From 766290c2907ea8f5348bf460973f231a9240edce Mon Sep 17 00:00:00 2001 From: George Robinson Date: Fri, 7 Jun 2024 16:02:18 +0100 Subject: [PATCH] feat: Add backoff to flush op (#13140) --- docs/sources/configure/_index.md | 66 +- docs/sources/shared/configuration.md | 6008 ++++++++++++++++++++++++++ pkg/ingester/flush.go | 37 +- pkg/ingester/flush_test.go | 66 + pkg/ingester/ingester.go | 17 +- pkg/ingester/ingester_test.go | 101 +- pkg/ingester/instance_test.go | 13 +- 7 files changed, 6249 insertions(+), 59 deletions(-) create mode 100644 docs/sources/shared/configuration.md diff --git a/docs/sources/configure/_index.md b/docs/sources/configure/_index.md index 5122c5b92868e..285dedab56f38 100644 --- a/docs/sources/configure/_index.md +++ b/docs/sources/configure/_index.md @@ -944,10 +944,6 @@ alertmanager_client: # values: # # Secure Ciphers: - # - TLS_RSA_WITH_AES_128_CBC_SHA - # - TLS_RSA_WITH_AES_256_CBC_SHA - # - TLS_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -965,7 +961,11 @@ alertmanager_client: # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA @@ -1219,10 +1219,6 @@ evaluation: # values: # # Secure Ciphers: - # - TLS_RSA_WITH_AES_128_CBC_SHA - # - TLS_RSA_WITH_AES_256_CBC_SHA - # - TLS_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -1240,7 +1236,11 @@ evaluation: # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA @@ -1442,7 +1442,23 @@ lifecycler: # CLI flag: -ingester.flush-check-period [flush_check_period: | default = 30s] -# The timeout before a flush is cancelled. +flush_op_backoff: + # Minimum backoff period when a flush fails. Each concurrent flush has its own + # backoff, see `ingester.concurrent-flushes`. + # CLI flag: -ingester.flush-op-backoff-min-period + [min_period: | default = 10s] + + # Maximum backoff period when a flush fails. Each concurrent flush has its own + # backoff, see `ingester.concurrent-flushes`. + # CLI flag: -ingester.flush-op-backoff-max-period + [max_period: | default = 1m] + + # Maximum retries for failed flushes. + # CLI flag: -ingester.flush-op-backoff-retries + [max_retries: | default = 10] + +# The timeout for an individual flush. Will be retried up to +# `flush-op-backoff-retries` times. # CLI flag: -ingester.flush-op-timeout [flush_op_timeout: | default = 10m] @@ -3330,10 +3346,6 @@ Configuration for an ETCD v3 client. Only applies if the selected kvstore is `et # Override the default cipher suite list (separated by commas). Allowed values: # # Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -3351,7 +3363,11 @@ Configuration for an ETCD v3 client. Only applies if the selected kvstore is `et # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA @@ -3538,10 +3554,6 @@ When a memberlist config with atleast 1 join_members is defined, kvstore of type # Override the default cipher suite list (separated by commas). Allowed values: # # Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -3559,7 +3571,11 @@ When a memberlist config with atleast 1 join_members is defined, kvstore of type # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA @@ -3672,10 +3688,6 @@ backoff_config: # Override the default cipher suite list (separated by commas). Allowed values: # # Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -3693,7 +3705,11 @@ backoff_config: # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA @@ -3754,10 +3770,6 @@ The TLS configuration. # Override the default cipher suite list (separated by commas). Allowed values: # # Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -3775,7 +3787,11 @@ The TLS configuration. # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA diff --git a/docs/sources/shared/configuration.md b/docs/sources/shared/configuration.md new file mode 100644 index 0000000000000..b287bdea5f37f --- /dev/null +++ b/docs/sources/shared/configuration.md @@ -0,0 +1,6008 @@ +--- +description: Configuration reference for the parameters used to configure Grafana Loki. +title: Grafana Loki configuration parameters +--- + + + +## Printing Loki config at runtime + +If you pass Loki the flag `-print-config-stderr` or `-log-config-reverse-order`, (or `-print-config-stderr=true`) +Loki will dump the entire config object it has created from the built-in defaults combined first with +overrides from config file, and second by overrides from flags. + +The result is the value for every config object in the Loki config struct, which is very large... + +Many values will not be relevant to your install such as storage configs which you are not using and which you did not define, +this is expected as every option has a default value if it is being used or not. + +This config is what Loki will use to run, it can be invaluable for debugging issues related to configuration and +is especially useful in making sure your config files and flags are being read and loaded properly. + +`-print-config-stderr` is nice when running Loki directly e.g. `./loki ` as you can get a quick output of the entire Loki config. + +`-log-config-reverse-order` is the flag we run Loki with in all our environments, the config entries are reversed so +that the order of configs reads correctly top to bottom when viewed in Grafana's Explore. + +## Configuration file reference + +To specify which configuration file to load, pass the `-config.file` flag at the +command line. The value can be a list of comma separated paths, then the first +file that exists will be used. +If no `-config.file` argument is specified, Loki will look up the `config.yaml` in the +current working directory and the `config/` subdirectory and try to use that. + +The file is written in [YAML +format](https://en.wikipedia.org/wiki/YAML), defined by the scheme below. +Brackets indicate that a parameter is optional. For non-list parameters the +value is set to the specified default. + +### Use environment variables in the configuration + +> **Note:** This feature is only available in Loki 2.1+. + +You can use environment variable references in the configuration file to set values that need to be configurable during deployment. +To do this, pass `-config.expand-env=true` and use: + +``` +${VAR} +``` + +Where VAR is the name of the environment variable. + +Each variable reference is replaced at startup by the value of the environment variable. +The replacement is case-sensitive and occurs before the YAML file is parsed. +References to undefined variables are replaced by empty strings unless you specify a default value or custom error text. + +To specify a default value, use: + +``` +${VAR:-default_value} +``` + +Where default_value is the value to use if the environment variable is undefined. + +Pass the `-config.expand-env` flag at the command line to enable this way of setting configs. + +### Generic placeholders + +- `` : a boolean that can take the values `true` or `false` +- `` : any integer matching the regular expression `[1-9]+[0-9]*` +- `` : a duration matching the regular expression `[0-9]+(ns|us|µs|ms|[smh])` +- `` : a string matching the regular expression `[a-zA-Z_][a-zA-Z0-9_]*` +- `` : a string of unicode characters +- `` : a valid path relative to current working directory or an absolute path. +- `` : a valid string consisting of a hostname or IP followed by an optional port number +- `` : a string +- `` : a string that represents a secret, such as a password + +### Supported contents and default values of `loki.yaml` + +```yaml +# A comma-separated list of components to run. The default value 'all' runs Loki +# in single binary mode. The value 'read' is an alias to run only read-path +# related components such as the querier and query-frontend, but all in the same +# process. The value 'write' is an alias to run only write-path related +# components such as the distributor and compactor, but all in the same process. +# Supported values: all, compactor, distributor, ingester, querier, +# query-scheduler, ingester-querier, query-frontend, index-gateway, ruler, +# table-manager, read, write. A full list of available targets can be printed +# when running Loki with the '-list-targets' command line flag. +# CLI flag: -target +[target: | default = "all"] + +# Enables authentication through the X-Scope-OrgID header, which must be present +# if true. If false, the OrgID will always be set to 'fake'. +# CLI flag: -auth.enabled +[auth_enabled: | default = true] + +# The amount of virtual memory in bytes to reserve as ballast in order to +# optimize garbage collection. Larger ballasts result in fewer garbage +# collection passes, reducing CPU overhead at the cost of heap size. The ballast +# will not consume physical memory, because it is never read from. It will, +# however, distort metrics, because it is counted as live memory. +# CLI flag: -config.ballast-bytes +[ballast_bytes: | default = 0] + +# Configures the server of the launched module(s). +[server: ] + +# Configures the distributor. +[distributor: ] + +# Configures the querier. Only appropriate when running all modules or just the +# querier. +[querier: ] + +# The query_scheduler block configures the Loki query scheduler. When configured +# it separates the tenant query queues from the query-frontend. +[query_scheduler: ] + +# The frontend block configures the Loki query-frontend. +[frontend: ] + +# The query_range block configures the query splitting and caching in the Loki +# query-frontend. +[query_range: ] + +# The ruler block configures the Loki ruler. +[ruler: ] + +# The ingester_client block configures how the distributor will connect to +# ingesters. Only appropriate when running all components, the distributor, or +# the querier. +[ingester_client: ] + +# The ingester block configures the ingester and how the ingester will register +# itself to a key value store. +[ingester: ] + +pattern_ingester: + # Whether the pattern ingester is enabled. + # CLI flag: -pattern-ingester.enabled + [enabled: | default = false] + + # Configures how the lifecycle of the pattern ingester will operate and where + # it will register for discovery. + lifecycler: + ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, + # etcd, inmemory, memberlist, multi. + # CLI flag: -pattern-ingester.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -pattern-ingester.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected + # kvstore is consul. + # The CLI flags prefix for this block configuration is: pattern-ingester + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected + # kvstore is etcd. + # The CLI flags prefix for this block configuration is: pattern-ingester + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -pattern-ingester.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -pattern-ingester.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -pattern-ingester.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -pattern-ingester.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # The heartbeat timeout after which ingesters are skipped for + # reads/writes. 0 = never (timeout disabled). + # CLI flag: -pattern-ingester.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # The number of ingesters to write to and read from. + # CLI flag: -pattern-ingester.distributor.replication-factor + [replication_factor: | default = 1] + + # True to enable the zone-awareness and replicate ingested samples across + # different availability zones. + # CLI flag: -pattern-ingester.distributor.zone-awareness-enabled + [zone_awareness_enabled: | default = false] + + # Comma-separated list of zones to exclude from the ring. Instances in + # excluded zones will be filtered out from the ring. + # CLI flag: -pattern-ingester.distributor.excluded-zones + [excluded_zones: | default = ""] + + # Number of tokens for each ingester. + # CLI flag: -pattern-ingester.num-tokens + [num_tokens: | default = 128] + + # Period at which to heartbeat to consul. 0 = disabled. + # CLI flag: -pattern-ingester.heartbeat-period + [heartbeat_period: | default = 5s] + + # Heartbeat timeout after which instance is assumed to be unhealthy. 0 = + # disabled. + # CLI flag: -pattern-ingester.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # Observe tokens after generating to resolve collisions. Useful when using + # gossiping ring. + # CLI flag: -pattern-ingester.observe-period + [observe_period: | default = 0s] + + # Period to wait for a claim from another member; will join automatically + # after this. + # CLI flag: -pattern-ingester.join-after + [join_after: | default = 0s] + + # Minimum duration to wait after the internal readiness checks have passed + # but before succeeding the readiness endpoint. This is used to slowdown + # deployment controllers (eg. Kubernetes) after an instance is ready and + # before they proceed with a rolling update, to give the rest of the cluster + # instances enough time to receive ring updates. + # CLI flag: -pattern-ingester.min-ready-duration + [min_ready_duration: | default = 15s] + + # Name of network interface to read address from. + # CLI flag: -pattern-ingester.lifecycler.interface + [interface_names: | default = []] + + # Enable IPv6 support. Required to make use of IP addresses from IPv6 + # interfaces. + # CLI flag: -pattern-ingester.enable-inet6 + [enable_inet6: | default = false] + + # Duration to sleep for before exiting, to ensure metrics are scraped. + # CLI flag: -pattern-ingester.final-sleep + [final_sleep: | default = 0s] + + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -pattern-ingester.tokens-file-path + [tokens_file_path: | default = ""] + + # The availability zone where this instance is running. + # CLI flag: -pattern-ingester.availability-zone + [availability_zone: | default = ""] + + # Unregister from the ring upon clean shutdown. It can be useful to disable + # for rolling restarts with consistent naming in conjunction with + # -distributor.extend-writes=false. + # CLI flag: -pattern-ingester.unregister-on-shutdown + [unregister_on_shutdown: | default = true] + + # When enabled the readiness probe succeeds only after all instances are + # ACTIVE and healthy in the ring, otherwise only the instance itself is + # checked. This option should be disabled if in your cluster multiple + # instances can be rolled out simultaneously, otherwise rolling updates may + # be slowed down. + # CLI flag: -pattern-ingester.readiness-check-ring-health + [readiness_check_ring_health: | default = true] + + # IP address to advertise in the ring. + # CLI flag: -pattern-ingester.lifecycler.addr + [address: | default = ""] + + # port to advertise in consul (defaults to server.grpc-listen-port). + # CLI flag: -pattern-ingester.lifecycler.port + [port: | default = 0] + + # ID to register in the ring. + # CLI flag: -pattern-ingester.lifecycler.ID + [id: | default = ""] + + # Configures how the pattern ingester will connect to the ingesters. + client_config: + # Configures how connections are pooled. + pool_config: + # How frequently to clean up clients for ingesters that have gone away. + # CLI flag: -pattern-ingester.client-cleanup-period + [client_cleanup_period: | default = 15s] + + # Run a health check on each ingester client during periodic cleanup. + # CLI flag: -pattern-ingester.health-check-ingesters + [health_check_ingesters: | default = true] + + # Timeout for the health check. + # CLI flag: -pattern-ingester.remote-timeout + [remote_timeout: | default = 1s] + + # The remote request timeout on the client side. + # CLI flag: -pattern-ingester.client.timeout + [remote_timeout: | default = 5s] + + # Configures how the gRPC connection to ingesters work as a client. + # The CLI flags prefix for this block configuration is: + # pattern-ingester.client + [grpc_client_config: ] + + # How many flushes can happen concurrently from each stream. + # CLI flag: -pattern-ingester.concurrent-flushes + [concurrent_flushes: | default = 32] + + # How often should the ingester see if there are any blocks to flush. The + # first flush check is delayed by a random time up to 0.8x the flush check + # period. Additionally, there is +/- 1% jitter added to the interval. + # CLI flag: -pattern-ingester.flush-check-period + [flush_check_period: | default = 30s] + +# The index_gateway block configures the Loki index gateway server, responsible +# for serving index queries without the need to constantly interact with the +# object store. +[index_gateway: ] + +# Experimental: The bloom_compactor block configures the Loki bloom compactor +# server, responsible for compacting stream indexes into bloom filters and +# merging them as bloom blocks. +[bloom_compactor: ] + +bloom_build: + # Flag to enable or disable the usage of the bloom-planner and bloom-builder + # components. + # CLI flag: -bloom-build.enabled + [enabled: | default = false] + + planner: + # Interval at which to re-run the bloom creation planning. + # CLI flag: -bloom-build.planner.interval + [planning_interval: | default = 8h] + + # Newest day-table offset (from today, inclusive) to build blooms for. + # Increase to lower cost by not re-writing data to object storage too + # frequently since recent data changes more often at the cost of not having + # blooms available as quickly. + # CLI flag: -bloom-build.planner.min-table-offset + [min_table_offset: | default = 1] + + # Oldest day-table offset (from today, inclusive) to compact. This can be + # used to lower cost by not trying to compact older data which doesn't + # change. This can be optimized by aligning it with the maximum + # `reject_old_samples_max_age` setting of any tenant. + # CLI flag: -bloom-build.planner.max-table-offset + [max_table_offset: | default = 2] + + # Maximum number of tasks to queue per tenant. + # CLI flag: -bloom-build.planner.max-tasks-per-tenant + [max_queued_tasks_per_tenant: | default = 30000] + + builder: + # The grpc_client block configures the gRPC client used to communicate + # between a client and server component in Loki. + # The CLI flags prefix for this block configuration is: + # bloom-build.builder.grpc + [grpc_config: ] + + # Hostname (and port) of the bloom planner + # CLI flag: -bloom-build.builder.planner-address + [planner_address: | default = ""] + +# Experimental: The bloom_gateway block configures the Loki bloom gateway +# server, responsible for serving queries for filtering chunks based on filter +# expressions. +[bloom_gateway: ] + +# The storage_config block configures one of many possible stores for both the +# index and chunks. Which configuration to be picked should be defined in +# schema_config block. +[storage_config: ] + +# The chunk_store_config block configures how chunks will be cached and how long +# to wait before saving them to the backing store. +[chunk_store_config: ] + +# Configures the chunk index schema and where it is stored. +[schema_config: ] + +# The compactor block configures the compactor component, which compacts index +# shards for performance. +[compactor: ] + +compactor_grpc_client: + # gRPC client max receive message size (bytes). + # CLI flag: -compactor.grpc-client.grpc-max-recv-msg-size + [max_recv_msg_size: | default = 104857600] + + # gRPC client max send message size (bytes). + # CLI flag: -compactor.grpc-client.grpc-max-send-msg-size + [max_send_msg_size: | default = 104857600] + + # Use compression when sending messages. Supported values are: 'gzip', + # 'snappy' and '' (disable compression) + # CLI flag: -compactor.grpc-client.grpc-compression + [grpc_compression: | default = ""] + + # Rate limit for gRPC client; 0 means disabled. + # CLI flag: -compactor.grpc-client.grpc-client-rate-limit + [rate_limit: | default = 0] + + # Rate limit burst for gRPC client. + # CLI flag: -compactor.grpc-client.grpc-client-rate-limit-burst + [rate_limit_burst: | default = 0] + + # Enable backoff and retry when we hit rate limits. + # CLI flag: -compactor.grpc-client.backoff-on-ratelimits + [backoff_on_ratelimits: | default = false] + + backoff_config: + # Minimum delay when backing off. + # CLI flag: -compactor.grpc-client.backoff-min-period + [min_period: | default = 100ms] + + # Maximum delay when backing off. + # CLI flag: -compactor.grpc-client.backoff-max-period + [max_period: | default = 10s] + + # Number of times to backoff and retry before failing. + # CLI flag: -compactor.grpc-client.backoff-retries + [max_retries: | default = 10] + + # Initial stream window size. Values less than the default are not supported + # and are ignored. Setting this to a value other than the default disables the + # BDP estimator. + # CLI flag: -compactor.grpc-client.initial-stream-window-size + [initial_stream_window_size: | default = 63KiB1023B] + + # Initial connection window size. Values less than the default are not + # supported and are ignored. Setting this to a value other than the default + # disables the BDP estimator. + # CLI flag: -compactor.grpc-client.initial-connection-window-size + [initial_connection_window_size: | default = 63KiB1023B] + + # Enable TLS in the gRPC client. This flag needs to be enabled when any other + # TLS flag is set. If set to false, insecure connection to gRPC server will be + # used. + # CLI flag: -compactor.grpc-client.tls-enabled + [tls_enabled: | default = false] + + # Path to the client certificate, which will be used for authenticating with + # the server. Also requires the key path to be configured. + # CLI flag: -compactor.grpc-client.tls-cert-path + [tls_cert_path: | default = ""] + + # Path to the key for the client certificate. Also requires the client + # certificate to be configured. + # CLI flag: -compactor.grpc-client.tls-key-path + [tls_key_path: | default = ""] + + # Path to the CA certificates to validate server certificate against. If not + # set, the host's root CA certificates are used. + # CLI flag: -compactor.grpc-client.tls-ca-path + [tls_ca_path: | default = ""] + + # Override the expected name on the server certificate. + # CLI flag: -compactor.grpc-client.tls-server-name + [tls_server_name: | default = ""] + + # Skip validating server certificate. + # CLI flag: -compactor.grpc-client.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] + + # Override the default cipher suite list (separated by commas). Allowed + # values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -compactor.grpc-client.tls-cipher-suites + [tls_cipher_suites: | default = ""] + + # Override the default minimum TLS version. Allowed values: VersionTLS10, + # VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -compactor.grpc-client.tls-min-version + [tls_min_version: | default = ""] + + # The maximum amount of time to establish a connection. A value of 0 means + # default gRPC client connect timeout and backoff. + # CLI flag: -compactor.grpc-client.connect-timeout + [connect_timeout: | default = 5s] + + # Initial backoff delay after first connection failure. Only relevant if + # ConnectTimeout > 0. + # CLI flag: -compactor.grpc-client.connect-backoff-base-delay + [connect_backoff_base_delay: | default = 1s] + + # Maximum backoff delay when establishing a connection. Only relevant if + # ConnectTimeout > 0. + # CLI flag: -compactor.grpc-client.connect-backoff-max-delay + [connect_backoff_max_delay: | default = 5s] + +# The limits_config block configures global and per-tenant limits in Loki. The +# values here can be overridden in the `overrides` section of the runtime_config +# file +[limits_config: ] + +# The frontend_worker configures the worker - running within the Loki querier - +# picking up and executing queries enqueued by the query-frontend. +[frontend_worker: ] + +# The table_manager block configures the table manager for retention. +[table_manager: ] + +# Configuration for memberlist client. Only applies if the selected kvstore is +# memberlist. +# +# When a memberlist config with atleast 1 join_members is defined, kvstore of +# type memberlist is automatically selected for all the components that require +# a ring unless otherwise specified in the component's configuration section. +[memberlist: ] + +# Configuration for 'runtime config' module, responsible for reloading runtime +# configuration file. +[runtime_config: ] + +# These are values which allow you to control aspects of Loki's operation, most +# commonly used for controlling types of higher verbosity logging, the values +# here can be overridden in the `configs` section of the `runtime_config` file. +[operational_config: ] + +# Configuration for tracing. +[tracing: ] + +# Configuration for analytics. +[analytics: ] + +# Common configuration to be shared between multiple modules. If a more specific +# configuration is given in other sections, the related configuration within +# this section will be ignored. +[common: ] + +# How long to wait between SIGTERM and shutdown. After receiving SIGTERM, Loki +# will report 503 Service Unavailable status via /ready endpoint. +# CLI flag: -shutdown-delay +[shutdown_delay: | default = 0s] + +# Namespace of the metrics that in previous releases had cortex as namespace. +# This setting is deprecated and will be removed in the next minor release. +# CLI flag: -metrics-namespace +[metrics_namespace: | default = "loki"] +``` + +### alibabacloud_storage_config + +The `alibabacloud_storage_config` block configures the connection to Alibaba Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common` +- `ruler` + +  + +```yaml +# Name of OSS bucket. +# CLI flag: -.storage.oss.bucketname +[bucket: | default = ""] + +# oss Endpoint to connect to. +# CLI flag: -.storage.oss.endpoint +[endpoint: | default = ""] + +# alibabacloud Access Key ID +# CLI flag: -.storage.oss.access-key-id +[access_key_id: | default = ""] + +# alibabacloud Secret Access Key +# CLI flag: -.storage.oss.secret-access-key +[secret_access_key: | default = ""] +``` + +### analytics + +Configuration for `analytics`. + +```yaml +# Enable anonymous usage reporting. +# CLI flag: -reporting.enabled +[reporting_enabled: | default = true] + +# URL to which reports are sent +# CLI flag: -reporting.usage-stats-url +[usage_stats_url: | default = "https://stats.grafana.org/loki-usage-report"] +``` + +### attributes_config + +Define actions for matching OpenTelemetry (OTEL) attributes. + +```yaml +# Configures action to take on matching attributes. It allows one of +# [structured_metadata, drop] for all attribute types. It additionally allows +# index_label action for resource attributes +[action: | default = ""] + +# List of attributes to configure how to store them or drop them altogether +[attributes: ] + +# Regex to choose attributes to configure how to store them or drop them +# altogether +[regex: ] +``` + +### aws_storage_config + +The `aws_storage_config` block configures the connection to dynamoDB and S3 object storage. Either one of them or both can be configured. + +```yaml +# Deprecated: Configures storing indexes in DynamoDB. +dynamodb: + # DynamoDB endpoint URL with escaped Key and Secret encoded. If only region is + # specified as a host, proper endpoint will be deduced. Use + # inmemory:/// to use a mock in-memory implementation. + # CLI flag: -dynamodb.url + [dynamodb_url: ] + + # DynamoDB table management requests per second limit. + # CLI flag: -dynamodb.api-limit + [api_limit: | default = 2] + + # DynamoDB rate cap to back off when throttled. + # CLI flag: -dynamodb.throttle-limit + [throttle_limit: | default = 10] + + metrics: + # Use metrics-based autoscaling, via this query URL + # CLI flag: -metrics.url + [url: | default = ""] + + # Queue length above which we will scale up capacity + # CLI flag: -metrics.target-queue-length + [target_queue_length: | default = 100000] + + # Scale up capacity by this multiple + # CLI flag: -metrics.scale-up-factor + [scale_up_factor: | default = 1.3] + + # Ignore throttling below this level (rate per second) + # CLI flag: -metrics.ignore-throttle-below + [ignore_throttle_below: | default = 1] + + # query to fetch ingester queue length + # CLI flag: -metrics.queue-length-query + [queue_length_query: | default = "sum(avg_over_time(loki_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m])) or sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"] + + # query to fetch throttle rates per table + # CLI flag: -metrics.write-throttle-query + [write_throttle_query: | default = "sum(rate(cortex_dynamo_throttled_total{operation=\"DynamoDB.BatchWriteItem\"}[1m])) by (table) > 0"] + + # query to fetch write capacity usage per table + # CLI flag: -metrics.usage-query + [write_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.BatchWriteItem\"}[15m])) by (table) > 0"] + + # query to fetch read capacity usage per table + # CLI flag: -metrics.read-usage-query + [read_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.QueryPages\"}[1h])) by (table) > 0"] + + # query to fetch read errors per table + # CLI flag: -metrics.read-error-query + [read_error_query: | default = "sum(increase(cortex_dynamo_failures_total{operation=\"DynamoDB.QueryPages\",error=\"ProvisionedThroughputExceededException\"}[1m])) by (table) > 0"] + + # Number of chunks to group together to parallelise fetches (zero to disable) + # CLI flag: -dynamodb.chunk-gang-size + [chunk_gang_size: | default = 10] + + # Max number of chunk-get operations to start in parallel + # CLI flag: -dynamodb.chunk.get-max-parallelism + [chunk_get_max_parallelism: | default = 32] + + backoff_config: + # Minimum backoff time + # CLI flag: -dynamodb.min-backoff + [min_period: | default = 100ms] + + # Maximum backoff time + # CLI flag: -dynamodb.max-backoff + [max_period: | default = 50s] + + # Maximum number of times to retry an operation + # CLI flag: -dynamodb.max-retries + [max_retries: | default = 20] + + # KMS key used for encrypting DynamoDB items. DynamoDB will use an Amazon + # owned KMS key if not provided. + # CLI flag: -dynamodb.kms-key-id + [kms_key_id: | default = ""] + +# S3 endpoint URL with escaped Key and Secret encoded. If only region is +# specified as a host, proper endpoint will be deduced. Use +# inmemory:/// to use a mock in-memory implementation. +# CLI flag: -s3.url +[s3: ] + +# Set this to `true` to force the request to use path-style addressing. +# CLI flag: -s3.force-path-style +[s3forcepathstyle: | default = false] + +# Comma separated list of bucket names to evenly distribute chunks over. +# Overrides any buckets specified in s3.url flag +# CLI flag: -s3.buckets +[bucketnames: | default = ""] + +# S3 Endpoint to connect to. +# CLI flag: -s3.endpoint +[endpoint: | default = ""] + +# AWS region to use. +# CLI flag: -s3.region +[region: | default = ""] + +# AWS Access Key ID +# CLI flag: -s3.access-key-id +[access_key_id: | default = ""] + +# AWS Secret Access Key +# CLI flag: -s3.secret-access-key +[secret_access_key: | default = ""] + +# AWS Session Token +# CLI flag: -s3.session-token +[session_token: | default = ""] + +# Disable https on s3 connection. +# CLI flag: -s3.insecure +[insecure: | default = false] + +http_config: + # Timeout specifies a time limit for requests made by s3 Client. + # CLI flag: -s3.http.timeout + [timeout: | default = 0s] + + # The maximum amount of time an idle connection will be held open. + # CLI flag: -s3.http.idle-conn-timeout + [idle_conn_timeout: | default = 1m30s] + + # If non-zero, specifies the amount of time to wait for a server's response + # headers after fully writing the request. + # CLI flag: -s3.http.response-header-timeout + [response_header_timeout: | default = 0s] + + # Set to true to skip verifying the certificate chain and hostname. + # CLI flag: -s3.http.insecure-skip-verify + [insecure_skip_verify: | default = false] + + # Path to the trusted CA file that signed the SSL certificate of the S3 + # endpoint. + # CLI flag: -s3.http.ca-file + [ca_file: | default = ""] + +# The signature version to use for authenticating against S3. Supported values +# are: v4. +# CLI flag: -s3.signature-version +[signature_version: | default = "v4"] + +# The S3 storage class which objects will use. Supported values are: GLACIER, +# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS, +# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. +# CLI flag: -s3.storage-class +[storage_class: | default = "STANDARD"] + +sse: + # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. + # CLI flag: -s3.sse.type + [type: | default = ""] + + # KMS Key ID used to encrypt objects in S3 + # CLI flag: -s3.sse.kms-key-id + [kms_key_id: | default = ""] + + # KMS Encryption Context used for object encryption. It expects JSON formatted + # string. + # CLI flag: -s3.sse.kms-encryption-context + [kms_encryption_context: | default = ""] + +# Configures back off when S3 get Object. +backoff_config: + # Minimum backoff time when s3 get Object + # CLI flag: -s3.min-backoff + [min_period: | default = 100ms] + + # Maximum backoff time when s3 get Object + # CLI flag: -s3.max-backoff + [max_period: | default = 3s] + + # Maximum number of times to retry when s3 get Object + # CLI flag: -s3.max-retries + [max_retries: | default = 5] +``` + +### azure_storage_config + +The `azure_storage_config` block configures the connection to Azure object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common.storage` +- `ruler.storage` + +  + +```yaml +# Azure Cloud environment. Supported values are: AzureGlobal, AzureChinaCloud, +# AzureGermanCloud, AzureUSGovernment. +# CLI flag: -.azure.environment +[environment: | default = "AzureGlobal"] + +# Azure storage account name. +# CLI flag: -.azure.account-name +[account_name: | default = ""] + +# Azure storage account key. +# CLI flag: -.azure.account-key +[account_key: | default = ""] + +# If `connection-string` is set, the values of `account-name` and +# `endpoint-suffix` values will not be used. Use this method over `account-key` +# if you need to authenticate via a SAS token. Or if you use the Azurite +# emulator. +# CLI flag: -.azure.connection-string +[connection_string: | default = ""] + +# Name of the storage account blob container used to store chunks. This +# container must be created before running cortex. +# CLI flag: -.azure.container-name +[container_name: | default = "loki"] + +# Azure storage endpoint suffix without schema. The storage account name will be +# prefixed to this value to create the FQDN. +# CLI flag: -.azure.endpoint-suffix +[endpoint_suffix: | default = ""] + +# Use Managed Identity to authenticate to the Azure storage account. +# CLI flag: -.azure.use-managed-identity +[use_managed_identity: | default = false] + +# Use Federated Token to authenticate to the Azure storage account. +# CLI flag: -.azure.use-federated-token +[use_federated_token: | default = false] + +# User assigned identity ID to authenticate to the Azure storage account. +# CLI flag: -.azure.user-assigned-id +[user_assigned_id: | default = ""] + +# Use Service Principal to authenticate through Azure OAuth. +# CLI flag: -.azure.use-service-principal +[use_service_principal: | default = false] + +# Azure Service Principal ID(GUID). +# CLI flag: -.azure.client-id +[client_id: | default = ""] + +# Azure Service Principal secret key. +# CLI flag: -.azure.client-secret +[client_secret: | default = ""] + +# Azure Tenant ID is used to authenticate through Azure OAuth. +# CLI flag: -.azure.tenant-id +[tenant_id: | default = ""] + +# Chunk delimiter for blob ID to be used +# CLI flag: -.azure.chunk-delimiter +[chunk_delimiter: | default = "-"] + +# Preallocated buffer size for downloads. +# CLI flag: -.azure.download-buffer-size +[download_buffer_size: | default = 512000] + +# Preallocated buffer size for uploads. +# CLI flag: -.azure.upload-buffer-size +[upload_buffer_size: | default = 256000] + +# Number of buffers used to used to upload a chunk. +# CLI flag: -.azure.download-buffer-count +[upload_buffer_count: | default = 1] + +# Timeout for requests made against azure blob storage. +# CLI flag: -.azure.request-timeout +[request_timeout: | default = 30s] + +# Number of retries for a request which times out. +# CLI flag: -.azure.max-retries +[max_retries: | default = 5] + +# Minimum time to wait before retrying a request. +# CLI flag: -.azure.min-retry-delay +[min_retry_delay: | default = 10ms] + +# Maximum time to wait before retrying a request. +# CLI flag: -.azure.max-retry-delay +[max_retry_delay: | default = 500ms] +``` + +### bloom_compactor + +Experimental: The `bloom_compactor` block configures the Loki bloom compactor server, responsible for compacting stream indexes into bloom filters and merging them as bloom blocks. + +```yaml +# Defines the ring to be used by the bloom-compactor servers. In case this isn't +# configured, this block supports inheriting configuration from the common ring +# section. +ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -bloom-compactor.ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -bloom-compactor.ring.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: bloom-compactor.ring + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: bloom-compactor.ring + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -bloom-compactor.ring.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -bloom-compactor.ring.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -bloom-compactor.ring.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -bloom-compactor.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -bloom-compactor.ring.heartbeat-period + [heartbeat_period: | default = 15s] + + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -bloom-compactor.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -bloom-compactor.ring.tokens-file-path + [tokens_file_path: | default = ""] + + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -bloom-compactor.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] + + # Number of tokens to use in the ring per compactor. Higher number of tokens + # will result in more and smaller files (metas and blocks.) + # CLI flag: -bloom-compactor.ring.num-tokens + [num_tokens: | default = 10] + + # Instance ID to register in the ring. + # CLI flag: -bloom-compactor.ring.instance-id + [instance_id: | default = ""] + + # Name of network interface to read address from. + # CLI flag: -bloom-compactor.ring.instance-interface-names + [instance_interface_names: | default = []] + + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -bloom-compactor.ring.instance-port + [instance_port: | default = 0] + + # IP address to advertise in the ring. + # CLI flag: -bloom-compactor.ring.instance-addr + [instance_addr: | default = ""] + + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -bloom-compactor.ring.instance-availability-zone + [instance_availability_zone: | default = ""] + + # Enable using a IPv6 instance address. + # CLI flag: -bloom-compactor.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] + +# Flag to enable or disable the usage of the bloom-compactor component. +# CLI flag: -bloom-compactor.enabled +[enabled: | default = false] + +# Interval at which to re-run the compaction operation. +# CLI flag: -bloom-compactor.compaction-interval +[compaction_interval: | default = 10m] + +# Newest day-table offset (from today, inclusive) to compact. Increase to lower +# cost by not re-writing data to object storage too frequently since recent data +# changes more often at the cost of not having blooms available as quickly. +# CLI flag: -bloom-compactor.min-table-offset +[min_table_offset: | default = 1] + +# Oldest day-table offset (from today, inclusive) to compact. This can be used +# to lower cost by not trying to compact older data which doesn't change. This +# can be optimized by aligning it with the maximum `reject_old_samples_max_age` +# setting of any tenant. +# CLI flag: -bloom-compactor.max-table-offset +[max_table_offset: | default = 2] + +# Number of workers to run in parallel for compaction. +# CLI flag: -bloom-compactor.worker-parallelism +[worker_parallelism: | default = 1] + +# Minimum backoff time between retries. +# CLI flag: -bloom-compactor.compaction-retries-min-backoff +[compaction_retries_min_backoff: | default = 10s] + +# Maximum backoff time between retries. +# CLI flag: -bloom-compactor.compaction-retries-max-backoff +[compaction_retries_max_backoff: | default = 1m] + +# Number of retries to perform when compaction fails. +# CLI flag: -bloom-compactor.compaction-retries +[compaction_retries: | default = 3] + +# Maximum number of tables to compact in parallel. While increasing this value, +# please make sure compactor has enough disk space allocated to be able to store +# and compact as many tables. +# CLI flag: -bloom-compactor.max-compaction-parallelism +[max_compaction_parallelism: | default = 1] + +retention: + # Enable bloom retention. + # CLI flag: -bloom-compactor.retention.enabled + [enabled: | default = false] + + # Max lookback days for retention. + # CLI flag: -bloom-compactor.retention.max-lookback-days + [max_lookback_days: | default = 365] +``` + +### bloom_gateway + +Experimental: The `bloom_gateway` block configures the Loki bloom gateway server, responsible for serving queries for filtering chunks based on filter expressions. + +```yaml +# Flag to enable or disable the bloom gateway component globally. +# CLI flag: -bloom-gateway.enabled +[enabled: | default = false] + +client: + # Configures the behavior of the connection pool. + pool_config: + # How frequently to clean up clients for servers that have gone away or are + # unhealthy. + # CLI flag: -bloom-gateway-client.pool.check-interval + [check_interval: | default = 10s] + + # Run a health check on each server during periodic cleanup. + # CLI flag: -bloom-gateway-client.pool.enable-health-check + [enable_health_check: | default = true] + + # Timeout for the health check if health check is enabled. + # CLI flag: -bloom-gateway-client.pool.health-check-timeout + [health_check_timeout: | default = 1s] + + # The grpc_client block configures the gRPC client used to communicate between + # a client and server component in Loki. + # The CLI flags prefix for this block configuration is: + # bloom-gateway-client.grpc + [grpc_client_config: ] + + results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # bloom-gateway-client.cache + [cache: ] + + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -bloom-gateway-client.cache.compression + [compression: | default = ""] + + # Flag to control whether to cache bloom gateway client requests/responses. + # CLI flag: -bloom-gateway-client.cache_results + [cache_results: | default = false] + + # Comma separated addresses list in DNS Service Discovery format: + # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes + # CLI flag: -bloom-gateway-client.addresses + [addresses: | default = ""] + +# Number of workers to use for filtering chunks concurrently. Usually set to 1x +# number of CPU cores. +# CLI flag: -bloom-gateway.worker-concurrency +[worker_concurrency: | default = 4] + +# Number of blocks processed concurrently on a single worker. Usually set to 2x +# number of CPU cores. +# CLI flag: -bloom-gateway.block-query-concurrency +[block_query_concurrency: | default = 8] + +# Maximum number of outstanding tasks per tenant. +# CLI flag: -bloom-gateway.max-outstanding-per-tenant +[max_outstanding_per_tenant: | default = 1024] + +# How many tasks are multiplexed at once. +# CLI flag: -bloom-gateway.num-multiplex-tasks +[num_multiplex_tasks: | default = 512] +``` + +### bos_storage_config + +The `bos_storage_config` block configures the connection to Baidu Object Storage (BOS) object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common.storage` +- `ruler.storage` + +  + +```yaml +# Name of BOS bucket. +# CLI flag: -.bos.bucket-name +[bucket_name: | default = ""] + +# BOS endpoint to connect to. +# CLI flag: -.bos.endpoint +[endpoint: | default = "bj.bcebos.com"] + +# Baidu Cloud Engine (BCE) Access Key ID. +# CLI flag: -.bos.access-key-id +[access_key_id: | default = ""] + +# Baidu Cloud Engine (BCE) Secret Access Key. +# CLI flag: -.bos.secret-access-key +[secret_access_key: | default = ""] +``` + +### cache_config + +The `cache_config` block configures the cache backend for a specific Loki component. The supported CLI flags `` used to reference this configuration block are: + +- `bloom-gateway-client.cache` +- `bloom.metas-cache` +- `frontend` +- `frontend.index-stats-results-cache` +- `frontend.instant-metric-results-cache` +- `frontend.label-results-cache` +- `frontend.series-results-cache` +- `frontend.volume-results-cache` +- `store.chunks-cache` +- `store.chunks-cache-l2` +- `store.index-cache-read` +- `store.index-cache-write` + +  + +```yaml +# The default validity of entries for caches unless overridden. +# CLI flag: -.default-validity +[default_validity: | default = 1h] + +background: + # At what concurrency to write back to cache. + # CLI flag: -.background.write-back-concurrency + [writeback_goroutines: | default = 1] + + # How many key batches to buffer for background write-back. Default is large + # to prefer size based limiting. + # CLI flag: -.background.write-back-buffer + [writeback_buffer: | default = 500000] + + # Size limit in bytes for background write-back. + # CLI flag: -.background.write-back-size-limit + [writeback_size_limit: | default = 500MB] + +memcached: + # How long keys stay in the memcache. + # CLI flag: -.memcached.expiration + [expiration: | default = 0s] + + # How many keys to fetch in each batch. + # CLI flag: -.memcached.batchsize + [batch_size: | default = 4] + + # Maximum active requests to memcache. + # CLI flag: -.memcached.parallelism + [parallelism: | default = 5] + +memcached_client: + # Hostname for memcached service to use. If empty and if addresses is unset, + # no memcached will be used. + # CLI flag: -.memcached.hostname + [host: | default = ""] + + # SRV service used to discover memcache servers. + # CLI flag: -.memcached.service + [service: | default = "memcached"] + + # Comma separated addresses list in DNS Service Discovery format: + # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes + # CLI flag: -.memcached.addresses + [addresses: | default = ""] + + # Maximum time to wait before giving up on memcached requests. + # CLI flag: -.memcached.timeout + [timeout: | default = 100ms] + + # Maximum number of idle connections in pool. + # CLI flag: -.memcached.max-idle-conns + [max_idle_conns: | default = 16] + + # The maximum size of an item stored in memcached. Bigger items are not + # stored. If set to 0, no maximum size is enforced. + # CLI flag: -.memcached.max-item-size + [max_item_size: | default = 0] + + # Period with which to poll DNS for memcache servers. + # CLI flag: -.memcached.update-interval + [update_interval: | default = 1m] + + # Use consistent hashing to distribute to memcache servers. + # CLI flag: -.memcached.consistent-hash + [consistent_hash: | default = true] + + # Trip circuit-breaker after this number of consecutive dial failures (if zero + # then circuit-breaker is disabled). + # CLI flag: -.memcached.circuit-breaker-consecutive-failures + [circuit_breaker_consecutive_failures: | default = 10] + + # Duration circuit-breaker remains open after tripping (if zero then 60 + # seconds is used). + # CLI flag: -.memcached.circuit-breaker-timeout + [circuit_breaker_timeout: | default = 10s] + + # Reset circuit-breaker counts after this long (if zero then never reset). + # CLI flag: -.memcached.circuit-breaker-interval + [circuit_breaker_interval: | default = 10s] + + # Enable connecting to Memcached with TLS. + # CLI flag: -.memcached.tls-enabled + [tls_enabled: | default = false] + + # Path to the client certificate, which will be used for authenticating with + # the server. Also requires the key path to be configured. + # CLI flag: -.memcached.tls-cert-path + [tls_cert_path: | default = ""] + + # Path to the key for the client certificate. Also requires the client + # certificate to be configured. + # CLI flag: -.memcached.tls-key-path + [tls_key_path: | default = ""] + + # Path to the CA certificates to validate server certificate against. If not + # set, the host's root CA certificates are used. + # CLI flag: -.memcached.tls-ca-path + [tls_ca_path: | default = ""] + + # Override the expected name on the server certificate. + # CLI flag: -.memcached.tls-server-name + [tls_server_name: | default = ""] + + # Skip validating server certificate. + # CLI flag: -.memcached.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] + + # Override the default cipher suite list (separated by commas). Allowed + # values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -.memcached.tls-cipher-suites + [tls_cipher_suites: | default = ""] + + # Override the default minimum TLS version. Allowed values: VersionTLS10, + # VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -.memcached.tls-min-version + [tls_min_version: | default = ""] + +redis: + # Redis Server or Cluster configuration endpoint to use for caching. A + # comma-separated list of endpoints for Redis Cluster or Redis Sentinel. If + # empty, no redis will be used. + # CLI flag: -.redis.endpoint + [endpoint: | default = ""] + + # Redis Sentinel master name. An empty string for Redis Server or Redis + # Cluster. + # CLI flag: -.redis.master-name + [master_name: | default = ""] + + # Maximum time to wait before giving up on redis requests. + # CLI flag: -.redis.timeout + [timeout: | default = 500ms] + + # How long keys stay in the redis. + # CLI flag: -.redis.expiration + [expiration: | default = 0s] + + # Database index. + # CLI flag: -.redis.db + [db: | default = 0] + + # Maximum number of connections in the pool. + # CLI flag: -.redis.pool-size + [pool_size: | default = 0] + + # Username to use when connecting to redis. + # CLI flag: -.redis.username + [username: | default = ""] + + # Password to use when connecting to redis. + # CLI flag: -.redis.password + [password: | default = ""] + + # Enable connecting to redis with TLS. + # CLI flag: -.redis.tls-enabled + [tls_enabled: | default = false] + + # Skip validating server certificate. + # CLI flag: -.redis.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] + + # Close connections after remaining idle for this duration. If the value is + # zero, then idle connections are not closed. + # CLI flag: -.redis.idle-timeout + [idle_timeout: | default = 0s] + + # Close connections older than this duration. If the value is zero, then the + # pool does not close connections based on age. + # CLI flag: -.redis.max-connection-age + [max_connection_age: | default = 0s] + + # By default, the Redis client only reads from the master node. Enabling this + # option can lower pressure on the master node by randomly routing read-only + # commands to the master and any available replicas. + # CLI flag: -.redis.route-randomly + [route_randomly: | default = false] + +embedded_cache: + # Whether embedded cache is enabled. + # CLI flag: -.embedded-cache.enabled + [enabled: | default = false] + + # Maximum memory size of the cache in MB. + # CLI flag: -.embedded-cache.max-size-mb + [max_size_mb: | default = 100] + + # Maximum number of entries in the cache. + # CLI flag: -.embedded-cache.max-size-items + [max_size_items: | default = 0] + + # The time to live for items in the cache before they get purged. + # CLI flag: -.embedded-cache.ttl + [ttl: | default = 1h] +``` + +### chunk_store_config + +The `chunk_store_config` block configures how chunks will be cached and how long to wait before saving them to the backing store. + +```yaml +# The cache_config block configures the cache backend for a specific Loki +# component. +# The CLI flags prefix for this block configuration is: store.chunks-cache +[chunk_cache_config: ] + +# The cache_config block configures the cache backend for a specific Loki +# component. +# The CLI flags prefix for this block configuration is: store.chunks-cache-l2 +[chunk_cache_config_l2: ] + +# Write dedupe cache is deprecated along with legacy index types (aws, +# aws-dynamo, bigtable, bigtable-hashed, cassandra, gcp, gcp-columnkey, +# grpc-store). +# Consider using TSDB index which does not require a write dedupe cache. +# The CLI flags prefix for this block configuration is: store.index-cache-write +[write_dedupe_cache_config: ] + +# Chunks will be handed off to the L2 cache after this duration. 0 to disable L2 +# cache. +# CLI flag: -store.chunks-cache-l2.handoff +[l2_chunk_cache_handoff: | default = 0s] + +# Cache index entries older than this period. 0 to disable. +# CLI flag: -store.cache-lookups-older-than +[cache_lookups_older_than: | default = 0s] +``` + +### common + +Common configuration to be shared between multiple modules. If a more specific configuration is given in other sections, the related configuration within this section will be ignored. + +```yaml +[path_prefix: | default = ""] + +storage: + # The s3_storage_config block configures the connection to Amazon S3 object + # storage backend. + # The CLI flags prefix for this block configuration is: common + [s3: ] + + # The gcs_storage_config block configures the connection to Google Cloud + # Storage object storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [gcs: ] + + # The azure_storage_config block configures the connection to Azure object + # storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [azure: ] + + # The alibabacloud_storage_config block configures the connection to Alibaba + # Cloud Storage object storage backend. + [alibabacloud: ] + + # The bos_storage_config block configures the connection to Baidu Object + # Storage (BOS) object storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [bos: ] + + # The swift_storage_config block configures the connection to OpenStack Object + # Storage (Swift) object storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [swift: ] + + filesystem: + # Directory to store chunks in. + # CLI flag: -common.storage.filesystem.chunk-directory + [chunks_directory: | default = ""] + + # Directory to store rules in. + # CLI flag: -common.storage.filesystem.rules-directory + [rules_directory: | default = ""] + + hedging: + # If set to a non-zero value a second request will be issued at the provided + # duration. Default is 0 (disabled) + # CLI flag: -common.storage.hedge-requests-at + [at: | default = 0s] + + # The maximum of hedge requests allowed. + # CLI flag: -common.storage.hedge-requests-up-to + [up_to: | default = 2] + + # The maximum of hedge requests allowed per seconds. + # CLI flag: -common.storage.hedge-max-per-second + [max_per_second: | default = 5] + + # The cos_storage_config block configures the connection to IBM Cloud Object + # Storage (COS) backend. + # The CLI flags prefix for this block configuration is: common.storage + [cos: ] + + congestion_control: + # Use storage congestion control (default: disabled). + # CLI flag: -common.storage.congestion-control.enabled + [enabled: | default = false] + + controller: + # Congestion control strategy to use (default: none, options: 'aimd'). + # CLI flag: -common.storage.congestion-control.strategy + [strategy: | default = ""] + + aimd: + # AIMD starting throughput window size: how many requests can be sent + # per second (default: 2000). + # CLI flag: -common.storage.congestion-control.strategy.aimd.start + [start: | default = 2000] + + # AIMD maximum throughput window size: upper limit of requests sent per + # second (default: 10000). + # CLI flag: -common.storage.congestion-control.strategy.aimd.upper-bound + [upper_bound: | default = 10000] + + # AIMD backoff factor when upstream service is throttled to decrease + # number of requests sent per second (default: 0.5). + # CLI flag: -common.storage.congestion-control.strategy.aimd.backoff-factor + [backoff_factor: | default = 0.5] + + retry: + # Congestion control retry strategy to use (default: none, options: + # 'limited'). + # CLI flag: -common.storage.congestion-control.retry.strategy + [strategy: | default = ""] + + # Maximum number of retries allowed. + # CLI flag: -common.storage.congestion-control.retry.strategy.limited.limit + [limit: | default = 2] + + hedging: + config: + [at: ] + + [up_to: ] + + [max_per_second: ] + + # Congestion control hedge strategy to use (default: none, options: + # 'limited'). + # CLI flag: -common.storage.congestion-control.hedge.strategy + [strategy: | default = ""] + +[persist_tokens: ] + +[replication_factor: ] + +ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -common.storage.ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -common.storage.ring.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: common.storage.ring + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: common.storage.ring + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -common.storage.ring.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -common.storage.ring.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -common.storage.ring.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -common.storage.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -common.storage.ring.heartbeat-period + [heartbeat_period: | default = 15s] + + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -common.storage.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -common.storage.ring.tokens-file-path + [tokens_file_path: | default = ""] + + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -common.storage.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] + + # Number of tokens to own in the ring. + # CLI flag: -common.storage.ring.num-tokens + [num_tokens: | default = 128] + + # Factor for data replication. + # CLI flag: -common.storage.ring.replication-factor + [replication_factor: | default = 3] + + # Instance ID to register in the ring. + # CLI flag: -common.storage.ring.instance-id + [instance_id: | default = ""] + + # Name of network interface to read address from. + # CLI flag: -common.storage.ring.instance-interface-names + [instance_interface_names: | default = []] + + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -common.storage.ring.instance-port + [instance_port: | default = 0] + + # IP address to advertise in the ring. + # CLI flag: -common.storage.ring.instance-addr + [instance_addr: | default = ""] + + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -common.storage.ring.instance-availability-zone + [instance_availability_zone: | default = ""] + + # Enable using a IPv6 instance address. + # CLI flag: -common.storage.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] + +[instance_interface_names: | default = []] + +[instance_addr: | default = ""] + +# the http address of the compactor in the form http://host:port +# CLI flag: -common.compactor-address +[compactor_address: | default = ""] + +# the grpc address of the compactor in the form host:port +# CLI flag: -common.compactor-grpc-address +[compactor_grpc_address: | default = ""] +``` + +### compactor + +The `compactor` block configures the compactor component, which compacts index shards for performance. + +```yaml +# Directory where files can be downloaded for compaction. +# CLI flag: -compactor.working-directory +[working_directory: | default = ""] + +# Interval at which to re-run the compaction operation. +# CLI flag: -compactor.compaction-interval +[compaction_interval: | default = 10m] + +# Interval at which to apply/enforce retention. 0 means run at same interval as +# compaction. If non-zero, it should always be a multiple of compaction +# interval. +# CLI flag: -compactor.apply-retention-interval +[apply_retention_interval: | default = 0s] + +# Activate custom (per-stream,per-tenant) retention. +# CLI flag: -compactor.retention-enabled +[retention_enabled: | default = false] + +# Delay after which chunks will be fully deleted during retention. +# CLI flag: -compactor.retention-delete-delay +[retention_delete_delay: | default = 2h] + +# The total amount of worker to use to delete chunks. +# CLI flag: -compactor.retention-delete-worker-count +[retention_delete_worker_count: | default = 150] + +# The maximum amount of time to spend running retention and deletion on any +# given table in the index. +# CLI flag: -compactor.retention-table-timeout +[retention_table_timeout: | default = 0s] + +# Store used for managing delete requests. +# CLI flag: -compactor.delete-request-store +[delete_request_store: | default = ""] + +# Path prefix for storing delete requests. +# CLI flag: -compactor.delete-request-store.key-prefix +[delete_request_store_key_prefix: | default = "index/"] + +# The max number of delete requests to run per compaction cycle. +# CLI flag: -compactor.delete-batch-size +[delete_batch_size: | default = 70] + +# Allow cancellation of delete request until duration after they are created. +# Data would be deleted only after delete requests have been older than this +# duration. Ideally this should be set to at least 24h. +# CLI flag: -compactor.delete-request-cancel-period +[delete_request_cancel_period: | default = 24h] + +# Constrain the size of any single delete request with line filters. When a +# delete request > delete_max_interval is input, the request is sharded into +# smaller requests of no more than delete_max_interval +# CLI flag: -compactor.delete-max-interval +[delete_max_interval: | default = 24h] + +# Maximum number of tables to compact in parallel. While increasing this value, +# please make sure compactor has enough disk space allocated to be able to store +# and compact as many tables. +# CLI flag: -compactor.max-compaction-parallelism +[max_compaction_parallelism: | default = 1] + +# Number of upload/remove operations to execute in parallel when finalizing a +# compaction. NOTE: This setting is per compaction operation, which can be +# executed in parallel. The upper bound on the number of concurrent uploads is +# upload_parallelism * max_compaction_parallelism. +# CLI flag: -compactor.upload-parallelism +[upload_parallelism: | default = 10] + +# The hash ring configuration used by compactors to elect a single instance for +# running compactions. The CLI flags prefix for this block config is: +# compactor.ring +compactor_ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -compactor.ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -compactor.ring.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: compactor.ring + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: compactor.ring + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -compactor.ring.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -compactor.ring.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -compactor.ring.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -compactor.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -compactor.ring.heartbeat-period + [heartbeat_period: | default = 15s] + + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -compactor.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -compactor.ring.tokens-file-path + [tokens_file_path: | default = ""] + + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -compactor.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] + + # Instance ID to register in the ring. + # CLI flag: -compactor.ring.instance-id + [instance_id: | default = ""] + + # Name of network interface to read address from. + # CLI flag: -compactor.ring.instance-interface-names + [instance_interface_names: | default = []] + + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -compactor.ring.instance-port + [instance_port: | default = 0] + + # IP address to advertise in the ring. + # CLI flag: -compactor.ring.instance-addr + [instance_addr: | default = ""] + + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -compactor.ring.instance-availability-zone + [instance_availability_zone: | default = ""] + + # Enable using a IPv6 instance address. + # CLI flag: -compactor.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] + +# Number of tables that compactor will try to compact. Newer tables are chosen +# when this is less than the number of tables available. +# CLI flag: -compactor.tables-to-compact +[tables_to_compact: | default = 0] + +# Do not compact N latest tables. Together with -compactor.run-once and +# -compactor.tables-to-compact, this is useful when clearing compactor backlogs. +# CLI flag: -compactor.skip-latest-n-tables +[skip_latest_n_tables: | default = 0] +``` + +### consul + +Configuration for a Consul client. Only applies if the selected kvstore is `consul`. The supported CLI flags `` used to reference this configuration block are: + +- `bloom-compactor.ring` +- `common.storage.ring` +- `compactor.ring` +- `distributor.ring` +- `index-gateway.ring` +- `pattern-ingester` +- `query-scheduler.ring` +- `ruler.ring` + +  + +```yaml +# Hostname and port of Consul. +# CLI flag: -.consul.hostname +[host: | default = "localhost:8500"] + +# ACL Token used to interact with Consul. +# CLI flag: -.consul.acl-token +[acl_token: | default = ""] + +# HTTP timeout when talking to Consul +# CLI flag: -.consul.client-timeout +[http_client_timeout: | default = 20s] + +# Enable consistent reads to Consul. +# CLI flag: -.consul.consistent-reads +[consistent_reads: | default = false] + +# Rate limit when watching key or prefix in Consul, in requests per second. 0 +# disables the rate limit. +# CLI flag: -.consul.watch-rate-limit +[watch_rate_limit: | default = 1] + +# Burst size used in rate limit. Values less than 1 are treated as 1. +# CLI flag: -.consul.watch-burst-size +[watch_burst_size: | default = 1] + +# Maximum duration to wait before retrying a Compare And Swap (CAS) operation. +# CLI flag: -.consul.cas-retry-delay +[cas_retry_delay: | default = 1s] +``` + +### cos_storage_config + +The `cos_storage_config` block configures the connection to IBM Cloud Object Storage (COS) backend. The supported CLI flags `` used to reference this configuration block are: + +- `common.storage` +- `ruler.storage` + +  + +```yaml +# Set this to `true` to force the request to use path-style addressing. +# CLI flag: -.cos.force-path-style +[forcepathstyle: | default = false] + +# Comma separated list of bucket names to evenly distribute chunks over. +# CLI flag: -.cos.buckets +[bucketnames: | default = ""] + +# COS Endpoint to connect to. +# CLI flag: -.cos.endpoint +[endpoint: | default = ""] + +# COS region to use. +# CLI flag: -.cos.region +[region: | default = ""] + +# COS HMAC Access Key ID. +# CLI flag: -.cos.access-key-id +[access_key_id: | default = ""] + +# COS HMAC Secret Access Key. +# CLI flag: -.cos.secret-access-key +[secret_access_key: | default = ""] + +http_config: + # The maximum amount of time an idle connection will be held open. + # CLI flag: -.cos.http.idle-conn-timeout + [idle_conn_timeout: | default = 1m30s] + + # If non-zero, specifies the amount of time to wait for a server's response + # headers after fully writing the request. + # CLI flag: -.cos.http.response-header-timeout + [response_header_timeout: | default = 0s] + +# Configures back off when cos get Object. +backoff_config: + # Minimum backoff time when cos get Object. + # CLI flag: -.cos.min-backoff + [min_period: | default = 100ms] + + # Maximum backoff time when cos get Object. + # CLI flag: -.cos.max-backoff + [max_period: | default = 3s] + + # Maximum number of times to retry when cos get Object. + # CLI flag: -.cos.max-retries + [max_retries: | default = 5] + +# IAM API key to access COS. +# CLI flag: -.cos.api-key +[api_key: | default = ""] + +# COS service instance id to use. +# CLI flag: -.cos.service-instance-id +[service_instance_id: | default = ""] + +# IAM Auth Endpoint for authentication. +# CLI flag: -.cos.auth-endpoint +[auth_endpoint: | default = "https://iam.cloud.ibm.com/identity/token"] + +# Compute resource token file path. +# CLI flag: -.cos.cr-token-file-path +[cr_token_file_path: | default = ""] + +# Name of the trusted profile. +# CLI flag: -.cos.trusted-profile-name +[trusted_profile_name: | default = ""] + +# ID of the trusted profile. +# CLI flag: -.cos.trusted-profile-id +[trusted_profile_id: | default = ""] +``` + +### distributor + +Configures the `distributor`. + +```yaml +ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -distributor.ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -distributor.ring.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: distributor.ring + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: distributor.ring + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -distributor.ring.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -distributor.ring.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -distributor.ring.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -distributor.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -distributor.ring.heartbeat-period + [heartbeat_period: | default = 5s] + + # The heartbeat timeout after which distributors are considered unhealthy + # within the ring. 0 = never (timeout disabled). + # CLI flag: -distributor.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # Name of network interface to read address from. + # CLI flag: -distributor.ring.instance-interface-names + [instance_interface_names: | default = []] + +rate_store: + # The max number of concurrent requests to make to ingester stream apis + # CLI flag: -distributor.rate-store.max-request-parallelism + [max_request_parallelism: | default = 200] + + # The interval on which distributors will update current stream rates from + # ingesters + # CLI flag: -distributor.rate-store.stream-rate-update-interval + [stream_rate_update_interval: | default = 1s] + + # Timeout for communication between distributors and any given ingester when + # updating rates + # CLI flag: -distributor.rate-store.ingester-request-timeout + [ingester_request_timeout: | default = 500ms] + + # If enabled, detailed logs and spans will be emitted. + # CLI flag: -distributor.rate-store.debug + [debug: | default = false] + +# Customize the logging of write failures. +write_failures_logging: + # Log volume allowed (per second). Default: 1KB. + # CLI flag: -distributor.write-failures-logging.rate + [rate: | default = 1KB] + + # Whether a insight=true key should be logged or not. Default: false. + # CLI flag: -distributor.write-failures-logging.add-insights-label + [add_insights_label: | default = false] + +otlp_config: + # List of default otlp resource attributes to be picked as index labels + # CLI flag: -distributor.otlp.default_resource_attributes_as_index_labels + [default_resource_attributes_as_index_labels: | default = [service.name service.namespace service.instance.id deployment.environment cloud.region cloud.availability_zone k8s.cluster.name k8s.namespace.name k8s.pod.name k8s.container.name container.name k8s.replicaset.name k8s.deployment.name k8s.statefulset.name k8s.daemonset.name k8s.cronjob.name k8s.job.name]] +``` + +### etcd + +Configuration for an ETCD v3 client. Only applies if the selected kvstore is `etcd`. The supported CLI flags `` used to reference this configuration block are: + +- `bloom-compactor.ring` +- `common.storage.ring` +- `compactor.ring` +- `distributor.ring` +- `index-gateway.ring` +- `pattern-ingester` +- `query-scheduler.ring` +- `ruler.ring` + +  + +```yaml +# The etcd endpoints to connect to. +# CLI flag: -.etcd.endpoints +[endpoints: | default = []] + +# The dial timeout for the etcd connection. +# CLI flag: -.etcd.dial-timeout +[dial_timeout: | default = 10s] + +# The maximum number of retries to do for failed ops. +# CLI flag: -.etcd.max-retries +[max_retries: | default = 10] + +# Enable TLS. +# CLI flag: -.etcd.tls-enabled +[tls_enabled: | default = false] + +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -.etcd.tls-cert-path +[tls_cert_path: | default = ""] + +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -.etcd.tls-key-path +[tls_key_path: | default = ""] + +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -.etcd.tls-ca-path +[tls_ca_path: | default = ""] + +# Override the expected name on the server certificate. +# CLI flag: -.etcd.tls-server-name +[tls_server_name: | default = ""] + +# Skip validating server certificate. +# CLI flag: -.etcd.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] + +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -.etcd.tls-cipher-suites +[tls_cipher_suites: | default = ""] + +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -.etcd.tls-min-version +[tls_min_version: | default = ""] + +# Etcd username. +# CLI flag: -.etcd.username +[username: | default = ""] + +# Etcd password. +# CLI flag: -.etcd.password +[password: | default = ""] +``` + +### frontend + +The `frontend` block configures the Loki query-frontend. + +```yaml +# Log queries that are slower than the specified duration. Set to 0 to disable. +# Set to < 0 to enable on all queries. +# CLI flag: -frontend.log-queries-longer-than +[log_queries_longer_than: | default = 0s] + +# Comma-separated list of request header names to include in query logs. Applies +# to both query stats and slow queries logs. +# CLI flag: -frontend.log-query-request-headers +[log_query_request_headers: | default = ""] + +# Max body size for downstream prometheus. +# CLI flag: -frontend.max-body-size +[max_body_size: | default = 10485760] + +# True to enable query statistics tracking. When enabled, a message with some +# statistics is logged for every query. +# CLI flag: -frontend.query-stats-enabled +[query_stats_enabled: | default = false] + +# Maximum number of outstanding requests per tenant per frontend; requests +# beyond this error with HTTP 429. +# CLI flag: -querier.max-outstanding-requests-per-tenant +[max_outstanding_per_tenant: | default = 2048] + +# In the event a tenant is repeatedly sending queries that lead the querier to +# crash or be killed due to an out-of-memory error, the crashed querier will be +# disconnected from the query frontend and a new querier will be immediately +# assigned to the tenant’s shard. This invalidates the assumption that shuffle +# sharding can be used to reduce the impact on tenants. This option mitigates +# the impact by configuring a delay between when a querier disconnects because +# of a crash and when the crashed querier is actually removed from the tenant's +# shard. +# CLI flag: -query-frontend.querier-forget-delay +[querier_forget_delay: | default = 0s] + +# DNS hostname used for finding query-schedulers. +# CLI flag: -frontend.scheduler-address +[scheduler_address: | default = ""] + +# How often to resolve the scheduler-address, in order to look for new +# query-scheduler instances. Also used to determine how often to poll the +# scheduler-ring for addresses if the scheduler-ring is configured. +# CLI flag: -frontend.scheduler-dns-lookup-period +[scheduler_dns_lookup_period: | default = 10s] + +# Number of concurrent workers forwarding queries to single query-scheduler. +# CLI flag: -frontend.scheduler-worker-concurrency +[scheduler_worker_concurrency: | default = 5] + +# The grpc_client block configures the gRPC client used to communicate between a +# client and server component in Loki. +# The CLI flags prefix for this block configuration is: +# frontend.grpc-client-config +[grpc_client_config: ] + +# Time to wait for inflight requests to finish before forcefully shutting down. +# This needs to be aligned with the query timeout and the graceful termination +# period of the process orchestrator. +# CLI flag: -frontend.graceful-shutdown-timeout +[graceful_shutdown_timeout: | default = 5m] + +# Name of network interface to read address from. This address is sent to +# query-scheduler and querier, which uses it to send the query response back to +# query-frontend. +# CLI flag: -frontend.instance-interface-names +[instance_interface_names: | default = []] + +# Defines the encoding for requests to and responses from the scheduler and +# querier. Can be 'json' or 'protobuf' (defaults to 'json'). +# CLI flag: -frontend.encoding +[encoding: | default = "json"] + +# Compress HTTP responses. +# CLI flag: -querier.compress-http-responses +[compress_responses: | default = true] + +# URL of downstream Loki. +# CLI flag: -frontend.downstream-url +[downstream_url: | default = ""] + +# URL of querier for tail proxy. +# CLI flag: -frontend.tail-proxy-url +[tail_proxy_url: | default = ""] + +# The TLS configuration. +[tail_tls_config: ] +``` + +### frontend_worker + +The `frontend_worker` configures the worker - running within the Loki querier - picking up and executing queries enqueued by the query-frontend. + +```yaml +# Address of query frontend service, in host:port format. If +# -querier.scheduler-address is set as well, querier will use scheduler instead. +# Only one of -querier.frontend-address or -querier.scheduler-address can be +# set. If neither is set, queries are only received via HTTP endpoint. +# CLI flag: -querier.frontend-address +[frontend_address: | default = ""] + +# Hostname (and port) of scheduler that querier will periodically resolve, +# connect to and receive queries from. Only one of -querier.frontend-address or +# -querier.scheduler-address can be set. If neither is set, queries are only +# received via HTTP endpoint. +# CLI flag: -querier.scheduler-address +[scheduler_address: | default = ""] + +# How often to query DNS for query-frontend or query-scheduler address. Also +# used to determine how often to poll the scheduler-ring for addresses if the +# scheduler-ring is configured. +# CLI flag: -querier.dns-lookup-period +[dns_lookup_duration: | default = 3s] + +# Querier ID, sent to frontend service to identify requests from the same +# querier. Defaults to hostname. +# CLI flag: -querier.id +[id: | default = ""] + +# Configures the querier gRPC client used to communicate with the +# query-frontend. This can't be used in conjunction with 'grpc_client_config'. +# The CLI flags prefix for this block configuration is: +# querier.frontend-grpc-client +[query_frontend_grpc_client: ] + +# Configures the querier gRPC client used to communicate with the query-frontend +# and with the query-scheduler. This can't be used in conjunction with +# 'query_frontend_grpc_client' or 'query_scheduler_grpc_client'. +# The CLI flags prefix for this block configuration is: querier.frontend-client +[grpc_client_config: ] + +# Configures the querier gRPC client used to communicate with the +# query-scheduler. This can't be used in conjunction with 'grpc_client_config'. +# The CLI flags prefix for this block configuration is: +# querier.scheduler-grpc-client +[query_scheduler_grpc_client: ] +``` + +### gcs_storage_config + +The `gcs_storage_config` block configures the connection to Google Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common.storage` +- `ruler.storage` + +  + +```yaml +# Name of GCS bucket. Please refer to +# https://cloud.google.com/docs/authentication/production for more information +# about how to configure authentication. +# CLI flag: -.gcs.bucketname +[bucket_name: | default = ""] + +# Service account key content in JSON format, refer to +# https://cloud.google.com/iam/docs/creating-managing-service-account-keys for +# creation. +# CLI flag: -.gcs.service-account +[service_account: | default = ""] + +# The size of the buffer that GCS client for each PUT request. 0 to disable +# buffering. +# CLI flag: -.gcs.chunk-buffer-size +[chunk_buffer_size: | default = 0] + +# The duration after which the requests to GCS should be timed out. +# CLI flag: -.gcs.request-timeout +[request_timeout: | default = 0s] + +# Enable OpenCensus (OC) instrumentation for all requests. +# CLI flag: -.gcs.enable-opencensus +[enable_opencensus: | default = true] + +# Enable HTTP2 connections. +# CLI flag: -.gcs.enable-http2 +[enable_http2: | default = true] + +# Enable automatic retries of failed idempotent requests. +# CLI flag: -.gcs.enable-retries +[enable_retries: | default = true] +``` + +### grpc_client + +The `grpc_client` block configures the gRPC client used to communicate between a client and server component in Loki. The supported CLI flags `` used to reference this configuration block are: + +- `bigtable` +- `bloom-build.builder.grpc` +- `bloom-gateway-client.grpc` +- `boltdb.shipper.index-gateway-client.grpc` +- `frontend.grpc-client-config` +- `ingester.client` +- `pattern-ingester.client` +- `querier.frontend-client` +- `querier.frontend-grpc-client` +- `querier.scheduler-grpc-client` +- `query-scheduler.grpc-client-config` +- `ruler.client` +- `tsdb.shipper.index-gateway-client.grpc` + +  + +```yaml +# gRPC client max receive message size (bytes). +# CLI flag: -.grpc-max-recv-msg-size +[max_recv_msg_size: | default = 104857600] + +# gRPC client max send message size (bytes). +# CLI flag: -.grpc-max-send-msg-size +[max_send_msg_size: | default = 104857600] + +# Use compression when sending messages. Supported values are: 'gzip', 'snappy' +# and '' (disable compression) +# CLI flag: -.grpc-compression +[grpc_compression: | default = ""] + +# Rate limit for gRPC client; 0 means disabled. +# CLI flag: -.grpc-client-rate-limit +[rate_limit: | default = 0] + +# Rate limit burst for gRPC client. +# CLI flag: -.grpc-client-rate-limit-burst +[rate_limit_burst: | default = 0] + +# Enable backoff and retry when we hit rate limits. +# CLI flag: -.backoff-on-ratelimits +[backoff_on_ratelimits: | default = false] + +backoff_config: + # Minimum delay when backing off. + # CLI flag: -.backoff-min-period + [min_period: | default = 100ms] + + # Maximum delay when backing off. + # CLI flag: -.backoff-max-period + [max_period: | default = 10s] + + # Number of times to backoff and retry before failing. + # CLI flag: -.backoff-retries + [max_retries: | default = 10] + +# Initial stream window size. Values less than the default are not supported and +# are ignored. Setting this to a value other than the default disables the BDP +# estimator. +# CLI flag: -.initial-stream-window-size +[initial_stream_window_size: | default = 63KiB1023B] + +# Initial connection window size. Values less than the default are not supported +# and are ignored. Setting this to a value other than the default disables the +# BDP estimator. +# CLI flag: -.initial-connection-window-size +[initial_connection_window_size: | default = 63KiB1023B] + +# Enable TLS in the gRPC client. This flag needs to be enabled when any other +# TLS flag is set. If set to false, insecure connection to gRPC server will be +# used. +# CLI flag: -.tls-enabled +[tls_enabled: | default = false] + +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -.tls-cert-path +[tls_cert_path: | default = ""] + +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -.tls-key-path +[tls_key_path: | default = ""] + +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -.tls-ca-path +[tls_ca_path: | default = ""] + +# Override the expected name on the server certificate. +# CLI flag: -.tls-server-name +[tls_server_name: | default = ""] + +# Skip validating server certificate. +# CLI flag: -.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] + +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -.tls-cipher-suites +[tls_cipher_suites: | default = ""] + +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -.tls-min-version +[tls_min_version: | default = ""] + +# The maximum amount of time to establish a connection. A value of 0 means +# default gRPC client connect timeout and backoff. +# CLI flag: -.connect-timeout +[connect_timeout: | default = 5s] + +# Initial backoff delay after first connection failure. Only relevant if +# ConnectTimeout > 0. +# CLI flag: -.connect-backoff-base-delay +[connect_backoff_base_delay: | default = 1s] + +# Maximum backoff delay when establishing a connection. Only relevant if +# ConnectTimeout > 0. +# CLI flag: -.connect-backoff-max-delay +[connect_backoff_max_delay: | default = 5s] +``` + +### index_gateway + +The `index_gateway` block configures the Loki index gateway server, responsible for serving index queries without the need to constantly interact with the object store. + +```yaml +# Defines in which mode the index gateway server will operate (default to +# 'simple'). It supports two modes: +# - 'simple': an index gateway server instance is responsible for handling, +# storing and returning requests for all indices for all tenants. +# - 'ring': an index gateway server instance is responsible for a subset of +# tenants instead of all tenants. +# CLI flag: -index-gateway.mode +[mode: | default = "simple"] + +# Defines the ring to be used by the index gateway servers and clients in case +# the servers are configured to run in 'ring' mode. In case this isn't +# configured, this block supports inheriting configuration from the common ring +# section. +ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -index-gateway.ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -index-gateway.ring.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: index-gateway.ring + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: index-gateway.ring + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -index-gateway.ring.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -index-gateway.ring.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -index-gateway.ring.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -index-gateway.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -index-gateway.ring.heartbeat-period + [heartbeat_period: | default = 15s] + + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -index-gateway.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -index-gateway.ring.tokens-file-path + [tokens_file_path: | default = ""] + + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -index-gateway.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] + + # Deprecated: How many index gateway instances are assigned to each tenant. + # Use -index-gateway.shard-size instead. The shard size is also a per-tenant + # setting. + # CLI flag: -replication-factor + [replication_factor: | default = 3] + + # Instance ID to register in the ring. + # CLI flag: -index-gateway.ring.instance-id + [instance_id: | default = ""] + + # Name of network interface to read address from. + # CLI flag: -index-gateway.ring.instance-interface-names + [instance_interface_names: | default = []] + + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -index-gateway.ring.instance-port + [instance_port: | default = 0] + + # IP address to advertise in the ring. + # CLI flag: -index-gateway.ring.instance-addr + [instance_addr: | default = ""] + + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -index-gateway.ring.instance-availability-zone + [instance_availability_zone: | default = ""] + + # Enable using a IPv6 instance address. + # CLI flag: -index-gateway.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] +``` + +### ingester + +The `ingester` block configures the ingester and how the ingester will register itself to a key value store. + +```yaml +# Configures how the lifecycle of the ingester will operate and where it will +# register for discovery. +lifecycler: + ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -ring.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected kvstore + # is consul. + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected + # kvstore is etcd. + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # The heartbeat timeout after which ingesters are skipped for reads/writes. + # 0 = never (timeout disabled). + # CLI flag: -ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # The number of ingesters to write to and read from. + # CLI flag: -distributor.replication-factor + [replication_factor: | default = 3] + + # True to enable the zone-awareness and replicate ingested samples across + # different availability zones. + # CLI flag: -distributor.zone-awareness-enabled + [zone_awareness_enabled: | default = false] + + # Comma-separated list of zones to exclude from the ring. Instances in + # excluded zones will be filtered out from the ring. + # CLI flag: -distributor.excluded-zones + [excluded_zones: | default = ""] + + # Number of tokens for each ingester. + # CLI flag: -ingester.num-tokens + [num_tokens: | default = 128] + + # Period at which to heartbeat to consul. 0 = disabled. + # CLI flag: -ingester.heartbeat-period + [heartbeat_period: | default = 5s] + + # Heartbeat timeout after which instance is assumed to be unhealthy. 0 = + # disabled. + # CLI flag: -ingester.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # Observe tokens after generating to resolve collisions. Useful when using + # gossiping ring. + # CLI flag: -ingester.observe-period + [observe_period: | default = 0s] + + # Period to wait for a claim from another member; will join automatically + # after this. + # CLI flag: -ingester.join-after + [join_after: | default = 0s] + + # Minimum duration to wait after the internal readiness checks have passed but + # before succeeding the readiness endpoint. This is used to slowdown + # deployment controllers (eg. Kubernetes) after an instance is ready and + # before they proceed with a rolling update, to give the rest of the cluster + # instances enough time to receive ring updates. + # CLI flag: -ingester.min-ready-duration + [min_ready_duration: | default = 15s] + + # Name of network interface to read address from. + # CLI flag: -ingester.lifecycler.interface + [interface_names: | default = []] + + # Enable IPv6 support. Required to make use of IP addresses from IPv6 + # interfaces. + # CLI flag: -ingester.enable-inet6 + [enable_inet6: | default = false] + + # Duration to sleep for before exiting, to ensure metrics are scraped. + # CLI flag: -ingester.final-sleep + [final_sleep: | default = 0s] + + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -ingester.tokens-file-path + [tokens_file_path: | default = ""] + + # The availability zone where this instance is running. + # CLI flag: -ingester.availability-zone + [availability_zone: | default = ""] + + # Unregister from the ring upon clean shutdown. It can be useful to disable + # for rolling restarts with consistent naming in conjunction with + # -distributor.extend-writes=false. + # CLI flag: -ingester.unregister-on-shutdown + [unregister_on_shutdown: | default = true] + + # When enabled the readiness probe succeeds only after all instances are + # ACTIVE and healthy in the ring, otherwise only the instance itself is + # checked. This option should be disabled if in your cluster multiple + # instances can be rolled out simultaneously, otherwise rolling updates may be + # slowed down. + # CLI flag: -ingester.readiness-check-ring-health + [readiness_check_ring_health: | default = true] + + # IP address to advertise in the ring. + # CLI flag: -ingester.lifecycler.addr + [address: | default = ""] + + # port to advertise in consul (defaults to server.grpc-listen-port). + # CLI flag: -ingester.lifecycler.port + [port: | default = 0] + + # ID to register in the ring. + # CLI flag: -ingester.lifecycler.ID + [id: | default = ""] + +# How many flushes can happen concurrently from each stream. +# CLI flag: -ingester.concurrent-flushes +[concurrent_flushes: | default = 32] + +# How often should the ingester see if there are any blocks to flush. The first +# flush check is delayed by a random time up to 0.8x the flush check period. +# Additionally, there is +/- 1% jitter added to the interval. +# CLI flag: -ingester.flush-check-period +[flush_check_period: | default = 30s] + +flush_op_backoff: + # Minimum backoff period when a flush fails. Each concurrent flush has its own + # backoff, see `ingester.concurrent-flushes`. + # CLI flag: -ingester.flush-op-backoff-min-period + [min_period: | default = 10s] + + # Maximum backoff period when a flush fails. Each concurrent flush has its own + # backoff, see `ingester.concurrent-flushes`. + # CLI flag: -ingester.flush-op-backoff-max-period + [max_period: | default = 1m] + + # Maximum retries for failed flushes. + # CLI flag: -ingester.flush-op-backoff-retries + [max_retries: | default = 10] + +# The timeout for an individual flush. Will be retried up to +# `flush-op-backoff-retries` times. +# CLI flag: -ingester.flush-op-timeout +[flush_op_timeout: | default = 10m] + +# How long chunks should be retained in-memory after they've been flushed. +# CLI flag: -ingester.chunks-retain-period +[chunk_retain_period: | default = 0s] + +# How long chunks should sit in-memory with no updates before being flushed if +# they don't hit the max block size. This means that half-empty chunks will +# still be flushed after a certain period as long as they receive no further +# activity. +# CLI flag: -ingester.chunks-idle-period +[chunk_idle_period: | default = 30m] + +# The targeted _uncompressed_ size in bytes of a chunk block When this threshold +# is exceeded the head block will be cut and compressed inside the chunk. +# CLI flag: -ingester.chunks-block-size +[chunk_block_size: | default = 262144] + +# A target _compressed_ size in bytes for chunks. This is a desired size not an +# exact size, chunks may be slightly bigger or significantly smaller if they get +# flushed for other reasons (e.g. chunk_idle_period). A value of 0 creates +# chunks with a fixed 10 blocks, a non zero value will create chunks with a +# variable number of blocks to meet the target size. +# CLI flag: -ingester.chunk-target-size +[chunk_target_size: | default = 1572864] + +# The algorithm to use for compressing chunk. (none, gzip, lz4-64k, snappy, +# lz4-256k, lz4-1M, lz4, flate, zstd) +# CLI flag: -ingester.chunk-encoding +[chunk_encoding: | default = "gzip"] + +# The maximum duration of a timeseries chunk in memory. If a timeseries runs for +# longer than this, the current chunk will be flushed to the store and a new +# chunk created. +# CLI flag: -ingester.max-chunk-age +[max_chunk_age: | default = 2h] + +# Forget about ingesters having heartbeat timestamps older than +# `ring.kvstore.heartbeat_timeout`. This is equivalent to clicking on the +# `/ring` `forget` button in the UI: the ingester is removed from the ring. This +# is a useful setting when you are sure that an unhealthy node won't return. An +# example is when not using stateful sets or the equivalent. Use +# `memberlist.rejoin_interval` > 0 to handle network partition cases when using +# a memberlist. +# CLI flag: -ingester.autoforget-unhealthy +[autoforget_unhealthy: | default = false] + +# Parameters used to synchronize ingesters to cut chunks at the same moment. +# Sync period is used to roll over incoming entry to a new chunk. If chunk's +# utilization isn't high enough (eg. less than 50% when sync_min_utilization is +# set to 0.5), then this chunk rollover doesn't happen. +# CLI flag: -ingester.sync-period +[sync_period: | default = 1h] + +# Minimum utilization of chunk when doing synchronization. +# CLI flag: -ingester.sync-min-utilization +[sync_min_utilization: | default = 0.1] + +# The maximum number of errors a stream will report to the user when a push +# fails. 0 to make unlimited. +# CLI flag: -ingester.max-ignored-stream-errors +[max_returned_stream_errors: | default = 10] + +# How far back should an ingester be allowed to query the store for data, for +# use only with boltdb-shipper/tsdb index and filesystem object store. -1 for +# infinite. +# CLI flag: -ingester.query-store-max-look-back-period +[query_store_max_look_back_period: | default = 0s] + +# The ingester WAL (Write Ahead Log) records incoming logs and stores them on +# the local file systems in order to guarantee persistence of acknowledged data +# in the event of a process crash. +wal: + # Enable writing of ingested data into WAL. + # CLI flag: -ingester.wal-enabled + [enabled: | default = true] + + # Directory where the WAL data is stored and/or recovered from. + # CLI flag: -ingester.wal-dir + [dir: | default = "wal"] + + # Interval at which checkpoints should be created. + # CLI flag: -ingester.checkpoint-duration + [checkpoint_duration: | default = 5m] + + # When WAL is enabled, should chunks be flushed to long-term storage on + # shutdown. + # CLI flag: -ingester.flush-on-shutdown + [flush_on_shutdown: | default = false] + + # Maximum memory size the WAL may use during replay. After hitting this, it + # will flush data to storage before continuing. A unit suffix (KB, MB, GB) may + # be applied. + # CLI flag: -ingester.wal-replay-memory-ceiling + [replay_memory_ceiling: | default = 4GB] + +# Shard factor used in the ingesters for the in process reverse index. This MUST +# be evenly divisible by ALL schema shard factors or Loki will not start. +# CLI flag: -ingester.index-shards +[index_shards: | default = 32] + +# Maximum number of dropped streams to keep in memory during tailing. +# CLI flag: -ingester.tailer.max-dropped-streams +[max_dropped_streams: | default = 10] + +# Path where the shutdown marker file is stored. If not set and +# common.path_prefix is set then common.path_prefix will be used. +# CLI flag: -ingester.shutdown-marker-path +[shutdown_marker_path: | default = ""] +``` + +### ingester_client + +The `ingester_client` block configures how the distributor will connect to ingesters. Only appropriate when running all components, the distributor, or the querier. + +```yaml +# Configures how connections are pooled. +pool_config: + # How frequently to clean up clients for ingesters that have gone away. + # CLI flag: -distributor.client-cleanup-period + [client_cleanup_period: | default = 15s] + + # Run a health check on each ingester client during periodic cleanup. + # CLI flag: -distributor.health-check-ingesters + [health_check_ingesters: | default = true] + + # How quickly a dead client will be removed after it has been detected to + # disappear. Set this to a value to allow time for a secondary health check to + # recover the missing client. + # CLI flag: -ingester.client.healthcheck-timeout + [remote_timeout: | default = 1s] + +# The remote request timeout on the client side. +# CLI flag: -ingester.client.timeout +[remote_timeout: | default = 5s] + +# Configures how the gRPC connection to ingesters work as a client. +# The CLI flags prefix for this block configuration is: ingester.client +[grpc_client_config: ] +``` + +### limits_config + +The `limits_config` block configures global and per-tenant limits in Loki. The values here can be overridden in the `overrides` section of the runtime_config file + +```yaml +# Whether the ingestion rate limit should be applied individually to each +# distributor instance (local), or evenly shared across the cluster (global). +# The ingestion rate strategy cannot be overridden on a per-tenant basis. +# - local: enforces the limit on a per distributor basis. The actual effective +# rate limit will be N times higher, where N is the number of distributor +# replicas. +# - global: enforces the limit globally, configuring a per-distributor local +# rate limiter as 'ingestion_rate / N', where N is the number of distributor +# replicas (it's automatically adjusted if the number of replicas change). The +# global strategy requires the distributors to form their own ring, which is +# used to keep track of the current number of healthy distributor replicas. +# CLI flag: -distributor.ingestion-rate-limit-strategy +[ingestion_rate_strategy: | default = "global"] + +# Per-user ingestion rate limit in sample size per second. Units in MB. +# CLI flag: -distributor.ingestion-rate-limit-mb +[ingestion_rate_mb: | default = 4] + +# Per-user allowed ingestion burst size (in sample size). Units in MB. The burst +# size refers to the per-distributor local rate limiter even in the case of the +# 'global' strategy, and should be set at least to the maximum logs size +# expected in a single push request. +# CLI flag: -distributor.ingestion-burst-size-mb +[ingestion_burst_size_mb: | default = 6] + +# Maximum length accepted for label names. +# CLI flag: -validation.max-length-label-name +[max_label_name_length: | default = 1024] + +# Maximum length accepted for label value. This setting also applies to the +# metric name. +# CLI flag: -validation.max-length-label-value +[max_label_value_length: | default = 2048] + +# Maximum number of label names per series. +# CLI flag: -validation.max-label-names-per-series +[max_label_names_per_series: | default = 15] + +# Whether or not old samples will be rejected. +# CLI flag: -validation.reject-old-samples +[reject_old_samples: | default = true] + +# Maximum accepted sample age before rejecting. +# CLI flag: -validation.reject-old-samples.max-age +[reject_old_samples_max_age: | default = 1w] + +# Duration which table will be created/deleted before/after it's needed; we +# won't accept sample from before this time. +# CLI flag: -validation.create-grace-period +[creation_grace_period: | default = 10m] + +# Maximum line size on ingestion path. Example: 256kb. Any log line exceeding +# this limit will be discarded unless `distributor.max-line-size-truncate` is +# set which in case it is truncated instead of discarding it completely. There +# is no limit when unset or set to 0. +# CLI flag: -distributor.max-line-size +[max_line_size: | default = 256KB] + +# Whether to truncate lines that exceed max_line_size. +# CLI flag: -distributor.max-line-size-truncate +[max_line_size_truncate: | default = false] + +# Alter the log line timestamp during ingestion when the timestamp is the same +# as the previous entry for the same stream. When enabled, if a log line in a +# push request has the same timestamp as the previous line for the same stream, +# one nanosecond is added to the log line. This will preserve the received order +# of log lines with the exact same timestamp when they are queried, by slightly +# altering their stored timestamp. NOTE: This is imperfect, because Loki accepts +# out of order writes, and another push request for the same stream could +# contain duplicate timestamps to existing entries and they will not be +# incremented. +# CLI flag: -validation.increment-duplicate-timestamps +[increment_duplicate_timestamp: | default = false] + +# If no service_name label exists, Loki maps a single label from the configured +# list to service_name. If none of the configured labels exist in the stream, +# label is set to unknown_service. Empty list disables setting the label. +# CLI flag: -validation.discover-service-name +[discover_service_name: | default = [service app application name app_kubernetes_io_name container container_name component workload job]] + +# Discover and add log levels during ingestion, if not present already. Levels +# would be added to Structured Metadata with name +# level/LEVEL/Level/Severity/severity/SEVERITY/lvl/LVL/Lvl (case-sensitive) and +# one of the values from 'trace', 'debug', 'info', 'warn', 'error', 'critical', +# 'fatal' (case insensitive). +# CLI flag: -validation.discover-log-levels +[discover_log_levels: | default = true] + +# When true an ingester takes into account only the streams that it owns +# according to the ring while applying the stream limit. +# CLI flag: -ingester.use-owned-stream-count +[use_owned_stream_count: | default = false] + +# Maximum number of active streams per user, per ingester. 0 to disable. +# CLI flag: -ingester.max-streams-per-user +[max_streams_per_user: | default = 0] + +# Maximum number of active streams per user, across the cluster. 0 to disable. +# When the global limit is enabled, each ingester is configured with a dynamic +# local limit based on the replication factor and the current number of healthy +# ingesters, and is kept updated whenever the number of ingesters change. +# CLI flag: -ingester.max-global-streams-per-user +[max_global_streams_per_user: | default = 5000] + +# Deprecated. When true, out-of-order writes are accepted. +# CLI flag: -ingester.unordered-writes +[unordered_writes: | default = true] + +# Maximum byte rate per second per stream, also expressible in human readable +# forms (1MB, 256KB, etc). +# CLI flag: -ingester.per-stream-rate-limit +[per_stream_rate_limit: | default = 3MB] + +# Maximum burst bytes per stream, also expressible in human readable forms (1MB, +# 256KB, etc). This is how far above the rate limit a stream can 'burst' before +# the stream is limited. +# CLI flag: -ingester.per-stream-rate-limit-burst +[per_stream_rate_limit_burst: | default = 15MB] + +# Maximum number of chunks that can be fetched in a single query. +# CLI flag: -store.query-chunk-limit +[max_chunks_per_query: | default = 2000000] + +# Limit the maximum of unique series that is returned by a metric query. When +# the limit is reached an error is returned. +# CLI flag: -querier.max-query-series +[max_query_series: | default = 500] + +# Limit how far back in time series data and metadata can be queried, up until +# lookback duration ago. This limit is enforced in the query frontend, the +# querier and the ruler. If the requested time range is outside the allowed +# range, the request will not fail, but will be modified to only query data +# within the allowed time range. The default value of 0 does not set a limit. +# CLI flag: -querier.max-query-lookback +[max_query_lookback: | default = 0s] + +# The limit to length of chunk store queries. 0 to disable. +# CLI flag: -store.max-query-length +[max_query_length: | default = 30d1h] + +# Limit the length of the [range] inside a range query. Default is 0 or +# unlimited +# CLI flag: -querier.max-query-range +[max_query_range: | default = 0s] + +# Maximum number of queries that will be scheduled in parallel by the frontend. +# CLI flag: -querier.max-query-parallelism +[max_query_parallelism: | default = 32] + +# Maximum number of queries will be scheduled in parallel by the frontend for +# TSDB schemas. +# CLI flag: -querier.tsdb-max-query-parallelism +[tsdb_max_query_parallelism: | default = 128] + +# Target maximum number of bytes assigned to a single sharded query. Also +# expressible in human readable forms (1GB, etc). Note: This is a _target_ and +# not an absolute limit. The actual limit can be higher, but the query planner +# will try to build shards up to this limit. +# CLI flag: -querier.tsdb-max-bytes-per-shard +[tsdb_max_bytes_per_shard: | default = 600MB] + +# sharding strategy to use in query planning. Suggested to use bounded once all +# nodes can recognize it. +# CLI flag: -limits.tsdb-sharding-strategy +[tsdb_sharding_strategy: | default = "power_of_two"] + +# Precompute chunks for TSDB queries. This can improve query performance at the +# cost of increased memory usage by computing chunks once during planning, +# reducing index calls. +# CLI flag: -querier.tsdb-precompute-chunks +[tsdb_precompute_chunks: | default = false] + +# Cardinality limit for index queries. +# CLI flag: -store.cardinality-limit +[cardinality_limit: | default = 100000] + +# Maximum number of stream matchers per query. +# CLI flag: -querier.max-streams-matcher-per-query +[max_streams_matchers_per_query: | default = 1000] + +# Maximum number of concurrent tail requests. +# CLI flag: -querier.max-concurrent-tail-requests +[max_concurrent_tail_requests: | default = 10] + +# Maximum number of log entries that will be returned for a query. +# CLI flag: -validation.max-entries-limit +[max_entries_limit_per_query: | default = 5000] + +# Most recent allowed cacheable result per-tenant, to prevent caching very +# recent results that might still be in flux. +# CLI flag: -frontend.max-cache-freshness +[max_cache_freshness_per_query: | default = 10m] + +# Do not cache metadata request if the end time is within the +# frontend.max-metadata-cache-freshness window. Set this to 0 to apply no such +# limits. Defaults to 24h. +# CLI flag: -frontend.max-metadata-cache-freshness +[max_metadata_cache_freshness: | default = 1d] + +# Do not cache requests with an end time that falls within Now minus this +# duration. 0 disables this feature (default). +# CLI flag: -frontend.max-stats-cache-freshness +[max_stats_cache_freshness: | default = 10m] + +# Maximum number of queriers that can handle requests for a single tenant. If +# set to 0 or value higher than number of available queriers, *all* queriers +# will handle requests for the tenant. Each frontend (or query-scheduler, if +# used) will select the same set of queriers for the same tenant (given that all +# queriers are connected to all frontends / query-schedulers). This option only +# works with queriers connecting to the query-frontend / query-scheduler, not +# when using downstream URL. +# CLI flag: -frontend.max-queriers-per-tenant +[max_queriers_per_tenant: | default = 0] + +# How much of the available query capacity ("querier" components in distributed +# mode, "read" components in SSD mode) can be used by a single tenant. Allowed +# values are 0.0 to 1.0. For example, setting this to 0.5 would allow a tenant +# to use half of the available queriers for processing the query workload. If +# set to 0, query capacity is determined by frontend.max-queriers-per-tenant. +# When both frontend.max-queriers-per-tenant and frontend.max-query-capacity are +# configured, smaller value of the resulting querier replica count is +# considered: min(frontend.max-queriers-per-tenant, ceil(querier_replicas * +# frontend.max-query-capacity)). *All* queriers will handle requests for the +# tenant if neither limits are applied. This option only works with queriers +# connecting to the query-frontend / query-scheduler, not when using downstream +# URL. Use this feature in a multi-tenant setup where you need to limit query +# capacity for certain tenants. +# CLI flag: -frontend.max-query-capacity +[max_query_capacity: | default = 0] + +# Number of days of index to be kept always downloaded for queries. Applies only +# to per user index in boltdb-shipper index store. 0 to disable. +# CLI flag: -store.query-ready-index-num-days +[query_ready_index_num_days: | default = 0] + +# Timeout when querying backends (ingesters or storage) during the execution of +# a query request. When a specific per-tenant timeout is used, the global +# timeout is ignored. +# CLI flag: -querier.query-timeout +[query_timeout: | default = 1m] + +# Split queries by a time interval and execute in parallel. The value 0 disables +# splitting by time. This also determines how cache keys are chosen when result +# caching is enabled. +# CLI flag: -querier.split-queries-by-interval +[split_queries_by_interval: | default = 1h] + +# Split metadata queries by a time interval and execute in parallel. The value 0 +# disables splitting metadata queries by time. This also determines how cache +# keys are chosen when label/series result caching is enabled. +# CLI flag: -querier.split-metadata-queries-by-interval +[split_metadata_queries_by_interval: | default = 1d] + +# Experimental. Split interval to use for the portion of metadata request that +# falls within `recent_metadata_query_window`. Rest of the request which is +# outside the window still uses `split_metadata_queries_by_interval`. If set to +# 0, the entire request defaults to using a split interval of +# `split_metadata_queries_by_interval.`. +# CLI flag: -experimental.querier.split-recent-metadata-queries-by-interval +[split_recent_metadata_queries_by_interval: | default = 1h] + +# Experimental. Metadata query window inside which +# `split_recent_metadata_queries_by_interval` gets applied, portion of the +# metadata request that falls in this window is split using +# `split_recent_metadata_queries_by_interval`. The value 0 disables using a +# different split interval for recent metadata queries. +# +# This is added to improve cacheability of recent metadata queries. Query split +# interval also determines the interval used in cache key. The default split +# interval of 24h is useful for caching long queries, each cache key holding 1 +# day's results. But metadata queries are often shorter than 24h, to cache them +# effectively we need a smaller split interval. `recent_metadata_query_window` +# along with `split_recent_metadata_queries_by_interval` help configure a +# shorter split interval for recent metadata queries. +# CLI flag: -experimental.querier.recent-metadata-query-window +[recent_metadata_query_window: | default = 0s] + +# Split instant metric queries by a time interval and execute in parallel. The +# value 0 disables splitting instant metric queries by time. This also +# determines how cache keys are chosen when instant metric query result caching +# is enabled. +# CLI flag: -querier.split-instant-metric-queries-by-interval +[split_instant_metric_queries_by_interval: | default = 1h] + +# Interval to use for time-based splitting when a request is within the +# `query_ingesters_within` window; defaults to `split-queries-by-interval` by +# setting to 0. +# CLI flag: -querier.split-ingester-queries-by-interval +[split_ingester_queries_by_interval: | default = 0s] + +# Limit queries that can be sharded. Queries within the time range of now and +# now minus this sharding lookback are not sharded. The default value of 0s +# disables the lookback, causing sharding of all queries at all times. +# CLI flag: -frontend.min-sharding-lookback +[min_sharding_lookback: | default = 0s] + +# Max number of bytes a query can fetch. Enforced in log and metric queries only +# when TSDB is used. The default value of 0 disables this limit. +# CLI flag: -frontend.max-query-bytes-read +[max_query_bytes_read: | default = 0B] + +# Max number of bytes a query can fetch after splitting and sharding. Enforced +# in log and metric queries only when TSDB is used. The default value of 0 +# disables this limit. +# CLI flag: -frontend.max-querier-bytes-read +[max_querier_bytes_read: | default = 150GB] + +# Enable log-volume endpoints. +# CLI flag: -limits.volume-enabled +[volume_enabled: | default = true] + +# The maximum number of aggregated series in a log-volume response +# CLI flag: -limits.volume-max-series +[volume_max_series: | default = 1000] + +# Maximum number of rules per rule group per-tenant. 0 to disable. +# CLI flag: -ruler.max-rules-per-rule-group +[ruler_max_rules_per_rule_group: | default = 0] + +# Maximum number of rule groups per-tenant. 0 to disable. +# CLI flag: -ruler.max-rule-groups-per-tenant +[ruler_max_rule_groups_per_tenant: | default = 0] + +# The default tenant's shard size when shuffle-sharding is enabled in the ruler. +# When this setting is specified in the per-tenant overrides, a value of 0 +# disables shuffle sharding for the tenant. +# CLI flag: -ruler.tenant-shard-size +[ruler_tenant_shard_size: | default = 0] + +# Disable recording rules remote-write. +[ruler_remote_write_disabled: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. The URL of the endpoint +# to send samples to. +[ruler_remote_write_url: | default = ""] + +# Deprecated: Use 'ruler_remote_write_config' instead. Timeout for requests to +# the remote write endpoint. +[ruler_remote_write_timeout: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Custom HTTP headers to be +# sent along with each remote write request. Be aware that headers that are set +# by Loki itself can't be overwritten. +[ruler_remote_write_headers: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. List of remote write +# relabel configurations. +[ruler_remote_write_relabel_configs: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Number of samples to +# buffer per shard before we block reading of more samples from the WAL. It is +# recommended to have enough capacity in each shard to buffer several requests +# to keep throughput up while processing occasional slow remote requests. +[ruler_remote_write_queue_capacity: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Minimum number of shards, +# i.e. amount of concurrency. +[ruler_remote_write_queue_min_shards: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of shards, +# i.e. amount of concurrency. +[ruler_remote_write_queue_max_shards: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Maximum number of samples +# per send. +[ruler_remote_write_queue_max_samples_per_send: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Maximum time a sample +# will wait in buffer. +[ruler_remote_write_queue_batch_send_deadline: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Initial retry delay. Gets +# doubled for every retry. +[ruler_remote_write_queue_min_backoff: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Maximum retry delay. +[ruler_remote_write_queue_max_backoff: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Retry upon receiving a +# 429 status code from the remote-write storage. This is experimental and might +# change in the future. +[ruler_remote_write_queue_retry_on_ratelimit: ] + +# Deprecated: Use 'ruler_remote_write_config' instead. Configures AWS's +# Signature Verification 4 signing process to sign every remote write request. +ruler_remote_write_sigv4_config: + [region: | default = ""] + + [access_key: | default = ""] + + [secret_key: | default = ""] + + [profile: | default = ""] + + [role_arn: | default = ""] + +# Configures global and per-tenant limits for remote write clients. A map with +# remote client id as key. +[ruler_remote_write_config: ] + +# Timeout for a remote rule evaluation. Defaults to the value of +# 'querier.query-timeout'. +[ruler_remote_evaluation_timeout: ] + +# Maximum size (in bytes) of the allowable response size from a remote rule +# evaluation. Set to 0 to allow any response size (default). +[ruler_remote_evaluation_max_response_size: ] + +# Deletion mode. Can be one of 'disabled', 'filter-only', or +# 'filter-and-delete'. When set to 'filter-only' or 'filter-and-delete', and if +# retention_enabled is true, then the log entry deletion API endpoints are +# available. +# CLI flag: -compactor.deletion-mode +[deletion_mode: | default = "filter-and-delete"] + +# Retention period to apply to stored data, only applies if retention_enabled is +# true in the compactor config. As of version 2.8.0, a zero value of 0 or 0s +# disables retention. In previous releases, Loki did not properly honor a zero +# value to disable retention and a really large value should be used instead. +# CLI flag: -store.retention +[retention_period: | default = 0s] + +# Per-stream retention to apply, if the retention is enable on the compactor +# side. +# Example: +# retention_stream: +# - selector: '{namespace="dev"}' +# priority: 1 +# period: 24h +# - selector: '{container="nginx"}' +# priority: 1 +# period: 744h +# Selector is a Prometheus labels matchers that will apply the 'period' +# retention only if the stream is matching. In case multiple stream are +# matching, the highest priority will be picked. If no rule is matched the +# 'retention_period' is used. +[retention_stream: ] + +# Feature renamed to 'runtime configuration', flag deprecated in favor of +# -runtime-config.file (runtime_config.file in YAML). +# CLI flag: -limits.per-user-override-config +[per_tenant_override_config: | default = ""] + +# Feature renamed to 'runtime configuration'; flag deprecated in favor of +# -runtime-config.reload-period (runtime_config.period in YAML). +# CLI flag: -limits.per-user-override-period +[per_tenant_override_period: | default = 10s] + +# Deprecated: Use deletion_mode per tenant configuration instead. +[allow_deletes: ] + +# Define streams sharding behavior. +shard_streams: + # Automatically shard streams to keep them under the per-stream rate limit. + # Sharding is dictated by the desired rate. + # CLI flag: -shard-streams.enabled + [enabled: | default = true] + + # Whether to log sharding streams behavior or not. Not recommended for + # production environments. + # CLI flag: -shard-streams.logging-enabled + [logging_enabled: | default = false] + + # Threshold used to cut a new shard. Default (1536KB) means if a rate is above + # 1536KB/s, it will be sharded into two streams. + # CLI flag: -shard-streams.desired-rate + [desired_rate: | default = 1536KB] + +[blocked_queries: ] + +# Define a list of required selector labels. +[required_labels: ] + +# Minimum number of label matchers a query should contain. +[minimum_labels_number: ] + +# The shard size defines how many index gateways should be used by a tenant for +# querying. If the global shard factor is 0, the global shard factor is set to +# the deprecated -replication-factor for backwards compatibility reasons. +# CLI flag: -index-gateway.shard-size +[index_gateway_shard_size: | default = 0] + +# Experimental. The shard size defines how many bloom gateways should be used by +# a tenant for querying. +# CLI flag: -bloom-gateway.shard-size +[bloom_gateway_shard_size: | default = 0] + +# Experimental. Whether to use the bloom gateway component in the read path to +# filter chunks. +# CLI flag: -bloom-gateway.enable-filtering +[bloom_gateway_enable_filtering: | default = false] + +# Experimental. Interval for computing the cache key in the Bloom Gateway. +# CLI flag: -bloom-gateway.cache-key-interval +[bloom_gateway_cache_key_interval: | default = 15m] + +# Experimental. The shard size defines how many bloom compactors should be used +# by a tenant when computing blooms. If it's set to 0, shuffle sharding is +# disabled. +# CLI flag: -bloom-compactor.shard-size +[bloom_compactor_shard_size: | default = 0] + +# Experimental. Whether to compact chunks into bloom filters. +# CLI flag: -bloom-compactor.enable-compaction +[bloom_compactor_enable_compaction: | default = false] + +# Experimental. The maximum bloom block size. A value of 0 sets an unlimited +# size. Default is 200MB. The actual block size might exceed this limit since +# blooms will be added to blocks until the block exceeds the maximum block size. +# CLI flag: -bloom-compactor.max-block-size +[bloom_compactor_max_block_size: | default = 200MB] + +# Experimental. The maximum bloom size per log stream. A log stream whose +# generated bloom filter exceeds this size will be discarded. A value of 0 sets +# an unlimited size. Default is 128MB. +# CLI flag: -bloom-compactor.max-bloom-size +[bloom_compactor_max_bloom_size: | default = 128MB] + +# Experimental. Whether to create blooms for the tenant. +# CLI flag: -bloom-build.enable +[bloom_creation_enabled: | default = false] + +# Experimental. Number of splits to create for the series keyspace when building +# blooms. The series keyspace is split into this many parts to parallelize bloom +# creation. +# CLI flag: -bloom-build.split-keyspace-by +[bloom_split_series_keyspace_by: | default = 256] + +# Experimental. Maximum number of builders to use when building blooms. 0 allows +# unlimited builders. +# CLI flag: -bloom-build.max-builders +[bloom_build_max_builders: | default = 0] + +# Experimental. Timeout for a builder to finish a task. If a builder does not +# respond within this time, it is considered failed and the task will be +# requeued. 0 disables the timeout. +# CLI flag: -bloom-build.builder-response-timeout +[bloom_build_builder_response_timeout: | default = 0s] + +# Experimental. Maximum number of retries for a failed task. If a task fails +# more than this number of times, it is considered failed and will not be +# retried. A value of 0 disables this limit. +# CLI flag: -bloom-build.task-max-retries +[bloom_build_task_max_retries: | default = 3] + +# Experimental. Length of the n-grams created when computing blooms from log +# lines. +# CLI flag: -bloom-compactor.ngram-length +[bloom_ngram_length: | default = 4] + +# Experimental. Skip factor for the n-grams created when computing blooms from +# log lines. +# CLI flag: -bloom-compactor.ngram-skip +[bloom_ngram_skip: | default = 1] + +# Experimental. Scalable Bloom Filter desired false-positive rate. +# CLI flag: -bloom-compactor.false-positive-rate +[bloom_false_positive_rate: | default = 0.01] + +# Experimental. Compression algorithm for bloom block pages. +# CLI flag: -bloom-compactor.block-encoding +[bloom_block_encoding: | default = "none"] + +# Allow user to send structured metadata in push payload. +# CLI flag: -validation.allow-structured-metadata +[allow_structured_metadata: | default = true] + +# Maximum size accepted for structured metadata per log line. +# CLI flag: -limits.max-structured-metadata-size +[max_structured_metadata_size: | default = 64KB] + +# Maximum number of structured metadata entries per log line. +# CLI flag: -limits.max-structured-metadata-entries-count +[max_structured_metadata_entries_count: | default = 128] + +# OTLP log ingestion configurations +otlp_config: + # Configuration for resource attributes to store them as index labels or + # Structured Metadata or drop them altogether + resource_attributes: + # Configure whether to ignore the default list of resource attributes set in + # 'distributor.otlp.default_resource_attributes_as_index_labels' to be + # stored as index labels and only use the given resource attributes config + [ignore_defaults: | default = false] + + [attributes_config: ] + + # Configuration for scope attributes to store them as Structured Metadata or + # drop them altogether + [scope_attributes: ] + + # Configuration for log attributes to store them as Structured Metadata or + # drop them altogether + [log_attributes: ] +``` + +### local_storage_config + +The `local_storage_config` block configures the usage of local file system as object storage backend. + +```yaml +# Directory to store chunks in. +# CLI flag: -local.chunk-directory +[directory: | default = ""] +``` + +### memberlist + +Configuration for `memberlist` client. Only applies if the selected kvstore is memberlist. + +When a memberlist config with atleast 1 join_members is defined, kvstore of type memberlist is automatically selected for all the components that require a ring unless otherwise specified in the component's configuration section. + +```yaml +# Name of the node in memberlist cluster. Defaults to hostname. +# CLI flag: -memberlist.nodename +[node_name: | default = ""] + +# Add random suffix to the node name. +# CLI flag: -memberlist.randomize-node-name +[randomize_node_name: | default = true] + +# The timeout for establishing a connection with a remote node, and for +# read/write operations. +# CLI flag: -memberlist.stream-timeout +[stream_timeout: | default = 10s] + +# Multiplication factor used when sending out messages (factor * log(N+1)). +# CLI flag: -memberlist.retransmit-factor +[retransmit_factor: | default = 4] + +# How often to use pull/push sync. +# CLI flag: -memberlist.pullpush-interval +[pull_push_interval: | default = 30s] + +# How often to gossip. +# CLI flag: -memberlist.gossip-interval +[gossip_interval: | default = 200ms] + +# How many nodes to gossip to. +# CLI flag: -memberlist.gossip-nodes +[gossip_nodes: | default = 3] + +# How long to keep gossiping to dead nodes, to give them chance to refute their +# death. +# CLI flag: -memberlist.gossip-to-dead-nodes-time +[gossip_to_dead_nodes_time: | default = 30s] + +# How soon can dead node's name be reclaimed with new address. 0 to disable. +# CLI flag: -memberlist.dead-node-reclaim-time +[dead_node_reclaim_time: | default = 0s] + +# Enable message compression. This can be used to reduce bandwidth usage at the +# cost of slightly more CPU utilization. +# CLI flag: -memberlist.compression-enabled +[compression_enabled: | default = true] + +# Gossip address to advertise to other members in the cluster. Used for NAT +# traversal. +# CLI flag: -memberlist.advertise-addr +[advertise_addr: | default = ""] + +# Gossip port to advertise to other members in the cluster. Used for NAT +# traversal. +# CLI flag: -memberlist.advertise-port +[advertise_port: | default = 7946] + +# The cluster label is an optional string to include in outbound packets and +# gossip streams. Other members in the memberlist cluster will discard any +# message whose label doesn't match the configured one, unless the +# 'cluster-label-verification-disabled' configuration option is set to true. +# CLI flag: -memberlist.cluster-label +[cluster_label: | default = ""] + +# When true, memberlist doesn't verify that inbound packets and gossip streams +# have the cluster label matching the configured one. This verification should +# be disabled while rolling out the change to the configured cluster label in a +# live memberlist cluster. +# CLI flag: -memberlist.cluster-label-verification-disabled +[cluster_label_verification_disabled: | default = false] + +# Other cluster members to join. Can be specified multiple times. It can be an +# IP, hostname or an entry specified in the DNS Service Discovery format. +# CLI flag: -memberlist.join +[join_members: | default = []] + +# Min backoff duration to join other cluster members. +# CLI flag: -memberlist.min-join-backoff +[min_join_backoff: | default = 1s] + +# Max backoff duration to join other cluster members. +# CLI flag: -memberlist.max-join-backoff +[max_join_backoff: | default = 1m] + +# Max number of retries to join other cluster members. +# CLI flag: -memberlist.max-join-retries +[max_join_retries: | default = 10] + +# If this node fails to join memberlist cluster, abort. +# CLI flag: -memberlist.abort-if-join-fails +[abort_if_cluster_join_fails: | default = false] + +# If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix +# the cluster split issue, and is harmless otherwise. For example when using +# only few components as a seed nodes (via -memberlist.join), then it's +# recommended to use rejoin. If -memberlist.join points to dynamic service that +# resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin +# is not needed. +# CLI flag: -memberlist.rejoin-interval +[rejoin_interval: | default = 0s] + +# How long to keep LEFT ingesters in the ring. +# CLI flag: -memberlist.left-ingesters-timeout +[left_ingesters_timeout: | default = 5m] + +# Timeout for leaving memberlist cluster. +# CLI flag: -memberlist.leave-timeout +[leave_timeout: | default = 20s] + +# How much space to use for keeping received and sent messages in memory for +# troubleshooting (two buffers). 0 to disable. +# CLI flag: -memberlist.message-history-buffer-bytes +[message_history_buffer_bytes: | default = 0] + +# IP address to listen on for gossip messages. Multiple addresses may be +# specified. Defaults to 0.0.0.0 +# CLI flag: -memberlist.bind-addr +[bind_addr: | default = []] + +# Port to listen on for gossip messages. +# CLI flag: -memberlist.bind-port +[bind_port: | default = 7946] + +# Timeout used when connecting to other nodes to send packet. +# CLI flag: -memberlist.packet-dial-timeout +[packet_dial_timeout: | default = 2s] + +# Timeout for writing 'packet' data. +# CLI flag: -memberlist.packet-write-timeout +[packet_write_timeout: | default = 5s] + +# Enable TLS on the memberlist transport layer. +# CLI flag: -memberlist.tls-enabled +[tls_enabled: | default = false] + +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -memberlist.tls-cert-path +[tls_cert_path: | default = ""] + +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -memberlist.tls-key-path +[tls_key_path: | default = ""] + +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -memberlist.tls-ca-path +[tls_ca_path: | default = ""] + +# Override the expected name on the server certificate. +# CLI flag: -memberlist.tls-server-name +[tls_server_name: | default = ""] + +# Skip validating server certificate. +# CLI flag: -memberlist.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] + +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -memberlist.tls-cipher-suites +[tls_cipher_suites: | default = ""] + +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -memberlist.tls-min-version +[tls_min_version: | default = ""] +``` + +### named_stores_config + +Configures additional object stores for a given storage provider. +Supported stores: aws, azure, bos, filesystem, gcs, swift. +Example: +storage_config: + named_stores: + aws: + store-1: + endpoint: s3://foo-bucket + region: us-west1 +Named store from this example can be used by setting object_store to store-1 in period_config. + +```yaml +[aws: ] + +[azure: ] + +[bos: ] + +[filesystem: ] + +[gcs: ] + +[alibabacloud: ] + +[swift: ] + +[cos: ] +``` + +### operational_config + +These are values which allow you to control aspects of Loki's operation, most commonly used for controlling types of higher verbosity logging, the values here can be overridden in the `configs` section of the `runtime_config` file. + +```yaml +# Log every new stream created by a push request (very verbose, recommend to +# enable via runtime config only). +# CLI flag: -operation-config.log-stream-creation +[log_stream_creation: | default = false] + +# Log every push request (very verbose, recommend to enable via runtime config +# only). +# CLI flag: -operation-config.log-push-request +[log_push_request: | default = false] + +# Log every stream in a push request (very verbose, recommend to enable via +# runtime config only). +# CLI flag: -operation-config.log-push-request-streams +[log_push_request_streams: | default = false] + +# Log push errors with a rate limited logger, will show client push errors +# without overly spamming logs. +# CLI flag: -operation-config.limited-log-push-errors +[limited_log_push_errors: | default = true] +``` + +### period_config + +The `period_config` block configures what index schemas should be used for from specific time periods. + +```yaml +# The date of the first day that index buckets should be created. Use a date in +# the past if this is your only period_config, otherwise use a date when you +# want the schema to switch over. In YYYY-MM-DD format, for example: 2018-04-15. +[from: ] + +# store and object_store below affect which key is used. Which +# index to use. Either tsdb or boltdb-shipper. Following stores are deprecated: +# aws, aws-dynamo, gcp, gcp-columnkey, bigtable, bigtable-hashed, cassandra, +# grpc. +[store: | default = ""] + +# Which store to use for the chunks. Either aws (alias s3), azure, gcs, +# alibabacloud, bos, cos, swift, filesystem, or a named_store (refer to +# named_stores_config). Following stores are deprecated: aws-dynamo, gcp, +# gcp-columnkey, bigtable, bigtable-hashed, cassandra, grpc. +[object_store: | default = ""] + +# The schema version to use, current recommended schema is v13. +[schema: | default = ""] + +# Configures how the index is updated and stored. +index: + # Path prefix for index tables. Prefix always needs to end with a path + # delimiter '/', except when the prefix is empty. + [path_prefix: | default = "index/"] + + # Table prefix for all period tables. + [prefix: | default = ""] + + # Table period. + [period: ] + + # A map to be added to all managed tables. + [tags: ] + +# Configured how the chunks are updated and stored. +chunks: + # Table prefix for all period tables. + [prefix: | default = ""] + + # Table period. + [period: ] + + # A map to be added to all managed tables. + [tags: ] + +# How many shards will be created. Only used if schema is v10 or greater. +[row_shards: | default = 16] +``` + +### querier + +Configures the `querier`. Only appropriate when running all modules or just the querier. + +```yaml +# Maximum duration for which the live tailing requests are served. +# CLI flag: -querier.tail-max-duration +[tail_max_duration: | default = 1h] + +# Time to wait before sending more than the minimum successful query requests. +# CLI flag: -querier.extra-query-delay +[extra_query_delay: | default = 0s] + +# Maximum lookback beyond which queries are not sent to ingester. 0 means all +# queries are sent to ingester. +# CLI flag: -querier.query-ingesters-within +[query_ingesters_within: | default = 3h] + +engine: + # The maximum amount of time to look back for log lines. Used only for instant + # log queries. + # CLI flag: -querier.engine.max-lookback-period + [max_look_back_period: | default = 30s] + +# The maximum number of queries that can be simultaneously processed by the +# querier. +# CLI flag: -querier.max-concurrent +[max_concurrent: | default = 4] + +# Only query the store, and not attempt any ingesters. This is useful for +# running a standalone querier pool operating only against stored data. +# CLI flag: -querier.query-store-only +[query_store_only: | default = false] + +# When true, queriers only query the ingesters, and not stored data. This is +# useful when the object store is unavailable. +# CLI flag: -querier.query-ingester-only +[query_ingester_only: | default = false] + +# When true, allow queries to span multiple tenants. +# CLI flag: -querier.multi-tenant-queries-enabled +[multi_tenant_queries_enabled: | default = false] + +# When true, querier limits sent via a header are enforced. +# CLI flag: -querier.per-request-limits-enabled +[per_request_limits_enabled: | default = false] +``` + +### query_range + +The `query_range` block configures the query splitting and caching in the Loki query-frontend. + +```yaml +# Mutate incoming queries to align their start and end with their step. +# CLI flag: -querier.align-querier-with-step +[align_queries_with_step: | default = false] + +results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: frontend + [cache: ] + + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.compression + [compression: | default = ""] + +# Cache query results. +# CLI flag: -querier.cache-results +[cache_results: | default = false] + +# Maximum number of retries for a single request; beyond this, the downstream +# error is returned. +# CLI flag: -querier.max-retries-per-request +[max_retries: | default = 5] + +# Perform query parallelisations based on storage sharding configuration and +# query ASTs. This feature is supported only by the chunks storage engine. +# CLI flag: -querier.parallelise-shardable-queries +[parallelise_shardable_queries: | default = true] + +# A comma-separated list of LogQL vector and range aggregations that should be +# sharded. Possible values 'quantile_over_time', 'last_over_time', +# 'first_over_time'. +# CLI flag: -querier.shard-aggregations +[shard_aggregations: | default = ""] + +# Cache index stats query results. +# CLI flag: -querier.cache-index-stats-results +[cache_index_stats_results: | default = true] + +# If a cache config is not specified and cache_index_stats_results is true, the +# config for the results cache is used. +index_stats_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.index-stats-results-cache + [cache: ] + + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.index-stats-results-cache.compression + [compression: | default = ""] + +# Cache volume query results. +# CLI flag: -querier.cache-volume-results +[cache_volume_results: | default = true] + +# If a cache config is not specified and cache_volume_results is true, the +# config for the results cache is used. +volume_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.volume-results-cache + [cache: ] + + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.volume-results-cache.compression + [compression: | default = ""] + +# Cache instant metric query results. +# CLI flag: -querier.cache-instant-metric-results +[cache_instant_metric_results: | default = false] + +# If a cache config is not specified and cache_instant_metric_results is true, +# the config for the results cache is used. +instant_metric_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.instant-metric-results-cache + [cache: ] + + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.instant-metric-results-cache.compression + [compression: | default = ""] + +# Whether to align the splits of instant metric query with splitByInterval and +# query's exec time. Useful when instant_metric_cache is enabled +# CLI flag: -querier.instant-metric-query-split-align +[instant_metric_query_split_align: | default = false] + +# Cache series query results. +# CLI flag: -querier.cache-series-results +[cache_series_results: | default = true] + +# If series_results_cache is not configured and cache_series_results is true, +# the config for the results cache is used. +series_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.series-results-cache + [cache: ] + + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.series-results-cache.compression + [compression: | default = ""] + +# Cache label query results. +# CLI flag: -querier.cache-label-results +[cache_label_results: | default = true] + +# If label_results_cache is not configured and cache_label_results is true, the +# config for the results cache is used. +label_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.label-results-cache + [cache: ] + + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.label-results-cache.compression + [compression: | default = ""] +``` + +### query_scheduler + +The `query_scheduler` block configures the Loki query scheduler. When configured it separates the tenant query queues from the query-frontend. + +```yaml +# Maximum number of outstanding requests per tenant per query-scheduler. +# In-flight requests above this limit will fail with HTTP response status code +# 429. +# CLI flag: -query-scheduler.max-outstanding-requests-per-tenant +[max_outstanding_requests_per_tenant: | default = 32000] + +# Maximum number of levels of nesting of hierarchical queues. 0 means that +# hierarchical queues are disabled. +# CLI flag: -query-scheduler.max-queue-hierarchy-levels +[max_queue_hierarchy_levels: | default = 3] + +# If a querier disconnects without sending notification about graceful shutdown, +# the query-scheduler will keep the querier in the tenant's shard until the +# forget delay has passed. This feature is useful to reduce the blast radius +# when shuffle-sharding is enabled. +# CLI flag: -query-scheduler.querier-forget-delay +[querier_forget_delay: | default = 0s] + +# This configures the gRPC client used to report errors back to the +# query-frontend. +# The CLI flags prefix for this block configuration is: +# query-scheduler.grpc-client-config +[grpc_client_config: ] + +# Set to true to have the query schedulers create and place themselves in a +# ring. If no frontend_address or scheduler_address are present anywhere else in +# the configuration, Loki will toggle this value to true. +# CLI flag: -query-scheduler.use-scheduler-ring +[use_scheduler_ring: | default = false] + +# The hash ring configuration. This option is required only if +# use_scheduler_ring is true. +scheduler_ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -query-scheduler.ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -query-scheduler.ring.prefix + [prefix: | default = "collectors/"] + + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: query-scheduler.ring + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: query-scheduler.ring + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -query-scheduler.ring.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -query-scheduler.ring.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -query-scheduler.ring.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -query-scheduler.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -query-scheduler.ring.heartbeat-period + [heartbeat_period: | default = 15s] + + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -query-scheduler.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -query-scheduler.ring.tokens-file-path + [tokens_file_path: | default = ""] + + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -query-scheduler.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] + + # Instance ID to register in the ring. + # CLI flag: -query-scheduler.ring.instance-id + [instance_id: | default = ""] + + # Name of network interface to read address from. + # CLI flag: -query-scheduler.ring.instance-interface-names + [instance_interface_names: | default = []] + + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -query-scheduler.ring.instance-port + [instance_port: | default = 0] + + # IP address to advertise in the ring. + # CLI flag: -query-scheduler.ring.instance-addr + [instance_addr: | default = ""] + + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -query-scheduler.ring.instance-availability-zone + [instance_availability_zone: | default = ""] + + # Enable using a IPv6 instance address. + # CLI flag: -query-scheduler.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] +``` + +### ruler + +The `ruler` block configures the Loki ruler. + +```yaml +# Base URL of the Grafana instance. +# CLI flag: -ruler.external.url +[external_url: ] + +# Datasource UID for the dashboard. +# CLI flag: -ruler.datasource-uid +[datasource_uid: | default = ""] + +# Labels to add to all alerts. +[external_labels: ] + +# The grpc_client block configures the gRPC client used to communicate between a +# client and server component in Loki. +# The CLI flags prefix for this block configuration is: ruler.client +[ruler_client: ] + +# How frequently to evaluate rules. +# CLI flag: -ruler.evaluation-interval +[evaluation_interval: | default = 1m] + +# How frequently to poll for rule changes. +# CLI flag: -ruler.poll-interval +[poll_interval: | default = 1m] + +# Deprecated: Use -ruler-storage. CLI flags and their respective YAML config +# options instead. +storage: + # Method to use for backend rule storage (configdb, azure, gcs, s3, swift, + # local, bos, cos) + # CLI flag: -ruler.storage.type + [type: | default = ""] + + # Configures backend rule storage for Azure. + # The CLI flags prefix for this block configuration is: ruler.storage + [azure: ] + + # Configures backend rule storage for AlibabaCloud Object Storage (OSS). + # The CLI flags prefix for this block configuration is: ruler + [alibabacloud: ] + + # Configures backend rule storage for GCS. + # The CLI flags prefix for this block configuration is: ruler.storage + [gcs: ] + + # Configures backend rule storage for S3. + # The CLI flags prefix for this block configuration is: ruler + [s3: ] + + # Configures backend rule storage for Baidu Object Storage (BOS). + # The CLI flags prefix for this block configuration is: ruler.storage + [bos: ] + + # Configures backend rule storage for Swift. + # The CLI flags prefix for this block configuration is: ruler.storage + [swift: ] + + # Configures backend rule storage for IBM Cloud Object Storage (COS). + # The CLI flags prefix for this block configuration is: ruler.storage + [cos: ] + + # Configures backend rule storage for a local file system directory. + local: + # Directory to scan for rules + # CLI flag: -ruler.storage.local.directory + [directory: | default = ""] + +# File path to store temporary rule files. +# CLI flag: -ruler.rule-path +[rule_path: | default = "/rules"] + +# Comma-separated list of Alertmanager URLs to send notifications to. Each +# Alertmanager URL is treated as a separate group in the configuration. Multiple +# Alertmanagers in HA per group can be supported by using DNS resolution via +# '-ruler.alertmanager-discovery'. +# CLI flag: -ruler.alertmanager-url +[alertmanager_url: | default = ""] + +# Use DNS SRV records to discover Alertmanager hosts. +# CLI flag: -ruler.alertmanager-discovery +[enable_alertmanager_discovery: | default = false] + +# How long to wait between refreshing DNS resolutions of Alertmanager hosts. +# CLI flag: -ruler.alertmanager-refresh-interval +[alertmanager_refresh_interval: | default = 1m] + +# If enabled requests to Alertmanager will utilize the V2 API. +# CLI flag: -ruler.alertmanager-use-v2 +[enable_alertmanager_v2: | default = false] + +# List of alert relabel configs. +[alert_relabel_configs: ] + +# Capacity of the queue for notifications to be sent to the Alertmanager. +# CLI flag: -ruler.notification-queue-capacity +[notification_queue_capacity: | default = 10000] + +# HTTP timeout duration when sending notifications to the Alertmanager. +# CLI flag: -ruler.notification-timeout +[notification_timeout: | default = 10s] + +alertmanager_client: + # Path to the client certificate, which will be used for authenticating with + # the server. Also requires the key path to be configured. + # CLI flag: -ruler.alertmanager-client.tls-cert-path + [tls_cert_path: | default = ""] + + # Path to the key for the client certificate. Also requires the client + # certificate to be configured. + # CLI flag: -ruler.alertmanager-client.tls-key-path + [tls_key_path: | default = ""] + + # Path to the CA certificates to validate server certificate against. If not + # set, the host's root CA certificates are used. + # CLI flag: -ruler.alertmanager-client.tls-ca-path + [tls_ca_path: | default = ""] + + # Override the expected name on the server certificate. + # CLI flag: -ruler.alertmanager-client.tls-server-name + [tls_server_name: | default = ""] + + # Skip validating server certificate. + # CLI flag: -ruler.alertmanager-client.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] + + # Override the default cipher suite list (separated by commas). Allowed + # values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -ruler.alertmanager-client.tls-cipher-suites + [tls_cipher_suites: | default = ""] + + # Override the default minimum TLS version. Allowed values: VersionTLS10, + # VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -ruler.alertmanager-client.tls-min-version + [tls_min_version: | default = ""] + + # HTTP Basic authentication username. It overrides the username set in the URL + # (if any). + # CLI flag: -ruler.alertmanager-client.basic-auth-username + [basic_auth_username: | default = ""] + + # HTTP Basic authentication password. It overrides the password set in the URL + # (if any). + # CLI flag: -ruler.alertmanager-client.basic-auth-password + [basic_auth_password: | default = ""] + + # HTTP Header authorization type (default: Bearer). + # CLI flag: -ruler.alertmanager-client.type + [type: | default = "Bearer"] + + # HTTP Header authorization credentials. + # CLI flag: -ruler.alertmanager-client.credentials + [credentials: | default = ""] + + # HTTP Header authorization credentials file. + # CLI flag: -ruler.alertmanager-client.credentials-file + [credentials_file: | default = ""] + +# Max time to tolerate outage for restoring "for" state of alert. +# CLI flag: -ruler.for-outage-tolerance +[for_outage_tolerance: | default = 1h] + +# Minimum duration between alert and restored "for" state. This is maintained +# only for alerts with configured "for" time greater than the grace period. +# CLI flag: -ruler.for-grace-period +[for_grace_period: | default = 10m] + +# Minimum amount of time to wait before resending an alert to Alertmanager. +# CLI flag: -ruler.resend-delay +[resend_delay: | default = 1m] + +# Distribute rule evaluation using ring backend. +# CLI flag: -ruler.enable-sharding +[enable_sharding: | default = false] + +# The sharding strategy to use. Supported values are: default, shuffle-sharding. +# CLI flag: -ruler.sharding-strategy +[sharding_strategy: | default = "default"] + +# The sharding algorithm to use for deciding how rules & groups are sharded. +# Supported values are: by-group, by-rule. +# CLI flag: -ruler.sharding-algo +[sharding_algo: | default = "by-group"] + +# Time to spend searching for a pending ruler when shutting down. +# CLI flag: -ruler.search-pending-for +[search_pending_for: | default = 5m] + +# Ring used by Loki ruler. The CLI flags prefix for this block configuration is +# 'ruler.ring'. +ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -ruler.ring.store + [store: | default = "consul"] + + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -ruler.ring.prefix + [prefix: | default = "rulers/"] + + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: ruler.ring + [consul: ] + + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: ruler.ring + [etcd: ] + + multi: + # Primary backend storage used by multi-client. + # CLI flag: -ruler.ring.multi.primary + [primary: | default = ""] + + # Secondary backend storage used by multi-client. + # CLI flag: -ruler.ring.multi.secondary + [secondary: | default = ""] + + # Mirror writes to secondary store. + # CLI flag: -ruler.ring.multi.mirror-enabled + [mirror_enabled: | default = false] + + # Timeout for storing value to secondary store. + # CLI flag: -ruler.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] + + # Interval between heartbeats sent to the ring. 0 = disabled. + # CLI flag: -ruler.ring.heartbeat-period + [heartbeat_period: | default = 5s] + + # The heartbeat timeout after which ruler ring members are considered + # unhealthy within the ring. 0 = never (timeout disabled). + # CLI flag: -ruler.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] + + # Name of network interface to read addresses from. + # CLI flag: -ruler.ring.instance-interface-names + [instance_interface_names: | default = []] + + # The number of tokens the lifecycler will generate and put into the ring if + # it joined without transferring tokens from another lifecycler. + # CLI flag: -ruler.ring.num-tokens + [num_tokens: | default = 128] + +# Period with which to attempt to flush rule groups. +# CLI flag: -ruler.flush-period +[flush_period: | default = 1m] + +# Enable the ruler API. +# CLI flag: -ruler.enable-api +[enable_api: | default = true] + +# Comma separated list of tenants whose rules this ruler can evaluate. If +# specified, only these tenants will be handled by ruler, otherwise this ruler +# can process rules from all tenants. Subject to sharding. +# CLI flag: -ruler.enabled-tenants +[enabled_tenants: | default = ""] + +# Comma separated list of tenants whose rules this ruler cannot evaluate. If +# specified, a ruler that would normally pick the specified tenant(s) for +# processing will ignore them instead. Subject to sharding. +# CLI flag: -ruler.disabled-tenants +[disabled_tenants: | default = ""] + +# Report the wall time for ruler queries to complete as a per user metric and as +# an info level log message. +# CLI flag: -ruler.query-stats-enabled +[query_stats_enabled: | default = false] + +# Disable the rule_group label on exported metrics. +# CLI flag: -ruler.disable-rule-group-label +[disable_rule_group_label: | default = false] + +wal: + # The directory in which to write tenant WAL files. Each tenant will have its + # own directory one level below this directory. + # CLI flag: -ruler.wal.dir + [dir: | default = "ruler-wal"] + + # Frequency with which to run the WAL truncation process. + # CLI flag: -ruler.wal.truncate-frequency + [truncate_frequency: | default = 1h] + + # Minimum age that samples must exist in the WAL before being truncated. + # CLI flag: -ruler.wal.min-age + [min_age: | default = 5m] + + # Maximum age that samples must exist in the WAL before being truncated. + # CLI flag: -ruler.wal.max-age + [max_age: | default = 4h] + +wal_cleaner: + # The minimum age of a WAL to consider for cleaning. + # CLI flag: -ruler.wal-cleaner.min-age + [min_age: | default = 12h] + + # How often to run the WAL cleaner. 0 = disabled. + # CLI flag: -ruler.wal-cleaner.period + [period: | default = 0s] + +# Remote-write configuration to send rule samples to a Prometheus remote-write +# endpoint. +remote_write: + # Deprecated: Use 'clients' instead. Configure remote write client. + [client: ] + + # Configure remote write clients. A map with remote client id as key. + [clients: ] + + # Enable remote-write functionality. + # CLI flag: -ruler.remote-write.enabled + [enabled: | default = false] + + # Minimum period to wait between refreshing remote-write reconfigurations. + # This should be greater than or equivalent to + # -limits.per-user-override-period. + # CLI flag: -ruler.remote-write.config-refresh-period + [config_refresh_period: | default = 10s] + + # Add X-Scope-OrgID header in remote write requests. + # CLI flag: -ruler.remote-write.add-org-id-header + [add_org_id_header: | default = true] + +# Configuration for rule evaluation. +evaluation: + # The evaluation mode for the ruler. Can be either 'local' or 'remote'. If set + # to 'local', the ruler will evaluate rules locally. If set to 'remote', the + # ruler will evaluate rules remotely. If unset, the ruler will evaluate rules + # locally. + # CLI flag: -ruler.evaluation.mode + [mode: | default = "local"] + + # Upper bound of random duration to wait before rule evaluation to avoid + # contention during concurrent execution of rules. Jitter is calculated + # consistently for a given rule. Set 0 to disable (default). + # CLI flag: -ruler.evaluation.max-jitter + [max_jitter: | default = 0s] + + query_frontend: + # GRPC listen address of the query-frontend(s). Must be a DNS address + # (prefixed with dns:///) to enable client side load balancing. + # CLI flag: -ruler.evaluation.query-frontend.address + [address: | default = ""] + + # Set to true if query-frontend connection requires TLS. + # CLI flag: -ruler.evaluation.query-frontend.tls-enabled + [tls_enabled: | default = false] + + # Path to the client certificate, which will be used for authenticating with + # the server. Also requires the key path to be configured. + # CLI flag: -ruler.evaluation.query-frontend.tls-cert-path + [tls_cert_path: | default = ""] + + # Path to the key for the client certificate. Also requires the client + # certificate to be configured. + # CLI flag: -ruler.evaluation.query-frontend.tls-key-path + [tls_key_path: | default = ""] + + # Path to the CA certificates to validate server certificate against. If not + # set, the host's root CA certificates are used. + # CLI flag: -ruler.evaluation.query-frontend.tls-ca-path + [tls_ca_path: | default = ""] + + # Override the expected name on the server certificate. + # CLI flag: -ruler.evaluation.query-frontend.tls-server-name + [tls_server_name: | default = ""] + + # Skip validating server certificate. + # CLI flag: -ruler.evaluation.query-frontend.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] + + # Override the default cipher suite list (separated by commas). Allowed + # values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -ruler.evaluation.query-frontend.tls-cipher-suites + [tls_cipher_suites: | default = ""] + + # Override the default minimum TLS version. Allowed values: VersionTLS10, + # VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -ruler.evaluation.query-frontend.tls-min-version + [tls_min_version: | default = ""] +``` + +### runtime_config + +Configuration for 'runtime config' module, responsible for reloading runtime configuration file. + +```yaml +# How often to check runtime config files. +# CLI flag: -runtime-config.reload-period +[period: | default = 10s] + +# Comma separated list of yaml files with the configuration that can be updated +# at runtime. Runtime config files will be merged from left to right. +# CLI flag: -runtime-config.file +[file: | default = ""] +``` + +### s3_storage_config + +The `s3_storage_config` block configures the connection to Amazon S3 object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common` +- `ruler` + +  + +```yaml +# S3 endpoint URL with escaped Key and Secret encoded. If only region is +# specified as a host, proper endpoint will be deduced. Use +# inmemory:/// to use a mock in-memory implementation. +# CLI flag: -.storage.s3.url +[s3: ] + +# Set this to `true` to force the request to use path-style addressing. +# CLI flag: -.storage.s3.force-path-style +[s3forcepathstyle: | default = false] + +# Comma separated list of bucket names to evenly distribute chunks over. +# Overrides any buckets specified in s3.url flag +# CLI flag: -.storage.s3.buckets +[bucketnames: | default = ""] + +# S3 Endpoint to connect to. +# CLI flag: -.storage.s3.endpoint +[endpoint: | default = ""] + +# AWS region to use. +# CLI flag: -.storage.s3.region +[region: | default = ""] + +# AWS Access Key ID +# CLI flag: -.storage.s3.access-key-id +[access_key_id: | default = ""] + +# AWS Secret Access Key +# CLI flag: -.storage.s3.secret-access-key +[secret_access_key: | default = ""] + +# AWS Session Token +# CLI flag: -.storage.s3.session-token +[session_token: | default = ""] + +# Disable https on s3 connection. +# CLI flag: -.storage.s3.insecure +[insecure: | default = false] + +http_config: + # Timeout specifies a time limit for requests made by s3 Client. + # CLI flag: -.storage.s3.http.timeout + [timeout: | default = 0s] + + # The maximum amount of time an idle connection will be held open. + # CLI flag: -.storage.s3.http.idle-conn-timeout + [idle_conn_timeout: | default = 1m30s] + + # If non-zero, specifies the amount of time to wait for a server's response + # headers after fully writing the request. + # CLI flag: -.storage.s3.http.response-header-timeout + [response_header_timeout: | default = 0s] + + # Set to true to skip verifying the certificate chain and hostname. + # CLI flag: -.storage.s3.http.insecure-skip-verify + [insecure_skip_verify: | default = false] + + # Path to the trusted CA file that signed the SSL certificate of the S3 + # endpoint. + # CLI flag: -.storage.s3.http.ca-file + [ca_file: | default = ""] + +# The signature version to use for authenticating against S3. Supported values +# are: v4. +# CLI flag: -.storage.s3.signature-version +[signature_version: | default = "v4"] + +# The S3 storage class which objects will use. Supported values are: GLACIER, +# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS, +# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. +# CLI flag: -.storage.s3.storage-class +[storage_class: | default = "STANDARD"] + +sse: + # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. + # CLI flag: -.storage.s3.sse.type + [type: | default = ""] + + # KMS Key ID used to encrypt objects in S3 + # CLI flag: -.storage.s3.sse.kms-key-id + [kms_key_id: | default = ""] + + # KMS Encryption Context used for object encryption. It expects JSON formatted + # string. + # CLI flag: -.storage.s3.sse.kms-encryption-context + [kms_encryption_context: | default = ""] + +# Configures back off when S3 get Object. +backoff_config: + # Minimum backoff time when s3 get Object + # CLI flag: -.storage.s3.min-backoff + [min_period: | default = 100ms] + + # Maximum backoff time when s3 get Object + # CLI flag: -.storage.s3.max-backoff + [max_period: | default = 3s] + + # Maximum number of times to retry when s3 get Object + # CLI flag: -.storage.s3.max-retries + [max_retries: | default = 5] +``` + +### schema_config + +Configures the chunk index schema and where it is stored. + +```yaml +[configs: ] +``` + +### server + +Configures the `server` of the launched module(s). + +```yaml +# HTTP server listen network, default tcp +# CLI flag: -server.http-listen-network +[http_listen_network: | default = "tcp"] + +# HTTP server listen address. +# CLI flag: -server.http-listen-address +[http_listen_address: | default = ""] + +# HTTP server listen port. +# CLI flag: -server.http-listen-port +[http_listen_port: | default = 3100] + +# Maximum number of simultaneous http connections, <=0 to disable +# CLI flag: -server.http-conn-limit +[http_listen_conn_limit: | default = 0] + +# gRPC server listen network +# CLI flag: -server.grpc-listen-network +[grpc_listen_network: | default = "tcp"] + +# gRPC server listen address. +# CLI flag: -server.grpc-listen-address +[grpc_listen_address: | default = ""] + +# gRPC server listen port. +# CLI flag: -server.grpc-listen-port +[grpc_listen_port: | default = 9095] + +# Maximum number of simultaneous grpc connections, <=0 to disable +# CLI flag: -server.grpc-conn-limit +[grpc_listen_conn_limit: | default = 0] + +# Comma-separated list of cipher suites to use. If blank, the default Go cipher +# suites is used. +# CLI flag: -server.tls-cipher-suites +[tls_cipher_suites: | default = ""] + +# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11, +# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used. +# CLI flag: -server.tls-min-version +[tls_min_version: | default = ""] + +http_tls_config: + # Server TLS certificate. This configuration parameter is YAML only. + [cert: | default = ""] + + # Server TLS key. This configuration parameter is YAML only. + [key: | default = ""] + + # Root certificate authority used to verify client certificates. This + # configuration parameter is YAML only. + [client_ca: | default = ""] + + # HTTP server cert path. + # CLI flag: -server.http-tls-cert-path + [cert_file: | default = ""] + + # HTTP server key path. + # CLI flag: -server.http-tls-key-path + [key_file: | default = ""] + + # HTTP TLS Client Auth type. + # CLI flag: -server.http-tls-client-auth + [client_auth_type: | default = ""] + + # HTTP TLS Client CA path. + # CLI flag: -server.http-tls-ca-path + [client_ca_file: | default = ""] + +grpc_tls_config: + # Server TLS certificate. This configuration parameter is YAML only. + [cert: | default = ""] + + # Server TLS key. This configuration parameter is YAML only. + [key: | default = ""] + + # Root certificate authority used to verify client certificates. This + # configuration parameter is YAML only. + [client_ca: | default = ""] + + # GRPC TLS server cert path. + # CLI flag: -server.grpc-tls-cert-path + [cert_file: | default = ""] + + # GRPC TLS server key path. + # CLI flag: -server.grpc-tls-key-path + [key_file: | default = ""] + + # GRPC TLS Client Auth type. + # CLI flag: -server.grpc-tls-client-auth + [client_auth_type: | default = ""] + + # GRPC TLS Client CA path. + # CLI flag: -server.grpc-tls-ca-path + [client_ca_file: | default = ""] + +# Register the intrumentation handlers (/metrics etc). +# CLI flag: -server.register-instrumentation +[register_instrumentation: | default = true] + +# If set to true, gRPC statuses will be reported in instrumentation labels with +# their string representations. Otherwise, they will be reported as "error". +# CLI flag: -server.report-grpc-codes-in-instrumentation-label-enabled +[report_grpc_codes_in_instrumentation_label_enabled: | default = false] + +# Timeout for graceful shutdowns +# CLI flag: -server.graceful-shutdown-timeout +[graceful_shutdown_timeout: | default = 30s] + +# Read timeout for entire HTTP request, including headers and body. +# CLI flag: -server.http-read-timeout +[http_server_read_timeout: | default = 30s] + +# Read timeout for HTTP request headers. If set to 0, value of +# -server.http-read-timeout is used. +# CLI flag: -server.http-read-header-timeout +[http_server_read_header_timeout: | default = 0s] + +# Write timeout for HTTP server +# CLI flag: -server.http-write-timeout +[http_server_write_timeout: | default = 30s] + +# Idle timeout for HTTP server +# CLI flag: -server.http-idle-timeout +[http_server_idle_timeout: | default = 2m] + +# Log closed connections that did not receive any response, most likely because +# client didn't send any request within timeout. +# CLI flag: -server.http-log-closed-connections-without-response-enabled +[http_log_closed_connections_without_response_enabled: | default = false] + +# Limit on the size of a gRPC message this server can receive (bytes). +# CLI flag: -server.grpc-max-recv-msg-size-bytes +[grpc_server_max_recv_msg_size: | default = 4194304] + +# Limit on the size of a gRPC message this server can send (bytes). +# CLI flag: -server.grpc-max-send-msg-size-bytes +[grpc_server_max_send_msg_size: | default = 4194304] + +# Limit on the number of concurrent streams for gRPC calls per client connection +# (0 = unlimited) +# CLI flag: -server.grpc-max-concurrent-streams +[grpc_server_max_concurrent_streams: | default = 100] + +# The duration after which an idle connection should be closed. Default: +# infinity +# CLI flag: -server.grpc.keepalive.max-connection-idle +[grpc_server_max_connection_idle: | default = 2562047h47m16.854775807s] + +# The duration for the maximum amount of time a connection may exist before it +# will be closed. Default: infinity +# CLI flag: -server.grpc.keepalive.max-connection-age +[grpc_server_max_connection_age: | default = 2562047h47m16.854775807s] + +# An additive period after max-connection-age after which the connection will be +# forcibly closed. Default: infinity +# CLI flag: -server.grpc.keepalive.max-connection-age-grace +[grpc_server_max_connection_age_grace: | default = 2562047h47m16.854775807s] + +# Duration after which a keepalive probe is sent in case of no activity over the +# connection., Default: 2h +# CLI flag: -server.grpc.keepalive.time +[grpc_server_keepalive_time: | default = 2h] + +# After having pinged for keepalive check, the duration after which an idle +# connection should be closed, Default: 20s +# CLI flag: -server.grpc.keepalive.timeout +[grpc_server_keepalive_timeout: | default = 20s] + +# Minimum amount of time a client should wait before sending a keepalive ping. +# If client sends keepalive ping more often, server will send GOAWAY and close +# the connection. +# CLI flag: -server.grpc.keepalive.min-time-between-pings +[grpc_server_min_time_between_pings: | default = 10s] + +# If true, server allows keepalive pings even when there are no active +# streams(RPCs). If false, and client sends ping when there are no active +# streams, server will send GOAWAY and close the connection. +# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed +[grpc_server_ping_without_stream_allowed: | default = true] + +# If non-zero, configures the amount of GRPC server workers used to serve the +# requests. +# CLI flag: -server.grpc.num-workers +[grpc_server_num_workers: | default = 0] + +# Output log messages in the given format. Valid formats: [logfmt, json] +# CLI flag: -log.format +[log_format: | default = "logfmt"] + +# Only log messages with the given severity or above. Valid levels: [debug, +# info, warn, error] +# CLI flag: -log.level +[log_level: | default = "info"] + +# Optionally log the source IPs. +# CLI flag: -server.log-source-ips-enabled +[log_source_ips_enabled: | default = false] + +# Header field storing the source IPs. Only used if +# server.log-source-ips-enabled is true. If not set the default Forwarded, +# X-Real-IP and X-Forwarded-For headers are used +# CLI flag: -server.log-source-ips-header +[log_source_ips_header: | default = ""] + +# Regex for matching the source IPs. Only used if server.log-source-ips-enabled +# is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For +# headers are used +# CLI flag: -server.log-source-ips-regex +[log_source_ips_regex: | default = ""] + +# Optionally log request headers. +# CLI flag: -server.log-request-headers +[log_request_headers: | default = false] + +# Optionally log requests at info level instead of debug level. Applies to +# request headers as well if server.log-request-headers is enabled. +# CLI flag: -server.log-request-at-info-level-enabled +[log_request_at_info_level_enabled: | default = false] + +# Comma separated list of headers to exclude from loggin. Only used if +# server.log-request-headers is true. +# CLI flag: -server.log-request-headers-exclude-list +[log_request_exclude_headers_list: | default = ""] + +# Base path to serve all API routes from (e.g. /v1/) +# CLI flag: -server.path-prefix +[http_path_prefix: | default = ""] +``` + +### storage_config + +The `storage_config` block configures one of many possible stores for both the index and chunks. Which configuration to be picked should be defined in schema_config block. + +```yaml +# The alibabacloud_storage_config block configures the connection to Alibaba +# Cloud Storage object storage backend. +# The CLI flags prefix for this block configuration is: common +[alibabacloud: ] + +# The aws_storage_config block configures the connection to dynamoDB and S3 +# object storage. Either one of them or both can be configured. +[aws: ] + +# The azure_storage_config block configures the connection to Azure object +# storage backend. +[azure: ] + +# The bos_storage_config block configures the connection to Baidu Object Storage +# (BOS) object storage backend. +[bos: ] + +# Deprecated: Configures storing indexes in Bigtable. Required fields only +# required when bigtable is defined in config. +bigtable: + # Bigtable project ID. + # CLI flag: -bigtable.project + [project: | default = ""] + + # Bigtable instance ID. Please refer to + # https://cloud.google.com/docs/authentication/production for more information + # about how to configure authentication. + # CLI flag: -bigtable.instance + [instance: | default = ""] + + # The grpc_client block configures the gRPC client used to communicate between + # a client and server component in Loki. + # The CLI flags prefix for this block configuration is: bigtable + [grpc_client_config: ] + + # If enabled, once a tables info is fetched, it is cached. + # CLI flag: -bigtable.table-cache.enabled + [table_cache_enabled: | default = true] + + # Duration to cache tables before checking again. + # CLI flag: -bigtable.table-cache.expiration + [table_cache_expiration: | default = 30m] + +# Configures storing chunks in GCS. Required fields only required when gcs is +# defined in config. +[gcs: ] + +# Deprecated: Configures storing chunks and/or the index in Cassandra. +cassandra: + # Comma-separated hostnames or IPs of Cassandra instances. + # CLI flag: -cassandra.addresses + [addresses: | default = ""] + + # Port that Cassandra is running on + # CLI flag: -cassandra.port + [port: | default = 9042] + + # Keyspace to use in Cassandra. + # CLI flag: -cassandra.keyspace + [keyspace: | default = ""] + + # Consistency level for Cassandra. + # CLI flag: -cassandra.consistency + [consistency: | default = "QUORUM"] + + # Replication factor to use in Cassandra. + # CLI flag: -cassandra.replication-factor + [replication_factor: | default = 3] + + # Instruct the cassandra driver to not attempt to get host info from the + # system.peers table. + # CLI flag: -cassandra.disable-initial-host-lookup + [disable_initial_host_lookup: | default = false] + + # Use SSL when connecting to cassandra instances. + # CLI flag: -cassandra.ssl + [SSL: | default = false] + + # Require SSL certificate validation. + # CLI flag: -cassandra.host-verification + [host_verification: | default = true] + + # Policy for selecting Cassandra host. Supported values are: round-robin, + # token-aware. + # CLI flag: -cassandra.host-selection-policy + [host_selection_policy: | default = "round-robin"] + + # Path to certificate file to verify the peer. + # CLI flag: -cassandra.ca-path + [CA_path: | default = ""] + + # Path to certificate file used by TLS. + # CLI flag: -cassandra.tls-cert-path + [tls_cert_path: | default = ""] + + # Path to private key file used by TLS. + # CLI flag: -cassandra.tls-key-path + [tls_key_path: | default = ""] + + # Enable password authentication when connecting to cassandra. + # CLI flag: -cassandra.auth + [auth: | default = false] + + # Username to use when connecting to cassandra. + # CLI flag: -cassandra.username + [username: | default = ""] + + # Password to use when connecting to cassandra. + # CLI flag: -cassandra.password + [password: | default = ""] + + # File containing password to use when connecting to cassandra. + # CLI flag: -cassandra.password-file + [password_file: | default = ""] + + # If set, when authenticating with cassandra a custom authenticator will be + # expected during the handshake. This flag can be set multiple times. + # CLI flag: -cassandra.custom-authenticator + [custom_authenticators: | default = []] + + # Timeout when connecting to cassandra. + # CLI flag: -cassandra.timeout + [timeout: | default = 2s] + + # Initial connection timeout, used during initial dial to server. + # CLI flag: -cassandra.connect-timeout + [connect_timeout: | default = 5s] + + # Interval to retry connecting to cassandra nodes marked as DOWN. + # CLI flag: -cassandra.reconnent-interval + [reconnect_interval: | default = 1s] + + # Number of retries to perform on a request. Set to 0 to disable retries. + # CLI flag: -cassandra.max-retries + [max_retries: | default = 0] + + # Maximum time to wait before retrying a failed request. + # CLI flag: -cassandra.retry-max-backoff + [retry_max_backoff: | default = 10s] + + # Minimum time to wait before retrying a failed request. + # CLI flag: -cassandra.retry-min-backoff + [retry_min_backoff: | default = 100ms] + + # Limit number of concurrent queries to Cassandra. Set to 0 to disable the + # limit. + # CLI flag: -cassandra.query-concurrency + [query_concurrency: | default = 0] + + # Number of TCP connections per host. + # CLI flag: -cassandra.num-connections + [num_connections: | default = 2] + + # Convict hosts of being down on failure. + # CLI flag: -cassandra.convict-hosts-on-failure + [convict_hosts_on_failure: | default = true] + + # Table options used to create index or chunk tables. This value is used as + # plain text in the table `WITH` like this, "CREATE TABLE + # (...) WITH ". For details, + # see https://cortexmetrics.io/docs/production/cassandra. By default it will + # use the default table options of your Cassandra cluster. + # CLI flag: -cassandra.table-options + [table_options: | default = ""] + +# Deprecated: Configures storing index in BoltDB. Required fields only required +# when boltdb is present in the configuration. +boltdb: + # Location of BoltDB index files. + # CLI flag: -boltdb.dir + [directory: | default = ""] + +# Configures storing the chunks on the local file system. Required fields only +# required when filesystem is present in the configuration. +[filesystem: ] + +# The swift_storage_config block configures the connection to OpenStack Object +# Storage (Swift) object storage backend. +[swift: ] + +# Deprecated: +grpc_store: + # Hostname or IP of the gRPC store instance. + # CLI flag: -grpc-store.server-address + [server_address: | default = ""] + +hedging: + # If set to a non-zero value a second request will be issued at the provided + # duration. Default is 0 (disabled) + # CLI flag: -store.hedge-requests-at + [at: | default = 0s] + + # The maximum of hedge requests allowed. + # CLI flag: -store.hedge-requests-up-to + [up_to: | default = 2] + + # The maximum of hedge requests allowed per seconds. + # CLI flag: -store.hedge-max-per-second + [max_per_second: | default = 5] + +# Configures additional object stores for a given storage provider. +# Supported stores: aws, azure, bos, filesystem, gcs, swift. +# Example: +# storage_config: +# named_stores: +# aws: +# store-1: +# endpoint: s3://foo-bucket +# region: us-west1 +# Named store from this example can be used by setting object_store to store-1 +# in period_config. +[named_stores: ] + +# The cos_storage_config block configures the connection to IBM Cloud Object +# Storage (COS) backend. +[cos: ] + +# Cache validity for active index entries. Should be no higher than +# -ingester.max-chunk-idle. +# CLI flag: -store.index-cache-validity +[index_cache_validity: | default = 5m] + +congestion_control: + # Use storage congestion control (default: disabled). + # CLI flag: -store.congestion-control.enabled + [enabled: | default = false] + + controller: + # Congestion control strategy to use (default: none, options: 'aimd'). + # CLI flag: -store.congestion-control.strategy + [strategy: | default = ""] + + aimd: + # AIMD starting throughput window size: how many requests can be sent per + # second (default: 2000). + # CLI flag: -store.congestion-control.strategy.aimd.start + [start: | default = 2000] + + # AIMD maximum throughput window size: upper limit of requests sent per + # second (default: 10000). + # CLI flag: -store.congestion-control.strategy.aimd.upper-bound + [upper_bound: | default = 10000] + + # AIMD backoff factor when upstream service is throttled to decrease + # number of requests sent per second (default: 0.5). + # CLI flag: -store.congestion-control.strategy.aimd.backoff-factor + [backoff_factor: | default = 0.5] + + retry: + # Congestion control retry strategy to use (default: none, options: + # 'limited'). + # CLI flag: -store.congestion-control.retry.strategy + [strategy: | default = ""] + + # Maximum number of retries allowed. + # CLI flag: -store.congestion-control.retry.strategy.limited.limit + [limit: | default = 2] + + hedging: + config: + [at: ] + + [up_to: ] + + [max_per_second: ] + + # Congestion control hedge strategy to use (default: none, options: + # 'limited'). + # CLI flag: -store.congestion-control.hedge.strategy + [strategy: | default = ""] + +# Experimental. Sets a constant prefix for all keys inserted into object +# storage. Example: loki/ +# CLI flag: -store.object-prefix +[object_prefix: | default = ""] + +# The cache_config block configures the cache backend for a specific Loki +# component. +# The CLI flags prefix for this block configuration is: store.index-cache-read +[index_queries_cache_config: ] + +# Disable broad index queries which results in reduced cache usage and faster +# query performance at the expense of somewhat higher QPS on the index store. +# CLI flag: -store.disable-broad-index-queries +[disable_broad_index_queries: | default = false] + +# Maximum number of parallel chunk reads. +# CLI flag: -store.max-parallel-get-chunk +[max_parallel_get_chunk: | default = 150] + +# The maximum number of chunks to fetch per batch. +# CLI flag: -store.max-chunk-batch-size +[max_chunk_batch_size: | default = 50] + +# Configures storing index in an Object Store +# (GCS/S3/Azure/Swift/COS/Filesystem) in the form of boltdb files. Required +# fields only required when boltdb-shipper is defined in config. +boltdb_shipper: + # Directory where ingesters would write index files which would then be + # uploaded by shipper to configured storage + # CLI flag: -boltdb.shipper.active-index-directory + [active_index_directory: | default = ""] + + # Cache location for restoring index files from storage for queries + # CLI flag: -boltdb.shipper.cache-location + [cache_location: | default = ""] + + # TTL for index files restored in cache for queries + # CLI flag: -boltdb.shipper.cache-ttl + [cache_ttl: | default = 24h] + + # Resync downloaded files with the storage + # CLI flag: -boltdb.shipper.resync-interval + [resync_interval: | default = 5m] + + # Number of days of common index to be kept downloaded for queries. For per + # tenant index query readiness, use limits overrides config. + # CLI flag: -boltdb.shipper.query-ready-num-days + [query_ready_num_days: | default = 0] + + index_gateway_client: + # The grpc_client block configures the gRPC client used to communicate + # between a client and server component in Loki. + # The CLI flags prefix for this block configuration is: + # boltdb.shipper.index-gateway-client.grpc + [grpc_client_config: ] + + # Hostname or IP of the Index Gateway gRPC server running in simple mode. + # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A + # record with multiple IP's, a DNS SRV record with a followup A record + # lookup, or a DNS SRV record without a followup A record lookup, + # respectively. + # CLI flag: -boltdb.shipper.index-gateway-client.server-address + [server_address: | default = ""] + + # Whether requests sent to the gateway should be logged or not. + # CLI flag: -boltdb.shipper.index-gateway-client.log-gateway-requests + [log_gateway_requests: | default = false] + + [ingestername: | default = ""] + + [mode: | default = ""] + + [ingesterdbretainperiod: ] + + # Build per tenant index files + # CLI flag: -boltdb.shipper.build-per-tenant-index + [build_per_tenant_index: | default = false] + +# Configures storing index in an Object Store +# (GCS/S3/Azure/Swift/COS/Filesystem) in a prometheus TSDB-like format. Required +# fields only required when TSDB is defined in config. +tsdb_shipper: + # Directory where ingesters would write index files which would then be + # uploaded by shipper to configured storage + # CLI flag: -tsdb.shipper.active-index-directory + [active_index_directory: | default = ""] + + # Cache location for restoring index files from storage for queries + # CLI flag: -tsdb.shipper.cache-location + [cache_location: | default = ""] + + # TTL for index files restored in cache for queries + # CLI flag: -tsdb.shipper.cache-ttl + [cache_ttl: | default = 24h] + + # Resync downloaded files with the storage + # CLI flag: -tsdb.shipper.resync-interval + [resync_interval: | default = 5m] + + # Number of days of common index to be kept downloaded for queries. For per + # tenant index query readiness, use limits overrides config. + # CLI flag: -tsdb.shipper.query-ready-num-days + [query_ready_num_days: | default = 0] + + index_gateway_client: + # The grpc_client block configures the gRPC client used to communicate + # between a client and server component in Loki. + # The CLI flags prefix for this block configuration is: + # tsdb.shipper.index-gateway-client.grpc + [grpc_client_config: ] + + # Hostname or IP of the Index Gateway gRPC server running in simple mode. + # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A + # record with multiple IP's, a DNS SRV record with a followup A record + # lookup, or a DNS SRV record without a followup A record lookup, + # respectively. + # CLI flag: -tsdb.shipper.index-gateway-client.server-address + [server_address: | default = ""] + + # Whether requests sent to the gateway should be logged or not. + # CLI flag: -tsdb.shipper.index-gateway-client.log-gateway-requests + [log_gateway_requests: | default = false] + + [ingestername: | default = ""] + + [mode: | default = ""] + + [ingesterdbretainperiod: ] + +# Experimental: Configures the bloom shipper component, which contains the store +# abstraction to fetch bloom filters from and put them to object storage. +bloom_shipper: + # Working directory to store downloaded bloom blocks. Supports multiple + # directories, separated by comma. + # CLI flag: -bloom.shipper.working-directory + [working_directory: | default = "/data/blooms"] + + # Maximum size of bloom pages that should be queried. Larger pages than this + # limit are skipped when querying blooms to limit memory usage. + # CLI flag: -bloom.max-query-page-size + [max_query_page_size: | default = 64MiB] + + # The amount of maximum concurrent bloom blocks downloads. Usually set to 2x + # number of CPU cores. + # CLI flag: -bloom.download-parallelism + [download_parallelism: | default = 8] + + blocks_cache: + # Cache for bloom blocks. Soft limit of the cache in bytes. Exceeding this + # limit will trigger evictions of least recently used items in the + # background. + # CLI flag: -bloom.blocks-cache.soft-limit + [soft_limit: | default = 32GiB] + + # Cache for bloom blocks. Hard limit of the cache in bytes. Exceeding this + # limit will block execution until soft limit is deceeded. + # CLI flag: -bloom.blocks-cache.hard-limit + [hard_limit: | default = 64GiB] + + # Cache for bloom blocks. The time to live for items in the cache before + # they get purged. + # CLI flag: -bloom.blocks-cache.ttl + [ttl: | default = 24h] + + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: bloom.metas-cache + [metas_cache: ] + + metas_lru_cache: + # In-memory LRU cache for bloom metas. Whether embedded cache is enabled. + # CLI flag: -bloom.metas-lru-cache.enabled + [enabled: | default = false] + + # In-memory LRU cache for bloom metas. Maximum memory size of the cache in + # MB. + # CLI flag: -bloom.metas-lru-cache.max-size-mb + [max_size_mb: | default = 100] + + # In-memory LRU cache for bloom metas. Maximum number of entries in the + # cache. + # CLI flag: -bloom.metas-lru-cache.max-size-items + [max_size_items: | default = 0] + + # In-memory LRU cache for bloom metas. The time to live for items in the + # cache before they get purged. + # CLI flag: -bloom.metas-lru-cache.ttl + [ttl: | default = 1h] +``` + +### swift_storage_config + +The `swift_storage_config` block configures the connection to OpenStack Object Storage (Swift) object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common.storage` +- `ruler.storage` + +  + +```yaml +# OpenStack Swift authentication API version. 0 to autodetect. +# CLI flag: -.swift.auth-version +[auth_version: | default = 0] + +# OpenStack Swift authentication URL +# CLI flag: -.swift.auth-url +[auth_url: | default = ""] + +# Set this to true to use the internal OpenStack Swift endpoint URL +# CLI flag: -.swift.internal +[internal: | default = false] + +# OpenStack Swift username. +# CLI flag: -.swift.username +[username: | default = ""] + +# OpenStack Swift user's domain name. +# CLI flag: -.swift.user-domain-name +[user_domain_name: | default = ""] + +# OpenStack Swift user's domain ID. +# CLI flag: -.swift.user-domain-id +[user_domain_id: | default = ""] + +# OpenStack Swift user ID. +# CLI flag: -.swift.user-id +[user_id: | default = ""] + +# OpenStack Swift API key. +# CLI flag: -.swift.password +[password: | default = ""] + +# OpenStack Swift user's domain ID. +# CLI flag: -.swift.domain-id +[domain_id: | default = ""] + +# OpenStack Swift user's domain name. +# CLI flag: -.swift.domain-name +[domain_name: | default = ""] + +# OpenStack Swift project ID (v2,v3 auth only). +# CLI flag: -.swift.project-id +[project_id: | default = ""] + +# OpenStack Swift project name (v2,v3 auth only). +# CLI flag: -.swift.project-name +[project_name: | default = ""] + +# ID of the OpenStack Swift project's domain (v3 auth only), only needed if it +# differs the from user domain. +# CLI flag: -.swift.project-domain-id +[project_domain_id: | default = ""] + +# Name of the OpenStack Swift project's domain (v3 auth only), only needed if it +# differs from the user domain. +# CLI flag: -.swift.project-domain-name +[project_domain_name: | default = ""] + +# OpenStack Swift Region to use (v2,v3 auth only). +# CLI flag: -.swift.region-name +[region_name: | default = ""] + +# Name of the OpenStack Swift container to put chunks in. +# CLI flag: -.swift.container-name +[container_name: | default = ""] + +# Max retries on requests error. +# CLI flag: -.swift.max-retries +[max_retries: | default = 3] + +# Time after which a connection attempt is aborted. +# CLI flag: -.swift.connect-timeout +[connect_timeout: | default = 10s] + +# Time after which an idle request is aborted. The timeout watchdog is reset +# each time some data is received, so the timeout triggers after X time no data +# is received on a request. +# CLI flag: -.swift.request-timeout +[request_timeout: | default = 5s] +``` + +### table_manager + +The `table_manager` block configures the table manager for retention. + +```yaml +# If true, disable all changes to DB capacity +# CLI flag: -table-manager.throughput-updates-disabled +[throughput_updates_disabled: | default = false] + +# If true, enables retention deletes of DB tables +# CLI flag: -table-manager.retention-deletes-enabled +[retention_deletes_enabled: | default = false] + +# Tables older than this retention period are deleted. Must be either 0 +# (disabled) or a multiple of 24h. When enabled, be aware this setting is +# destructive to data! +# CLI flag: -table-manager.retention-period +[retention_period: | default = 0s] + +# How frequently to poll backend to learn our capacity. +# CLI flag: -table-manager.poll-interval +[poll_interval: | default = 2m] + +# Periodic tables grace period (duration which table will be created/deleted +# before/after it's needed). +# CLI flag: -table-manager.periodic-table.grace-period +[creation_grace_period: | default = 10m] + +index_tables_provisioning: + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.index-table.enable-ondemand-throughput-mode + [enable_ondemand_throughput_mode: | default = false] + + # Table default write throughput. Supported by DynamoDB + # CLI flag: -table-manager.index-table.write-throughput + [provisioned_write_throughput: | default = 1000] + + # Table default read throughput. Supported by DynamoDB + # CLI flag: -table-manager.index-table.read-throughput + [provisioned_read_throughput: | default = 300] + + write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.write-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.write-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.write-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.write-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.write-throughput.scale.target-value + [target: | default = 80] + + read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.read-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.read-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.read-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.read-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.read-throughput.scale.target-value + [target: | default = 80] + + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.index-table.inactive-enable-ondemand-throughput-mode + [enable_inactive_throughput_on_demand_mode: | default = false] + + # Table write throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.index-table.inactive-write-throughput + [inactive_write_throughput: | default = 1] + + # Table read throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.index-table.inactive-read-throughput + [inactive_read_throughput: | default = 300] + + inactive_write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.target-value + [target: | default = 80] + + inactive_read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.target-value + [target: | default = 80] + + # Number of last inactive tables to enable write autoscale. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale-last-n + [inactive_write_scale_lastn: | default = 4] + + # Number of last inactive tables to enable read autoscale. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale-last-n + [inactive_read_scale_lastn: | default = 4] + +chunk_tables_provisioning: + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.chunk-table.enable-ondemand-throughput-mode + [enable_ondemand_throughput_mode: | default = false] + + # Table default write throughput. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.write-throughput + [provisioned_write_throughput: | default = 1000] + + # Table default read throughput. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.read-throughput + [provisioned_read_throughput: | default = 300] + + write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.write-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.target-value + [target: | default = 80] + + read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.read-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.target-value + [target: | default = 80] + + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.chunk-table.inactive-enable-ondemand-throughput-mode + [enable_inactive_throughput_on_demand_mode: | default = false] + + # Table write throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.inactive-write-throughput + [inactive_write_throughput: | default = 1] + + # Table read throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.inactive-read-throughput + [inactive_read_throughput: | default = 300] + + inactive_write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.target-value + [target: | default = 80] + + inactive_read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.target-value + [target: | default = 80] + + # Number of last inactive tables to enable write autoscale. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale-last-n + [inactive_write_scale_lastn: | default = 4] + + # Number of last inactive tables to enable read autoscale. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale-last-n + [inactive_read_scale_lastn: | default = 4] +``` + +### tls_config + +The TLS configuration. + +```yaml +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -frontend.tail-tls-config.tls-cert-path +[tls_cert_path: | default = ""] + +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -frontend.tail-tls-config.tls-key-path +[tls_key_path: | default = ""] + +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -frontend.tail-tls-config.tls-ca-path +[tls_ca_path: | default = ""] + +# Override the expected name on the server certificate. +# CLI flag: -frontend.tail-tls-config.tls-server-name +[tls_server_name: | default = ""] + +# Skip validating server certificate. +# CLI flag: -frontend.tail-tls-config.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] + +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -frontend.tail-tls-config.tls-cipher-suites +[tls_cipher_suites: | default = ""] + +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -frontend.tail-tls-config.tls-min-version +[tls_min_version: | default = ""] +``` + +### tracing + +Configuration for `tracing`. + +```yaml +# Set to false to disable tracing. +# CLI flag: -tracing.enabled +[enabled: | default = true] +``` + +## Runtime Configuration file + +Loki has a concept of "runtime config" file, which is simply a file that is reloaded while Loki is running. It is used by some Loki components to allow operator to change some aspects of Loki configuration without restarting it. File is specified by using `-runtime-config.file=` flag and reload period (which defaults to 10 seconds) can be changed by `-runtime-config.reload-period=` flag. Previously this mechanism was only used by limits overrides, and flags were called `-limits.per-user-override-config=` and `-limits.per-user-override-period=10s` respectively. These are still used, if `-runtime-config.file=` is not specified. + +At the moment, two components use runtime configuration: limits and multi KV store. + +Options for runtime configuration reload can also be configured via YAML: + +```yaml +# Configuration file to periodically check and reload. +[file: : default = empty] + +# How often to check the file. +[period: : default 10s] +``` + +Example runtime configuration file: + +```yaml +overrides: + tenant1: + ingestion_rate_mb: 10 + max_streams_per_user: 100000 + max_chunks_per_query: 100000 + tenant2: + max_streams_per_user: 1000000 + max_chunks_per_query: 1000000 + +multi_kv_config: + mirror-enabled: false + primary: consul +``` + +## Accept out-of-order writes + +Since the beginning of Loki, log entries had to be written to Loki in order +by time. +This limitation has been lifted. +Out-of-order writes are enabled globally by default, but can be disabled/enabled +on a cluster or per-tenant basis. + +- To disable out-of-order writes for all tenants, +place in the `limits_config` section: + + ``` + limits_config: + unordered_writes: false + ``` + +- To disable out-of-order writes for specific tenants, +configure a runtime configuration file: + + ``` + runtime_config: + file: overrides.yaml + ``` + + In the `overrides.yaml` file, add `unordered_writes` for each tenant + permitted to have out-of-order writes: + + ``` + overrides: + "tenantA": + unordered_writes: false + ``` + +How far into the past accepted out-of-order log entries may be +is configurable with `max_chunk_age`. +`max_chunk_age` defaults to 2 hour. +Loki calculates the earliest time that out-of-order entries may have +and be accepted with + +``` +time_of_most_recent_line - (max_chunk_age/2) +``` + +Log entries with timestamps that are after this earliest time are accepted. +Log entries further back in time return an out-of-order error. + +For example, if `max_chunk_age` is 2 hours +and the stream `{foo="bar"}` has one entry at `8:00`, +Loki will accept data for that stream as far back in time as `7:00`. +If another log line is written at `10:00`, +Loki will accept data for that stream as far back in time as `9:00`. diff --git a/pkg/ingester/flush.go b/pkg/ingester/flush.go index be4899325ed45..bffe1d2d372ba 100644 --- a/pkg/ingester/flush.go +++ b/pkg/ingester/flush.go @@ -7,15 +7,16 @@ import ( "sync" "time" + "github.com/go-kit/log" "github.com/go-kit/log/level" + "github.com/grafana/dskit/backoff" + "github.com/grafana/dskit/tenant" "github.com/grafana/dskit/user" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/common/model" "github.com/prometheus/prometheus/model/labels" "golang.org/x/net/context" - "github.com/grafana/dskit/tenant" - "github.com/grafana/loki/pkg/chunkenc" "github.com/grafana/loki/pkg/storage/chunk" "github.com/grafana/loki/pkg/util" @@ -126,8 +127,9 @@ func (i *Ingester) sweepStream(instance *instance, stream *stream, immediate boo } func (i *Ingester) flushLoop(j int) { + l := log.With(util_log.Logger, "loop", j) defer func() { - level.Debug(util_log.Logger).Log("msg", "Ingester.flushLoop() exited") + level.Debug(l).Log("msg", "Ingester.flushLoop() exited") i.flushQueuesDone.Done() }() @@ -138,9 +140,10 @@ func (i *Ingester) flushLoop(j int) { } op := o.(*flushOp) - err := i.flushUserSeries(op.userID, op.fp, op.immediate) + m := util_log.WithUserID(op.userID, l) + err := i.flushOp(m, op) if err != nil { - level.Error(util_log.WithUserID(op.userID, util_log.Logger)).Log("msg", "failed to flush", "err", err) + level.Error(m).Log("msg", "failed to flush", "err", err) } // If we're exiting & we failed to flush, put the failed operation @@ -152,7 +155,23 @@ func (i *Ingester) flushLoop(j int) { } } -func (i *Ingester) flushUserSeries(userID string, fp model.Fingerprint, immediate bool) error { +func (i *Ingester) flushOp(l log.Logger, op *flushOp) error { + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + + b := backoff.New(ctx, i.cfg.FlushOpBackoff) + for b.Ongoing() { + err := i.flushUserSeries(ctx, op.userID, op.fp, op.immediate) + if err == nil { + break + } + level.Error(l).Log("msg", "failed to flush", "retries", b.NumRetries(), "err", err) + b.Wait() + } + return b.Err() +} + +func (i *Ingester) flushUserSeries(ctx context.Context, userID string, fp model.Fingerprint, immediate bool) error { instance, ok := i.getInstanceByID(userID) if !ok { return nil @@ -166,9 +185,9 @@ func (i *Ingester) flushUserSeries(userID string, fp model.Fingerprint, immediat lbs := labels.String() level.Info(util_log.Logger).Log("msg", "flushing stream", "user", userID, "fp", fp, "immediate", immediate, "num_chunks", len(chunks), "labels", lbs) - ctx := user.InjectOrgID(context.Background(), userID) - ctx, cancel := context.WithTimeout(ctx, i.cfg.FlushOpTimeout) - defer cancel() + ctx = user.InjectOrgID(ctx, userID) + ctx, cancelFunc := context.WithTimeout(ctx, i.cfg.FlushOpTimeout) + defer cancelFunc() err := i.flushChunks(ctx, fp, labels, chunks, chunkMtx) if err != nil { return fmt.Errorf("failed to flush chunks: %w, num_chunks: %d, labels: %s", err, len(chunks), lbs) diff --git a/pkg/ingester/flush_test.go b/pkg/ingester/flush_test.go index 904b4d5824966..0ee3ecc938377 100644 --- a/pkg/ingester/flush_test.go +++ b/pkg/ingester/flush_test.go @@ -1,6 +1,7 @@ package ingester import ( + "errors" "fmt" "os" "sort" @@ -100,6 +101,67 @@ func Benchmark_FlushLoop(b *testing.B) { } } +func Test_FlushOp(t *testing.T) { + t.Run("no error", func(t *testing.T) { + cfg := defaultIngesterTestConfig(t) + cfg.FlushOpBackoff.MinBackoff = time.Second + cfg.FlushOpBackoff.MaxBackoff = 10 * time.Second + cfg.FlushOpBackoff.MaxRetries = 1 + cfg.FlushCheckPeriod = 100 * time.Millisecond + + _, ing := newTestStore(t, cfg, nil) + + ctx := user.InjectOrgID(context.Background(), "foo") + ins, err := ing.GetOrCreateInstance("foo") + require.NoError(t, err) + + lbs := makeRandomLabels() + req := &logproto.PushRequest{Streams: []logproto.Stream{{ + Labels: lbs.String(), + Entries: entries(5, time.Now()), + }}} + require.NoError(t, ins.Push(ctx, req)) + + time.Sleep(cfg.FlushCheckPeriod) + require.NoError(t, ing.flushOp(gokitlog.NewNopLogger(), &flushOp{ + immediate: true, + userID: "foo", + fp: ins.getHashForLabels(lbs), + })) + }) + + t.Run("max retries exceeded", func(t *testing.T) { + cfg := defaultIngesterTestConfig(t) + cfg.FlushOpBackoff.MinBackoff = time.Second + cfg.FlushOpBackoff.MaxBackoff = 10 * time.Second + cfg.FlushOpBackoff.MaxRetries = 1 + cfg.FlushCheckPeriod = 100 * time.Millisecond + + store, ing := newTestStore(t, cfg, nil) + store.onPut = func(_ context.Context, _ []chunk.Chunk) error { + return errors.New("failed to write chunks") + } + + ctx := user.InjectOrgID(context.Background(), "foo") + ins, err := ing.GetOrCreateInstance("foo") + require.NoError(t, err) + + lbs := makeRandomLabels() + req := &logproto.PushRequest{Streams: []logproto.Stream{{ + Labels: lbs.String(), + Entries: entries(5, time.Now()), + }}} + require.NoError(t, ins.Push(ctx, req)) + + time.Sleep(cfg.FlushCheckPeriod) + require.EqualError(t, ing.flushOp(gokitlog.NewNopLogger(), &flushOp{ + immediate: true, + userID: "foo", + fp: ins.getHashForLabels(lbs), + }), "terminated after 1 retries") + }) +} + func Test_Flush(t *testing.T) { var ( store, ing = newTestStore(t, defaultIngesterTestConfig(t), nil) @@ -295,6 +357,10 @@ func defaultIngesterTestConfig(t testing.TB) Config { cfg := Config{} flagext.DefaultValues(&cfg) + cfg.FlushOpBackoff.MinBackoff = 100 * time.Millisecond + cfg.FlushOpBackoff.MaxBackoff = 10 * time.Second + cfg.FlushOpBackoff.MaxRetries = 1 + cfg.FlushOpTimeout = 15 * time.Second cfg.FlushCheckPeriod = 99999 * time.Hour cfg.MaxChunkIdle = 99999 * time.Hour cfg.ConcurrentFlushes = 1 diff --git a/pkg/ingester/ingester.go b/pkg/ingester/ingester.go index c6b339baa03f7..ea6a019d511ce 100644 --- a/pkg/ingester/ingester.go +++ b/pkg/ingester/ingester.go @@ -13,6 +13,7 @@ import ( "time" "github.com/go-kit/log/level" + "github.com/grafana/dskit/backoff" "github.com/grafana/dskit/concurrency" "github.com/grafana/dskit/modules" "github.com/grafana/dskit/multierror" @@ -80,6 +81,7 @@ type Config struct { ConcurrentFlushes int `yaml:"concurrent_flushes"` FlushCheckPeriod time.Duration `yaml:"flush_check_period"` + FlushOpBackoff backoff.Config `yaml:"flush_op_backoff"` FlushOpTimeout time.Duration `yaml:"flush_op_timeout"` RetainPeriod time.Duration `yaml:"chunk_retain_period"` MaxChunkIdle time.Duration `yaml:"chunk_idle_period"` @@ -123,7 +125,10 @@ func (cfg *Config) RegisterFlags(f *flag.FlagSet) { f.IntVar(&cfg.MaxTransferRetries, "ingester.max-transfer-retries", 0, "Number of times to try and transfer chunks before falling back to flushing. If set to 0 or negative value, transfers are disabled.") f.IntVar(&cfg.ConcurrentFlushes, "ingester.concurrent-flushes", 32, "How many flushes can happen concurrently from each stream.") f.DurationVar(&cfg.FlushCheckPeriod, "ingester.flush-check-period", 30*time.Second, "How often should the ingester see if there are any blocks to flush. The first flush check is delayed by a random time up to 0.8x the flush check period. Additionally, there is +/- 1% jitter added to the interval.") - f.DurationVar(&cfg.FlushOpTimeout, "ingester.flush-op-timeout", 10*time.Minute, "The timeout before a flush is cancelled.") + f.DurationVar(&cfg.FlushOpBackoff.MinBackoff, "ingester.flush-op-backoff-min-period", 10*time.Second, "Minimum backoff period when a flush fails. Each concurrent flush has its own backoff, see `ingester.concurrent-flushes`.") + f.DurationVar(&cfg.FlushOpBackoff.MaxBackoff, "ingester.flush-op-backoff-max-period", time.Minute, "Maximum backoff period when a flush fails. Each concurrent flush has its own backoff, see `ingester.concurrent-flushes`.") + f.IntVar(&cfg.FlushOpBackoff.MaxRetries, "ingester.flush-op-backoff-retries", 10, "Maximum retries for failed flushes.") + f.DurationVar(&cfg.FlushOpTimeout, "ingester.flush-op-timeout", 10*time.Minute, "The timeout for an individual flush. Will be retried up to `flush-op-backoff-retries` times.") f.DurationVar(&cfg.RetainPeriod, "ingester.chunks-retain-period", 0, "How long chunks should be retained in-memory after they've been flushed.") f.DurationVar(&cfg.MaxChunkIdle, "ingester.chunks-idle-period", 30*time.Minute, "How long chunks should sit in-memory with no updates before being flushed if they don't hit the max block size. This means that half-empty chunks will still be flushed after a certain period as long as they receive no further activity.") f.IntVar(&cfg.BlockSize, "ingester.chunks-block-size", 256*1024, "The targeted _uncompressed_ size in bytes of a chunk block When this threshold is exceeded the head block will be cut and compressed inside the chunk.") @@ -151,8 +156,14 @@ func (cfg *Config) Validate() error { return err } - if cfg.MaxTransferRetries > 0 && cfg.WAL.Enabled { - return errors.New("the use of the write ahead log (WAL) is incompatible with chunk transfers. It's suggested to use the WAL. Please try setting ingester.max-transfer-retries to 0 to disable transfers") + if cfg.FlushOpBackoff.MinBackoff > cfg.FlushOpBackoff.MaxBackoff { + return errors.New("invalid flush op min backoff: cannot be larger than max backoff") + } + if cfg.FlushOpBackoff.MaxRetries <= 0 { + return fmt.Errorf("invalid flush op max retries: %d", cfg.FlushOpBackoff.MaxRetries) + } + if cfg.FlushOpTimeout <= 0 { + return fmt.Errorf("invalid flush op timeout: %s", cfg.FlushOpTimeout) } if cfg.IndexShards <= 0 { diff --git a/pkg/ingester/ingester_test.go b/pkg/ingester/ingester_test.go index b453e5a9ea0ab..e95491d9f0b35 100644 --- a/pkg/ingester/ingester_test.go +++ b/pkg/ingester/ingester_test.go @@ -11,6 +11,7 @@ import ( "testing" "time" + "github.com/grafana/dskit/backoff" "github.com/grafana/dskit/flagext" "github.com/grafana/dskit/httpgrpc" "github.com/grafana/dskit/middleware" @@ -660,57 +661,119 @@ func TestIngester_asyncStoreMaxLookBack(t *testing.T) { func TestValidate(t *testing.T) { for i, tc := range []struct { - in Config - err bool - expected Config + in Config + expected Config + expectedErr string }{ { in: Config{ - MaxChunkAge: time.Minute, ChunkEncoding: chunkenc.EncGZIP.String(), - IndexShards: index.DefaultIndexShards, + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, + FlushOpTimeout: 15 * time.Second, + IndexShards: index.DefaultIndexShards, + MaxChunkAge: time.Minute, }, expected: Config{ + ChunkEncoding: chunkenc.EncGZIP.String(), + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, + FlushOpTimeout: 15 * time.Second, + IndexShards: index.DefaultIndexShards, MaxChunkAge: time.Minute, - ChunkEncoding: chunkenc.EncGZIP.String(), parsedEncoding: chunkenc.EncGZIP, - IndexShards: index.DefaultIndexShards, }, }, { in: Config{ ChunkEncoding: chunkenc.EncSnappy.String(), - IndexShards: index.DefaultIndexShards, + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, + FlushOpTimeout: 15 * time.Second, + IndexShards: index.DefaultIndexShards, }, expected: Config{ - ChunkEncoding: chunkenc.EncSnappy.String(), - parsedEncoding: chunkenc.EncSnappy, + ChunkEncoding: chunkenc.EncSnappy.String(), + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, + FlushOpTimeout: 15 * time.Second, IndexShards: index.DefaultIndexShards, + parsedEncoding: chunkenc.EncSnappy, }, }, { in: Config{ - IndexShards: index.DefaultIndexShards, ChunkEncoding: "bad-enc", + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, + FlushOpTimeout: 15 * time.Second, + IndexShards: index.DefaultIndexShards, + }, + expectedErr: "invalid encoding: bad-enc, supported: none, gzip, lz4-64k, snappy, lz4-256k, lz4-1M, lz4, flate, zstd", + }, + { + in: Config{ + ChunkEncoding: chunkenc.EncGZIP.String(), + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + }, + FlushOpTimeout: 15 * time.Second, + IndexShards: index.DefaultIndexShards, + MaxChunkAge: time.Minute, + }, + expectedErr: "invalid flush op max retries: 0", + }, + { + in: Config{ + ChunkEncoding: chunkenc.EncGZIP.String(), + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, + IndexShards: index.DefaultIndexShards, + MaxChunkAge: time.Minute, }, - err: true, + expectedErr: "invalid flush op timeout: 0s", }, { in: Config{ - MaxChunkAge: time.Minute, ChunkEncoding: chunkenc.EncGZIP.String(), + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, + FlushOpTimeout: 15 * time.Second, + MaxChunkAge: time.Minute, }, - err: true, + expectedErr: "invalid ingester index shard factor: 0", }, } { t.Run(fmt.Sprint(i), func(t *testing.T) { err := tc.in.Validate() - if tc.err { - require.NotNil(t, err) - return + if tc.expectedErr != "" { + require.EqualError(t, err, tc.expectedErr) + } else { + require.NoError(t, err) + require.Equal(t, tc.expected, tc.in) } - require.Nil(t, err) - require.Equal(t, tc.expected, tc.in) }) } } diff --git a/pkg/ingester/instance_test.go b/pkg/ingester/instance_test.go index ff54db7c33c27..729b32e553882 100644 --- a/pkg/ingester/instance_test.go +++ b/pkg/ingester/instance_test.go @@ -10,6 +10,7 @@ import ( "testing" "time" + "github.com/grafana/dskit/backoff" "github.com/grafana/dskit/flagext" "github.com/pkg/errors" "github.com/prometheus/common/model" @@ -30,9 +31,15 @@ import ( func defaultConfig() *Config { cfg := Config{ - BlockSize: 512, - ChunkEncoding: "gzip", - IndexShards: 32, + BlockSize: 512, + ChunkEncoding: "gzip", + IndexShards: 32, + FlushOpTimeout: 15 * time.Second, + FlushOpBackoff: backoff.Config{ + MinBackoff: 100 * time.Millisecond, + MaxBackoff: 10 * time.Second, + MaxRetries: 1, + }, } if err := cfg.Validate(); err != nil { panic(errors.Wrap(err, "error building default test config"))