``` 4501 4502 ### `blocks_storage_config` 4503 4504 The `blocks_storage_config` configures the blocks storage. 4505 4506 ```yaml 4507 # Backend storage to use. Supported backends are: s3, gcs, azure, swift, 4508 # filesystem. 4509 # CLI flag: -blocks-storage.backend 4510 [backend: <string> | default = "s3"] 4511 4512 s3: 4513 # The S3 bucket endpoint. It could be an AWS S3 endpoint listed at 4514 # https://docs.aws.amazon.com/general/latest/gr/s3.html or the address of an 4515 # S3-compatible service in hostname:port format. 4516 # CLI flag: -blocks-storage.s3.endpoint 4517 [endpoint: <string> | default = ""] 4518 4519 # S3 region. If unset, the client will issue a S3 GetBucketLocation API call 4520 # to autodetect it. 4521 # CLI flag: -blocks-storage.s3.region 4522 [region: <string> | default = ""] 4523 4524 # S3 bucket name 4525 # CLI flag: -blocks-storage.s3.bucket-name 4526 [bucket_name: <string> | default = ""] 4527 4528 # S3 secret access key 4529 # CLI flag: -blocks-storage.s3.secret-access-key 4530 [secret_access_key: <string> | default = ""] 4531 4532 # S3 access key ID 4533 # CLI flag: -blocks-storage.s3.access-key-id 4534 [access_key_id: <string> | default = ""] 4535 4536 # If enabled, use http:// for the S3 endpoint instead of https://. This could 4537 # be useful in local dev/test environments while using an S3-compatible 4538 # backend storage, like Minio. 4539 # CLI flag: -blocks-storage.s3.insecure 4540 [insecure: <boolean> | default = false] 4541 4542 # The signature version to use for authenticating against S3. Supported values 4543 # are: v4, v2. 4544 # CLI flag: -blocks-storage.s3.signature-version 4545 [signature_version: <string> | default = "v4"] 4546 4547 # The s3_sse_config configures the S3 server-side encryption. 4548 # The CLI flags prefix for this block config is: blocks-storage 4549 [sse: <s3_sse_config>] 4550 4551 http: 4552 # The time an idle connection will remain idle before closing. 4553 # CLI flag: -blocks-storage.s3.http.idle-conn-timeout 4554 [idle_conn_timeout: <duration> | default = 1m30s] 4555 4556 # The amount of time the client will wait for a servers response headers. 4557 # CLI flag: -blocks-storage.s3.http.response-header-timeout 4558 [response_header_timeout: <duration> | default = 2m] 4559 4560 # If the client connects to S3 via HTTPS and this option is enabled, the 4561 # client will accept any certificate and hostname. 4562 # CLI flag: -blocks-storage.s3.http.insecure-skip-verify 4563 [insecure_skip_verify: <boolean> | default = false] 4564 4565 # Maximum time to wait for a TLS handshake. 0 means no limit. 4566 # CLI flag: -blocks-storage.s3.tls-handshake-timeout 4567 [tls_handshake_timeout: <duration> | default = 10s] 4568 4569 # The time to wait for a server's first response headers after fully writing 4570 # the request headers if the request has an Expect header. 0 to send the 4571 # request body immediately. 4572 # CLI flag: -blocks-storage.s3.expect-continue-timeout 4573 [expect_continue_timeout: <duration> | default = 1s] 4574 4575 # Maximum number of idle (keep-alive) connections across all hosts. 0 means 4576 # no limit. 4577 # CLI flag: -blocks-storage.s3.max-idle-connections 4578 [max_idle_connections: <int> | default = 100] 4579 4580 # Maximum number of idle (keep-alive) connections to keep per-host. If 0, a 4581 # built-in default value is used. 4582 # CLI flag: -blocks-storage.s3.max-idle-connections-per-host 4583 [max_idle_connections_per_host: <int> | default = 100] 4584 4585 # Maximum number of connections per host. 0 means no limit. 4586 # CLI flag: -blocks-storage.s3.max-connections-per-host 4587 [max_connections_per_host: <int> | default = 0] 4588 4589 gcs: 4590 # GCS bucket name 4591 # CLI flag: -blocks-storage.gcs.bucket-name 4592 [bucket_name: <string> | default = ""] 4593 4594 # JSON representing either a Google Developers Console client_credentials.json 4595 # file or a Google Developers service account key file. If empty, fallback to 4596 # Google default logic. 4597 # CLI flag: -blocks-storage.gcs.service-account 4598 [service_account: <string> | default = ""] 4599 4600 azure: 4601 # Azure storage account name 4602 # CLI flag: -blocks-storage.azure.account-name 4603 [account_name: <string> | default = ""] 4604 4605 # Azure storage account key 4606 # CLI flag: -blocks-storage.azure.account-key 4607 [account_key: <string> | default = ""] 4608 4609 # Azure storage container name 4610 # CLI flag: -blocks-storage.azure.container-name 4611 [container_name: <string> | default = ""] 4612 4613 # Azure storage endpoint suffix without schema. The account name will be 4614 # prefixed to this value to create the FQDN 4615 # CLI flag: -blocks-storage.azure.endpoint-suffix 4616 [endpoint_suffix: <string> | default = ""] 4617 4618 # Number of retries for recoverable errors 4619 # CLI flag: -blocks-storage.azure.max-retries 4620 [max_retries: <int> | default = 20] 4621 4622 swift: 4623 # OpenStack Swift authentication API version. 0 to autodetect. 4624 # CLI flag: -blocks-storage.swift.auth-version 4625 [auth_version: <int> | default = 0] 4626 4627 # OpenStack Swift authentication URL 4628 # CLI flag: -blocks-storage.swift.auth-url 4629 [auth_url: <string> | default = ""] 4630 4631 # OpenStack Swift username. 4632 # CLI flag: -blocks-storage.swift.username 4633 [username: <string> | default = ""] 4634 4635 # OpenStack Swift user's domain name. 4636 # CLI flag: -blocks-storage.swift.user-domain-name 4637 [user_domain_name: <string> | default = ""] 4638 4639 # OpenStack Swift user's domain ID. 4640 # CLI flag: -blocks-storage.swift.user-domain-id 4641 [user_domain_id: <string> | default = ""] 4642 4643 # OpenStack Swift user ID. 4644 # CLI flag: -blocks-storage.swift.user-id 4645 [user_id: <string> | default = ""] 4646 4647 # OpenStack Swift API key. 4648 # CLI flag: -blocks-storage.swift.password 4649 [password: <string> | default = ""] 4650 4651 # OpenStack Swift user's domain ID. 4652 # CLI flag: -blocks-storage.swift.domain-id 4653 [domain_id: <string> | default = ""] 4654 4655 # OpenStack Swift user's domain name. 4656 # CLI flag: -blocks-storage.swift.domain-name 4657 [domain_name: <string> | default = ""] 4658 4659 # OpenStack Swift project ID (v2,v3 auth only). 4660 # CLI flag: -blocks-storage.swift.project-id 4661 [project_id: <string> | default = ""] 4662 4663 # OpenStack Swift project name (v2,v3 auth only). 4664 # CLI flag: -blocks-storage.swift.project-name 4665 [project_name: <string> | default = ""] 4666 4667 # ID of the OpenStack Swift project's domain (v3 auth only), only needed if it 4668 # differs the from user domain. 4669 # CLI flag: -blocks-storage.swift.project-domain-id 4670 [project_domain_id: <string> | default = ""] 4671 4672 # Name of the OpenStack Swift project's domain (v3 auth only), only needed if 4673 # it differs from the user domain. 4674 # CLI flag: -blocks-storage.swift.project-domain-name 4675 [project_domain_name: <string> | default = ""] 4676 4677 # OpenStack Swift Region to use (v2,v3 auth only). 4678 # CLI flag: -blocks-storage.swift.region-name 4679 [region_name: <string> | default = ""] 4680 4681 # Name of the OpenStack Swift container to put chunks in. 4682 # CLI flag: -blocks-storage.swift.container-name 4683 [container_name: <string> | default = ""] 4684 4685 # Max retries on requests error. 4686 # CLI flag: -blocks-storage.swift.max-retries 4687 [max_retries: <int> | default = 3] 4688 4689 # Time after which a connection attempt is aborted. 4690 # CLI flag: -blocks-storage.swift.connect-timeout 4691 [connect_timeout: <duration> | default = 10s] 4692 4693 # Time after which an idle request is aborted. The timeout watchdog is reset 4694 # each time some data is received, so the timeout triggers after X time no 4695 # data is received on a request. 4696 # CLI flag: -blocks-storage.swift.request-timeout 4697 [request_timeout: <duration> | default = 5s] 4698 4699 filesystem: 4700 # Local filesystem storage directory. 4701 # CLI flag: -blocks-storage.filesystem.dir 4702 [dir: <string> | default = ""] 4703 4704 # This configures how the querier and store-gateway discover and synchronize 4705 # blocks stored in the bucket. 4706 bucket_store: 4707 # Directory to store synchronized TSDB index headers. 4708 # CLI flag: -blocks-storage.bucket-store.sync-dir 4709 [sync_dir: <string> | default = "tsdb-sync"] 4710 4711 # How frequently to scan the bucket, or to refresh the bucket index (if 4712 # enabled), in order to look for changes (new blocks shipped by ingesters and 4713 # blocks deleted by retention or compaction). 4714 # CLI flag: -blocks-storage.bucket-store.sync-interval 4715 [sync_interval: <duration> | default = 15m] 4716 4717 # Max number of concurrent queries to execute against the long-term storage. 4718 # The limit is shared across all tenants. 4719 # CLI flag: -blocks-storage.bucket-store.max-concurrent 4720 [max_concurrent: <int> | default = 100] 4721 4722 # Maximum number of concurrent tenants synching blocks. 4723 # CLI flag: -blocks-storage.bucket-store.tenant-sync-concurrency 4724 [tenant_sync_concurrency: <int> | default = 10] 4725 4726 # Maximum number of concurrent blocks synching per tenant. 4727 # CLI flag: -blocks-storage.bucket-store.block-sync-concurrency 4728 [block_sync_concurrency: <int> | default = 20] 4729 4730 # Number of Go routines to use when syncing block meta files from object 4731 # storage per tenant. 4732 # CLI flag: -blocks-storage.bucket-store.meta-sync-concurrency 4733 [meta_sync_concurrency: <int> | default = 20] 4734 4735 # Minimum age of a block before it's being read. Set it to safe value (e.g 4736 # 30m) if your object storage is eventually consistent. GCS and S3 are 4737 # (roughly) strongly consistent. 4738 # CLI flag: -blocks-storage.bucket-store.consistency-delay 4739 [consistency_delay: <duration> | default = 0s] 4740 4741 index_cache: 4742 # The index cache backend type. Supported values: inmemory, memcached. 4743 # CLI flag: -blocks-storage.bucket-store.index-cache.backend 4744 [backend: <string> | default = "inmemory"] 4745 4746 inmemory: 4747 # Maximum size in bytes of in-memory index cache used to speed up blocks 4748 # index lookups (shared between all tenants). 4749 # CLI flag: -blocks-storage.bucket-store.index-cache.inmemory.max-size-bytes 4750 [max_size_bytes: <int> | default = 1073741824] 4751 4752 memcached: 4753 # Comma separated list of memcached addresses. Supported prefixes are: 4754 # dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, 4755 # dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after 4756 # that). 4757 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.addresses 4758 [addresses: <string> | default = ""] 4759 4760 # The socket read/write timeout. 4761 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.timeout 4762 [timeout: <duration> | default = 100ms] 4763 4764 # The maximum number of idle connections that will be maintained per 4765 # address. 4766 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-idle-connections 4767 [max_idle_connections: <int> | default = 16] 4768 4769 # The maximum number of concurrent asynchronous operations can occur. 4770 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-async-concurrency 4771 [max_async_concurrency: <int> | default = 50] 4772 4773 # The maximum number of enqueued asynchronous operations allowed. 4774 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-async-buffer-size 4775 [max_async_buffer_size: <int> | default = 10000] 4776 4777 # The maximum number of concurrent connections running get operations. If 4778 # set to 0, concurrency is unlimited. 4779 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-get-multi-concurrency 4780 [max_get_multi_concurrency: <int> | default = 100] 4781 4782 # The maximum number of keys a single underlying get operation should run. 4783 # If more keys are specified, internally keys are split into multiple 4784 # batches and fetched concurrently, honoring the max concurrency. If set 4785 # to 0, the max batch size is unlimited. 4786 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-get-multi-batch-size 4787 [max_get_multi_batch_size: <int> | default = 0] 4788 4789 # The maximum size of an item stored in memcached. Bigger items are not 4790 # stored. If set to 0, no maximum size is enforced. 4791 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.max-item-size 4792 [max_item_size: <int> | default = 1048576] 4793 4794 # Use memcached auto-discovery mechanism provided by some cloud provider 4795 # like GCP and AWS 4796 # CLI flag: -blocks-storage.bucket-store.index-cache.memcached.auto-discovery 4797 [auto_discovery: <boolean> | default = false] 4798 4799 chunks_cache: 4800 # Backend for chunks cache, if not empty. Supported values: memcached. 4801 # CLI flag: -blocks-storage.bucket-store.chunks-cache.backend 4802 [backend: <string> | default = ""] 4803 4804 memcached: 4805 # Comma separated list of memcached addresses. Supported prefixes are: 4806 # dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, 4807 # dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after 4808 # that). 4809 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.addresses 4810 [addresses: <string> | default = ""] 4811 4812 # The socket read/write timeout. 4813 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.timeout 4814 [timeout: <duration> | default = 100ms] 4815 4816 # The maximum number of idle connections that will be maintained per 4817 # address. 4818 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-idle-connections 4819 [max_idle_connections: <int> | default = 16] 4820 4821 # The maximum number of concurrent asynchronous operations can occur. 4822 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-async-concurrency 4823 [max_async_concurrency: <int> | default = 50] 4824 4825 # The maximum number of enqueued asynchronous operations allowed. 4826 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-async-buffer-size 4827 [max_async_buffer_size: <int> | default = 10000] 4828 4829 # The maximum number of concurrent connections running get operations. If 4830 # set to 0, concurrency is unlimited. 4831 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-get-multi-concurrency 4832 [max_get_multi_concurrency: <int> | default = 100] 4833 4834 # The maximum number of keys a single underlying get operation should run. 4835 # If more keys are specified, internally keys are split into multiple 4836 # batches and fetched concurrently, honoring the max concurrency. If set 4837 # to 0, the max batch size is unlimited. 4838 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-get-multi-batch-size 4839 [max_get_multi_batch_size: <int> | default = 0] 4840 4841 # The maximum size of an item stored in memcached. Bigger items are not 4842 # stored. If set to 0, no maximum size is enforced. 4843 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.max-item-size 4844 [max_item_size: <int> | default = 1048576] 4845 4846 # Use memcached auto-discovery mechanism provided by some cloud provider 4847 # like GCP and AWS 4848 # CLI flag: -blocks-storage.bucket-store.chunks-cache.memcached.auto-discovery 4849 [auto_discovery: <boolean> | default = false] 4850 4851 # Size of each subrange that bucket object is split into for better caching. 4852 # CLI flag: -blocks-storage.bucket-store.chunks-cache.subrange-size 4853 [subrange_size: <int> | default = 16000] 4854 4855 # Maximum number of sub-GetRange requests that a single GetRange request can 4856 # be split into when fetching chunks. Zero or negative value = unlimited 4857 # number of sub-requests. 4858 # CLI flag: -blocks-storage.bucket-store.chunks-cache.max-get-range-requests 4859 [max_get_range_requests: <int> | default = 3] 4860 4861 # TTL for caching object attributes for chunks. 4862 # CLI flag: -blocks-storage.bucket-store.chunks-cache.attributes-ttl 4863 [attributes_ttl: <duration> | default = 168h] 4864 4865 # TTL for caching individual chunks subranges. 4866 # CLI flag: -blocks-storage.bucket-store.chunks-cache.subrange-ttl 4867 [subrange_ttl: <duration> | default = 24h] 4868 4869 metadata_cache: 4870 # Backend for metadata cache, if not empty. Supported values: memcached. 4871 # CLI flag: -blocks-storage.bucket-store.metadata-cache.backend 4872 [backend: <string> | default = ""] 4873 4874 memcached: 4875 # Comma separated list of memcached addresses. Supported prefixes are: 4876 # dns+ (looked up as an A/AAAA query), dnssrv+ (looked up as a SRV query, 4877 # dnssrvnoa+ (looked up as a SRV query, with no A/AAAA lookup made after 4878 # that). 4879 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.addresses 4880 [addresses: <string> | default = ""] 4881 4882 # The socket read/write timeout. 4883 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.timeout 4884 [timeout: <duration> | default = 100ms] 4885 4886 # The maximum number of idle connections that will be maintained per 4887 # address. 4888 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-idle-connections 4889 [max_idle_connections: <int> | default = 16] 4890 4891 # The maximum number of concurrent asynchronous operations can occur. 4892 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-async-concurrency 4893 [max_async_concurrency: <int> | default = 50] 4894 4895 # The maximum number of enqueued asynchronous operations allowed. 4896 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-async-buffer-size 4897 [max_async_buffer_size: <int> | default = 10000] 4898 4899 # The maximum number of concurrent connections running get operations. If 4900 # set to 0, concurrency is unlimited. 4901 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-get-multi-concurrency 4902 [max_get_multi_concurrency: <int> | default = 100] 4903 4904 # The maximum number of keys a single underlying get operation should run. 4905 # If more keys are specified, internally keys are split into multiple 4906 # batches and fetched concurrently, honoring the max concurrency. If set 4907 # to 0, the max batch size is unlimited. 4908 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-get-multi-batch-size 4909 [max_get_multi_batch_size: <int> | default = 0] 4910 4911 # The maximum size of an item stored in memcached. Bigger items are not 4912 # stored. If set to 0, no maximum size is enforced. 4913 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.max-item-size 4914 [max_item_size: <int> | default = 1048576] 4915 4916 # Use memcached auto-discovery mechanism provided by some cloud provider 4917 # like GCP and AWS 4918 # CLI flag: -blocks-storage.bucket-store.metadata-cache.memcached.auto-discovery 4919 [auto_discovery: <boolean> | default = false] 4920 4921 # How long to cache list of tenants in the bucket. 4922 # CLI flag: -blocks-storage.bucket-store.metadata-cache.tenants-list-ttl 4923 [tenants_list_ttl: <duration> | default = 15m] 4924 4925 # How long to cache list of blocks for each tenant. 4926 # CLI flag: -blocks-storage.bucket-store.metadata-cache.tenant-blocks-list-ttl 4927 [tenant_blocks_list_ttl: <duration> | default = 5m] 4928 4929 # How long to cache list of chunks for a block. 4930 # CLI flag: -blocks-storage.bucket-store.metadata-cache.chunks-list-ttl 4931 [chunks_list_ttl: <duration> | default = 24h] 4932 4933 # How long to cache information that block metafile exists. Also used for 4934 # user deletion mark file. 4935 # CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-exists-ttl 4936 [metafile_exists_ttl: <duration> | default = 2h] 4937 4938 # How long to cache information that block metafile doesn't exist. Also used 4939 # for user deletion mark file. 4940 # CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-doesnt-exist-ttl 4941 [metafile_doesnt_exist_ttl: <duration> | default = 5m] 4942 4943 # How long to cache content of the metafile. 4944 # CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-content-ttl 4945 [metafile_content_ttl: <duration> | default = 24h] 4946 4947 # Maximum size of metafile content to cache in bytes. Caching will be 4948 # skipped if the content exceeds this size. This is useful to avoid network 4949 # round trip for large content if the configured caching backend has an hard 4950 # limit on cached items size (in this case, you should set this limit to the 4951 # same limit in the caching backend). 4952 # CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-max-size-bytes 4953 [metafile_max_size_bytes: <int> | default = 1048576] 4954 4955 # How long to cache attributes of the block metafile. 4956 # CLI flag: -blocks-storage.bucket-store.metadata-cache.metafile-attributes-ttl 4957 [metafile_attributes_ttl: <duration> | default = 168h] 4958 4959 # How long to cache attributes of the block index. 4960 # CLI flag: -blocks-storage.bucket-store.metadata-cache.block-index-attributes-ttl 4961 [block_index_attributes_ttl: <duration> | default = 168h] 4962 4963 # How long to cache content of the bucket index. 4964 # CLI flag: -blocks-storage.bucket-store.metadata-cache.bucket-index-content-ttl 4965 [bucket_index_content_ttl: <duration> | default = 5m] 4966 4967 # Maximum size of bucket index content to cache in bytes. Caching will be 4968 # skipped if the content exceeds this size. This is useful to avoid network 4969 # round trip for large content if the configured caching backend has an hard 4970 # limit on cached items size (in this case, you should set this limit to the 4971 # same limit in the caching backend). 4972 # CLI flag: -blocks-storage.bucket-store.metadata-cache.bucket-index-max-size-bytes 4973 [bucket_index_max_size_bytes: <int> | default = 1048576] 4974 4975 # Duration after which the blocks marked for deletion will be filtered out 4976 # while fetching blocks. The idea of ignore-deletion-marks-delay is to ignore 4977 # blocks that are marked for deletion with some delay. This ensures store can 4978 # still serve blocks that are meant to be deleted but do not have a 4979 # replacement yet. Default is 6h, half of the default value for 4980 # -compactor.deletion-delay. 4981 # CLI flag: -blocks-storage.bucket-store.ignore-deletion-marks-delay 4982 [ignore_deletion_mark_delay: <duration> | default = 6h] 4983 4984 bucket_index: 4985 # True to enable querier and store-gateway to discover blocks in the storage 4986 # via bucket index instead of bucket scanning. 4987 # CLI flag: -blocks-storage.bucket-store.bucket-index.enabled 4988 [enabled: <boolean> | default = false] 4989 4990 # How frequently a bucket index, which previously failed to load, should be 4991 # tried to load again. This option is used only by querier. 4992 # CLI flag: -blocks-storage.bucket-store.bucket-index.update-on-error-interval 4993 [update_on_error_interval: <duration> | default = 1m] 4994 4995 # How long a unused bucket index should be cached. Once this timeout 4996 # expires, the unused bucket index is removed from the in-memory cache. This 4997 # option is used only by querier. 4998 # CLI flag: -blocks-storage.bucket-store.bucket-index.idle-timeout 4999 [idle_timeout: <duration> | default = 1h] 5000 5001 # The maximum allowed age of a bucket index (last updated) before queries 5002 # start failing because the bucket index is too old. The bucket index is 5003 # periodically updated by the compactor, while this check is enforced in the 5004 # querier (at query time). 5005 # CLI flag: -blocks-storage.bucket-store.bucket-index.max-stale-period 5006 [max_stale_period: <duration> | default = 1h] 5007 5008 # Max size - in bytes - of a chunks pool, used to reduce memory allocations. 5009 # The pool is shared across all tenants. 0 to disable the limit. 5010 # CLI flag: -blocks-storage.bucket-store.max-chunk-pool-bytes 5011 [max_chunk_pool_bytes: <int> | default = 2147483648] 5012 5013 # If enabled, store-gateway will lazy load an index-header only once required 5014 # by a query. 5015 # CLI flag: -blocks-storage.bucket-store.index-header-lazy-loading-enabled 5016 [index_header_lazy_loading_enabled: <boolean> | default = false] 5017 5018 # If index-header lazy loading is enabled and this setting is > 0, the 5019 # store-gateway will offload unused index-headers after 'idle timeout' 5020 # inactivity. 5021 # CLI flag: -blocks-storage.bucket-store.index-header-lazy-loading-idle-timeout 5022 [index_header_lazy_loading_idle_timeout: <duration> | default = 20m] 5023 5024 tsdb: 5025 # Local directory to store TSDBs in the ingesters. 5026 # CLI flag: -blocks-storage.tsdb.dir 5027 [dir: <string> | default = "tsdb"] 5028 5029 # TSDB blocks range period. 5030 # CLI flag: -blocks-storage.tsdb.block-ranges-period 5031 [block_ranges_period: <list of duration> | default = 2h0m0s] 5032 5033 # TSDB blocks retention in the ingester before a block is removed. This should 5034 # be larger than the block_ranges_period and large enough to give 5035 # store-gateways and queriers enough time to discover newly uploaded blocks. 5036 # CLI flag: -blocks-storage.tsdb.retention-period 5037 [retention_period: <duration> | default = 6h] 5038 5039 # How frequently the TSDB blocks are scanned and new ones are shipped to the 5040 # storage. 0 means shipping is disabled. 5041 # CLI flag: -blocks-storage.tsdb.ship-interval 5042 [ship_interval: <duration> | default = 1m] 5043 5044 # Maximum number of tenants concurrently shipping blocks to the storage. 5045 # CLI flag: -blocks-storage.tsdb.ship-concurrency 5046 [ship_concurrency: <int> | default = 10] 5047 5048 # How frequently does Cortex try to compact TSDB head. Block is only created 5049 # if data covers smallest block range. Must be greater than 0 and max 5 5050 # minutes. 5051 # CLI flag: -blocks-storage.tsdb.head-compaction-interval 5052 [head_compaction_interval: <duration> | default = 1m] 5053 5054 # Maximum number of tenants concurrently compacting TSDB head into a new block 5055 # CLI flag: -blocks-storage.tsdb.head-compaction-concurrency 5056 [head_compaction_concurrency: <int> | default = 5] 5057 5058 # If TSDB head is idle for this duration, it is compacted. Note that up to 25% 5059 # jitter is added to the value to avoid ingesters compacting concurrently. 0 5060 # means disabled. 5061 # CLI flag: -blocks-storage.tsdb.head-compaction-idle-timeout 5062 [head_compaction_idle_timeout: <duration> | default = 1h] 5063 5064 # The write buffer size used by the head chunks mapper. Lower values reduce 5065 # memory utilisation on clusters with a large number of tenants at the cost of 5066 # increased disk I/O operations. 5067 # CLI flag: -blocks-storage.tsdb.head-chunks-write-buffer-size-bytes 5068 [head_chunks_write_buffer_size_bytes: <int> | default = 4194304] 5069 5070 # The number of shards of series to use in TSDB (must be a power of 2). 5071 # Reducing this will decrease memory footprint, but can negatively impact 5072 # performance. 5073 # CLI flag: -blocks-storage.tsdb.stripe-size 5074 [stripe_size: <int> | default = 16384] 5075 5076 # True to enable TSDB WAL compression. 5077 # CLI flag: -blocks-storage.tsdb.wal-compression-enabled 5078 [wal_compression_enabled: <boolean> | default = false] 5079 5080 # TSDB WAL segments files max size (bytes). 5081 # CLI flag: -blocks-storage.tsdb.wal-segment-size-bytes 5082 [wal_segment_size_bytes: <int> | default = 134217728] 5083 5084 # True to flush blocks to storage on shutdown. If false, incomplete blocks 5085 # will be reused after restart. 5086 # CLI flag: -blocks-storage.tsdb.flush-blocks-on-shutdown 5087 [flush_blocks_on_shutdown: <boolean> | default = false] 5088 5089 # If TSDB has not received any data for this duration, and all blocks from 5090 # TSDB have been shipped, TSDB is closed and deleted from local disk. If set 5091 # to positive value, this value should be equal or higher than 5092 # -querier.query-ingesters-within flag to make sure that TSDB is not closed 5093 # prematurely, which could cause partial query results. 0 or negative value 5094 # disables closing of idle TSDB. 5095 # CLI flag: -blocks-storage.tsdb.close-idle-tsdb-timeout 5096 [close_idle_tsdb_timeout: <duration> | default = 0s] 5097 5098 # limit the number of concurrently opening TSDB's on startup 5099 # CLI flag: -blocks-storage.tsdb.max-tsdb-opening-concurrency-on-startup 5100 [max_tsdb_opening_concurrency_on_startup: <int> | default = 10] 5101 5102 # Enables support for exemplars in TSDB and sets the maximum number that will 5103 # be stored. 0 or less means disabled. 5104 # CLI flag: -blocks-storage.tsdb.max-exemplars 5105 [max_exemplars: <int> | default = 0] 5106 ``` 5107 5108 ### `compactor_config` 5109 5110 The `compactor_config` configures the compactor for the blocks storage. 5111 5112 ```yaml 5113 # List of compaction time ranges. 5114 # CLI flag: -compactor.block-ranges 5115 [block_ranges: <list of duration> | default = 2h0m0s,12h0m0s,24h0m0s] 5116 5117 # Number of Go routines to use when syncing block index and chunks files from 5118 # the long term storage. 5119 # CLI flag: -compactor.block-sync-concurrency 5120 [block_sync_concurrency: <int> | default = 20] 5121 5122 # Number of Go routines to use when syncing block meta files from the long term 5123 # storage. 5124 # CLI flag: -compactor.meta-sync-concurrency 5125 [meta_sync_concurrency: <int> | default = 20] 5126 5127 # Minimum age of fresh (non-compacted) blocks before they are being processed. 5128 # Malformed blocks older than the maximum of consistency-delay and 48h0m0s will 5129 # be removed. 5130 # CLI flag: -compactor.consistency-delay 5131 [consistency_delay: <duration> | default = 0s] 5132 5133 # Data directory in which to cache blocks and process compactions 5134 # CLI flag: -compactor.data-dir 5135 [data_dir: <string> | default = "./data"] 5136 5137 # The frequency at which the compaction runs 5138 # CLI flag: -compactor.compaction-interval 5139 [compaction_interval: <duration> | default = 1h] 5140 5141 # How many times to retry a failed compaction within a single compaction run. 5142 # CLI flag: -compactor.compaction-retries 5143 [compaction_retries: <int> | default = 3] 5144 5145 # Max number of concurrent compactions running. 5146 # CLI flag: -compactor.compaction-concurrency 5147 [compaction_concurrency: <int> | default = 1] 5148 5149 # How frequently compactor should run blocks cleanup and maintenance, as well as 5150 # update the bucket index. 5151 # CLI flag: -compactor.cleanup-interval 5152 [cleanup_interval: <duration> | default = 15m] 5153 5154 # Max number of tenants for which blocks cleanup and maintenance should run 5155 # concurrently. 5156 # CLI flag: -compactor.cleanup-concurrency 5157 [cleanup_concurrency: <int> | default = 20] 5158 5159 # Time before a block marked for deletion is deleted from bucket. If not 0, 5160 # blocks will be marked for deletion and compactor component will permanently 5161 # delete blocks marked for deletion from the bucket. If 0, blocks will be 5162 # deleted straight away. Note that deleting blocks immediately can cause query 5163 # failures. 5164 # CLI flag: -compactor.deletion-delay 5165 [deletion_delay: <duration> | default = 12h] 5166 5167 # For tenants marked for deletion, this is time between deleting of last block, 5168 # and doing final cleanup (marker files, debug files) of the tenant. 5169 # CLI flag: -compactor.tenant-cleanup-delay 5170 [tenant_cleanup_delay: <duration> | default = 6h] 5171 5172 # When enabled, at compactor startup the bucket will be scanned and all found 5173 # deletion marks inside the block location will be copied to the markers global 5174 # location too. This option can (and should) be safely disabled as soon as the 5175 # compactor has successfully run at least once. 5176 # CLI flag: -compactor.block-deletion-marks-migration-enabled 5177 [block_deletion_marks_migration_enabled: <boolean> | default = true] 5178 5179 # Comma separated list of tenants that can be compacted. If specified, only 5180 # these tenants will be compacted by compactor, otherwise all tenants can be 5181 # compacted. Subject to sharding. 5182 # CLI flag: -compactor.enabled-tenants 5183 [enabled_tenants: <string> | default = ""] 5184 5185 # Comma separated list of tenants that cannot be compacted by this compactor. If 5186 # specified, and compactor would normally pick given tenant for compaction (via 5187 # -compactor.enabled-tenants or sharding), it will be ignored instead. 5188 # CLI flag: -compactor.disabled-tenants 5189 [disabled_tenants: <string> | default = ""] 5190 5191 # Shard tenants across multiple compactor instances. Sharding is required if you 5192 # run multiple compactor instances, in order to coordinate compactions and avoid 5193 # race conditions leading to the same tenant blocks simultaneously compacted by 5194 # different instances. 5195 # CLI flag: -compactor.sharding-enabled 5196 [sharding_enabled: <boolean> | default = false] 5197 5198 sharding_ring: 5199 kvstore: 5200 # Backend storage to use for the ring. Supported values are: consul, etcd, 5201 # inmemory, memberlist, multi. 5202 # CLI flag: -compactor.ring.store 5203 [store: <string> | default = "consul"] 5204 5205 # The prefix for the keys in the store. Should end with a /. 5206 # CLI flag: -compactor.ring.prefix 5207 [prefix: <string> | default = "collectors/"] 5208 5209 # The consul_config configures the consul client. 5210 # The CLI flags prefix for this block config is: compactor.ring 5211 [consul: <consul_config>] 5212 5213 # The etcd_config configures the etcd client. 5214 # The CLI flags prefix for this block config is: compactor.ring 5215 [etcd: <etcd_config>] 5216 5217 multi: 5218 # Primary backend storage used by multi-client. 5219 # CLI flag: -compactor.ring.multi.primary 5220 [primary: <string> | default = ""] 5221 5222 # Secondary backend storage used by multi-client. 5223 # CLI flag: -compactor.ring.multi.secondary 5224 [secondary: <string> | default = ""] 5225 5226 # Mirror writes to secondary store. 5227 # CLI flag: -compactor.ring.multi.mirror-enabled 5228 [mirror_enabled: <boolean> | default = false] 5229 5230 # Timeout for storing value to secondary store. 5231 # CLI flag: -compactor.ring.multi.mirror-timeout 5232 [mirror_timeout: <duration> | default = 2s] 5233 5234 # Period at which to heartbeat to the ring. 0 = disabled. 5235 # CLI flag: -compactor.ring.heartbeat-period 5236 [heartbeat_period: <duration> | default = 5s] 5237 5238 # The heartbeat timeout after which compactors are considered unhealthy within 5239 # the ring. 0 = never (timeout disabled). 5240 # CLI flag: -compactor.ring.heartbeat-timeout 5241 [heartbeat_timeout: <duration> | default = 1m] 5242 5243 # Minimum time to wait for ring stability at startup. 0 to disable. 5244 # CLI flag: -compactor.ring.wait-stability-min-duration 5245 [wait_stability_min_duration: <duration> | default = 1m] 5246 5247 # Maximum time to wait for ring stability at startup. If the compactor ring 5248 # keeps changing after this period of time, the compactor will start anyway. 5249 # CLI flag: -compactor.ring.wait-stability-max-duration 5250 [wait_stability_max_duration: <duration> | default = 5m] 5251 5252 # Name of network interface to read address from. 5253 # CLI flag: -compactor.ring.instance-interface-names 5254 [instance_interface_names: <list of string> | default = [eth0 en0]] 5255 5256 # Timeout for waiting on compactor to become ACTIVE in the ring. 5257 # CLI flag: -compactor.ring.wait-active-instance-timeout 5258 [wait_active_instance_timeout: <duration> | default = 10m] 5259 ``` 5260 5261 ### `store_gateway_config` 5262 5263 The `store_gateway_config` configures the store-gateway service used by the blocks storage. 5264 5265 ```yaml 5266 # Shard blocks across multiple store gateway instances. This option needs be set 5267 # both on the store-gateway and querier when running in microservices mode. 5268 # CLI flag: -store-gateway.sharding-enabled 5269 [sharding_enabled: <boolean> | default = false] 5270 5271 # The hash ring configuration. This option is required only if blocks sharding 5272 # is enabled. 5273 sharding_ring: 5274 # The key-value store used to share the hash ring across multiple instances. 5275 # This option needs be set both on the store-gateway and querier when running 5276 # in microservices mode. 5277 kvstore: 5278 # Backend storage to use for the ring. Supported values are: consul, etcd, 5279 # inmemory, memberlist, multi. 5280 # CLI flag: -store-gateway.sharding-ring.store 5281 [store: <string> | default = "consul"] 5282 5283 # The prefix for the keys in the store. Should end with a /. 5284 # CLI flag: -store-gateway.sharding-ring.prefix 5285 [prefix: <string> | default = "collectors/"] 5286 5287 # The consul_config configures the consul client. 5288 # The CLI flags prefix for this block config is: store-gateway.sharding-ring 5289 [consul: <consul_config>] 5290 5291 # The etcd_config configures the etcd client. 5292 # The CLI flags prefix for this block config is: store-gateway.sharding-ring 5293 [etcd: <etcd_config>] 5294 5295 multi: 5296 # Primary backend storage used by multi-client. 5297 # CLI flag: -store-gateway.sharding-ring.multi.primary 5298 [primary: <string> | default = ""] 5299 5300 # Secondary backend storage used by multi-client. 5301 # CLI flag: -store-gateway.sharding-ring.multi.secondary 5302 [secondary: <string> | default = ""] 5303 5304 # Mirror writes to secondary store. 5305 # CLI flag: -store-gateway.sharding-ring.multi.mirror-enabled 5306 [mirror_enabled: <boolean> | default = false] 5307 5308 # Timeout for storing value to secondary store. 5309 # CLI flag: -store-gateway.sharding-ring.multi.mirror-timeout 5310 [mirror_timeout: <duration> | default = 2s] 5311 5312 # Period at which to heartbeat to the ring. 0 = disabled. 5313 # CLI flag: -store-gateway.sharding-ring.heartbeat-period 5314 [heartbeat_period: <duration> | default = 15s] 5315 5316 # The heartbeat timeout after which store gateways are considered unhealthy 5317 # within the ring. 0 = never (timeout disabled). This option needs be set both 5318 # on the store-gateway and querier when running in microservices mode. 5319 # CLI flag: -store-gateway.sharding-ring.heartbeat-timeout 5320 [heartbeat_timeout: <duration> | default = 1m] 5321 5322 # The replication factor to use when sharding blocks. This option needs be set 5323 # both on the store-gateway and querier when running in microservices mode. 5324 # CLI flag: -store-gateway.sharding-ring.replication-factor 5325 [replication_factor: <int> | default = 3] 5326 5327 # File path where tokens are stored. If empty, tokens are not stored at 5328 # shutdown and restored at startup. 5329 # CLI flag: -store-gateway.sharding-ring.tokens-file-path 5330 [tokens_file_path: <string> | default = ""] 5331 5332 # True to enable zone-awareness and replicate blocks across different 5333 # availability zones. 5334 # CLI flag: -store-gateway.sharding-ring.zone-awareness-enabled 5335 [zone_awareness_enabled: <boolean> | default = false] 5336 5337 # Minimum time to wait for ring stability at startup. 0 to disable. 5338 # CLI flag: -store-gateway.sharding-ring.wait-stability-min-duration 5339 [wait_stability_min_duration: <duration> | default = 1m] 5340 5341 # Maximum time to wait for ring stability at startup. If the store-gateway 5342 # ring keeps changing after this period of time, the store-gateway will start 5343 # anyway. 5344 # CLI flag: -store-gateway.sharding-ring.wait-stability-max-duration 5345 [wait_stability_max_duration: <duration> | default = 5m] 5346 5347 # Name of network interface to read address from. 5348 # CLI flag: -store-gateway.sharding-ring.instance-interface-names 5349 [instance_interface_names: <list of string> | default = [eth0 en0]] 5350 5351 # The availability zone where this instance is running. Required if 5352 # zone-awareness is enabled. 5353 # CLI flag: -store-gateway.sharding-ring.instance-availability-zone 5354 [instance_availability_zone: <string> | default = ""] 5355 5356 # The sharding strategy to use. Supported values are: default, shuffle-sharding. 5357 # CLI flag: -store-gateway.sharding-strategy 5358 [sharding_strategy: <string> | default = "default"] 5359 ``` 5360 5361 ### `purger_config` 5362 5363 The `purger_config` configures the purger which takes care of delete requests. 5364 5365 ```yaml 5366 # Enable purger to allow deletion of series. Be aware that Delete series feature 5367 # is still experimental 5368 # CLI flag: -purger.enable 5369 [enable: <boolean> | default = false] 5370 5371 # Number of workers executing delete plans in parallel 5372 # CLI flag: -purger.num-workers 5373 [num_workers: <int> | default = 2] 5374 5375 # Name of the object store to use for storing delete plans 5376 # CLI flag: -purger.object-store-type 5377 [object_store_type: <string> | default = ""] 5378 5379 # Allow cancellation of delete request until duration after they are created. 5380 # Data would be deleted only after delete requests have been older than this 5381 # duration. Ideally this should be set to at least 24h. 5382 # CLI flag: -purger.delete-request-cancel-period 5383 [delete_request_cancel_period: <duration> | default = 24h] 5384 ``` 5385 5386 ### `s3_sse_config` 5387 5388 The `s3_sse_config` configures the S3 server-side encryption. The supported CLI flags `<prefix>` used to reference this config block are: 5389 5390 - _no prefix_ 5391 - `alertmanager-storage` 5392 - `alertmanager.storage` 5393 - `blocks-storage` 5394 - `ruler-storage` 5395 - `ruler.storage` 5396 5397 5398 5399 ```yaml 5400 # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. 5401 # CLI flag: -<prefix>.s3.sse.type 5402 [type: <string> | default = ""] 5403 5404 # KMS Key ID used to encrypt objects in S3 5405 # CLI flag: -<prefix>.s3.sse.kms-key-id 5406 [kms_key_id: <string> | default = ""] 5407 5408 # KMS Encryption Context used for object encryption. It expects JSON formatted 5409 # string. 5410 # CLI flag: -<prefix>.s3.sse.kms-encryption-context 5411 [kms_encryption_context: <string> | default = ""] 5412 ```