diff --git a/.drone/drone.jsonnet b/.drone/drone.jsonnet index 8a6d818f6d7a..fda1bd2835dc 100644 --- a/.drone/drone.jsonnet +++ b/.drone/drone.jsonnet @@ -376,7 +376,7 @@ local manifest_ecr(apps, archs) = pipeline('manifest-ecr') { ], }; -local build_image_tag = '0.33.1-golangci.1.51.2'; +local build_image_tag = '0.33.3'; [ pipeline('loki-build-image-' + arch) { workspace: { diff --git a/.drone/drone.yml b/.drone/drone.yml index 51c0fb6b854f..f720156c3681 100644 --- a/.drone/drone.yml +++ b/.drone/drone.yml @@ -17,7 +17,7 @@ steps: from_secret: docker_password repo: grafana/loki-build-image tags: - - 0.33.1-golangci.1.51.2-amd64 + - 0.33.3-amd64 username: from_secret: docker_username when: @@ -54,7 +54,7 @@ steps: from_secret: docker_password repo: grafana/loki-build-image tags: - - 0.33.1-golangci.1.51.2-arm64 + - 0.33.3-arm64 username: from_secret: docker_username when: @@ -86,7 +86,7 @@ steps: password: from_secret: docker_password spec: .drone/docker-manifest-build-image.tmpl - target: loki-build-image:0.33.1-golangci.1.51.2 + target: loki-build-image:0.33.3 username: from_secret: docker_username when: @@ -146,7 +146,7 @@ steps: depends_on: - clone environment: {} - image: grafana/loki-build-image:0.33.1 + image: grafana/loki-build-image:0.33.3 name: loki-mixin-check when: event: @@ -171,7 +171,7 @@ steps: depends_on: - clone environment: {} - image: grafana/loki-build-image:0.33.1 + image: grafana/loki-build-image:0.33.3 name: documentation-helm-reference-check trigger: ref: @@ -1117,7 +1117,7 @@ steps: from_secret: docker_password DOCKER_USERNAME: from_secret: docker_username - image: grafana/loki-build-image:0.33.1 + image: grafana/loki-build-image:0.33.3 name: build and push privileged: true volumes: @@ -1340,6 +1340,6 @@ kind: secret name: gpg_private_key --- kind: signature -hmac: ef80f57ffff4f20ac7e12ef7eec7d8cee1d0b217a8ec5a93fe8d459f0967e155 +hmac: 361d32e18fac906a3f2cefddaefa6aa5e85a71664930c41976984e7747a7904f ... diff --git a/.github/release-workflows.jsonnet b/.github/release-workflows.jsonnet index bf13bb5da1bb..22393a01c7bb 100644 --- a/.github/release-workflows.jsonnet +++ b/.github/release-workflows.jsonnet @@ -20,7 +20,8 @@ local imageJobs = { querytee: build.image('loki-query-tee', 'cmd/querytee', platform=['linux/amd64']), }; -local buildImage = 'grafana/loki-build-image:0.33.1'; +local buildImageVersion = std.extVar('BUILD_IMAGE_VERSION'); +local buildImage = 'grafana/loki-build-image:%s' % buildImageVersion; local golangCiLintVersion = 'v1.55.1'; local imageBuildTimeoutMin = 40; diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index b1ccc391fdb3..a59b8fcd11aa 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -2,7 +2,7 @@ "check": "uses": "grafana/loki-release/.github/workflows/check.yml@main" "with": - "build_image": "grafana/loki-build-image:0.33.1" + "build_image": "grafana/loki-build-image:0.33.3" "golang_ci_lint_version": "v1.55.1" "release_lib_ref": "main" "skip_validation": false diff --git a/.github/workflows/minor-release-pr.yml b/.github/workflows/minor-release-pr.yml index bc70363da1bb..dea02ac6511f 100644 --- a/.github/workflows/minor-release-pr.yml +++ b/.github/workflows/minor-release-pr.yml @@ -16,7 +16,7 @@ jobs: check: uses: "grafana/loki-release/.github/workflows/check.yml@main" with: - build_image: "grafana/loki-build-image:0.33.1" + build_image: "grafana/loki-build-image:0.33.3" golang_ci_lint_version: "v1.55.1" release_lib_ref: "main" skip_validation: false @@ -141,7 +141,7 @@ jobs: --env SKIP_ARM \ --volume .:/src/loki \ --workdir /src/loki \ - --entrypoint /bin/sh "grafana/loki-build-image:0.33.1" + --entrypoint /bin/sh "grafana/loki-build-image:0.33.3" git config --global --add safe.directory /src/loki echo "${NFPM_SIGNING_KEY}" > $NFPM_SIGNING_KEY_FILE make dist packages diff --git a/.github/workflows/patch-release-pr.yml b/.github/workflows/patch-release-pr.yml index 831ca48b4087..74ff27d0a6ea 100644 --- a/.github/workflows/patch-release-pr.yml +++ b/.github/workflows/patch-release-pr.yml @@ -16,7 +16,7 @@ jobs: check: uses: "grafana/loki-release/.github/workflows/check.yml@main" with: - build_image: "grafana/loki-build-image:0.33.1" + build_image: "grafana/loki-build-image:0.33.3" golang_ci_lint_version: "v1.55.1" release_lib_ref: "main" skip_validation: false @@ -141,7 +141,7 @@ jobs: --env SKIP_ARM \ --volume .:/src/loki \ --workdir /src/loki \ - --entrypoint /bin/sh "grafana/loki-build-image:0.33.1" + --entrypoint /bin/sh "grafana/loki-build-image:0.33.3" git config --global --add safe.directory /src/loki echo "${NFPM_SIGNING_KEY}" > $NFPM_SIGNING_KEY_FILE make dist packages diff --git a/Makefile b/Makefile index 689df6f5291f..02e9446070a1 100644 --- a/Makefile +++ b/Makefile @@ -36,8 +36,8 @@ DOCKER_IMAGE_DIRS := $(patsubst %/Dockerfile,%,$(DOCKERFILES)) # or you can override this with an environment variable BUILD_IN_CONTAINER ?= true -# ensure you run `make drone` after changing this -BUILD_IMAGE_VERSION ?= 0.33.1 +# ensure you run `make drone` and `make release-workflows` after changing this +BUILD_IMAGE_VERSION ?= 0.33.3 # Docker image info IMAGE_PREFIX ?= grafana @@ -656,7 +656,8 @@ ifneq (,$(findstring WIP,$(IMAGE_TAG))) false; endif echo ${DOCKER_PASSWORD} | docker login --username ${DOCKER_USERNAME} --password-stdin - $(SUDO) $(BUILD_OCI) -o type=registry -t $(IMAGE_PREFIX)/loki-build-image:$(IMAGE_TAG) ./loki-build-image + $(SUDO) DOCKER_BUILDKIT=$(DOCKER_BUILDKIT) docker buildx build $(OCI_PLATFORMS) \ + -o type=registry -t $(IMAGE_PREFIX)/loki-build-image:$(BUILD_IMAGE_VERSION) ./loki-build-image # loki-operator loki-operator-image: @@ -881,4 +882,10 @@ scan-vulnerabilities: trivy snyk .PHONY: release-workflows release-workflows: pushd $(CURDIR)/.github && jb update && popd - jsonnet -SJ .github/vendor -m .github/workflows .github/release-workflows.jsonnet + jsonnet -SJ .github/vendor -m .github/workflows -V BUILD_IMAGE_VERSION=$(BUILD_IMAGE_VERSION) .github/release-workflows.jsonnet + +.PHONY: release-workflows-check +release-workflows-check: + @$(MAKE) release-workflows + @echo "Checking diff" + @git diff --exit-code -- ".github/workflows/*release*" || (echo "Please build release workflows by running 'make release-workflows'" && false) diff --git a/docs/sources/shared/configuration.md b/docs/sources/shared/configuration.md index f72bb363550c..8d9f7924caa0 100644 --- a/docs/sources/shared/configuration.md +++ b/docs/sources/shared/configuration.md @@ -431,10 +431,6 @@ compactor_grpc_client: # values: # # Secure Ciphers: - # - TLS_RSA_WITH_AES_128_CBC_SHA - # - TLS_RSA_WITH_AES_256_CBC_SHA - # - TLS_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -452,7 +448,11 @@ compactor_grpc_client: # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA @@ -532,865 +532,730 @@ compactor_grpc_client: [metrics_namespace: | default = "loki"] ``` -### server +### alibabacloud_storage_config -Configures the `server` of the launched module(s). +The `alibabacloud_storage_config` block configures the connection to Alibaba Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common` +- `ruler` + +  ```yaml -# HTTP server listen network, default tcp -# CLI flag: -server.http-listen-network -[http_listen_network: | default = "tcp"] +# Name of OSS bucket. +# CLI flag: -common.storage.oss.bucketname +[bucket: | default = ""] -# HTTP server listen address. -# CLI flag: -server.http-listen-address -[http_listen_address: | default = ""] +# oss Endpoint to connect to. +# CLI flag: -common.storage.oss.endpoint +[endpoint: | default = ""] -# HTTP server listen port. -# CLI flag: -server.http-listen-port -[http_listen_port: | default = 3100] +# alibabacloud Access Key ID +# CLI flag: -common.storage.oss.access-key-id +[access_key_id: | default = ""] -# Maximum number of simultaneous http connections, <=0 to disable -# CLI flag: -server.http-conn-limit -[http_listen_conn_limit: | default = 0] +# alibabacloud Secret Access Key +# CLI flag: -common.storage.oss.secret-access-key +[secret_access_key: | default = ""] +``` -# gRPC server listen network -# CLI flag: -server.grpc-listen-network -[grpc_listen_network: | default = "tcp"] +### analytics -# gRPC server listen address. -# CLI flag: -server.grpc-listen-address -[grpc_listen_address: | default = ""] +Configuration for `analytics`. -# gRPC server listen port. -# CLI flag: -server.grpc-listen-port -[grpc_listen_port: | default = 9095] +```yaml +# Enable anonymous usage reporting. +# CLI flag: -reporting.enabled +[reporting_enabled: | default = true] -# Maximum number of simultaneous grpc connections, <=0 to disable -# CLI flag: -server.grpc-conn-limit -[grpc_listen_conn_limit: | default = 0] +# URL to which reports are sent +# CLI flag: -reporting.usage-stats-url +[usage_stats_url: | default = "https://stats.grafana.org/loki-usage-report"] +``` -# Comma-separated list of cipher suites to use. If blank, the default Go cipher -# suites is used. -# CLI flag: -server.tls-cipher-suites -[tls_cipher_suites: | default = ""] +### attributes_config -# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11, -# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used. -# CLI flag: -server.tls-min-version -[tls_min_version: | default = ""] +Define actions for matching OpenTelemetry (OTEL) attributes. -http_tls_config: - # Server TLS certificate. This configuration parameter is YAML only. - [cert: | default = ""] +```yaml +# Configures action to take on matching attributes. It allows one of +# [structured_metadata, drop] for all attribute types. It additionally allows +# index_label action for resource attributes +[action: | default = ""] - # Server TLS key. This configuration parameter is YAML only. - [key: | default = ""] +# List of attributes to configure how to store them or drop them altogether +[attributes: ] - # Root certificate authority used to verify client certificates. This - # configuration parameter is YAML only. - [client_ca: | default = ""] +# Regex to choose attributes to configure how to store them or drop them +# altogether +[regex: ] +``` - # HTTP server cert path. - # CLI flag: -server.http-tls-cert-path - [cert_file: | default = ""] +### aws_storage_config - # HTTP server key path. - # CLI flag: -server.http-tls-key-path - [key_file: | default = ""] +The `aws_storage_config` block configures the connection to dynamoDB and S3 object storage. Either one of them or both can be configured. - # HTTP TLS Client Auth type. - # CLI flag: -server.http-tls-client-auth - [client_auth_type: | default = ""] +```yaml +# Deprecated: Configures storing indexes in DynamoDB. +dynamodb: + # DynamoDB endpoint URL with escaped Key and Secret encoded. If only region is + # specified as a host, proper endpoint will be deduced. Use + # inmemory:/// to use a mock in-memory implementation. + # CLI flag: -dynamodb.url + [dynamodb_url: ] - # HTTP TLS Client CA path. - # CLI flag: -server.http-tls-ca-path - [client_ca_file: | default = ""] + # DynamoDB table management requests per second limit. + # CLI flag: -dynamodb.api-limit + [api_limit: | default = 2] -grpc_tls_config: - # Server TLS certificate. This configuration parameter is YAML only. - [cert: | default = ""] + # DynamoDB rate cap to back off when throttled. + # CLI flag: -dynamodb.throttle-limit + [throttle_limit: | default = 10] - # Server TLS key. This configuration parameter is YAML only. - [key: | default = ""] + metrics: + # Use metrics-based autoscaling, via this query URL + # CLI flag: -metrics.url + [url: | default = ""] - # Root certificate authority used to verify client certificates. This - # configuration parameter is YAML only. - [client_ca: | default = ""] + # Queue length above which we will scale up capacity + # CLI flag: -metrics.target-queue-length + [target_queue_length: | default = 100000] - # GRPC TLS server cert path. - # CLI flag: -server.grpc-tls-cert-path - [cert_file: | default = ""] + # Scale up capacity by this multiple + # CLI flag: -metrics.scale-up-factor + [scale_up_factor: | default = 1.3] - # GRPC TLS server key path. - # CLI flag: -server.grpc-tls-key-path - [key_file: | default = ""] + # Ignore throttling below this level (rate per second) + # CLI flag: -metrics.ignore-throttle-below + [ignore_throttle_below: | default = 1] - # GRPC TLS Client Auth type. - # CLI flag: -server.grpc-tls-client-auth - [client_auth_type: | default = ""] + # query to fetch ingester queue length + # CLI flag: -metrics.queue-length-query + [queue_length_query: | default = "sum(avg_over_time(loki_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m])) or sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"] - # GRPC TLS Client CA path. - # CLI flag: -server.grpc-tls-ca-path - [client_ca_file: | default = ""] + # query to fetch throttle rates per table + # CLI flag: -metrics.write-throttle-query + [write_throttle_query: | default = "sum(rate(cortex_dynamo_throttled_total{operation=\"DynamoDB.BatchWriteItem\"}[1m])) by (table) > 0"] -# Register the intrumentation handlers (/metrics etc). -# CLI flag: -server.register-instrumentation -[register_instrumentation: | default = true] + # query to fetch write capacity usage per table + # CLI flag: -metrics.usage-query + [write_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.BatchWriteItem\"}[15m])) by (table) > 0"] -# If set to true, gRPC statuses will be reported in instrumentation labels with -# their string representations. Otherwise, they will be reported as "error". -# CLI flag: -server.report-grpc-codes-in-instrumentation-label-enabled -[report_grpc_codes_in_instrumentation_label_enabled: | default = false] + # query to fetch read capacity usage per table + # CLI flag: -metrics.read-usage-query + [read_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.QueryPages\"}[1h])) by (table) > 0"] -# Timeout for graceful shutdowns -# CLI flag: -server.graceful-shutdown-timeout -[graceful_shutdown_timeout: | default = 30s] + # query to fetch read errors per table + # CLI flag: -metrics.read-error-query + [read_error_query: | default = "sum(increase(cortex_dynamo_failures_total{operation=\"DynamoDB.QueryPages\",error=\"ProvisionedThroughputExceededException\"}[1m])) by (table) > 0"] -# Read timeout for entire HTTP request, including headers and body. -# CLI flag: -server.http-read-timeout -[http_server_read_timeout: | default = 30s] + # Number of chunks to group together to parallelise fetches (zero to disable) + # CLI flag: -dynamodb.chunk-gang-size + [chunk_gang_size: | default = 10] -# Read timeout for HTTP request headers. If set to 0, value of -# -server.http-read-timeout is used. -# CLI flag: -server.http-read-header-timeout -[http_server_read_header_timeout: | default = 0s] + # Max number of chunk-get operations to start in parallel + # CLI flag: -dynamodb.chunk.get-max-parallelism + [chunk_get_max_parallelism: | default = 32] -# Write timeout for HTTP server -# CLI flag: -server.http-write-timeout -[http_server_write_timeout: | default = 30s] + backoff_config: + # Minimum backoff time + # CLI flag: -dynamodb.min-backoff + [min_period: | default = 100ms] -# Idle timeout for HTTP server -# CLI flag: -server.http-idle-timeout -[http_server_idle_timeout: | default = 2m] + # Maximum backoff time + # CLI flag: -dynamodb.max-backoff + [max_period: | default = 50s] -# Log closed connections that did not receive any response, most likely because -# client didn't send any request within timeout. -# CLI flag: -server.http-log-closed-connections-without-response-enabled -[http_log_closed_connections_without_response_enabled: | default = false] + # Maximum number of times to retry an operation + # CLI flag: -dynamodb.max-retries + [max_retries: | default = 20] -# Limit on the size of a gRPC message this server can receive (bytes). -# CLI flag: -server.grpc-max-recv-msg-size-bytes -[grpc_server_max_recv_msg_size: | default = 4194304] + # KMS key used for encrypting DynamoDB items. DynamoDB will use an Amazon + # owned KMS key if not provided. + # CLI flag: -dynamodb.kms-key-id + [kms_key_id: | default = ""] -# Limit on the size of a gRPC message this server can send (bytes). -# CLI flag: -server.grpc-max-send-msg-size-bytes -[grpc_server_max_send_msg_size: | default = 4194304] +# S3 endpoint URL with escaped Key and Secret encoded. If only region is +# specified as a host, proper endpoint will be deduced. Use +# inmemory:/// to use a mock in-memory implementation. +# CLI flag: -s3.url +[s3: ] -# Limit on the number of concurrent streams for gRPC calls per client connection -# (0 = unlimited) -# CLI flag: -server.grpc-max-concurrent-streams -[grpc_server_max_concurrent_streams: | default = 100] +# Set this to `true` to force the request to use path-style addressing. +# CLI flag: -s3.force-path-style +[s3forcepathstyle: | default = false] -# The duration after which an idle connection should be closed. Default: -# infinity -# CLI flag: -server.grpc.keepalive.max-connection-idle -[grpc_server_max_connection_idle: | default = 2562047h47m16.854775807s] +# Comma separated list of bucket names to evenly distribute chunks over. +# Overrides any buckets specified in s3.url flag +# CLI flag: -s3.buckets +[bucketnames: | default = ""] -# The duration for the maximum amount of time a connection may exist before it -# will be closed. Default: infinity -# CLI flag: -server.grpc.keepalive.max-connection-age -[grpc_server_max_connection_age: | default = 2562047h47m16.854775807s] +# S3 Endpoint to connect to. +# CLI flag: -s3.endpoint +[endpoint: | default = ""] -# An additive period after max-connection-age after which the connection will be -# forcibly closed. Default: infinity -# CLI flag: -server.grpc.keepalive.max-connection-age-grace -[grpc_server_max_connection_age_grace: | default = 2562047h47m16.854775807s] +# AWS region to use. +# CLI flag: -s3.region +[region: | default = ""] -# Duration after which a keepalive probe is sent in case of no activity over the -# connection., Default: 2h -# CLI flag: -server.grpc.keepalive.time -[grpc_server_keepalive_time: | default = 2h] +# AWS Access Key ID +# CLI flag: -s3.access-key-id +[access_key_id: | default = ""] -# After having pinged for keepalive check, the duration after which an idle -# connection should be closed, Default: 20s -# CLI flag: -server.grpc.keepalive.timeout -[grpc_server_keepalive_timeout: | default = 20s] +# AWS Secret Access Key +# CLI flag: -s3.secret-access-key +[secret_access_key: | default = ""] -# Minimum amount of time a client should wait before sending a keepalive ping. -# If client sends keepalive ping more often, server will send GOAWAY and close -# the connection. -# CLI flag: -server.grpc.keepalive.min-time-between-pings -[grpc_server_min_time_between_pings: | default = 10s] +# AWS Session Token +# CLI flag: -s3.session-token +[session_token: | default = ""] -# If true, server allows keepalive pings even when there are no active -# streams(RPCs). If false, and client sends ping when there are no active -# streams, server will send GOAWAY and close the connection. -# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed -[grpc_server_ping_without_stream_allowed: | default = true] +# Disable https on s3 connection. +# CLI flag: -s3.insecure +[insecure: | default = false] -# If non-zero, configures the amount of GRPC server workers used to serve the -# requests. -# CLI flag: -server.grpc.num-workers -[grpc_server_num_workers: | default = 0] +http_config: + # Timeout specifies a time limit for requests made by s3 Client. + # CLI flag: -s3.http.timeout + [timeout: | default = 0s] -# Output log messages in the given format. Valid formats: [logfmt, json] -# CLI flag: -log.format -[log_format: | default = "logfmt"] + # The maximum amount of time an idle connection will be held open. + # CLI flag: -s3.http.idle-conn-timeout + [idle_conn_timeout: | default = 1m30s] -# Only log messages with the given severity or above. Valid levels: [debug, -# info, warn, error] -# CLI flag: -log.level -[log_level: | default = "info"] + # If non-zero, specifies the amount of time to wait for a server's response + # headers after fully writing the request. + # CLI flag: -s3.http.response-header-timeout + [response_header_timeout: | default = 0s] -# Optionally log the source IPs. -# CLI flag: -server.log-source-ips-enabled -[log_source_ips_enabled: | default = false] + # Set to true to skip verifying the certificate chain and hostname. + # CLI flag: -s3.http.insecure-skip-verify + [insecure_skip_verify: | default = false] -# Header field storing the source IPs. Only used if -# server.log-source-ips-enabled is true. If not set the default Forwarded, -# X-Real-IP and X-Forwarded-For headers are used -# CLI flag: -server.log-source-ips-header -[log_source_ips_header: | default = ""] + # Path to the trusted CA file that signed the SSL certificate of the S3 + # endpoint. + # CLI flag: -s3.http.ca-file + [ca_file: | default = ""] -# Regex for matching the source IPs. Only used if server.log-source-ips-enabled -# is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For -# headers are used -# CLI flag: -server.log-source-ips-regex -[log_source_ips_regex: | default = ""] +# The signature version to use for authenticating against S3. Supported values +# are: v4. +# CLI flag: -s3.signature-version +[signature_version: | default = "v4"] -# Optionally log request headers. -# CLI flag: -server.log-request-headers -[log_request_headers: | default = false] +# The S3 storage class which objects will use. Supported values are: GLACIER, +# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS, +# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. +# CLI flag: -s3.storage-class +[storage_class: | default = "STANDARD"] -# Optionally log requests at info level instead of debug level. Applies to -# request headers as well if server.log-request-headers is enabled. -# CLI flag: -server.log-request-at-info-level-enabled -[log_request_at_info_level_enabled: | default = false] +sse: + # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. + # CLI flag: -s3.sse.type + [type: | default = ""] -# Comma separated list of headers to exclude from loggin. Only used if -# server.log-request-headers is true. -# CLI flag: -server.log-request-headers-exclude-list -[log_request_exclude_headers_list: | default = ""] + # KMS Key ID used to encrypt objects in S3 + # CLI flag: -s3.sse.kms-key-id + [kms_key_id: | default = ""] -# Base path to serve all API routes from (e.g. /v1/) -# CLI flag: -server.path-prefix -[http_path_prefix: | default = ""] + # KMS Encryption Context used for object encryption. It expects JSON formatted + # string. + # CLI flag: -s3.sse.kms-encryption-context + [kms_encryption_context: | default = ""] + +# Configures back off when S3 get Object. +backoff_config: + # Minimum backoff time when s3 get Object + # CLI flag: -s3.min-backoff + [min_period: | default = 100ms] + + # Maximum backoff time when s3 get Object + # CLI flag: -s3.max-backoff + [max_period: | default = 3s] + + # Maximum number of times to retry when s3 get Object + # CLI flag: -s3.max-retries + [max_retries: | default = 5] ``` -### distributor +### azure_storage_config -Configures the `distributor`. +The `azure_storage_config` block configures the connection to Azure object storage backend. The supported CLI flags `` used to reference this configuration block are: + +- `common.storage` +- `ruler.storage` + +  + +```yaml +# Azure Cloud environment. Supported values are: AzureGlobal, AzureChinaCloud, +# AzureGermanCloud, AzureUSGovernment. +# CLI flag: -.azure.environment +[environment: | default = "AzureGlobal"] + +# Azure storage account name. +# CLI flag: -.azure.account-name +[account_name: | default = ""] + +# Azure storage account key. +# CLI flag: -.azure.account-key +[account_key: | default = ""] + +# If `connection-string` is set, the values of `account-name` and +# `endpoint-suffix` values will not be used. Use this method over `account-key` +# if you need to authenticate via a SAS token. Or if you use the Azurite +# emulator. +# CLI flag: -.azure.connection-string +[connection_string: | default = ""] + +# Name of the storage account blob container used to store chunks. This +# container must be created before running cortex. +# CLI flag: -.azure.container-name +[container_name: | default = "loki"] + +# Azure storage endpoint suffix without schema. The storage account name will be +# prefixed to this value to create the FQDN. +# CLI flag: -.azure.endpoint-suffix +[endpoint_suffix: | default = ""] + +# Use Managed Identity to authenticate to the Azure storage account. +# CLI flag: -.azure.use-managed-identity +[use_managed_identity: | default = false] + +# Use Federated Token to authenticate to the Azure storage account. +# CLI flag: -.azure.use-federated-token +[use_federated_token: | default = false] + +# User assigned identity ID to authenticate to the Azure storage account. +# CLI flag: -.azure.user-assigned-id +[user_assigned_id: | default = ""] + +# Use Service Principal to authenticate through Azure OAuth. +# CLI flag: -.azure.use-service-principal +[use_service_principal: | default = false] + +# Azure Service Principal ID(GUID). +# CLI flag: -.azure.client-id +[client_id: | default = ""] + +# Azure Service Principal secret key. +# CLI flag: -.azure.client-secret +[client_secret: | default = ""] + +# Azure Tenant ID is used to authenticate through Azure OAuth. +# CLI flag: -.azure.tenant-id +[tenant_id: | default = ""] + +# Chunk delimiter for blob ID to be used +# CLI flag: -.azure.chunk-delimiter +[chunk_delimiter: | default = "-"] + +# Preallocated buffer size for downloads. +# CLI flag: -.azure.download-buffer-size +[download_buffer_size: | default = 512000] + +# Preallocated buffer size for uploads. +# CLI flag: -.azure.upload-buffer-size +[upload_buffer_size: | default = 256000] + +# Number of buffers used to used to upload a chunk. +# CLI flag: -.azure.download-buffer-count +[upload_buffer_count: | default = 1] + +# Timeout for requests made against azure blob storage. +# CLI flag: -.azure.request-timeout +[request_timeout: | default = 30s] + +# Number of retries for a request which times out. +# CLI flag: -.azure.max-retries +[max_retries: | default = 5] + +# Minimum time to wait before retrying a request. +# CLI flag: -.azure.min-retry-delay +[min_retry_delay: | default = 10ms] + +# Maximum time to wait before retrying a request. +# CLI flag: -.azure.max-retry-delay +[max_retry_delay: | default = 500ms] +``` + +### bloom_compactor + +Experimental: The `bloom_compactor` block configures the Loki bloom compactor server, responsible for compacting stream indexes into bloom filters and merging them as bloom blocks. ```yaml +# Defines the ring to be used by the bloom-compactor servers. In case this isn't +# configured, this block supports inheriting configuration from the common ring +# section. ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. - # CLI flag: -distributor.ring.store + # CLI flag: -bloom-compactor.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. - # CLI flag: -distributor.ring.prefix + # CLI flag: -bloom-compactor.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. - # The CLI flags prefix for this block configuration is: distributor.ring + # The CLI flags prefix for this block configuration is: bloom-compactor.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. - # The CLI flags prefix for this block configuration is: distributor.ring + # The CLI flags prefix for this block configuration is: bloom-compactor.ring [etcd: ] multi: # Primary backend storage used by multi-client. - # CLI flag: -distributor.ring.multi.primary + # CLI flag: -bloom-compactor.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. - # CLI flag: -distributor.ring.multi.secondary + # CLI flag: -bloom-compactor.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. - # CLI flag: -distributor.ring.multi.mirror-enabled + # CLI flag: -bloom-compactor.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. - # CLI flag: -distributor.ring.multi.mirror-timeout + # CLI flag: -bloom-compactor.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. - # CLI flag: -distributor.ring.heartbeat-period - [heartbeat_period: | default = 5s] + # CLI flag: -bloom-compactor.ring.heartbeat-period + [heartbeat_period: | default = 15s] - # The heartbeat timeout after which distributors are considered unhealthy - # within the ring. 0 = never (timeout disabled). - # CLI flag: -distributor.ring.heartbeat-timeout + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -bloom-compactor.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] - # Name of network interface to read address from. - # CLI flag: -distributor.ring.instance-interface-names - [instance_interface_names: | default = []] + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -bloom-compactor.ring.tokens-file-path + [tokens_file_path: | default = ""] -rate_store: - # The max number of concurrent requests to make to ingester stream apis - # CLI flag: -distributor.rate-store.max-request-parallelism - [max_request_parallelism: | default = 200] + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -bloom-compactor.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] - # The interval on which distributors will update current stream rates from - # ingesters - # CLI flag: -distributor.rate-store.stream-rate-update-interval - [stream_rate_update_interval: | default = 1s] + # Number of tokens to use in the ring per compactor. Higher number of tokens + # will result in more and smaller files (metas and blocks.) + # CLI flag: -bloom-compactor.ring.num-tokens + [num_tokens: | default = 10] - # Timeout for communication between distributors and any given ingester when - # updating rates - # CLI flag: -distributor.rate-store.ingester-request-timeout - [ingester_request_timeout: | default = 500ms] + # Instance ID to register in the ring. + # CLI flag: -bloom-compactor.ring.instance-id + [instance_id: | default = ""] - # If enabled, detailed logs and spans will be emitted. - # CLI flag: -distributor.rate-store.debug - [debug: | default = false] + # Name of network interface to read address from. + # CLI flag: -bloom-compactor.ring.instance-interface-names + [instance_interface_names: | default = []] -# Customize the logging of write failures. -write_failures_logging: - # Log volume allowed (per second). Default: 1KB. - # CLI flag: -distributor.write-failures-logging.rate - [rate: | default = 1KB] + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -bloom-compactor.ring.instance-port + [instance_port: | default = 0] - # Whether a insight=true key should be logged or not. Default: false. - # CLI flag: -distributor.write-failures-logging.add-insights-label - [add_insights_label: | default = false] + # IP address to advertise in the ring. + # CLI flag: -bloom-compactor.ring.instance-addr + [instance_addr: | default = ""] -otlp_config: - # List of default otlp resource attributes to be picked as index labels - # CLI flag: -distributor.otlp.default_resource_attributes_as_index_labels - [default_resource_attributes_as_index_labels: | default = [service.name service.namespace service.instance.id deployment.environment cloud.region cloud.availability_zone k8s.cluster.name k8s.namespace.name k8s.pod.name k8s.container.name container.name k8s.replicaset.name k8s.deployment.name k8s.statefulset.name k8s.daemonset.name k8s.cronjob.name k8s.job.name]] -``` + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -bloom-compactor.ring.instance-availability-zone + [instance_availability_zone: | default = ""] -### querier + # Enable using a IPv6 instance address. + # CLI flag: -bloom-compactor.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] -Configures the `querier`. Only appropriate when running all modules or just the querier. +# Flag to enable or disable the usage of the bloom-compactor component. +# CLI flag: -bloom-compactor.enabled +[enabled: | default = false] -```yaml -# Maximum duration for which the live tailing requests are served. -# CLI flag: -querier.tail-max-duration -[tail_max_duration: | default = 1h] +# Interval at which to re-run the compaction operation. +# CLI flag: -bloom-compactor.compaction-interval +[compaction_interval: | default = 10m] -# Time to wait before sending more than the minimum successful query requests. -# CLI flag: -querier.extra-query-delay -[extra_query_delay: | default = 0s] +# Newest day-table offset (from today, inclusive) to compact. Increase to lower +# cost by not re-writing data to object storage too frequently since recent data +# changes more often at the cost of not having blooms available as quickly. +# CLI flag: -bloom-compactor.min-table-offset +[min_table_offset: | default = 1] -# Maximum lookback beyond which queries are not sent to ingester. 0 means all -# queries are sent to ingester. -# CLI flag: -querier.query-ingesters-within -[query_ingesters_within: | default = 3h] +# Oldest day-table offset (from today, inclusive) to compact. This can be used +# to lower cost by not trying to compact older data which doesn't change. This +# can be optimized by aligning it with the maximum `reject_old_samples_max_age` +# setting of any tenant. +# CLI flag: -bloom-compactor.max-table-offset +[max_table_offset: | default = 2] -engine: - # The maximum amount of time to look back for log lines. Used only for instant - # log queries. - # CLI flag: -querier.engine.max-lookback-period - [max_look_back_period: | default = 30s] +# Number of workers to run in parallel for compaction. +# CLI flag: -bloom-compactor.worker-parallelism +[worker_parallelism: | default = 1] -# The maximum number of queries that can be simultaneously processed by the -# querier. -# CLI flag: -querier.max-concurrent -[max_concurrent: | default = 4] +# Minimum backoff time between retries. +# CLI flag: -bloom-compactor.compaction-retries-min-backoff +[compaction_retries_min_backoff: | default = 10s] -# Only query the store, and not attempt any ingesters. This is useful for -# running a standalone querier pool operating only against stored data. -# CLI flag: -querier.query-store-only -[query_store_only: | default = false] +# Maximum backoff time between retries. +# CLI flag: -bloom-compactor.compaction-retries-max-backoff +[compaction_retries_max_backoff: | default = 1m] -# When true, queriers only query the ingesters, and not stored data. This is -# useful when the object store is unavailable. -# CLI flag: -querier.query-ingester-only -[query_ingester_only: | default = false] +# Number of retries to perform when compaction fails. +# CLI flag: -bloom-compactor.compaction-retries +[compaction_retries: | default = 3] -# When true, allow queries to span multiple tenants. -# CLI flag: -querier.multi-tenant-queries-enabled -[multi_tenant_queries_enabled: | default = false] +# Maximum number of tables to compact in parallel. While increasing this value, +# please make sure compactor has enough disk space allocated to be able to store +# and compact as many tables. +# CLI flag: -bloom-compactor.max-compaction-parallelism +[max_compaction_parallelism: | default = 1] -# When true, querier limits sent via a header are enforced. -# CLI flag: -querier.per-request-limits-enabled -[per_request_limits_enabled: | default = false] +retention: + # Enable bloom retention. + # CLI flag: -bloom-compactor.retention.enabled + [enabled: | default = false] + + # Max lookback days for retention. + # CLI flag: -bloom-compactor.retention.max-lookback-days + [max_lookback_days: | default = 365] ``` -### query_scheduler +### bloom_gateway -The `query_scheduler` block configures the Loki query scheduler. When configured it separates the tenant query queues from the query-frontend. +Experimental: The `bloom_gateway` block configures the Loki bloom gateway server, responsible for serving queries for filtering chunks based on filter expressions. ```yaml -# Maximum number of outstanding requests per tenant per query-scheduler. -# In-flight requests above this limit will fail with HTTP response status code -# 429. -# CLI flag: -query-scheduler.max-outstanding-requests-per-tenant -[max_outstanding_requests_per_tenant: | default = 32000] +# Flag to enable or disable the bloom gateway component globally. +# CLI flag: -bloom-gateway.enabled +[enabled: | default = false] -# Maximum number of levels of nesting of hierarchical queues. 0 means that -# hierarchical queues are disabled. -# CLI flag: -query-scheduler.max-queue-hierarchy-levels -[max_queue_hierarchy_levels: | default = 3] +client: + # Configures the behavior of the connection pool. + pool_config: + # How frequently to clean up clients for servers that have gone away or are + # unhealthy. + # CLI flag: -bloom-gateway-client.pool.check-interval + [check_interval: | default = 10s] -# If a querier disconnects without sending notification about graceful shutdown, -# the query-scheduler will keep the querier in the tenant's shard until the -# forget delay has passed. This feature is useful to reduce the blast radius -# when shuffle-sharding is enabled. -# CLI flag: -query-scheduler.querier-forget-delay -[querier_forget_delay: | default = 0s] + # Run a health check on each server during periodic cleanup. + # CLI flag: -bloom-gateway-client.pool.enable-health-check + [enable_health_check: | default = true] -# This configures the gRPC client used to report errors back to the -# query-frontend. -# The CLI flags prefix for this block configuration is: -# query-scheduler.grpc-client-config -[grpc_client_config: ] + # Timeout for the health check if health check is enabled. + # CLI flag: -bloom-gateway-client.pool.health-check-timeout + [health_check_timeout: | default = 1s] -# Set to true to have the query schedulers create and place themselves in a -# ring. If no frontend_address or scheduler_address are present anywhere else in -# the configuration, Loki will toggle this value to true. -# CLI flag: -query-scheduler.use-scheduler-ring -[use_scheduler_ring: | default = false] + # The grpc_client block configures the gRPC client used to communicate between + # a client and server component in Loki. + # The CLI flags prefix for this block configuration is: + # bloom-gateway-client.grpc + [grpc_client_config: ] -# The hash ring configuration. This option is required only if -# use_scheduler_ring is true. -scheduler_ring: - kvstore: - # Backend storage to use for the ring. Supported values are: consul, etcd, - # inmemory, memberlist, multi. - # CLI flag: -query-scheduler.ring.store - [store: | default = "consul"] + results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # bloom-gateway-client.cache + [cache: ] - # The prefix for the keys in the store. Should end with a /. - # CLI flag: -query-scheduler.ring.prefix - [prefix: | default = "collectors/"] + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -bloom-gateway-client.cache.compression + [compression: | default = ""] - # Configuration for a Consul client. Only applies if the selected kvstore is - # consul. - # The CLI flags prefix for this block configuration is: query-scheduler.ring - [consul: ] + # Flag to control whether to cache bloom gateway client requests/responses. + # CLI flag: -bloom-gateway-client.cache_results + [cache_results: | default = false] - # Configuration for an ETCD v3 client. Only applies if the selected kvstore - # is etcd. - # The CLI flags prefix for this block configuration is: query-scheduler.ring - [etcd: ] + # Comma separated addresses list in DNS Service Discovery format: + # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes + # CLI flag: -bloom-gateway-client.addresses + [addresses: | default = ""] - multi: - # Primary backend storage used by multi-client. - # CLI flag: -query-scheduler.ring.multi.primary - [primary: | default = ""] +# Number of workers to use for filtering chunks concurrently. Usually set to 1x +# number of CPU cores. +# CLI flag: -bloom-gateway.worker-concurrency +[worker_concurrency: | default = 4] - # Secondary backend storage used by multi-client. - # CLI flag: -query-scheduler.ring.multi.secondary - [secondary: | default = ""] +# Number of blocks processed concurrently on a single worker. Usually set to 2x +# number of CPU cores. +# CLI flag: -bloom-gateway.block-query-concurrency +[block_query_concurrency: | default = 8] - # Mirror writes to secondary store. - # CLI flag: -query-scheduler.ring.multi.mirror-enabled - [mirror_enabled: | default = false] +# Maximum number of outstanding tasks per tenant. +# CLI flag: -bloom-gateway.max-outstanding-per-tenant +[max_outstanding_per_tenant: | default = 1024] - # Timeout for storing value to secondary store. - # CLI flag: -query-scheduler.ring.multi.mirror-timeout - [mirror_timeout: | default = 2s] +# How many tasks are multiplexed at once. +# CLI flag: -bloom-gateway.num-multiplex-tasks +[num_multiplex_tasks: | default = 512] +``` - # Period at which to heartbeat to the ring. 0 = disabled. - # CLI flag: -query-scheduler.ring.heartbeat-period - [heartbeat_period: | default = 15s] +### bos_storage_config - # The heartbeat timeout after which compactors are considered unhealthy within - # the ring. 0 = never (timeout disabled). - # CLI flag: -query-scheduler.ring.heartbeat-timeout - [heartbeat_timeout: | default = 1m] - - # File path where tokens are stored. If empty, tokens are not stored at - # shutdown and restored at startup. - # CLI flag: -query-scheduler.ring.tokens-file-path - [tokens_file_path: | default = ""] - - # True to enable zone-awareness and replicate blocks across different - # availability zones. - # CLI flag: -query-scheduler.ring.zone-awareness-enabled - [zone_awareness_enabled: | default = false] +The `bos_storage_config` block configures the connection to Baidu Object Storage (BOS) object storage backend. The supported CLI flags `` used to reference this configuration block are: - # Instance ID to register in the ring. - # CLI flag: -query-scheduler.ring.instance-id - [instance_id: | default = ""] +- `common.storage` +- `ruler.storage` - # Name of network interface to read address from. - # CLI flag: -query-scheduler.ring.instance-interface-names - [instance_interface_names: | default = []] +  - # Port to advertise in the ring (defaults to server.grpc-listen-port). - # CLI flag: -query-scheduler.ring.instance-port - [instance_port: | default = 0] +```yaml +# Name of BOS bucket. +# CLI flag: -.bos.bucket-name +[bucket_name: | default = ""] - # IP address to advertise in the ring. - # CLI flag: -query-scheduler.ring.instance-addr - [instance_addr: | default = ""] +# BOS endpoint to connect to. +# CLI flag: -.bos.endpoint +[endpoint: | default = "bj.bcebos.com"] - # The availability zone where this instance is running. Required if - # zone-awareness is enabled. - # CLI flag: -query-scheduler.ring.instance-availability-zone - [instance_availability_zone: | default = ""] +# Baidu Cloud Engine (BCE) Access Key ID. +# CLI flag: -.bos.access-key-id +[access_key_id: | default = ""] - # Enable using a IPv6 instance address. - # CLI flag: -query-scheduler.ring.instance-enable-ipv6 - [instance_enable_ipv6: | default = false] +# Baidu Cloud Engine (BCE) Secret Access Key. +# CLI flag: -.bos.secret-access-key +[secret_access_key: | default = ""] ``` -### frontend +### cache_config -The `frontend` block configures the Loki query-frontend. +The `cache_config` block configures the cache backend for a specific Loki component. The supported CLI flags `` used to reference this configuration block are: -```yaml -# Log queries that are slower than the specified duration. Set to 0 to disable. -# Set to < 0 to enable on all queries. -# CLI flag: -frontend.log-queries-longer-than -[log_queries_longer_than: | default = 0s] +- `bloom-gateway-client.cache` +- `bloom.metas-cache` +- `frontend` +- `frontend.index-stats-results-cache` +- `frontend.instant-metric-results-cache` +- `frontend.label-results-cache` +- `frontend.series-results-cache` +- `frontend.volume-results-cache` +- `store.chunks-cache` +- `store.chunks-cache-l2` +- `store.index-cache-read` +- `store.index-cache-write` -# Comma-separated list of request header names to include in query logs. Applies -# to both query stats and slow queries logs. -# CLI flag: -frontend.log-query-request-headers -[log_query_request_headers: | default = ""] +  -# Max body size for downstream prometheus. -# CLI flag: -frontend.max-body-size -[max_body_size: | default = 10485760] +```yaml +# The default validity of entries for caches unless overridden. +# CLI flag: -.default-validity +[default_validity: | default = 1h] -# True to enable query statistics tracking. When enabled, a message with some -# statistics is logged for every query. -# CLI flag: -frontend.query-stats-enabled -[query_stats_enabled: | default = false] +background: + # At what concurrency to write back to cache. + # CLI flag: -.background.write-back-concurrency + [writeback_goroutines: | default = 1] -# Maximum number of outstanding requests per tenant per frontend; requests -# beyond this error with HTTP 429. -# CLI flag: -querier.max-outstanding-requests-per-tenant -[max_outstanding_per_tenant: | default = 2048] + # How many key batches to buffer for background write-back. Default is large + # to prefer size based limiting. + # CLI flag: -.background.write-back-buffer + [writeback_buffer: | default = 500000] -# In the event a tenant is repeatedly sending queries that lead the querier to -# crash or be killed due to an out-of-memory error, the crashed querier will be -# disconnected from the query frontend and a new querier will be immediately -# assigned to the tenant’s shard. This invalidates the assumption that shuffle -# sharding can be used to reduce the impact on tenants. This option mitigates -# the impact by configuring a delay between when a querier disconnects because -# of a crash and when the crashed querier is actually removed from the tenant's -# shard. -# CLI flag: -query-frontend.querier-forget-delay -[querier_forget_delay: | default = 0s] + # Size limit in bytes for background write-back. + # CLI flag: -.background.write-back-size-limit + [writeback_size_limit: | default = 500MB] -# DNS hostname used for finding query-schedulers. -# CLI flag: -frontend.scheduler-address -[scheduler_address: | default = ""] +memcached: + # How long keys stay in the memcache. + # CLI flag: -.memcached.expiration + [expiration: | default = 0s] -# How often to resolve the scheduler-address, in order to look for new -# query-scheduler instances. Also used to determine how often to poll the -# scheduler-ring for addresses if the scheduler-ring is configured. -# CLI flag: -frontend.scheduler-dns-lookup-period -[scheduler_dns_lookup_period: | default = 10s] + # How many keys to fetch in each batch. + # CLI flag: -.memcached.batchsize + [batch_size: | default = 4] -# Number of concurrent workers forwarding queries to single query-scheduler. -# CLI flag: -frontend.scheduler-worker-concurrency -[scheduler_worker_concurrency: | default = 5] + # Maximum active requests to memcache. + # CLI flag: -.memcached.parallelism + [parallelism: | default = 5] -# The grpc_client block configures the gRPC client used to communicate between a -# client and server component in Loki. -# The CLI flags prefix for this block configuration is: -# frontend.grpc-client-config -[grpc_client_config: ] +memcached_client: + # Hostname for memcached service to use. If empty and if addresses is unset, + # no memcached will be used. + # CLI flag: -.memcached.hostname + [host: | default = ""] -# Time to wait for inflight requests to finish before forcefully shutting down. -# This needs to be aligned with the query timeout and the graceful termination -# period of the process orchestrator. -# CLI flag: -frontend.graceful-shutdown-timeout -[graceful_shutdown_timeout: | default = 5m] + # SRV service used to discover memcache servers. + # CLI flag: -.memcached.service + [service: | default = "memcached"] -# Name of network interface to read address from. This address is sent to -# query-scheduler and querier, which uses it to send the query response back to -# query-frontend. -# CLI flag: -frontend.instance-interface-names -[instance_interface_names: | default = []] + # Comma separated addresses list in DNS Service Discovery format: + # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes + # CLI flag: -.memcached.addresses + [addresses: | default = ""] -# Defines the encoding for requests to and responses from the scheduler and -# querier. Can be 'json' or 'protobuf' (defaults to 'json'). -# CLI flag: -frontend.encoding -[encoding: | default = "json"] + # Maximum time to wait before giving up on memcached requests. + # CLI flag: -.memcached.timeout + [timeout: | default = 100ms] -# Compress HTTP responses. -# CLI flag: -querier.compress-http-responses -[compress_responses: | default = true] + # Maximum number of idle connections in pool. + # CLI flag: -.memcached.max-idle-conns + [max_idle_conns: | default = 16] -# URL of downstream Loki. -# CLI flag: -frontend.downstream-url -[downstream_url: | default = ""] + # The maximum size of an item stored in memcached. Bigger items are not + # stored. If set to 0, no maximum size is enforced. + # CLI flag: -.memcached.max-item-size + [max_item_size: | default = 0] -# URL of querier for tail proxy. -# CLI flag: -frontend.tail-proxy-url -[tail_proxy_url: | default = ""] + # Period with which to poll DNS for memcache servers. + # CLI flag: -.memcached.update-interval + [update_interval: | default = 1m] -# The TLS configuration. -[tail_tls_config: ] -``` + # Use consistent hashing to distribute to memcache servers. + # CLI flag: -.memcached.consistent-hash + [consistent_hash: | default = true] -### query_range + # Trip circuit-breaker after this number of consecutive dial failures (if zero + # then circuit-breaker is disabled). + # CLI flag: -.memcached.circuit-breaker-consecutive-failures + [circuit_breaker_consecutive_failures: | default = 10] -The `query_range` block configures the query splitting and caching in the Loki query-frontend. + # Duration circuit-breaker remains open after tripping (if zero then 60 + # seconds is used). + # CLI flag: -.memcached.circuit-breaker-timeout + [circuit_breaker_timeout: | default = 10s] -```yaml -# Mutate incoming queries to align their start and end with their step. -# CLI flag: -querier.align-querier-with-step -[align_queries_with_step: | default = false] + # Reset circuit-breaker counts after this long (if zero then never reset). + # CLI flag: -.memcached.circuit-breaker-interval + [circuit_breaker_interval: | default = 10s] -results_cache: - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: frontend - [cache: ] + # Enable connecting to Memcached with TLS. + # CLI flag: -.memcached.tls-enabled + [tls_enabled: | default = false] - # Use compression in cache. The default is an empty value '', which disables - # compression. Supported values are: 'snappy' and ''. - # CLI flag: -frontend.compression - [compression: | default = ""] + # Path to the client certificate, which will be used for authenticating with + # the server. Also requires the key path to be configured. + # CLI flag: -.memcached.tls-cert-path + [tls_cert_path: | default = ""] -# Cache query results. -# CLI flag: -querier.cache-results -[cache_results: | default = false] + # Path to the key for the client certificate. Also requires the client + # certificate to be configured. + # CLI flag: -.memcached.tls-key-path + [tls_key_path: | default = ""] -# Maximum number of retries for a single request; beyond this, the downstream -# error is returned. -# CLI flag: -querier.max-retries-per-request -[max_retries: | default = 5] + # Path to the CA certificates to validate server certificate against. If not + # set, the host's root CA certificates are used. + # CLI flag: -.memcached.tls-ca-path + [tls_ca_path: | default = ""] -# Perform query parallelisations based on storage sharding configuration and -# query ASTs. This feature is supported only by the chunks storage engine. -# CLI flag: -querier.parallelise-shardable-queries -[parallelise_shardable_queries: | default = true] + # Override the expected name on the server certificate. + # CLI flag: -.memcached.tls-server-name + [tls_server_name: | default = ""] -# A comma-separated list of LogQL vector and range aggregations that should be -# sharded -# CLI flag: -querier.shard-aggregations -[shard_aggregations: | default = ""] - -# Cache index stats query results. -# CLI flag: -querier.cache-index-stats-results -[cache_index_stats_results: | default = true] - -# If a cache config is not specified and cache_index_stats_results is true, the -# config for the results cache is used. -index_stats_results_cache: - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: - # frontend.index-stats-results-cache - [cache: ] - - # Use compression in cache. The default is an empty value '', which disables - # compression. Supported values are: 'snappy' and ''. - # CLI flag: -frontend.index-stats-results-cache.compression - [compression: | default = ""] - -# Cache volume query results. -# CLI flag: -querier.cache-volume-results -[cache_volume_results: | default = true] - -# If a cache config is not specified and cache_volume_results is true, the -# config for the results cache is used. -volume_results_cache: - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: - # frontend.volume-results-cache - [cache: ] - - # Use compression in cache. The default is an empty value '', which disables - # compression. Supported values are: 'snappy' and ''. - # CLI flag: -frontend.volume-results-cache.compression - [compression: | default = ""] - -# Cache instant metric query results. -# CLI flag: -querier.cache-instant-metric-results -[cache_instant_metric_results: | default = false] - -# If a cache config is not specified and cache_instant_metric_results is true, -# the config for the results cache is used. -instant_metric_results_cache: - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: - # frontend.instant-metric-results-cache - [cache: ] - - # Use compression in cache. The default is an empty value '', which disables - # compression. Supported values are: 'snappy' and ''. - # CLI flag: -frontend.instant-metric-results-cache.compression - [compression: | default = ""] - -# Whether to align the splits of instant metric query with splitByInterval and -# query's exec time. Useful when instant_metric_cache is enabled -# CLI flag: -querier.instant-metric-query-split-align -[instant_metric_query_split_align: | default = false] - -# Cache series query results. -# CLI flag: -querier.cache-series-results -[cache_series_results: | default = true] - -# If series_results_cache is not configured and cache_series_results is true, -# the config for the results cache is used. -series_results_cache: - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: - # frontend.series-results-cache - [cache: ] - - # Use compression in cache. The default is an empty value '', which disables - # compression. Supported values are: 'snappy' and ''. - # CLI flag: -frontend.series-results-cache.compression - [compression: | default = ""] - -# Cache label query results. -# CLI flag: -querier.cache-label-results -[cache_label_results: | default = true] - -# If label_results_cache is not configured and cache_label_results is true, the -# config for the results cache is used. -label_results_cache: - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: - # frontend.label-results-cache - [cache: ] - - # Use compression in cache. The default is an empty value '', which disables - # compression. Supported values are: 'snappy' and ''. - # CLI flag: -frontend.label-results-cache.compression - [compression: | default = ""] -``` - -### ruler - -The `ruler` block configures the Loki ruler. - -```yaml -# Base URL of the Grafana instance. -# CLI flag: -ruler.external.url -[external_url: ] - -# Datasource UID for the dashboard. -# CLI flag: -ruler.datasource-uid -[datasource_uid: | default = ""] - -# Labels to add to all alerts. -[external_labels: ] - -# The grpc_client block configures the gRPC client used to communicate between a -# client and server component in Loki. -# The CLI flags prefix for this block configuration is: ruler.client -[ruler_client: ] - -# How frequently to evaluate rules. -# CLI flag: -ruler.evaluation-interval -[evaluation_interval: | default = 1m] - -# How frequently to poll for rule changes. -# CLI flag: -ruler.poll-interval -[poll_interval: | default = 1m] - -# Deprecated: Use -ruler-storage. CLI flags and their respective YAML config -# options instead. -storage: - # Method to use for backend rule storage (configdb, azure, gcs, s3, swift, - # local, bos, cos) - # CLI flag: -ruler.storage.type - [type: | default = ""] - - # Configures backend rule storage for Azure. - # The CLI flags prefix for this block configuration is: ruler.storage - [azure: ] - - # Configures backend rule storage for AlibabaCloud Object Storage (OSS). - # The CLI flags prefix for this block configuration is: ruler - [alibabacloud: ] - - # Configures backend rule storage for GCS. - # The CLI flags prefix for this block configuration is: ruler.storage - [gcs: ] - - # Configures backend rule storage for S3. - # The CLI flags prefix for this block configuration is: ruler - [s3: ] - - # Configures backend rule storage for Baidu Object Storage (BOS). - # The CLI flags prefix for this block configuration is: ruler.storage - [bos: ] - - # Configures backend rule storage for Swift. - # The CLI flags prefix for this block configuration is: ruler.storage - [swift: ] - - # Configures backend rule storage for IBM Cloud Object Storage (COS). - # The CLI flags prefix for this block configuration is: ruler.storage - [cos: ] - - # Configures backend rule storage for a local file system directory. - local: - # Directory to scan for rules - # CLI flag: -ruler.storage.local.directory - [directory: | default = ""] - -# File path to store temporary rule files. -# CLI flag: -ruler.rule-path -[rule_path: | default = "/rules"] - -# Comma-separated list of Alertmanager URLs to send notifications to. Each -# Alertmanager URL is treated as a separate group in the configuration. Multiple -# Alertmanagers in HA per group can be supported by using DNS resolution via -# '-ruler.alertmanager-discovery'. -# CLI flag: -ruler.alertmanager-url -[alertmanager_url: | default = ""] - -# Use DNS SRV records to discover Alertmanager hosts. -# CLI flag: -ruler.alertmanager-discovery -[enable_alertmanager_discovery: | default = false] - -# How long to wait between refreshing DNS resolutions of Alertmanager hosts. -# CLI flag: -ruler.alertmanager-refresh-interval -[alertmanager_refresh_interval: | default = 1m] - -# If enabled requests to Alertmanager will utilize the V2 API. -# CLI flag: -ruler.alertmanager-use-v2 -[enable_alertmanager_v2: | default = false] - -# List of alert relabel configs. -[alert_relabel_configs: ] - -# Capacity of the queue for notifications to be sent to the Alertmanager. -# CLI flag: -ruler.notification-queue-capacity -[notification_queue_capacity: | default = 10000] - -# HTTP timeout duration when sending notifications to the Alertmanager. -# CLI flag: -ruler.notification-timeout -[notification_timeout: | default = 10s] - -alertmanager_client: - # Path to the client certificate, which will be used for authenticating with - # the server. Also requires the key path to be configured. - # CLI flag: -ruler.alertmanager-client.tls-cert-path - [tls_cert_path: | default = ""] - - # Path to the key for the client certificate. Also requires the client - # certificate to be configured. - # CLI flag: -ruler.alertmanager-client.tls-key-path - [tls_key_path: | default = ""] - - # Path to the CA certificates to validate server certificate against. If not - # set, the host's root CA certificates are used. - # CLI flag: -ruler.alertmanager-client.tls-ca-path - [tls_ca_path: | default = ""] - - # Override the expected name on the server certificate. - # CLI flag: -ruler.alertmanager-client.tls-server-name - [tls_server_name: | default = ""] - - # Skip validating server certificate. - # CLI flag: -ruler.alertmanager-client.tls-insecure-skip-verify - [tls_insecure_skip_verify: | default = false] + # Skip validating server certificate. + # CLI flag: -.memcached.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] # Override the default cipher suite list (separated by commas). Allowed # values: # # Secure Ciphers: - # - TLS_RSA_WITH_AES_128_CBC_SHA - # - TLS_RSA_WITH_AES_256_CBC_SHA - # - TLS_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_AES_128_GCM_SHA256 # - TLS_AES_256_GCM_SHA384 # - TLS_CHACHA20_POLY1305_SHA256 @@ -1408,1571 +1273,1570 @@ alertmanager_client: # Insecure Ciphers: # - TLS_RSA_WITH_RC4_128_SHA # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_RC4_128_SHA # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - # CLI flag: -ruler.alertmanager-client.tls-cipher-suites + # CLI flag: -.memcached.tls-cipher-suites [tls_cipher_suites: | default = ""] # Override the default minimum TLS version. Allowed values: VersionTLS10, # VersionTLS11, VersionTLS12, VersionTLS13 - # CLI flag: -ruler.alertmanager-client.tls-min-version + # CLI flag: -.memcached.tls-min-version [tls_min_version: | default = ""] - # HTTP Basic authentication username. It overrides the username set in the URL - # (if any). - # CLI flag: -ruler.alertmanager-client.basic-auth-username - [basic_auth_username: | default = ""] +redis: + # Redis Server or Cluster configuration endpoint to use for caching. A + # comma-separated list of endpoints for Redis Cluster or Redis Sentinel. If + # empty, no redis will be used. + # CLI flag: -.redis.endpoint + [endpoint: | default = ""] - # HTTP Basic authentication password. It overrides the password set in the URL - # (if any). - # CLI flag: -ruler.alertmanager-client.basic-auth-password - [basic_auth_password: | default = ""] + # Redis Sentinel master name. An empty string for Redis Server or Redis + # Cluster. + # CLI flag: -.redis.master-name + [master_name: | default = ""] - # HTTP Header authorization type (default: Bearer). - # CLI flag: -ruler.alertmanager-client.type - [type: | default = "Bearer"] + # Maximum time to wait before giving up on redis requests. + # CLI flag: -.redis.timeout + [timeout: | default = 500ms] - # HTTP Header authorization credentials. - # CLI flag: -ruler.alertmanager-client.credentials - [credentials: | default = ""] + # How long keys stay in the redis. + # CLI flag: -.redis.expiration + [expiration: | default = 0s] - # HTTP Header authorization credentials file. - # CLI flag: -ruler.alertmanager-client.credentials-file - [credentials_file: | default = ""] + # Database index. + # CLI flag: -.redis.db + [db: | default = 0] -# Max time to tolerate outage for restoring "for" state of alert. -# CLI flag: -ruler.for-outage-tolerance -[for_outage_tolerance: | default = 1h] + # Maximum number of connections in the pool. + # CLI flag: -.redis.pool-size + [pool_size: | default = 0] -# Minimum duration between alert and restored "for" state. This is maintained -# only for alerts with configured "for" time greater than the grace period. -# CLI flag: -ruler.for-grace-period -[for_grace_period: | default = 10m] + # Username to use when connecting to redis. + # CLI flag: -.redis.username + [username: | default = ""] -# Minimum amount of time to wait before resending an alert to Alertmanager. -# CLI flag: -ruler.resend-delay -[resend_delay: | default = 1m] + # Password to use when connecting to redis. + # CLI flag: -.redis.password + [password: | default = ""] -# Distribute rule evaluation using ring backend. -# CLI flag: -ruler.enable-sharding -[enable_sharding: | default = false] + # Enable connecting to redis with TLS. + # CLI flag: -.redis.tls-enabled + [tls_enabled: | default = false] -# The sharding strategy to use. Supported values are: default, shuffle-sharding. -# CLI flag: -ruler.sharding-strategy -[sharding_strategy: | default = "default"] + # Skip validating server certificate. + # CLI flag: -.redis.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] -# The sharding algorithm to use for deciding how rules & groups are sharded. -# Supported values are: by-group, by-rule. -# CLI flag: -ruler.sharding-algo -[sharding_algo: | default = "by-group"] + # Close connections after remaining idle for this duration. If the value is + # zero, then idle connections are not closed. + # CLI flag: -.redis.idle-timeout + [idle_timeout: | default = 0s] -# Time to spend searching for a pending ruler when shutting down. -# CLI flag: -ruler.search-pending-for -[search_pending_for: | default = 5m] + # Close connections older than this duration. If the value is zero, then the + # pool does not close connections based on age. + # CLI flag: -.redis.max-connection-age + [max_connection_age: | default = 0s] + + # By default, the Redis client only reads from the master node. Enabling this + # option can lower pressure on the master node by randomly routing read-only + # commands to the master and any available replicas. + # CLI flag: -.redis.route-randomly + [route_randomly: | default = false] + +embedded_cache: + # Whether embedded cache is enabled. + # CLI flag: -.embedded-cache.enabled + [enabled: | default = false] + + # Maximum memory size of the cache in MB. + # CLI flag: -.embedded-cache.max-size-mb + [max_size_mb: | default = 100] + + # Maximum number of entries in the cache. + # CLI flag: -.embedded-cache.max-size-items + [max_size_items: | default = 0] + + # The time to live for items in the cache before they get purged. + # CLI flag: -.embedded-cache.ttl + [ttl: | default = 1h] +``` + +### chunk_store_config + +The `chunk_store_config` block configures how chunks will be cached and how long to wait before saving them to the backing store. + +```yaml +# The cache_config block configures the cache backend for a specific Loki +# component. +# The CLI flags prefix for this block configuration is: store.chunks-cache +[chunk_cache_config: ] + +# The cache_config block configures the cache backend for a specific Loki +# component. +# The CLI flags prefix for this block configuration is: store.chunks-cache-l2 +[chunk_cache_config_l2: ] + +# Write dedupe cache is deprecated along with legacy index types (aws, +# aws-dynamo, bigtable, bigtable-hashed, cassandra, gcp, gcp-columnkey, +# grpc-store). +# Consider using TSDB index which does not require a write dedupe cache. +# The CLI flags prefix for this block configuration is: store.index-cache-write +[write_dedupe_cache_config: ] + +# Chunks will be handed off to the L2 cache after this duration. 0 to disable L2 +# cache. +# CLI flag: -store.chunks-cache-l2.handoff +[l2_chunk_cache_handoff: | default = 0s] + +# Cache index entries older than this period. 0 to disable. +# CLI flag: -store.cache-lookups-older-than +[cache_lookups_older_than: | default = 0s] +``` + +### common + +Common configuration to be shared between multiple modules. If a more specific configuration is given in other sections, the related configuration within this section will be ignored. + +```yaml +[path_prefix: | default = ""] + +storage: + # The s3_storage_config block configures the connection to Amazon S3 object + # storage backend. + # The CLI flags prefix for this block configuration is: common + [s3: ] + + # The gcs_storage_config block configures the connection to Google Cloud + # Storage object storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [gcs: ] + + # The azure_storage_config block configures the connection to Azure object + # storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [azure: ] + + # The alibabacloud_storage_config block configures the connection to Alibaba + # Cloud Storage object storage backend. + [alibabacloud: ] + + # The bos_storage_config block configures the connection to Baidu Object + # Storage (BOS) object storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [bos: ] + + # The swift_storage_config block configures the connection to OpenStack Object + # Storage (Swift) object storage backend. + # The CLI flags prefix for this block configuration is: common.storage + [swift: ] + + filesystem: + # Directory to store chunks in. + # CLI flag: -common.storage.filesystem.chunk-directory + [chunks_directory: | default = ""] + + # Directory to store rules in. + # CLI flag: -common.storage.filesystem.rules-directory + [rules_directory: | default = ""] + + hedging: + # If set to a non-zero value a second request will be issued at the provided + # duration. Default is 0 (disabled) + # CLI flag: -common.storage.hedge-requests-at + [at: | default = 0s] + + # The maximum of hedge requests allowed. + # CLI flag: -common.storage.hedge-requests-up-to + [up_to: | default = 2] + + # The maximum of hedge requests allowed per seconds. + # CLI flag: -common.storage.hedge-max-per-second + [max_per_second: | default = 5] + + # The cos_storage_config block configures the connection to IBM Cloud Object + # Storage (COS) backend. + # The CLI flags prefix for this block configuration is: common.storage + [cos: ] + + congestion_control: + # Use storage congestion control (default: disabled). + # CLI flag: -common.storage.congestion-control.enabled + [enabled: | default = false] + + controller: + # Congestion control strategy to use (default: none, options: 'aimd'). + # CLI flag: -common.storage.congestion-control.strategy + [strategy: | default = ""] + + aimd: + # AIMD starting throughput window size: how many requests can be sent + # per second (default: 2000). + # CLI flag: -common.storage.congestion-control.strategy.aimd.start + [start: | default = 2000] + + # AIMD maximum throughput window size: upper limit of requests sent per + # second (default: 10000). + # CLI flag: -common.storage.congestion-control.strategy.aimd.upper-bound + [upper_bound: | default = 10000] + + # AIMD backoff factor when upstream service is throttled to decrease + # number of requests sent per second (default: 0.5). + # CLI flag: -common.storage.congestion-control.strategy.aimd.backoff-factor + [backoff_factor: | default = 0.5] + + retry: + # Congestion control retry strategy to use (default: none, options: + # 'limited'). + # CLI flag: -common.storage.congestion-control.retry.strategy + [strategy: | default = ""] + + # Maximum number of retries allowed. + # CLI flag: -common.storage.congestion-control.retry.strategy.limited.limit + [limit: | default = 2] + + hedging: + config: + [at: ] + + [up_to: ] + + [max_per_second: ] + + # Congestion control hedge strategy to use (default: none, options: + # 'limited'). + # CLI flag: -common.storage.congestion-control.hedge.strategy + [strategy: | default = ""] + +[persist_tokens: ] + +[replication_factor: ] -# Ring used by Loki ruler. The CLI flags prefix for this block configuration is -# 'ruler.ring'. ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. - # CLI flag: -ruler.ring.store + # CLI flag: -common.storage.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. - # CLI flag: -ruler.ring.prefix - [prefix: | default = "rulers/"] + # CLI flag: -common.storage.ring.prefix + [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. - # The CLI flags prefix for this block configuration is: ruler.ring + # The CLI flags prefix for this block configuration is: common.storage.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. - # The CLI flags prefix for this block configuration is: ruler.ring + # The CLI flags prefix for this block configuration is: common.storage.ring [etcd: ] multi: # Primary backend storage used by multi-client. - # CLI flag: -ruler.ring.multi.primary + # CLI flag: -common.storage.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. - # CLI flag: -ruler.ring.multi.secondary + # CLI flag: -common.storage.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. - # CLI flag: -ruler.ring.multi.mirror-enabled + # CLI flag: -common.storage.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. - # CLI flag: -ruler.ring.multi.mirror-timeout + # CLI flag: -common.storage.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] - # Interval between heartbeats sent to the ring. 0 = disabled. - # CLI flag: -ruler.ring.heartbeat-period - [heartbeat_period: | default = 5s] + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -common.storage.ring.heartbeat-period + [heartbeat_period: | default = 15s] - # The heartbeat timeout after which ruler ring members are considered - # unhealthy within the ring. 0 = never (timeout disabled). - # CLI flag: -ruler.ring.heartbeat-timeout + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -common.storage.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] - # Name of network interface to read addresses from. - # CLI flag: -ruler.ring.instance-interface-names - [instance_interface_names: | default = []] + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -common.storage.ring.tokens-file-path + [tokens_file_path: | default = ""] - # The number of tokens the lifecycler will generate and put into the ring if - # it joined without transferring tokens from another lifecycler. - # CLI flag: -ruler.ring.num-tokens - [num_tokens: | default = 128] + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -common.storage.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] -# Period with which to attempt to flush rule groups. -# CLI flag: -ruler.flush-period -[flush_period: | default = 1m] + # Number of tokens to own in the ring. + # CLI flag: -common.storage.ring.num-tokens + [num_tokens: | default = 128] -# Enable the ruler API. -# CLI flag: -ruler.enable-api -[enable_api: | default = true] + # Factor for data replication. + # CLI flag: -common.storage.ring.replication-factor + [replication_factor: | default = 3] -# Comma separated list of tenants whose rules this ruler can evaluate. If -# specified, only these tenants will be handled by ruler, otherwise this ruler -# can process rules from all tenants. Subject to sharding. -# CLI flag: -ruler.enabled-tenants -[enabled_tenants: | default = ""] + # Instance ID to register in the ring. + # CLI flag: -common.storage.ring.instance-id + [instance_id: | default = ""] -# Comma separated list of tenants whose rules this ruler cannot evaluate. If -# specified, a ruler that would normally pick the specified tenant(s) for -# processing will ignore them instead. Subject to sharding. -# CLI flag: -ruler.disabled-tenants -[disabled_tenants: | default = ""] + # Name of network interface to read address from. + # CLI flag: -common.storage.ring.instance-interface-names + [instance_interface_names: | default = []] -# Report the wall time for ruler queries to complete as a per user metric and as -# an info level log message. -# CLI flag: -ruler.query-stats-enabled -[query_stats_enabled: | default = false] + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -common.storage.ring.instance-port + [instance_port: | default = 0] -# Disable the rule_group label on exported metrics. -# CLI flag: -ruler.disable-rule-group-label -[disable_rule_group_label: | default = false] + # IP address to advertise in the ring. + # CLI flag: -common.storage.ring.instance-addr + [instance_addr: | default = ""] -wal: - # The directory in which to write tenant WAL files. Each tenant will have its - # own directory one level below this directory. - # CLI flag: -ruler.wal.dir - [dir: | default = "ruler-wal"] + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -common.storage.ring.instance-availability-zone + [instance_availability_zone: | default = ""] - # Frequency with which to run the WAL truncation process. - # CLI flag: -ruler.wal.truncate-frequency - [truncate_frequency: | default = 1h] + # Enable using a IPv6 instance address. + # CLI flag: -common.storage.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] - # Minimum age that samples must exist in the WAL before being truncated. - # CLI flag: -ruler.wal.min-age - [min_age: | default = 5m] +[instance_interface_names: | default = []] - # Maximum age that samples must exist in the WAL before being truncated. - # CLI flag: -ruler.wal.max-age - [max_age: | default = 4h] +[instance_addr: | default = ""] -wal_cleaner: - # The minimum age of a WAL to consider for cleaning. - # CLI flag: -ruler.wal-cleaner.min-age - [min_age: | default = 12h] +# the http address of the compactor in the form http://host:port +# CLI flag: -common.compactor-address +[compactor_address: | default = ""] - # How often to run the WAL cleaner. 0 = disabled. - # CLI flag: -ruler.wal-cleaner.period - [period: | default = 0s] +# the grpc address of the compactor in the form host:port +# CLI flag: -common.compactor-grpc-address +[compactor_grpc_address: | default = ""] +``` -# Remote-write configuration to send rule samples to a Prometheus remote-write -# endpoint. -remote_write: - # Deprecated: Use 'clients' instead. Configure remote write client. - [client: ] +### compactor - # Configure remote write clients. A map with remote client id as key. - [clients: ] +The `compactor` block configures the compactor component, which compacts index shards for performance. - # Enable remote-write functionality. - # CLI flag: -ruler.remote-write.enabled - [enabled: | default = false] +```yaml +# Directory where files can be downloaded for compaction. +# CLI flag: -compactor.working-directory +[working_directory: | default = ""] - # Minimum period to wait between refreshing remote-write reconfigurations. - # This should be greater than or equivalent to - # -limits.per-user-override-period. - # CLI flag: -ruler.remote-write.config-refresh-period - [config_refresh_period: | default = 10s] +# Interval at which to re-run the compaction operation. +# CLI flag: -compactor.compaction-interval +[compaction_interval: | default = 10m] - # Add X-Scope-OrgID header in remote write requests. - # CLI flag: -ruler.remote-write.add-org-id-header - [add_org_id_header: | default = true] +# Interval at which to apply/enforce retention. 0 means run at same interval as +# compaction. If non-zero, it should always be a multiple of compaction +# interval. +# CLI flag: -compactor.apply-retention-interval +[apply_retention_interval: | default = 0s] -# Configuration for rule evaluation. -evaluation: - # The evaluation mode for the ruler. Can be either 'local' or 'remote'. If set - # to 'local', the ruler will evaluate rules locally. If set to 'remote', the - # ruler will evaluate rules remotely. If unset, the ruler will evaluate rules - # locally. - # CLI flag: -ruler.evaluation.mode - [mode: | default = "local"] +# Activate custom (per-stream,per-tenant) retention. +# CLI flag: -compactor.retention-enabled +[retention_enabled: | default = false] - # Upper bound of random duration to wait before rule evaluation to avoid - # contention during concurrent execution of rules. Jitter is calculated - # consistently for a given rule. Set 0 to disable (default). - # CLI flag: -ruler.evaluation.max-jitter - [max_jitter: | default = 0s] +# Delay after which chunks will be fully deleted during retention. +# CLI flag: -compactor.retention-delete-delay +[retention_delete_delay: | default = 2h] - query_frontend: - # GRPC listen address of the query-frontend(s). Must be a DNS address - # (prefixed with dns:///) to enable client side load balancing. - # CLI flag: -ruler.evaluation.query-frontend.address - [address: | default = ""] +# The total amount of worker to use to delete chunks. +# CLI flag: -compactor.retention-delete-worker-count +[retention_delete_worker_count: | default = 150] - # Set to true if query-frontend connection requires TLS. - # CLI flag: -ruler.evaluation.query-frontend.tls-enabled - [tls_enabled: | default = false] +# The maximum amount of time to spend running retention and deletion on any +# given table in the index. +# CLI flag: -compactor.retention-table-timeout +[retention_table_timeout: | default = 0s] - # Path to the client certificate, which will be used for authenticating with - # the server. Also requires the key path to be configured. - # CLI flag: -ruler.evaluation.query-frontend.tls-cert-path - [tls_cert_path: | default = ""] +# Store used for managing delete requests. +# CLI flag: -compactor.delete-request-store +[delete_request_store: | default = ""] - # Path to the key for the client certificate. Also requires the client - # certificate to be configured. - # CLI flag: -ruler.evaluation.query-frontend.tls-key-path - [tls_key_path: | default = ""] +# Path prefix for storing delete requests. +# CLI flag: -compactor.delete-request-store.key-prefix +[delete_request_store_key_prefix: | default = "index/"] - # Path to the CA certificates to validate server certificate against. If not - # set, the host's root CA certificates are used. - # CLI flag: -ruler.evaluation.query-frontend.tls-ca-path - [tls_ca_path: | default = ""] +# The max number of delete requests to run per compaction cycle. +# CLI flag: -compactor.delete-batch-size +[delete_batch_size: | default = 70] - # Override the expected name on the server certificate. - # CLI flag: -ruler.evaluation.query-frontend.tls-server-name - [tls_server_name: | default = ""] +# Allow cancellation of delete request until duration after they are created. +# Data would be deleted only after delete requests have been older than this +# duration. Ideally this should be set to at least 24h. +# CLI flag: -compactor.delete-request-cancel-period +[delete_request_cancel_period: | default = 24h] - # Skip validating server certificate. - # CLI flag: -ruler.evaluation.query-frontend.tls-insecure-skip-verify - [tls_insecure_skip_verify: | default = false] +# Constrain the size of any single delete request with line filters. When a +# delete request > delete_max_interval is input, the request is sharded into +# smaller requests of no more than delete_max_interval +# CLI flag: -compactor.delete-max-interval +[delete_max_interval: | default = 24h] - # Override the default cipher suite list (separated by commas). Allowed - # values: - # - # Secure Ciphers: - # - TLS_RSA_WITH_AES_128_CBC_SHA - # - TLS_RSA_WITH_AES_256_CBC_SHA - # - TLS_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_RSA_WITH_AES_256_GCM_SHA384 - # - TLS_AES_128_GCM_SHA256 - # - TLS_AES_256_GCM_SHA384 - # - TLS_CHACHA20_POLY1305_SHA256 - # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - # - # Insecure Ciphers: - # - TLS_RSA_WITH_RC4_128_SHA - # - TLS_RSA_WITH_3DES_EDE_CBC_SHA - # - TLS_RSA_WITH_AES_128_CBC_SHA256 - # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - # - TLS_ECDHE_RSA_WITH_RC4_128_SHA - # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - # CLI flag: -ruler.evaluation.query-frontend.tls-cipher-suites - [tls_cipher_suites: | default = ""] +# Maximum number of tables to compact in parallel. While increasing this value, +# please make sure compactor has enough disk space allocated to be able to store +# and compact as many tables. +# CLI flag: -compactor.max-compaction-parallelism +[max_compaction_parallelism: | default = 1] - # Override the default minimum TLS version. Allowed values: VersionTLS10, - # VersionTLS11, VersionTLS12, VersionTLS13 - # CLI flag: -ruler.evaluation.query-frontend.tls-min-version - [tls_min_version: | default = ""] -``` +# Number of upload/remove operations to execute in parallel when finalizing a +# compaction. NOTE: This setting is per compaction operation, which can be +# executed in parallel. The upper bound on the number of concurrent uploads is +# upload_parallelism * max_compaction_parallelism. +# CLI flag: -compactor.upload-parallelism +[upload_parallelism: | default = 10] -### ingester_client - -The `ingester_client` block configures how the distributor will connect to ingesters. Only appropriate when running all components, the distributor, or the querier. +# The hash ring configuration used by compactors to elect a single instance for +# running compactions. The CLI flags prefix for this block config is: +# compactor.ring +compactor_ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -compactor.ring.store + [store: | default = "consul"] -```yaml -# Configures how connections are pooled. -pool_config: - # How frequently to clean up clients for ingesters that have gone away. - # CLI flag: -distributor.client-cleanup-period - [client_cleanup_period: | default = 15s] + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -compactor.ring.prefix + [prefix: | default = "collectors/"] - # Run a health check on each ingester client during periodic cleanup. - # CLI flag: -distributor.health-check-ingesters - [health_check_ingesters: | default = true] + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: compactor.ring + [consul: ] - # How quickly a dead client will be removed after it has been detected to - # disappear. Set this to a value to allow time for a secondary health check to - # recover the missing client. - # CLI flag: -ingester.client.healthcheck-timeout - [remote_timeout: | default = 1s] + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: compactor.ring + [etcd: ] -# The remote request timeout on the client side. -# CLI flag: -ingester.client.timeout -[remote_timeout: | default = 5s] + multi: + # Primary backend storage used by multi-client. + # CLI flag: -compactor.ring.multi.primary + [primary: | default = ""] -# Configures how the gRPC connection to ingesters work as a client. -# The CLI flags prefix for this block configuration is: ingester.client -[grpc_client_config: ] -``` + # Secondary backend storage used by multi-client. + # CLI flag: -compactor.ring.multi.secondary + [secondary: | default = ""] -### ingester + # Mirror writes to secondary store. + # CLI flag: -compactor.ring.multi.mirror-enabled + [mirror_enabled: | default = false] -The `ingester` block configures the ingester and how the ingester will register itself to a key value store. + # Timeout for storing value to secondary store. + # CLI flag: -compactor.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] -```yaml -# Configures how the lifecycle of the ingester will operate and where it will -# register for discovery. -lifecycler: - ring: - kvstore: - # Backend storage to use for the ring. Supported values are: consul, etcd, - # inmemory, memberlist, multi. - # CLI flag: -ring.store - [store: | default = "consul"] + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -compactor.ring.heartbeat-period + [heartbeat_period: | default = 15s] - # The prefix for the keys in the store. Should end with a /. - # CLI flag: -ring.prefix - [prefix: | default = "collectors/"] + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -compactor.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] - # Configuration for a Consul client. Only applies if the selected kvstore - # is consul. - [consul: ] + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -compactor.ring.tokens-file-path + [tokens_file_path: | default = ""] - # Configuration for an ETCD v3 client. Only applies if the selected - # kvstore is etcd. - [etcd: ] + # True to enable zone-awareness and replicate blocks across different + # availability zones. + # CLI flag: -compactor.ring.zone-awareness-enabled + [zone_awareness_enabled: | default = false] - multi: - # Primary backend storage used by multi-client. - # CLI flag: -multi.primary - [primary: | default = ""] + # Instance ID to register in the ring. + # CLI flag: -compactor.ring.instance-id + [instance_id: | default = ""] - # Secondary backend storage used by multi-client. - # CLI flag: -multi.secondary - [secondary: | default = ""] + # Name of network interface to read address from. + # CLI flag: -compactor.ring.instance-interface-names + [instance_interface_names: | default = []] - # Mirror writes to secondary store. - # CLI flag: -multi.mirror-enabled - [mirror_enabled: | default = false] + # Port to advertise in the ring (defaults to server.grpc-listen-port). + # CLI flag: -compactor.ring.instance-port + [instance_port: | default = 0] - # Timeout for storing value to secondary store. - # CLI flag: -multi.mirror-timeout - [mirror_timeout: | default = 2s] + # IP address to advertise in the ring. + # CLI flag: -compactor.ring.instance-addr + [instance_addr: | default = ""] - # The heartbeat timeout after which ingesters are skipped for reads/writes. - # 0 = never (timeout disabled). - # CLI flag: -ring.heartbeat-timeout - [heartbeat_timeout: | default = 1m] + # The availability zone where this instance is running. Required if + # zone-awareness is enabled. + # CLI flag: -compactor.ring.instance-availability-zone + [instance_availability_zone: | default = ""] - # The number of ingesters to write to and read from. - # CLI flag: -distributor.replication-factor - [replication_factor: | default = 3] + # Enable using a IPv6 instance address. + # CLI flag: -compactor.ring.instance-enable-ipv6 + [instance_enable_ipv6: | default = false] - # True to enable the zone-awareness and replicate ingested samples across - # different availability zones. - # CLI flag: -distributor.zone-awareness-enabled - [zone_awareness_enabled: | default = false] +# Number of tables that compactor will try to compact. Newer tables are chosen +# when this is less than the number of tables available. +# CLI flag: -compactor.tables-to-compact +[tables_to_compact: | default = 0] - # Comma-separated list of zones to exclude from the ring. Instances in - # excluded zones will be filtered out from the ring. - # CLI flag: -distributor.excluded-zones - [excluded_zones: | default = ""] +# Do not compact N latest tables. Together with -compactor.run-once and +# -compactor.tables-to-compact, this is useful when clearing compactor backlogs. +# CLI flag: -compactor.skip-latest-n-tables +[skip_latest_n_tables: | default = 0] +``` - # Number of tokens for each ingester. - # CLI flag: -ingester.num-tokens - [num_tokens: | default = 128] +### consul - # Period at which to heartbeat to consul. 0 = disabled. - # CLI flag: -ingester.heartbeat-period - [heartbeat_period: | default = 5s] +Configuration for a Consul client. Only applies if the selected kvstore is `consul`. The supported CLI flags `` used to reference this configuration block are: - # Heartbeat timeout after which instance is assumed to be unhealthy. 0 = - # disabled. - # CLI flag: -ingester.heartbeat-timeout - [heartbeat_timeout: | default = 1m] +- `bloom-compactor.ring` +- `common.storage.ring` +- `compactor.ring` +- `distributor.ring` +- `index-gateway.ring` +- `pattern-ingester` +- `query-scheduler.ring` +- `ruler.ring` - # Observe tokens after generating to resolve collisions. Useful when using - # gossiping ring. - # CLI flag: -ingester.observe-period - [observe_period: | default = 0s] +  - # Period to wait for a claim from another member; will join automatically - # after this. - # CLI flag: -ingester.join-after - [join_after: | default = 0s] +```yaml +# Hostname and port of Consul. +# CLI flag: -.consul.hostname +[host: | default = "localhost:8500"] - # Minimum duration to wait after the internal readiness checks have passed but - # before succeeding the readiness endpoint. This is used to slowdown - # deployment controllers (eg. Kubernetes) after an instance is ready and - # before they proceed with a rolling update, to give the rest of the cluster - # instances enough time to receive ring updates. - # CLI flag: -ingester.min-ready-duration - [min_ready_duration: | default = 15s] +# ACL Token used to interact with Consul. +# CLI flag: -.consul.acl-token +[acl_token: | default = ""] - # Name of network interface to read address from. - # CLI flag: -ingester.lifecycler.interface - [interface_names: | default = []] +# HTTP timeout when talking to Consul +# CLI flag: -.consul.client-timeout +[http_client_timeout: | default = 20s] - # Enable IPv6 support. Required to make use of IP addresses from IPv6 - # interfaces. - # CLI flag: -ingester.enable-inet6 - [enable_inet6: | default = false] +# Enable consistent reads to Consul. +# CLI flag: -.consul.consistent-reads +[consistent_reads: | default = false] - # Duration to sleep for before exiting, to ensure metrics are scraped. - # CLI flag: -ingester.final-sleep - [final_sleep: | default = 0s] +# Rate limit when watching key or prefix in Consul, in requests per second. 0 +# disables the rate limit. +# CLI flag: -.consul.watch-rate-limit +[watch_rate_limit: | default = 1] - # File path where tokens are stored. If empty, tokens are not stored at - # shutdown and restored at startup. - # CLI flag: -ingester.tokens-file-path - [tokens_file_path: | default = ""] +# Burst size used in rate limit. Values less than 1 are treated as 1. +# CLI flag: -.consul.watch-burst-size +[watch_burst_size: | default = 1] - # The availability zone where this instance is running. - # CLI flag: -ingester.availability-zone - [availability_zone: | default = ""] +# Maximum duration to wait before retrying a Compare And Swap (CAS) operation. +# CLI flag: -.consul.cas-retry-delay +[cas_retry_delay: | default = 1s] +``` - # Unregister from the ring upon clean shutdown. It can be useful to disable - # for rolling restarts with consistent naming in conjunction with - # -distributor.extend-writes=false. - # CLI flag: -ingester.unregister-on-shutdown - [unregister_on_shutdown: | default = true] +### cos_storage_config - # When enabled the readiness probe succeeds only after all instances are - # ACTIVE and healthy in the ring, otherwise only the instance itself is - # checked. This option should be disabled if in your cluster multiple - # instances can be rolled out simultaneously, otherwise rolling updates may be - # slowed down. - # CLI flag: -ingester.readiness-check-ring-health - [readiness_check_ring_health: | default = true] +The `cos_storage_config` block configures the connection to IBM Cloud Object Storage (COS) backend. The supported CLI flags `` used to reference this configuration block are: - # IP address to advertise in the ring. - # CLI flag: -ingester.lifecycler.addr - [address: | default = ""] +- `common.storage` +- `ruler.storage` - # port to advertise in consul (defaults to server.grpc-listen-port). - # CLI flag: -ingester.lifecycler.port - [port: | default = 0] +  - # ID to register in the ring. - # CLI flag: -ingester.lifecycler.ID - [id: | default = ""] +```yaml +# Set this to `true` to force the request to use path-style addressing. +# CLI flag: -.cos.force-path-style +[forcepathstyle: | default = false] -# How many flushes can happen concurrently from each stream. -# CLI flag: -ingester.concurrent-flushes -[concurrent_flushes: | default = 32] - -# How often should the ingester see if there are any blocks to flush. The first -# flush check is delayed by a random time up to 0.8x the flush check period. -# Additionally, there is +/- 1% jitter added to the interval. -# CLI flag: -ingester.flush-check-period -[flush_check_period: | default = 30s] - -# The timeout before a flush is cancelled. -# CLI flag: -ingester.flush-op-timeout -[flush_op_timeout: | default = 10m] - -# How long chunks should be retained in-memory after they've been flushed. -# CLI flag: -ingester.chunks-retain-period -[chunk_retain_period: | default = 0s] - -# How long chunks should sit in-memory with no updates before being flushed if -# they don't hit the max block size. This means that half-empty chunks will -# still be flushed after a certain period as long as they receive no further -# activity. -# CLI flag: -ingester.chunks-idle-period -[chunk_idle_period: | default = 30m] - -# The targeted _uncompressed_ size in bytes of a chunk block When this threshold -# is exceeded the head block will be cut and compressed inside the chunk. -# CLI flag: -ingester.chunks-block-size -[chunk_block_size: | default = 262144] - -# A target _compressed_ size in bytes for chunks. This is a desired size not an -# exact size, chunks may be slightly bigger or significantly smaller if they get -# flushed for other reasons (e.g. chunk_idle_period). A value of 0 creates -# chunks with a fixed 10 blocks, a non zero value will create chunks with a -# variable number of blocks to meet the target size. -# CLI flag: -ingester.chunk-target-size -[chunk_target_size: | default = 1572864] +# Comma separated list of bucket names to evenly distribute chunks over. +# CLI flag: -.cos.buckets +[bucketnames: | default = ""] -# The algorithm to use for compressing chunk. (none, gzip, lz4-64k, snappy, -# lz4-256k, lz4-1M, lz4, flate, zstd) -# CLI flag: -ingester.chunk-encoding -[chunk_encoding: | default = "gzip"] +# COS Endpoint to connect to. +# CLI flag: -.cos.endpoint +[endpoint: | default = ""] -# The maximum duration of a timeseries chunk in memory. If a timeseries runs for -# longer than this, the current chunk will be flushed to the store and a new -# chunk created. -# CLI flag: -ingester.max-chunk-age -[max_chunk_age: | default = 2h] +# COS region to use. +# CLI flag: -.cos.region +[region: | default = ""] -# Forget about ingesters having heartbeat timestamps older than -# `ring.kvstore.heartbeat_timeout`. This is equivalent to clicking on the -# `/ring` `forget` button in the UI: the ingester is removed from the ring. This -# is a useful setting when you are sure that an unhealthy node won't return. An -# example is when not using stateful sets or the equivalent. Use -# `memberlist.rejoin_interval` > 0 to handle network partition cases when using -# a memberlist. -# CLI flag: -ingester.autoforget-unhealthy -[autoforget_unhealthy: | default = false] +# COS HMAC Access Key ID. +# CLI flag: -.cos.access-key-id +[access_key_id: | default = ""] -# Parameters used to synchronize ingesters to cut chunks at the same moment. -# Sync period is used to roll over incoming entry to a new chunk. If chunk's -# utilization isn't high enough (eg. less than 50% when sync_min_utilization is -# set to 0.5), then this chunk rollover doesn't happen. -# CLI flag: -ingester.sync-period -[sync_period: | default = 1h] +# COS HMAC Secret Access Key. +# CLI flag: -.cos.secret-access-key +[secret_access_key: | default = ""] -# Minimum utilization of chunk when doing synchronization. -# CLI flag: -ingester.sync-min-utilization -[sync_min_utilization: | default = 0.1] +http_config: + # The maximum amount of time an idle connection will be held open. + # CLI flag: -.cos.http.idle-conn-timeout + [idle_conn_timeout: | default = 1m30s] -# The maximum number of errors a stream will report to the user when a push -# fails. 0 to make unlimited. -# CLI flag: -ingester.max-ignored-stream-errors -[max_returned_stream_errors: | default = 10] + # If non-zero, specifies the amount of time to wait for a server's response + # headers after fully writing the request. + # CLI flag: -.cos.http.response-header-timeout + [response_header_timeout: | default = 0s] -# How far back should an ingester be allowed to query the store for data, for -# use only with boltdb-shipper/tsdb index and filesystem object store. -1 for -# infinite. -# CLI flag: -ingester.query-store-max-look-back-period -[query_store_max_look_back_period: | default = 0s] +# Configures back off when cos get Object. +backoff_config: + # Minimum backoff time when cos get Object. + # CLI flag: -.cos.min-backoff + [min_period: | default = 100ms] -# The ingester WAL (Write Ahead Log) records incoming logs and stores them on -# the local file systems in order to guarantee persistence of acknowledged data -# in the event of a process crash. -wal: - # Enable writing of ingested data into WAL. - # CLI flag: -ingester.wal-enabled - [enabled: | default = true] + # Maximum backoff time when cos get Object. + # CLI flag: -.cos.max-backoff + [max_period: | default = 3s] - # Directory where the WAL data is stored and/or recovered from. - # CLI flag: -ingester.wal-dir - [dir: | default = "wal"] + # Maximum number of times to retry when cos get Object. + # CLI flag: -.cos.max-retries + [max_retries: | default = 5] - # Interval at which checkpoints should be created. - # CLI flag: -ingester.checkpoint-duration - [checkpoint_duration: | default = 5m] +# IAM API key to access COS. +# CLI flag: -.cos.api-key +[api_key: | default = ""] - # When WAL is enabled, should chunks be flushed to long-term storage on - # shutdown. - # CLI flag: -ingester.flush-on-shutdown - [flush_on_shutdown: | default = false] +# COS service instance id to use. +# CLI flag: -.cos.service-instance-id +[service_instance_id: | default = ""] - # Maximum memory size the WAL may use during replay. After hitting this, it - # will flush data to storage before continuing. A unit suffix (KB, MB, GB) may - # be applied. - # CLI flag: -ingester.wal-replay-memory-ceiling - [replay_memory_ceiling: | default = 4GB] +# IAM Auth Endpoint for authentication. +# CLI flag: -.cos.auth-endpoint +[auth_endpoint: | default = "https://iam.cloud.ibm.com/identity/token"] -# Shard factor used in the ingesters for the in process reverse index. This MUST -# be evenly divisible by ALL schema shard factors or Loki will not start. -# CLI flag: -ingester.index-shards -[index_shards: | default = 32] +# Compute resource token file path. +# CLI flag: -.cos.cr-token-file-path +[cr_token_file_path: | default = ""] -# Maximum number of dropped streams to keep in memory during tailing. -# CLI flag: -ingester.tailer.max-dropped-streams -[max_dropped_streams: | default = 10] +# Name of the trusted profile. +# CLI flag: -.cos.trusted-profile-name +[trusted_profile_name: | default = ""] -# Path where the shutdown marker file is stored. If not set and -# common.path_prefix is set then common.path_prefix will be used. -# CLI flag: -ingester.shutdown-marker-path -[shutdown_marker_path: | default = ""] +# ID of the trusted profile. +# CLI flag: -.cos.trusted-profile-id +[trusted_profile_id: | default = ""] ``` -### index_gateway +### distributor -The `index_gateway` block configures the Loki index gateway server, responsible for serving index queries without the need to constantly interact with the object store. +Configures the `distributor`. ```yaml -# Defines in which mode the index gateway server will operate (default to -# 'simple'). It supports two modes: -# - 'simple': an index gateway server instance is responsible for handling, -# storing and returning requests for all indices for all tenants. -# - 'ring': an index gateway server instance is responsible for a subset of -# tenants instead of all tenants. -# CLI flag: -index-gateway.mode -[mode: | default = "simple"] - -# Defines the ring to be used by the index gateway servers and clients in case -# the servers are configured to run in 'ring' mode. In case this isn't -# configured, this block supports inheriting configuration from the common ring -# section. ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. - # CLI flag: -index-gateway.ring.store + # CLI flag: -distributor.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. - # CLI flag: -index-gateway.ring.prefix + # CLI flag: -distributor.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. - # The CLI flags prefix for this block configuration is: index-gateway.ring + # The CLI flags prefix for this block configuration is: distributor.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. - # The CLI flags prefix for this block configuration is: index-gateway.ring + # The CLI flags prefix for this block configuration is: distributor.ring [etcd: ] multi: # Primary backend storage used by multi-client. - # CLI flag: -index-gateway.ring.multi.primary + # CLI flag: -distributor.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. - # CLI flag: -index-gateway.ring.multi.secondary + # CLI flag: -distributor.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. - # CLI flag: -index-gateway.ring.multi.mirror-enabled + # CLI flag: -distributor.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. - # CLI flag: -index-gateway.ring.multi.mirror-timeout + # CLI flag: -distributor.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. - # CLI flag: -index-gateway.ring.heartbeat-period - [heartbeat_period: | default = 15s] + # CLI flag: -distributor.ring.heartbeat-period + [heartbeat_period: | default = 5s] - # The heartbeat timeout after which compactors are considered unhealthy within - # the ring. 0 = never (timeout disabled). - # CLI flag: -index-gateway.ring.heartbeat-timeout + # The heartbeat timeout after which distributors are considered unhealthy + # within the ring. 0 = never (timeout disabled). + # CLI flag: -distributor.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] - # File path where tokens are stored. If empty, tokens are not stored at - # shutdown and restored at startup. - # CLI flag: -index-gateway.ring.tokens-file-path - [tokens_file_path: | default = ""] - - # True to enable zone-awareness and replicate blocks across different - # availability zones. - # CLI flag: -index-gateway.ring.zone-awareness-enabled - [zone_awareness_enabled: | default = false] - - # Deprecated: How many index gateway instances are assigned to each tenant. - # Use -index-gateway.shard-size instead. The shard size is also a per-tenant - # setting. - # CLI flag: -replication-factor - [replication_factor: | default = 3] - - # Instance ID to register in the ring. - # CLI flag: -index-gateway.ring.instance-id - [instance_id: | default = ""] - # Name of network interface to read address from. - # CLI flag: -index-gateway.ring.instance-interface-names + # CLI flag: -distributor.ring.instance-interface-names [instance_interface_names: | default = []] - # Port to advertise in the ring (defaults to server.grpc-listen-port). - # CLI flag: -index-gateway.ring.instance-port - [instance_port: | default = 0] - - # IP address to advertise in the ring. - # CLI flag: -index-gateway.ring.instance-addr - [instance_addr: | default = ""] - - # The availability zone where this instance is running. Required if - # zone-awareness is enabled. - # CLI flag: -index-gateway.ring.instance-availability-zone - [instance_availability_zone: | default = ""] +rate_store: + # The max number of concurrent requests to make to ingester stream apis + # CLI flag: -distributor.rate-store.max-request-parallelism + [max_request_parallelism: | default = 200] - # Enable using a IPv6 instance address. - # CLI flag: -index-gateway.ring.instance-enable-ipv6 - [instance_enable_ipv6: | default = false] -``` + # The interval on which distributors will update current stream rates from + # ingesters + # CLI flag: -distributor.rate-store.stream-rate-update-interval + [stream_rate_update_interval: | default = 1s] -### storage_config + # Timeout for communication between distributors and any given ingester when + # updating rates + # CLI flag: -distributor.rate-store.ingester-request-timeout + [ingester_request_timeout: | default = 500ms] -The `storage_config` block configures one of many possible stores for both the index and chunks. Which configuration to be picked should be defined in schema_config block. + # If enabled, detailed logs and spans will be emitted. + # CLI flag: -distributor.rate-store.debug + [debug: | default = false] -```yaml -# The alibabacloud_storage_config block configures the connection to Alibaba -# Cloud Storage object storage backend. -# The CLI flags prefix for this block configuration is: common -[alibabacloud: ] +# Customize the logging of write failures. +write_failures_logging: + # Log volume allowed (per second). Default: 1KB. + # CLI flag: -distributor.write-failures-logging.rate + [rate: | default = 1KB] -# The aws_storage_config block configures the connection to dynamoDB and S3 -# object storage. Either one of them or both can be configured. -[aws: ] + # Whether a insight=true key should be logged or not. Default: false. + # CLI flag: -distributor.write-failures-logging.add-insights-label + [add_insights_label: | default = false] -# The azure_storage_config block configures the connection to Azure object -# storage backend. -[azure: ] +otlp_config: + # List of default otlp resource attributes to be picked as index labels + # CLI flag: -distributor.otlp.default_resource_attributes_as_index_labels + [default_resource_attributes_as_index_labels: | default = [service.name service.namespace service.instance.id deployment.environment cloud.region cloud.availability_zone k8s.cluster.name k8s.namespace.name k8s.pod.name k8s.container.name container.name k8s.replicaset.name k8s.deployment.name k8s.statefulset.name k8s.daemonset.name k8s.cronjob.name k8s.job.name]] +``` -# The bos_storage_config block configures the connection to Baidu Object Storage -# (BOS) object storage backend. -[bos: ] +### etcd -# Deprecated: Configures storing indexes in Bigtable. Required fields only -# required when bigtable is defined in config. -bigtable: - # Bigtable project ID. - # CLI flag: -bigtable.project - [project: | default = ""] +Configuration for an ETCD v3 client. Only applies if the selected kvstore is `etcd`. The supported CLI flags `` used to reference this configuration block are: - # Bigtable instance ID. Please refer to - # https://cloud.google.com/docs/authentication/production for more information - # about how to configure authentication. - # CLI flag: -bigtable.instance - [instance: | default = ""] +- `bloom-compactor.ring` +- `common.storage.ring` +- `compactor.ring` +- `distributor.ring` +- `index-gateway.ring` +- `pattern-ingester` +- `query-scheduler.ring` +- `ruler.ring` - # The grpc_client block configures the gRPC client used to communicate between - # a client and server component in Loki. - # The CLI flags prefix for this block configuration is: bigtable - [grpc_client_config: ] +  - # If enabled, once a tables info is fetched, it is cached. - # CLI flag: -bigtable.table-cache.enabled - [table_cache_enabled: | default = true] +```yaml +# The etcd endpoints to connect to. +# CLI flag: -.etcd.endpoints +[endpoints: | default = []] - # Duration to cache tables before checking again. - # CLI flag: -bigtable.table-cache.expiration - [table_cache_expiration: | default = 30m] +# The dial timeout for the etcd connection. +# CLI flag: -.etcd.dial-timeout +[dial_timeout: | default = 10s] -# Configures storing chunks in GCS. Required fields only required when gcs is -# defined in config. -[gcs: ] +# The maximum number of retries to do for failed ops. +# CLI flag: -.etcd.max-retries +[max_retries: | default = 10] -# Deprecated: Configures storing chunks and/or the index in Cassandra. -cassandra: - # Comma-separated hostnames or IPs of Cassandra instances. - # CLI flag: -cassandra.addresses - [addresses: | default = ""] +# Enable TLS. +# CLI flag: -.etcd.tls-enabled +[tls_enabled: | default = false] - # Port that Cassandra is running on - # CLI flag: -cassandra.port - [port: | default = 9042] +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -.etcd.tls-cert-path +[tls_cert_path: | default = ""] - # Keyspace to use in Cassandra. - # CLI flag: -cassandra.keyspace - [keyspace: | default = ""] +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -.etcd.tls-key-path +[tls_key_path: | default = ""] - # Consistency level for Cassandra. - # CLI flag: -cassandra.consistency - [consistency: | default = "QUORUM"] +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -.etcd.tls-ca-path +[tls_ca_path: | default = ""] - # Replication factor to use in Cassandra. - # CLI flag: -cassandra.replication-factor - [replication_factor: | default = 3] +# Override the expected name on the server certificate. +# CLI flag: -.etcd.tls-server-name +[tls_server_name: | default = ""] - # Instruct the cassandra driver to not attempt to get host info from the - # system.peers table. - # CLI flag: -cassandra.disable-initial-host-lookup - [disable_initial_host_lookup: | default = false] +# Skip validating server certificate. +# CLI flag: -.etcd.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] - # Use SSL when connecting to cassandra instances. - # CLI flag: -cassandra.ssl - [SSL: | default = false] +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -.etcd.tls-cipher-suites +[tls_cipher_suites: | default = ""] - # Require SSL certificate validation. - # CLI flag: -cassandra.host-verification - [host_verification: | default = true] +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -.etcd.tls-min-version +[tls_min_version: | default = ""] - # Policy for selecting Cassandra host. Supported values are: round-robin, - # token-aware. - # CLI flag: -cassandra.host-selection-policy - [host_selection_policy: | default = "round-robin"] +# Etcd username. +# CLI flag: -.etcd.username +[username: | default = ""] - # Path to certificate file to verify the peer. - # CLI flag: -cassandra.ca-path - [CA_path: | default = ""] +# Etcd password. +# CLI flag: -.etcd.password +[password: | default = ""] +``` - # Path to certificate file used by TLS. - # CLI flag: -cassandra.tls-cert-path - [tls_cert_path: | default = ""] +### frontend - # Path to private key file used by TLS. - # CLI flag: -cassandra.tls-key-path - [tls_key_path: | default = ""] +The `frontend` block configures the Loki query-frontend. - # Enable password authentication when connecting to cassandra. - # CLI flag: -cassandra.auth - [auth: | default = false] +```yaml +# Log queries that are slower than the specified duration. Set to 0 to disable. +# Set to < 0 to enable on all queries. +# CLI flag: -frontend.log-queries-longer-than +[log_queries_longer_than: | default = 0s] - # Username to use when connecting to cassandra. - # CLI flag: -cassandra.username - [username: | default = ""] +# Comma-separated list of request header names to include in query logs. Applies +# to both query stats and slow queries logs. +# CLI flag: -frontend.log-query-request-headers +[log_query_request_headers: | default = ""] - # Password to use when connecting to cassandra. - # CLI flag: -cassandra.password - [password: | default = ""] +# Max body size for downstream prometheus. +# CLI flag: -frontend.max-body-size +[max_body_size: | default = 10485760] - # File containing password to use when connecting to cassandra. - # CLI flag: -cassandra.password-file - [password_file: | default = ""] +# True to enable query statistics tracking. When enabled, a message with some +# statistics is logged for every query. +# CLI flag: -frontend.query-stats-enabled +[query_stats_enabled: | default = false] - # If set, when authenticating with cassandra a custom authenticator will be - # expected during the handshake. This flag can be set multiple times. - # CLI flag: -cassandra.custom-authenticator - [custom_authenticators: | default = []] +# Maximum number of outstanding requests per tenant per frontend; requests +# beyond this error with HTTP 429. +# CLI flag: -querier.max-outstanding-requests-per-tenant +[max_outstanding_per_tenant: | default = 2048] - # Timeout when connecting to cassandra. - # CLI flag: -cassandra.timeout - [timeout: | default = 2s] +# In the event a tenant is repeatedly sending queries that lead the querier to +# crash or be killed due to an out-of-memory error, the crashed querier will be +# disconnected from the query frontend and a new querier will be immediately +# assigned to the tenant’s shard. This invalidates the assumption that shuffle +# sharding can be used to reduce the impact on tenants. This option mitigates +# the impact by configuring a delay between when a querier disconnects because +# of a crash and when the crashed querier is actually removed from the tenant's +# shard. +# CLI flag: -query-frontend.querier-forget-delay +[querier_forget_delay: | default = 0s] - # Initial connection timeout, used during initial dial to server. - # CLI flag: -cassandra.connect-timeout - [connect_timeout: | default = 5s] +# DNS hostname used for finding query-schedulers. +# CLI flag: -frontend.scheduler-address +[scheduler_address: | default = ""] - # Interval to retry connecting to cassandra nodes marked as DOWN. - # CLI flag: -cassandra.reconnent-interval - [reconnect_interval: | default = 1s] +# How often to resolve the scheduler-address, in order to look for new +# query-scheduler instances. Also used to determine how often to poll the +# scheduler-ring for addresses if the scheduler-ring is configured. +# CLI flag: -frontend.scheduler-dns-lookup-period +[scheduler_dns_lookup_period: | default = 10s] - # Number of retries to perform on a request. Set to 0 to disable retries. - # CLI flag: -cassandra.max-retries - [max_retries: | default = 0] +# Number of concurrent workers forwarding queries to single query-scheduler. +# CLI flag: -frontend.scheduler-worker-concurrency +[scheduler_worker_concurrency: | default = 5] - # Maximum time to wait before retrying a failed request. - # CLI flag: -cassandra.retry-max-backoff - [retry_max_backoff: | default = 10s] +# The grpc_client block configures the gRPC client used to communicate between a +# client and server component in Loki. +# The CLI flags prefix for this block configuration is: +# frontend.grpc-client-config +[grpc_client_config: ] - # Minimum time to wait before retrying a failed request. - # CLI flag: -cassandra.retry-min-backoff - [retry_min_backoff: | default = 100ms] +# Time to wait for inflight requests to finish before forcefully shutting down. +# This needs to be aligned with the query timeout and the graceful termination +# period of the process orchestrator. +# CLI flag: -frontend.graceful-shutdown-timeout +[graceful_shutdown_timeout: | default = 5m] - # Limit number of concurrent queries to Cassandra. Set to 0 to disable the - # limit. - # CLI flag: -cassandra.query-concurrency - [query_concurrency: | default = 0] +# Name of network interface to read address from. This address is sent to +# query-scheduler and querier, which uses it to send the query response back to +# query-frontend. +# CLI flag: -frontend.instance-interface-names +[instance_interface_names: | default = []] - # Number of TCP connections per host. - # CLI flag: -cassandra.num-connections - [num_connections: | default = 2] +# Defines the encoding for requests to and responses from the scheduler and +# querier. Can be 'json' or 'protobuf' (defaults to 'json'). +# CLI flag: -frontend.encoding +[encoding: | default = "json"] - # Convict hosts of being down on failure. - # CLI flag: -cassandra.convict-hosts-on-failure - [convict_hosts_on_failure: | default = true] +# Compress HTTP responses. +# CLI flag: -querier.compress-http-responses +[compress_responses: | default = true] - # Table options used to create index or chunk tables. This value is used as - # plain text in the table `WITH` like this, "CREATE TABLE - # (...) WITH ". For details, - # see https://cortexmetrics.io/docs/production/cassandra. By default it will - # use the default table options of your Cassandra cluster. - # CLI flag: -cassandra.table-options - [table_options: | default = ""] +# URL of downstream Loki. +# CLI flag: -frontend.downstream-url +[downstream_url: | default = ""] -# Deprecated: Configures storing index in BoltDB. Required fields only required -# when boltdb is present in the configuration. -boltdb: - # Location of BoltDB index files. - # CLI flag: -boltdb.dir - [directory: | default = ""] +# URL of querier for tail proxy. +# CLI flag: -frontend.tail-proxy-url +[tail_proxy_url: | default = ""] -# Configures storing the chunks on the local file system. Required fields only -# required when filesystem is present in the configuration. -[filesystem: ] +# The TLS configuration. +[tail_tls_config: ] +``` -# The swift_storage_config block configures the connection to OpenStack Object -# Storage (Swift) object storage backend. -[swift: ] +### frontend_worker -# Deprecated: -grpc_store: - # Hostname or IP of the gRPC store instance. - # CLI flag: -grpc-store.server-address - [server_address: | default = ""] +The `frontend_worker` configures the worker - running within the Loki querier - picking up and executing queries enqueued by the query-frontend. -hedging: - # If set to a non-zero value a second request will be issued at the provided - # duration. Default is 0 (disabled) - # CLI flag: -store.hedge-requests-at - [at: | default = 0s] +```yaml +# Address of query frontend service, in host:port format. If +# -querier.scheduler-address is set as well, querier will use scheduler instead. +# Only one of -querier.frontend-address or -querier.scheduler-address can be +# set. If neither is set, queries are only received via HTTP endpoint. +# CLI flag: -querier.frontend-address +[frontend_address: | default = ""] - # The maximum of hedge requests allowed. - # CLI flag: -store.hedge-requests-up-to - [up_to: | default = 2] +# Hostname (and port) of scheduler that querier will periodically resolve, +# connect to and receive queries from. Only one of -querier.frontend-address or +# -querier.scheduler-address can be set. If neither is set, queries are only +# received via HTTP endpoint. +# CLI flag: -querier.scheduler-address +[scheduler_address: | default = ""] - # The maximum of hedge requests allowed per seconds. - # CLI flag: -store.hedge-max-per-second - [max_per_second: | default = 5] +# How often to query DNS for query-frontend or query-scheduler address. Also +# used to determine how often to poll the scheduler-ring for addresses if the +# scheduler-ring is configured. +# CLI flag: -querier.dns-lookup-period +[dns_lookup_duration: | default = 3s] -# Configures additional object stores for a given storage provider. -# Supported stores: aws, azure, bos, filesystem, gcs, swift. -# Example: -# storage_config: -# named_stores: -# aws: -# store-1: -# endpoint: s3://foo-bucket -# region: us-west1 -# Named store from this example can be used by setting object_store to store-1 -# in period_config. -[named_stores: ] +# Querier ID, sent to frontend service to identify requests from the same +# querier. Defaults to hostname. +# CLI flag: -querier.id +[id: | default = ""] -# The cos_storage_config block configures the connection to IBM Cloud Object -# Storage (COS) backend. -[cos: ] +# The grpc_client block configures the gRPC client used to communicate between a +# client and server component in Loki. +# The CLI flags prefix for this block configuration is: querier.frontend-client +[grpc_client_config: ] +``` -# Cache validity for active index entries. Should be no higher than -# -ingester.max-chunk-idle. -# CLI flag: -store.index-cache-validity -[index_cache_validity: | default = 5m] +### gcs_storage_config -congestion_control: - # Use storage congestion control (default: disabled). - # CLI flag: -store.congestion-control.enabled - [enabled: | default = false] +The `gcs_storage_config` block configures the connection to Google Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: - controller: - # Congestion control strategy to use (default: none, options: 'aimd'). - # CLI flag: -store.congestion-control.strategy - [strategy: | default = ""] +- `common.storage` +- `ruler.storage` - aimd: - # AIMD starting throughput window size: how many requests can be sent per - # second (default: 2000). - # CLI flag: -store.congestion-control.strategy.aimd.start - [start: | default = 2000] +  - # AIMD maximum throughput window size: upper limit of requests sent per - # second (default: 10000). - # CLI flag: -store.congestion-control.strategy.aimd.upper-bound - [upper_bound: | default = 10000] +```yaml +# Name of GCS bucket. Please refer to +# https://cloud.google.com/docs/authentication/production for more information +# about how to configure authentication. +# CLI flag: -.gcs.bucketname +[bucket_name: | default = ""] - # AIMD backoff factor when upstream service is throttled to decrease - # number of requests sent per second (default: 0.5). - # CLI flag: -store.congestion-control.strategy.aimd.backoff-factor - [backoff_factor: | default = 0.5] +# Service account key content in JSON format, refer to +# https://cloud.google.com/iam/docs/creating-managing-service-account-keys for +# creation. +# CLI flag: -.gcs.service-account +[service_account: | default = ""] - retry: - # Congestion control retry strategy to use (default: none, options: - # 'limited'). - # CLI flag: -store.congestion-control.retry.strategy - [strategy: | default = ""] +# The size of the buffer that GCS client for each PUT request. 0 to disable +# buffering. +# CLI flag: -.gcs.chunk-buffer-size +[chunk_buffer_size: | default = 0] - # Maximum number of retries allowed. - # CLI flag: -store.congestion-control.retry.strategy.limited.limit - [limit: | default = 2] +# The duration after which the requests to GCS should be timed out. +# CLI flag: -.gcs.request-timeout +[request_timeout: | default = 0s] - hedging: - config: - [at: ] +# Enable OpenCensus (OC) instrumentation for all requests. +# CLI flag: -.gcs.enable-opencensus +[enable_opencensus: | default = true] - [up_to: ] +# Enable HTTP2 connections. +# CLI flag: -.gcs.enable-http2 +[enable_http2: | default = true] - [max_per_second: ] +# Enable automatic retries of failed idempotent requests. +# CLI flag: -.gcs.enable-retries +[enable_retries: | default = true] +``` - # Congestion control hedge strategy to use (default: none, options: - # 'limited'). - # CLI flag: -store.congestion-control.hedge.strategy - [strategy: | default = ""] +### grpc_client -# Experimental. Sets a constant prefix for all keys inserted into object -# storage. Example: loki/ -# CLI flag: -store.object-prefix -[object_prefix: | default = ""] +The `grpc_client` block configures the gRPC client used to communicate between a client and server component in Loki. The supported CLI flags `` used to reference this configuration block are: -# The cache_config block configures the cache backend for a specific Loki -# component. -# The CLI flags prefix for this block configuration is: store.index-cache-read -[index_queries_cache_config: ] +- `bigtable` +- `bloom-gateway-client.grpc` +- `boltdb.shipper.index-gateway-client.grpc` +- `frontend.grpc-client-config` +- `ingester.client` +- `pattern-ingester.client` +- `querier.frontend-client` +- `query-scheduler.grpc-client-config` +- `ruler.client` +- `tsdb.shipper.index-gateway-client.grpc` -# Disable broad index queries which results in reduced cache usage and faster -# query performance at the expense of somewhat higher QPS on the index store. -# CLI flag: -store.disable-broad-index-queries -[disable_broad_index_queries: | default = false] +  -# Maximum number of parallel chunk reads. -# CLI flag: -store.max-parallel-get-chunk -[max_parallel_get_chunk: | default = 150] +```yaml +# gRPC client max receive message size (bytes). +# CLI flag: -.grpc-max-recv-msg-size +[max_recv_msg_size: | default = 104857600] -# The maximum number of chunks to fetch per batch. -# CLI flag: -store.max-chunk-batch-size -[max_chunk_batch_size: | default = 50] +# gRPC client max send message size (bytes). +# CLI flag: -.grpc-max-send-msg-size +[max_send_msg_size: | default = 104857600] -# Configures storing index in an Object Store -# (GCS/S3/Azure/Swift/COS/Filesystem) in the form of boltdb files. Required -# fields only required when boltdb-shipper is defined in config. -boltdb_shipper: - # Directory where ingesters would write index files which would then be - # uploaded by shipper to configured storage - # CLI flag: -boltdb.shipper.active-index-directory - [active_index_directory: | default = ""] +# Use compression when sending messages. Supported values are: 'gzip', 'snappy' +# and '' (disable compression) +# CLI flag: -.grpc-compression +[grpc_compression: | default = ""] - # Cache location for restoring index files from storage for queries - # CLI flag: -boltdb.shipper.cache-location - [cache_location: | default = ""] +# Rate limit for gRPC client; 0 means disabled. +# CLI flag: -.grpc-client-rate-limit +[rate_limit: | default = 0] - # TTL for index files restored in cache for queries - # CLI flag: -boltdb.shipper.cache-ttl - [cache_ttl: | default = 24h] +# Rate limit burst for gRPC client. +# CLI flag: -.grpc-client-rate-limit-burst +[rate_limit_burst: | default = 0] - # Resync downloaded files with the storage - # CLI flag: -boltdb.shipper.resync-interval - [resync_interval: | default = 5m] +# Enable backoff and retry when we hit rate limits. +# CLI flag: -.backoff-on-ratelimits +[backoff_on_ratelimits: | default = false] - # Number of days of common index to be kept downloaded for queries. For per - # tenant index query readiness, use limits overrides config. - # CLI flag: -boltdb.shipper.query-ready-num-days - [query_ready_num_days: | default = 0] +backoff_config: + # Minimum delay when backing off. + # CLI flag: -.backoff-min-period + [min_period: | default = 100ms] - index_gateway_client: - # The grpc_client block configures the gRPC client used to communicate - # between a client and server component in Loki. - # The CLI flags prefix for this block configuration is: - # boltdb.shipper.index-gateway-client.grpc - [grpc_client_config: ] + # Maximum delay when backing off. + # CLI flag: -.backoff-max-period + [max_period: | default = 10s] - # Hostname or IP of the Index Gateway gRPC server running in simple mode. - # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A - # record with multiple IP's, a DNS SRV record with a followup A record - # lookup, or a DNS SRV record without a followup A record lookup, - # respectively. - # CLI flag: -boltdb.shipper.index-gateway-client.server-address - [server_address: | default = ""] + # Number of times to backoff and retry before failing. + # CLI flag: -.backoff-retries + [max_retries: | default = 10] - # Whether requests sent to the gateway should be logged or not. - # CLI flag: -boltdb.shipper.index-gateway-client.log-gateway-requests - [log_gateway_requests: | default = false] +# Initial stream window size. Values less than the default are not supported and +# are ignored. Setting this to a value other than the default disables the BDP +# estimator. +# CLI flag: -.initial-stream-window-size +[initial_stream_window_size: | default = 63KiB1023B] - [ingestername: | default = ""] +# Initial connection window size. Values less than the default are not supported +# and are ignored. Setting this to a value other than the default disables the +# BDP estimator. +# CLI flag: -.initial-connection-window-size +[initial_connection_window_size: | default = 63KiB1023B] - [mode: | default = ""] +# Enable TLS in the gRPC client. This flag needs to be enabled when any other +# TLS flag is set. If set to false, insecure connection to gRPC server will be +# used. +# CLI flag: -.tls-enabled +[tls_enabled: | default = false] - [ingesterdbretainperiod: ] +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -.tls-cert-path +[tls_cert_path: | default = ""] - # Build per tenant index files - # CLI flag: -boltdb.shipper.build-per-tenant-index - [build_per_tenant_index: | default = false] +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -.tls-key-path +[tls_key_path: | default = ""] -# Configures storing index in an Object Store -# (GCS/S3/Azure/Swift/COS/Filesystem) in a prometheus TSDB-like format. Required -# fields only required when TSDB is defined in config. -tsdb_shipper: - # Directory where ingesters would write index files which would then be - # uploaded by shipper to configured storage - # CLI flag: -tsdb.shipper.active-index-directory - [active_index_directory: | default = ""] +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -.tls-ca-path +[tls_ca_path: | default = ""] - # Cache location for restoring index files from storage for queries - # CLI flag: -tsdb.shipper.cache-location - [cache_location: | default = ""] +# Override the expected name on the server certificate. +# CLI flag: -.tls-server-name +[tls_server_name: | default = ""] - # TTL for index files restored in cache for queries - # CLI flag: -tsdb.shipper.cache-ttl - [cache_ttl: | default = 24h] +# Skip validating server certificate. +# CLI flag: -.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] - # Resync downloaded files with the storage - # CLI flag: -tsdb.shipper.resync-interval - [resync_interval: | default = 5m] +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -.tls-cipher-suites +[tls_cipher_suites: | default = ""] - # Number of days of common index to be kept downloaded for queries. For per - # tenant index query readiness, use limits overrides config. - # CLI flag: -tsdb.shipper.query-ready-num-days - [query_ready_num_days: | default = 0] +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -.tls-min-version +[tls_min_version: | default = ""] - index_gateway_client: - # The grpc_client block configures the gRPC client used to communicate - # between a client and server component in Loki. - # The CLI flags prefix for this block configuration is: - # tsdb.shipper.index-gateway-client.grpc - [grpc_client_config: ] +# The maximum amount of time to establish a connection. A value of 0 means +# default gRPC client connect timeout and backoff. +# CLI flag: -.connect-timeout +[connect_timeout: | default = 5s] - # Hostname or IP of the Index Gateway gRPC server running in simple mode. - # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A - # record with multiple IP's, a DNS SRV record with a followup A record - # lookup, or a DNS SRV record without a followup A record lookup, - # respectively. - # CLI flag: -tsdb.shipper.index-gateway-client.server-address - [server_address: | default = ""] +# Initial backoff delay after first connection failure. Only relevant if +# ConnectTimeout > 0. +# CLI flag: -.connect-backoff-base-delay +[connect_backoff_base_delay: | default = 1s] - # Whether requests sent to the gateway should be logged or not. - # CLI flag: -tsdb.shipper.index-gateway-client.log-gateway-requests - [log_gateway_requests: | default = false] +# Maximum backoff delay when establishing a connection. Only relevant if +# ConnectTimeout > 0. +# CLI flag: -.connect-backoff-max-delay +[connect_backoff_max_delay: | default = 5s] +``` - [ingestername: | default = ""] +### index_gateway - [mode: | default = ""] +The `index_gateway` block configures the Loki index gateway server, responsible for serving index queries without the need to constantly interact with the object store. - [ingesterdbretainperiod: ] +```yaml +# Defines in which mode the index gateway server will operate (default to +# 'simple'). It supports two modes: +# - 'simple': an index gateway server instance is responsible for handling, +# storing and returning requests for all indices for all tenants. +# - 'ring': an index gateway server instance is responsible for a subset of +# tenants instead of all tenants. +# CLI flag: -index-gateway.mode +[mode: | default = "simple"] -# Experimental: Configures the bloom shipper component, which contains the store -# abstraction to fetch bloom filters from and put them to object storage. -bloom_shipper: - # Working directory to store downloaded bloom blocks. Supports multiple - # directories, separated by comma. - # CLI flag: -bloom.shipper.working-directory - [working_directory: | default = "/data/blooms"] +# Defines the ring to be used by the index gateway servers and clients in case +# the servers are configured to run in 'ring' mode. In case this isn't +# configured, this block supports inheriting configuration from the common ring +# section. +ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -index-gateway.ring.store + [store: | default = "consul"] - # Maximum size of bloom pages that should be queried. Larger pages than this - # limit are skipped when querying blooms to limit memory usage. - # CLI flag: -bloom.max-query-page-size - [max_query_page_size: | default = 64MiB] + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -index-gateway.ring.prefix + [prefix: | default = "collectors/"] - # The amount of maximum concurrent bloom blocks downloads. Usually set to 2x - # number of CPU cores. - # CLI flag: -bloom.download-parallelism - [download_parallelism: | default = 8] + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: index-gateway.ring + [consul: ] - blocks_cache: - # Cache for bloom blocks. Soft limit of the cache in bytes. Exceeding this - # limit will trigger evictions of least recently used items in the - # background. - # CLI flag: -bloom.blocks-cache.soft-limit - [soft_limit: | default = 32GiB] + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: index-gateway.ring + [etcd: ] - # Cache for bloom blocks. Hard limit of the cache in bytes. Exceeding this - # limit will block execution until soft limit is deceeded. - # CLI flag: -bloom.blocks-cache.hard-limit - [hard_limit: | default = 64GiB] + multi: + # Primary backend storage used by multi-client. + # CLI flag: -index-gateway.ring.multi.primary + [primary: | default = ""] - # Cache for bloom blocks. The time to live for items in the cache before - # they get purged. - # CLI flag: -bloom.blocks-cache.ttl - [ttl: | default = 24h] + # Secondary backend storage used by multi-client. + # CLI flag: -index-gateway.ring.multi.secondary + [secondary: | default = ""] - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: bloom.metas-cache - [metas_cache: ] -``` + # Mirror writes to secondary store. + # CLI flag: -index-gateway.ring.multi.mirror-enabled + [mirror_enabled: | default = false] -### chunk_store_config + # Timeout for storing value to secondary store. + # CLI flag: -index-gateway.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] -The `chunk_store_config` block configures how chunks will be cached and how long to wait before saving them to the backing store. + # Period at which to heartbeat to the ring. 0 = disabled. + # CLI flag: -index-gateway.ring.heartbeat-period + [heartbeat_period: | default = 15s] -```yaml -# The cache_config block configures the cache backend for a specific Loki -# component. -# The CLI flags prefix for this block configuration is: store.chunks-cache -[chunk_cache_config: ] - -# The cache_config block configures the cache backend for a specific Loki -# component. -# The CLI flags prefix for this block configuration is: store.chunks-cache-l2 -[chunk_cache_config_l2: ] - -# Write dedupe cache is deprecated along with legacy index types (aws, -# aws-dynamo, bigtable, bigtable-hashed, cassandra, gcp, gcp-columnkey, -# grpc-store). -# Consider using TSDB index which does not require a write dedupe cache. -# The CLI flags prefix for this block configuration is: store.index-cache-write -[write_dedupe_cache_config: ] - -# Chunks will be handed off to the L2 cache after this duration. 0 to disable L2 -# cache. -# CLI flag: -store.chunks-cache-l2.handoff -[l2_chunk_cache_handoff: | default = 0s] - -# Cache index entries older than this period. 0 to disable. -# CLI flag: -store.cache-lookups-older-than -[cache_lookups_older_than: | default = 0s] -``` - -### schema_config - -Configures the chunk index schema and where it is stored. - -```yaml -[configs: ] -``` - -### compactor - -The `compactor` block configures the compactor component, which compacts index shards for performance. - -```yaml -# Directory where files can be downloaded for compaction. -# CLI flag: -compactor.working-directory -[working_directory: | default = ""] - -# Interval at which to re-run the compaction operation. -# CLI flag: -compactor.compaction-interval -[compaction_interval: | default = 10m] - -# Interval at which to apply/enforce retention. 0 means run at same interval as -# compaction. If non-zero, it should always be a multiple of compaction -# interval. -# CLI flag: -compactor.apply-retention-interval -[apply_retention_interval: | default = 0s] - -# Activate custom (per-stream,per-tenant) retention. -# CLI flag: -compactor.retention-enabled -[retention_enabled: | default = false] - -# Delay after which chunks will be fully deleted during retention. -# CLI flag: -compactor.retention-delete-delay -[retention_delete_delay: | default = 2h] - -# The total amount of worker to use to delete chunks. -# CLI flag: -compactor.retention-delete-worker-count -[retention_delete_worker_count: | default = 150] - -# The maximum amount of time to spend running retention and deletion on any -# given table in the index. -# CLI flag: -compactor.retention-table-timeout -[retention_table_timeout: | default = 0s] - -# Store used for managing delete requests. -# CLI flag: -compactor.delete-request-store -[delete_request_store: | default = ""] - -# Path prefix for storing delete requests. -# CLI flag: -compactor.delete-request-store.key-prefix -[delete_request_store_key_prefix: | default = "index/"] - -# The max number of delete requests to run per compaction cycle. -# CLI flag: -compactor.delete-batch-size -[delete_batch_size: | default = 70] - -# Allow cancellation of delete request until duration after they are created. -# Data would be deleted only after delete requests have been older than this -# duration. Ideally this should be set to at least 24h. -# CLI flag: -compactor.delete-request-cancel-period -[delete_request_cancel_period: | default = 24h] - -# Constrain the size of any single delete request with line filters. When a -# delete request > delete_max_interval is input, the request is sharded into -# smaller requests of no more than delete_max_interval -# CLI flag: -compactor.delete-max-interval -[delete_max_interval: | default = 24h] - -# Maximum number of tables to compact in parallel. While increasing this value, -# please make sure compactor has enough disk space allocated to be able to store -# and compact as many tables. -# CLI flag: -compactor.max-compaction-parallelism -[max_compaction_parallelism: | default = 1] - -# Number of upload/remove operations to execute in parallel when finalizing a -# compaction. NOTE: This setting is per compaction operation, which can be -# executed in parallel. The upper bound on the number of concurrent uploads is -# upload_parallelism * max_compaction_parallelism. -# CLI flag: -compactor.upload-parallelism -[upload_parallelism: | default = 10] - -# The hash ring configuration used by compactors to elect a single instance for -# running compactions. The CLI flags prefix for this block config is: -# compactor.ring -compactor_ring: - kvstore: - # Backend storage to use for the ring. Supported values are: consul, etcd, - # inmemory, memberlist, multi. - # CLI flag: -compactor.ring.store - [store: | default = "consul"] - - # The prefix for the keys in the store. Should end with a /. - # CLI flag: -compactor.ring.prefix - [prefix: | default = "collectors/"] - - # Configuration for a Consul client. Only applies if the selected kvstore is - # consul. - # The CLI flags prefix for this block configuration is: compactor.ring - [consul: ] - - # Configuration for an ETCD v3 client. Only applies if the selected kvstore - # is etcd. - # The CLI flags prefix for this block configuration is: compactor.ring - [etcd: ] - - multi: - # Primary backend storage used by multi-client. - # CLI flag: -compactor.ring.multi.primary - [primary: | default = ""] - - # Secondary backend storage used by multi-client. - # CLI flag: -compactor.ring.multi.secondary - [secondary: | default = ""] - - # Mirror writes to secondary store. - # CLI flag: -compactor.ring.multi.mirror-enabled - [mirror_enabled: | default = false] - - # Timeout for storing value to secondary store. - # CLI flag: -compactor.ring.multi.mirror-timeout - [mirror_timeout: | default = 2s] - - # Period at which to heartbeat to the ring. 0 = disabled. - # CLI flag: -compactor.ring.heartbeat-period - [heartbeat_period: | default = 15s] - - # The heartbeat timeout after which compactors are considered unhealthy within - # the ring. 0 = never (timeout disabled). - # CLI flag: -compactor.ring.heartbeat-timeout - [heartbeat_timeout: | default = 1m] + # The heartbeat timeout after which compactors are considered unhealthy within + # the ring. 0 = never (timeout disabled). + # CLI flag: -index-gateway.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. - # CLI flag: -compactor.ring.tokens-file-path + # CLI flag: -index-gateway.ring.tokens-file-path [tokens_file_path: | default = ""] # True to enable zone-awareness and replicate blocks across different # availability zones. - # CLI flag: -compactor.ring.zone-awareness-enabled + # CLI flag: -index-gateway.ring.zone-awareness-enabled [zone_awareness_enabled: | default = false] + # Deprecated: How many index gateway instances are assigned to each tenant. + # Use -index-gateway.shard-size instead. The shard size is also a per-tenant + # setting. + # CLI flag: -replication-factor + [replication_factor: | default = 3] + # Instance ID to register in the ring. - # CLI flag: -compactor.ring.instance-id + # CLI flag: -index-gateway.ring.instance-id [instance_id: | default = ""] # Name of network interface to read address from. - # CLI flag: -compactor.ring.instance-interface-names + # CLI flag: -index-gateway.ring.instance-interface-names [instance_interface_names: | default = []] # Port to advertise in the ring (defaults to server.grpc-listen-port). - # CLI flag: -compactor.ring.instance-port + # CLI flag: -index-gateway.ring.instance-port [instance_port: | default = 0] # IP address to advertise in the ring. - # CLI flag: -compactor.ring.instance-addr + # CLI flag: -index-gateway.ring.instance-addr [instance_addr: | default = ""] # The availability zone where this instance is running. Required if # zone-awareness is enabled. - # CLI flag: -compactor.ring.instance-availability-zone + # CLI flag: -index-gateway.ring.instance-availability-zone [instance_availability_zone: | default = ""] # Enable using a IPv6 instance address. - # CLI flag: -compactor.ring.instance-enable-ipv6 + # CLI flag: -index-gateway.ring.instance-enable-ipv6 [instance_enable_ipv6: | default = false] - -# Number of tables that compactor will try to compact. Newer tables are chosen -# when this is less than the number of tables available. -# CLI flag: -compactor.tables-to-compact -[tables_to_compact: | default = 0] - -# Do not compact N latest tables. Together with -compactor.run-once and -# -compactor.tables-to-compact, this is useful when clearing compactor backlogs. -# CLI flag: -compactor.skip-latest-n-tables -[skip_latest_n_tables: | default = 0] ``` -### bloom_compactor +### ingester -Experimental: The `bloom_compactor` block configures the Loki bloom compactor server, responsible for compacting stream indexes into bloom filters and merging them as bloom blocks. +The `ingester` block configures the ingester and how the ingester will register itself to a key value store. ```yaml -# Defines the ring to be used by the bloom-compactor servers. In case this isn't -# configured, this block supports inheriting configuration from the common ring -# section. -ring: - kvstore: - # Backend storage to use for the ring. Supported values are: consul, etcd, - # inmemory, memberlist, multi. - # CLI flag: -bloom-compactor.ring.store - [store: | default = "consul"] - - # The prefix for the keys in the store. Should end with a /. - # CLI flag: -bloom-compactor.ring.prefix - [prefix: | default = "collectors/"] +# Configures how the lifecycle of the ingester will operate and where it will +# register for discovery. +lifecycler: + ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -ring.store + [store: | default = "consul"] - # Configuration for a Consul client. Only applies if the selected kvstore is - # consul. - # The CLI flags prefix for this block configuration is: bloom-compactor.ring - [consul: ] + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -ring.prefix + [prefix: | default = "collectors/"] - # Configuration for an ETCD v3 client. Only applies if the selected kvstore - # is etcd. - # The CLI flags prefix for this block configuration is: bloom-compactor.ring - [etcd: ] + # Configuration for a Consul client. Only applies if the selected kvstore + # is consul. + [consul: ] - multi: - # Primary backend storage used by multi-client. - # CLI flag: -bloom-compactor.ring.multi.primary - [primary: | default = ""] + # Configuration for an ETCD v3 client. Only applies if the selected + # kvstore is etcd. + [etcd: ] - # Secondary backend storage used by multi-client. - # CLI flag: -bloom-compactor.ring.multi.secondary - [secondary: | default = ""] + multi: + # Primary backend storage used by multi-client. + # CLI flag: -multi.primary + [primary: | default = ""] - # Mirror writes to secondary store. - # CLI flag: -bloom-compactor.ring.multi.mirror-enabled - [mirror_enabled: | default = false] + # Secondary backend storage used by multi-client. + # CLI flag: -multi.secondary + [secondary: | default = ""] - # Timeout for storing value to secondary store. - # CLI flag: -bloom-compactor.ring.multi.mirror-timeout - [mirror_timeout: | default = 2s] + # Mirror writes to secondary store. + # CLI flag: -multi.mirror-enabled + [mirror_enabled: | default = false] - # Period at which to heartbeat to the ring. 0 = disabled. - # CLI flag: -bloom-compactor.ring.heartbeat-period - [heartbeat_period: | default = 15s] + # Timeout for storing value to secondary store. + # CLI flag: -multi.mirror-timeout + [mirror_timeout: | default = 2s] - # The heartbeat timeout after which compactors are considered unhealthy within - # the ring. 0 = never (timeout disabled). - # CLI flag: -bloom-compactor.ring.heartbeat-timeout - [heartbeat_timeout: | default = 1m] + # The heartbeat timeout after which ingesters are skipped for reads/writes. + # 0 = never (timeout disabled). + # CLI flag: -ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] - # File path where tokens are stored. If empty, tokens are not stored at - # shutdown and restored at startup. - # CLI flag: -bloom-compactor.ring.tokens-file-path - [tokens_file_path: | default = ""] + # The number of ingesters to write to and read from. + # CLI flag: -distributor.replication-factor + [replication_factor: | default = 3] - # True to enable zone-awareness and replicate blocks across different - # availability zones. - # CLI flag: -bloom-compactor.ring.zone-awareness-enabled - [zone_awareness_enabled: | default = false] + # True to enable the zone-awareness and replicate ingested samples across + # different availability zones. + # CLI flag: -distributor.zone-awareness-enabled + [zone_awareness_enabled: | default = false] - # Number of tokens to use in the ring per compactor. Higher number of tokens - # will result in more and smaller files (metas and blocks.) - # CLI flag: -bloom-compactor.ring.num-tokens - [num_tokens: | default = 10] + # Comma-separated list of zones to exclude from the ring. Instances in + # excluded zones will be filtered out from the ring. + # CLI flag: -distributor.excluded-zones + [excluded_zones: | default = ""] - # Instance ID to register in the ring. - # CLI flag: -bloom-compactor.ring.instance-id - [instance_id: | default = ""] + # Number of tokens for each ingester. + # CLI flag: -ingester.num-tokens + [num_tokens: | default = 128] - # Name of network interface to read address from. - # CLI flag: -bloom-compactor.ring.instance-interface-names - [instance_interface_names: | default = []] + # Period at which to heartbeat to consul. 0 = disabled. + # CLI flag: -ingester.heartbeat-period + [heartbeat_period: | default = 5s] - # Port to advertise in the ring (defaults to server.grpc-listen-port). - # CLI flag: -bloom-compactor.ring.instance-port - [instance_port: | default = 0] + # Heartbeat timeout after which instance is assumed to be unhealthy. 0 = + # disabled. + # CLI flag: -ingester.heartbeat-timeout + [heartbeat_timeout: | default = 1m] - # IP address to advertise in the ring. - # CLI flag: -bloom-compactor.ring.instance-addr - [instance_addr: | default = ""] + # Observe tokens after generating to resolve collisions. Useful when using + # gossiping ring. + # CLI flag: -ingester.observe-period + [observe_period: | default = 0s] - # The availability zone where this instance is running. Required if - # zone-awareness is enabled. - # CLI flag: -bloom-compactor.ring.instance-availability-zone - [instance_availability_zone: | default = ""] + # Period to wait for a claim from another member; will join automatically + # after this. + # CLI flag: -ingester.join-after + [join_after: | default = 0s] - # Enable using a IPv6 instance address. - # CLI flag: -bloom-compactor.ring.instance-enable-ipv6 - [instance_enable_ipv6: | default = false] + # Minimum duration to wait after the internal readiness checks have passed but + # before succeeding the readiness endpoint. This is used to slowdown + # deployment controllers (eg. Kubernetes) after an instance is ready and + # before they proceed with a rolling update, to give the rest of the cluster + # instances enough time to receive ring updates. + # CLI flag: -ingester.min-ready-duration + [min_ready_duration: | default = 15s] -# Flag to enable or disable the usage of the bloom-compactor component. -# CLI flag: -bloom-compactor.enabled -[enabled: | default = false] + # Name of network interface to read address from. + # CLI flag: -ingester.lifecycler.interface + [interface_names: | default = []] -# Interval at which to re-run the compaction operation. -# CLI flag: -bloom-compactor.compaction-interval -[compaction_interval: | default = 10m] + # Enable IPv6 support. Required to make use of IP addresses from IPv6 + # interfaces. + # CLI flag: -ingester.enable-inet6 + [enable_inet6: | default = false] -# Newest day-table offset (from today, inclusive) to compact. Increase to lower -# cost by not re-writing data to object storage too frequently since recent data -# changes more often at the cost of not having blooms available as quickly. -# CLI flag: -bloom-compactor.min-table-offset -[min_table_offset: | default = 1] + # Duration to sleep for before exiting, to ensure metrics are scraped. + # CLI flag: -ingester.final-sleep + [final_sleep: | default = 0s] -# Oldest day-table offset (from today, inclusive) to compact. This can be used -# to lower cost by not trying to compact older data which doesn't change. This -# can be optimized by aligning it with the maximum `reject_old_samples_max_age` -# setting of any tenant. -# CLI flag: -bloom-compactor.max-table-offset -[max_table_offset: | default = 2] + # File path where tokens are stored. If empty, tokens are not stored at + # shutdown and restored at startup. + # CLI flag: -ingester.tokens-file-path + [tokens_file_path: | default = ""] -# Number of workers to run in parallel for compaction. -# CLI flag: -bloom-compactor.worker-parallelism -[worker_parallelism: | default = 1] + # The availability zone where this instance is running. + # CLI flag: -ingester.availability-zone + [availability_zone: | default = ""] -# Minimum backoff time between retries. -# CLI flag: -bloom-compactor.compaction-retries-min-backoff -[compaction_retries_min_backoff: | default = 10s] + # Unregister from the ring upon clean shutdown. It can be useful to disable + # for rolling restarts with consistent naming in conjunction with + # -distributor.extend-writes=false. + # CLI flag: -ingester.unregister-on-shutdown + [unregister_on_shutdown: | default = true] -# Maximum backoff time between retries. -# CLI flag: -bloom-compactor.compaction-retries-max-backoff -[compaction_retries_max_backoff: | default = 1m] + # When enabled the readiness probe succeeds only after all instances are + # ACTIVE and healthy in the ring, otherwise only the instance itself is + # checked. This option should be disabled if in your cluster multiple + # instances can be rolled out simultaneously, otherwise rolling updates may be + # slowed down. + # CLI flag: -ingester.readiness-check-ring-health + [readiness_check_ring_health: | default = true] -# Number of retries to perform when compaction fails. -# CLI flag: -bloom-compactor.compaction-retries -[compaction_retries: | default = 3] + # IP address to advertise in the ring. + # CLI flag: -ingester.lifecycler.addr + [address: | default = ""] -# Maximum number of tables to compact in parallel. While increasing this value, -# please make sure compactor has enough disk space allocated to be able to store -# and compact as many tables. -# CLI flag: -bloom-compactor.max-compaction-parallelism -[max_compaction_parallelism: | default = 1] + # port to advertise in consul (defaults to server.grpc-listen-port). + # CLI flag: -ingester.lifecycler.port + [port: | default = 0] -retention: - # Enable bloom retention. - # CLI flag: -bloom-compactor.retention.enabled - [enabled: | default = false] + # ID to register in the ring. + # CLI flag: -ingester.lifecycler.ID + [id: | default = ""] - # Max lookback days for retention. - # CLI flag: -bloom-compactor.retention.max-lookback-days - [max_lookback_days: | default = 365] -``` +# How many flushes can happen concurrently from each stream. +# CLI flag: -ingester.concurrent-flushes +[concurrent_flushes: | default = 32] -### bloom_gateway +# How often should the ingester see if there are any blocks to flush. The first +# flush check is delayed by a random time up to 0.8x the flush check period. +# Additionally, there is +/- 1% jitter added to the interval. +# CLI flag: -ingester.flush-check-period +[flush_check_period: | default = 30s] -Experimental: The `bloom_gateway` block configures the Loki bloom gateway server, responsible for serving queries for filtering chunks based on filter expressions. +# The timeout before a flush is cancelled. +# CLI flag: -ingester.flush-op-timeout +[flush_op_timeout: | default = 10m] -```yaml -# Flag to enable or disable the bloom gateway component globally. -# CLI flag: -bloom-gateway.enabled -[enabled: | default = false] +# How long chunks should be retained in-memory after they've been flushed. +# CLI flag: -ingester.chunks-retain-period +[chunk_retain_period: | default = 0s] -client: - # Configures the behavior of the connection pool. - pool_config: - # How frequently to clean up clients for servers that have gone away or are - # unhealthy. - # CLI flag: -bloom-gateway-client.pool.check-interval - [check_interval: | default = 10s] +# How long chunks should sit in-memory with no updates before being flushed if +# they don't hit the max block size. This means that half-empty chunks will +# still be flushed after a certain period as long as they receive no further +# activity. +# CLI flag: -ingester.chunks-idle-period +[chunk_idle_period: | default = 30m] - # Run a health check on each server during periodic cleanup. - # CLI flag: -bloom-gateway-client.pool.enable-health-check - [enable_health_check: | default = true] +# The targeted _uncompressed_ size in bytes of a chunk block When this threshold +# is exceeded the head block will be cut and compressed inside the chunk. +# CLI flag: -ingester.chunks-block-size +[chunk_block_size: | default = 262144] - # Timeout for the health check if health check is enabled. - # CLI flag: -bloom-gateway-client.pool.health-check-timeout - [health_check_timeout: | default = 1s] +# A target _compressed_ size in bytes for chunks. This is a desired size not an +# exact size, chunks may be slightly bigger or significantly smaller if they get +# flushed for other reasons (e.g. chunk_idle_period). A value of 0 creates +# chunks with a fixed 10 blocks, a non zero value will create chunks with a +# variable number of blocks to meet the target size. +# CLI flag: -ingester.chunk-target-size +[chunk_target_size: | default = 1572864] - # The grpc_client block configures the gRPC client used to communicate between - # a client and server component in Loki. - # The CLI flags prefix for this block configuration is: - # bloom-gateway-client.grpc - [grpc_client_config: ] +# The algorithm to use for compressing chunk. (none, gzip, lz4-64k, snappy, +# lz4-256k, lz4-1M, lz4, flate, zstd) +# CLI flag: -ingester.chunk-encoding +[chunk_encoding: | default = "gzip"] - results_cache: - # The cache_config block configures the cache backend for a specific Loki - # component. - # The CLI flags prefix for this block configuration is: - # bloom-gateway-client.cache - [cache: ] +# The maximum duration of a timeseries chunk in memory. If a timeseries runs for +# longer than this, the current chunk will be flushed to the store and a new +# chunk created. +# CLI flag: -ingester.max-chunk-age +[max_chunk_age: | default = 2h] - # Use compression in cache. The default is an empty value '', which disables - # compression. Supported values are: 'snappy' and ''. - # CLI flag: -bloom-gateway-client.cache.compression - [compression: | default = ""] +# Forget about ingesters having heartbeat timestamps older than +# `ring.kvstore.heartbeat_timeout`. This is equivalent to clicking on the +# `/ring` `forget` button in the UI: the ingester is removed from the ring. This +# is a useful setting when you are sure that an unhealthy node won't return. An +# example is when not using stateful sets or the equivalent. Use +# `memberlist.rejoin_interval` > 0 to handle network partition cases when using +# a memberlist. +# CLI flag: -ingester.autoforget-unhealthy +[autoforget_unhealthy: | default = false] - # Flag to control whether to cache bloom gateway client requests/responses. - # CLI flag: -bloom-gateway-client.cache_results - [cache_results: | default = false] +# Parameters used to synchronize ingesters to cut chunks at the same moment. +# Sync period is used to roll over incoming entry to a new chunk. If chunk's +# utilization isn't high enough (eg. less than 50% when sync_min_utilization is +# set to 0.5), then this chunk rollover doesn't happen. +# CLI flag: -ingester.sync-period +[sync_period: | default = 1h] - # Comma separated addresses list in DNS Service Discovery format: - # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes - # CLI flag: -bloom-gateway-client.addresses - [addresses: | default = ""] +# Minimum utilization of chunk when doing synchronization. +# CLI flag: -ingester.sync-min-utilization +[sync_min_utilization: | default = 0.1] -# Number of workers to use for filtering chunks concurrently. Usually set to 1x -# number of CPU cores. -# CLI flag: -bloom-gateway.worker-concurrency -[worker_concurrency: | default = 4] +# The maximum number of errors a stream will report to the user when a push +# fails. 0 to make unlimited. +# CLI flag: -ingester.max-ignored-stream-errors +[max_returned_stream_errors: | default = 10] -# Number of blocks processed concurrently on a single worker. Usually set to 2x -# number of CPU cores. -# CLI flag: -bloom-gateway.block-query-concurrency -[block_query_concurrency: | default = 8] +# How far back should an ingester be allowed to query the store for data, for +# use only with boltdb-shipper/tsdb index and filesystem object store. -1 for +# infinite. +# CLI flag: -ingester.query-store-max-look-back-period +[query_store_max_look_back_period: | default = 0s] -# Maximum number of outstanding tasks per tenant. -# CLI flag: -bloom-gateway.max-outstanding-per-tenant -[max_outstanding_per_tenant: | default = 1024] +# The ingester WAL (Write Ahead Log) records incoming logs and stores them on +# the local file systems in order to guarantee persistence of acknowledged data +# in the event of a process crash. +wal: + # Enable writing of ingested data into WAL. + # CLI flag: -ingester.wal-enabled + [enabled: | default = true] -# How many tasks are multiplexed at once. -# CLI flag: -bloom-gateway.num-multiplex-tasks -[num_multiplex_tasks: | default = 512] + # Directory where the WAL data is stored and/or recovered from. + # CLI flag: -ingester.wal-dir + [dir: | default = "wal"] + + # Interval at which checkpoints should be created. + # CLI flag: -ingester.checkpoint-duration + [checkpoint_duration: | default = 5m] + + # When WAL is enabled, should chunks be flushed to long-term storage on + # shutdown. + # CLI flag: -ingester.flush-on-shutdown + [flush_on_shutdown: | default = false] + + # Maximum memory size the WAL may use during replay. After hitting this, it + # will flush data to storage before continuing. A unit suffix (KB, MB, GB) may + # be applied. + # CLI flag: -ingester.wal-replay-memory-ceiling + [replay_memory_ceiling: | default = 4GB] + +# Shard factor used in the ingesters for the in process reverse index. This MUST +# be evenly divisible by ALL schema shard factors or Loki will not start. +# CLI flag: -ingester.index-shards +[index_shards: | default = 32] + +# Maximum number of dropped streams to keep in memory during tailing. +# CLI flag: -ingester.tailer.max-dropped-streams +[max_dropped_streams: | default = 10] + +# Path where the shutdown marker file is stored. If not set and +# common.path_prefix is set then common.path_prefix will be used. +# CLI flag: -ingester.shutdown-marker-path +[shutdown_marker_path: | default = ""] +``` + +### ingester_client + +The `ingester_client` block configures how the distributor will connect to ingesters. Only appropriate when running all components, the distributor, or the querier. + +```yaml +# Configures how connections are pooled. +pool_config: + # How frequently to clean up clients for ingesters that have gone away. + # CLI flag: -distributor.client-cleanup-period + [client_cleanup_period: | default = 15s] + + # Run a health check on each ingester client during periodic cleanup. + # CLI flag: -distributor.health-check-ingesters + [health_check_ingesters: | default = true] + + # How quickly a dead client will be removed after it has been detected to + # disappear. Set this to a value to allow time for a secondary health check to + # recover the missing client. + # CLI flag: -ingester.client.healthcheck-timeout + [remote_timeout: | default = 1s] + +# The remote request timeout on the client side. +# CLI flag: -ingester.client.timeout +[remote_timeout: | default = 5s] + +# Configures how the gRPC connection to ingesters work as a client. +# The CLI flags prefix for this block configuration is: ingester.client +[grpc_client_config: ] ``` ### limits_config @@ -3519,2024 +3383,1890 @@ otlp_config: [log_attributes: ] ``` -### frontend_worker +### local_storage_config -The `frontend_worker` configures the worker - running within the Loki querier - picking up and executing queries enqueued by the query-frontend. +The `local_storage_config` block configures the usage of local file system as object storage backend. ```yaml -# Address of query frontend service, in host:port format. If -# -querier.scheduler-address is set as well, querier will use scheduler instead. -# Only one of -querier.frontend-address or -querier.scheduler-address can be -# set. If neither is set, queries are only received via HTTP endpoint. -# CLI flag: -querier.frontend-address -[frontend_address: | default = ""] +# Directory to store chunks in. +# CLI flag: -local.chunk-directory +[directory: | default = ""] +``` -# Hostname (and port) of scheduler that querier will periodically resolve, -# connect to and receive queries from. Only one of -querier.frontend-address or -# -querier.scheduler-address can be set. If neither is set, queries are only -# received via HTTP endpoint. -# CLI flag: -querier.scheduler-address -[scheduler_address: | default = ""] +### memberlist -# How often to query DNS for query-frontend or query-scheduler address. Also -# used to determine how often to poll the scheduler-ring for addresses if the -# scheduler-ring is configured. -# CLI flag: -querier.dns-lookup-period -[dns_lookup_duration: | default = 3s] +Configuration for `memberlist` client. Only applies if the selected kvstore is memberlist. -# Querier ID, sent to frontend service to identify requests from the same -# querier. Defaults to hostname. -# CLI flag: -querier.id -[id: | default = ""] +When a memberlist config with atleast 1 join_members is defined, kvstore of type memberlist is automatically selected for all the components that require a ring unless otherwise specified in the component's configuration section. -# The grpc_client block configures the gRPC client used to communicate between a -# client and server component in Loki. -# The CLI flags prefix for this block configuration is: querier.frontend-client -[grpc_client_config: ] -``` +```yaml +# Name of the node in memberlist cluster. Defaults to hostname. +# CLI flag: -memberlist.nodename +[node_name: | default = ""] -### table_manager +# Add random suffix to the node name. +# CLI flag: -memberlist.randomize-node-name +[randomize_node_name: | default = true] -The `table_manager` block configures the table manager for retention. +# The timeout for establishing a connection with a remote node, and for +# read/write operations. +# CLI flag: -memberlist.stream-timeout +[stream_timeout: | default = 10s] -```yaml -# If true, disable all changes to DB capacity -# CLI flag: -table-manager.throughput-updates-disabled -[throughput_updates_disabled: | default = false] +# Multiplication factor used when sending out messages (factor * log(N+1)). +# CLI flag: -memberlist.retransmit-factor +[retransmit_factor: | default = 4] -# If true, enables retention deletes of DB tables -# CLI flag: -table-manager.retention-deletes-enabled -[retention_deletes_enabled: | default = false] +# How often to use pull/push sync. +# CLI flag: -memberlist.pullpush-interval +[pull_push_interval: | default = 30s] -# Tables older than this retention period are deleted. Must be either 0 -# (disabled) or a multiple of 24h. When enabled, be aware this setting is -# destructive to data! -# CLI flag: -table-manager.retention-period -[retention_period: | default = 0s] +# How often to gossip. +# CLI flag: -memberlist.gossip-interval +[gossip_interval: | default = 200ms] -# How frequently to poll backend to learn our capacity. -# CLI flag: -table-manager.poll-interval -[poll_interval: | default = 2m] +# How many nodes to gossip to. +# CLI flag: -memberlist.gossip-nodes +[gossip_nodes: | default = 3] -# Periodic tables grace period (duration which table will be created/deleted -# before/after it's needed). -# CLI flag: -table-manager.periodic-table.grace-period -[creation_grace_period: | default = 10m] +# How long to keep gossiping to dead nodes, to give them chance to refute their +# death. +# CLI flag: -memberlist.gossip-to-dead-nodes-time +[gossip_to_dead_nodes_time: | default = 30s] -index_tables_provisioning: - # Enables on demand throughput provisioning for the storage provider (if - # supported). Applies only to tables which are not autoscaled. Supported by - # DynamoDB - # CLI flag: -table-manager.index-table.enable-ondemand-throughput-mode - [enable_ondemand_throughput_mode: | default = false] +# How soon can dead node's name be reclaimed with new address. 0 to disable. +# CLI flag: -memberlist.dead-node-reclaim-time +[dead_node_reclaim_time: | default = 0s] - # Table default write throughput. Supported by DynamoDB - # CLI flag: -table-manager.index-table.write-throughput - [provisioned_write_throughput: | default = 1000] +# Enable message compression. This can be used to reduce bandwidth usage at the +# cost of slightly more CPU utilization. +# CLI flag: -memberlist.compression-enabled +[compression_enabled: | default = true] - # Table default read throughput. Supported by DynamoDB - # CLI flag: -table-manager.index-table.read-throughput - [provisioned_read_throughput: | default = 300] +# Gossip address to advertise to other members in the cluster. Used for NAT +# traversal. +# CLI flag: -memberlist.advertise-addr +[advertise_addr: | default = ""] - write_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.index-table.write-throughput.scale.enabled - [enabled: | default = false] +# Gossip port to advertise to other members in the cluster. Used for NAT +# traversal. +# CLI flag: -memberlist.advertise-port +[advertise_port: | default = 7946] - # AWS AutoScaling role ARN - # CLI flag: -table-manager.index-table.write-throughput.scale.role-arn - [role_arn: | default = ""] +# The cluster label is an optional string to include in outbound packets and +# gossip streams. Other members in the memberlist cluster will discard any +# message whose label doesn't match the configured one, unless the +# 'cluster-label-verification-disabled' configuration option is set to true. +# CLI flag: -memberlist.cluster-label +[cluster_label: | default = ""] - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.index-table.write-throughput.scale.min-capacity - [min_capacity: | default = 3000] +# When true, memberlist doesn't verify that inbound packets and gossip streams +# have the cluster label matching the configured one. This verification should +# be disabled while rolling out the change to the configured cluster label in a +# live memberlist cluster. +# CLI flag: -memberlist.cluster-label-verification-disabled +[cluster_label_verification_disabled: | default = false] - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.index-table.write-throughput.scale.max-capacity - [max_capacity: | default = 6000] +# Other cluster members to join. Can be specified multiple times. It can be an +# IP, hostname or an entry specified in the DNS Service Discovery format. +# CLI flag: -memberlist.join +[join_members: | default = []] - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.index-table.write-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +# Min backoff duration to join other cluster members. +# CLI flag: -memberlist.min-join-backoff +[min_join_backoff: | default = 1s] - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.index-table.write-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +# Max backoff duration to join other cluster members. +# CLI flag: -memberlist.max-join-backoff +[max_join_backoff: | default = 1m] - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.index-table.write-throughput.scale.target-value - [target: | default = 80] +# Max number of retries to join other cluster members. +# CLI flag: -memberlist.max-join-retries +[max_join_retries: | default = 10] - read_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.index-table.read-throughput.scale.enabled - [enabled: | default = false] +# If this node fails to join memberlist cluster, abort. +# CLI flag: -memberlist.abort-if-join-fails +[abort_if_cluster_join_fails: | default = false] - # AWS AutoScaling role ARN - # CLI flag: -table-manager.index-table.read-throughput.scale.role-arn - [role_arn: | default = ""] - - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.index-table.read-throughput.scale.min-capacity - [min_capacity: | default = 3000] +# If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix +# the cluster split issue, and is harmless otherwise. For example when using +# only few components as a seed nodes (via -memberlist.join), then it's +# recommended to use rejoin. If -memberlist.join points to dynamic service that +# resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin +# is not needed. +# CLI flag: -memberlist.rejoin-interval +[rejoin_interval: | default = 0s] - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.index-table.read-throughput.scale.max-capacity - [max_capacity: | default = 6000] +# How long to keep LEFT ingesters in the ring. +# CLI flag: -memberlist.left-ingesters-timeout +[left_ingesters_timeout: | default = 5m] - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.index-table.read-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +# Timeout for leaving memberlist cluster. +# CLI flag: -memberlist.leave-timeout +[leave_timeout: | default = 20s] - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.index-table.read-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +# How much space to use for keeping received and sent messages in memory for +# troubleshooting (two buffers). 0 to disable. +# CLI flag: -memberlist.message-history-buffer-bytes +[message_history_buffer_bytes: | default = 0] - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.index-table.read-throughput.scale.target-value - [target: | default = 80] +# IP address to listen on for gossip messages. Multiple addresses may be +# specified. Defaults to 0.0.0.0 +# CLI flag: -memberlist.bind-addr +[bind_addr: | default = []] - # Enables on demand throughput provisioning for the storage provider (if - # supported). Applies only to tables which are not autoscaled. Supported by - # DynamoDB - # CLI flag: -table-manager.index-table.inactive-enable-ondemand-throughput-mode - [enable_inactive_throughput_on_demand_mode: | default = false] +# Port to listen on for gossip messages. +# CLI flag: -memberlist.bind-port +[bind_port: | default = 7946] - # Table write throughput for inactive tables. Supported by DynamoDB - # CLI flag: -table-manager.index-table.inactive-write-throughput - [inactive_write_throughput: | default = 1] +# Timeout used when connecting to other nodes to send packet. +# CLI flag: -memberlist.packet-dial-timeout +[packet_dial_timeout: | default = 2s] - # Table read throughput for inactive tables. Supported by DynamoDB - # CLI flag: -table-manager.index-table.inactive-read-throughput - [inactive_read_throughput: | default = 300] +# Timeout for writing 'packet' data. +# CLI flag: -memberlist.packet-write-timeout +[packet_write_timeout: | default = 5s] - inactive_write_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.enabled - [enabled: | default = false] +# Enable TLS on the memberlist transport layer. +# CLI flag: -memberlist.tls-enabled +[tls_enabled: | default = false] - # AWS AutoScaling role ARN - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.role-arn - [role_arn: | default = ""] +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -memberlist.tls-cert-path +[tls_cert_path: | default = ""] - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.min-capacity - [min_capacity: | default = 3000] +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -memberlist.tls-key-path +[tls_key_path: | default = ""] - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.max-capacity - [max_capacity: | default = 6000] +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -memberlist.tls-ca-path +[tls_ca_path: | default = ""] - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +# Override the expected name on the server certificate. +# CLI flag: -memberlist.tls-server-name +[tls_server_name: | default = ""] - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +# Skip validating server certificate. +# CLI flag: -memberlist.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.target-value - [target: | default = 80] +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -memberlist.tls-cipher-suites +[tls_cipher_suites: | default = ""] - inactive_read_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.enabled - [enabled: | default = false] +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -memberlist.tls-min-version +[tls_min_version: | default = ""] +``` - # AWS AutoScaling role ARN - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.role-arn - [role_arn: | default = ""] +### named_stores_config - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.min-capacity - [min_capacity: | default = 3000] +Configures additional object stores for a given storage provider. +Supported stores: aws, azure, bos, filesystem, gcs, swift. +Example: +storage_config: + named_stores: + aws: + store-1: + endpoint: s3://foo-bucket + region: us-west1 +Named store from this example can be used by setting object_store to store-1 in period_config. - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.max-capacity - [max_capacity: | default = 6000] +```yaml +[aws: ] - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +[azure: ] - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +[bos: ] - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.target-value - [target: | default = 80] +[filesystem: ] - # Number of last inactive tables to enable write autoscale. - # CLI flag: -table-manager.index-table.inactive-write-throughput.scale-last-n - [inactive_write_scale_lastn: | default = 4] +[gcs: ] - # Number of last inactive tables to enable read autoscale. - # CLI flag: -table-manager.index-table.inactive-read-throughput.scale-last-n - [inactive_read_scale_lastn: | default = 4] +[alibabacloud: ] -chunk_tables_provisioning: - # Enables on demand throughput provisioning for the storage provider (if - # supported). Applies only to tables which are not autoscaled. Supported by - # DynamoDB - # CLI flag: -table-manager.chunk-table.enable-ondemand-throughput-mode - [enable_ondemand_throughput_mode: | default = false] +[swift: ] - # Table default write throughput. Supported by DynamoDB - # CLI flag: -table-manager.chunk-table.write-throughput - [provisioned_write_throughput: | default = 1000] +[cos: ] +``` - # Table default read throughput. Supported by DynamoDB - # CLI flag: -table-manager.chunk-table.read-throughput - [provisioned_read_throughput: | default = 300] +### operational_config - write_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.chunk-table.write-throughput.scale.enabled - [enabled: | default = false] +These are values which allow you to control aspects of Loki's operation, most commonly used for controlling types of higher verbosity logging, the values here can be overridden in the `configs` section of the `runtime_config` file. - # AWS AutoScaling role ARN - # CLI flag: -table-manager.chunk-table.write-throughput.scale.role-arn - [role_arn: | default = ""] +```yaml +# Log every new stream created by a push request (very verbose, recommend to +# enable via runtime config only). +# CLI flag: -operation-config.log-stream-creation +[log_stream_creation: | default = false] - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.chunk-table.write-throughput.scale.min-capacity - [min_capacity: | default = 3000] +# Log every push request (very verbose, recommend to enable via runtime config +# only). +# CLI flag: -operation-config.log-push-request +[log_push_request: | default = false] - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.chunk-table.write-throughput.scale.max-capacity - [max_capacity: | default = 6000] +# Log every stream in a push request (very verbose, recommend to enable via +# runtime config only). +# CLI flag: -operation-config.log-push-request-streams +[log_push_request_streams: | default = false] - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.chunk-table.write-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +# Log push errors with a rate limited logger, will show client push errors +# without overly spamming logs. +# CLI flag: -operation-config.limited-log-push-errors +[limited_log_push_errors: | default = true] +``` - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.chunk-table.write-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +### period_config - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.chunk-table.write-throughput.scale.target-value - [target: | default = 80] +The `period_config` block configures what index schemas should be used for from specific time periods. - read_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.chunk-table.read-throughput.scale.enabled - [enabled: | default = false] +```yaml +# The date of the first day that index buckets should be created. Use a date in +# the past if this is your only period_config, otherwise use a date when you +# want the schema to switch over. In YYYY-MM-DD format, for example: 2018-04-15. +[from: ] - # AWS AutoScaling role ARN - # CLI flag: -table-manager.chunk-table.read-throughput.scale.role-arn - [role_arn: | default = ""] - - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.chunk-table.read-throughput.scale.min-capacity - [min_capacity: | default = 3000] - - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.chunk-table.read-throughput.scale.max-capacity - [max_capacity: | default = 6000] - - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.chunk-table.read-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +# store and object_store below affect which key is used. Which +# index to use. Either tsdb or boltdb-shipper. Following stores are deprecated: +# aws, aws-dynamo, gcp, gcp-columnkey, bigtable, bigtable-hashed, cassandra, +# grpc. +[store: | default = ""] - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.chunk-table.read-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +# Which store to use for the chunks. Either aws (alias s3), azure, gcs, +# alibabacloud, bos, cos, swift, filesystem, or a named_store (refer to +# named_stores_config). Following stores are deprecated: aws-dynamo, gcp, +# gcp-columnkey, bigtable, bigtable-hashed, cassandra, grpc. +[object_store: | default = ""] - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.chunk-table.read-throughput.scale.target-value - [target: | default = 80] +# The schema version to use, current recommended schema is v13. +[schema: | default = ""] - # Enables on demand throughput provisioning for the storage provider (if - # supported). Applies only to tables which are not autoscaled. Supported by - # DynamoDB - # CLI flag: -table-manager.chunk-table.inactive-enable-ondemand-throughput-mode - [enable_inactive_throughput_on_demand_mode: | default = false] +# Configures how the index is updated and stored. +index: + # Path prefix for index tables. Prefix always needs to end with a path + # delimiter '/', except when the prefix is empty. + [path_prefix: | default = "index/"] - # Table write throughput for inactive tables. Supported by DynamoDB - # CLI flag: -table-manager.chunk-table.inactive-write-throughput - [inactive_write_throughput: | default = 1] + # Table prefix for all period tables. + [prefix: | default = ""] - # Table read throughput for inactive tables. Supported by DynamoDB - # CLI flag: -table-manager.chunk-table.inactive-read-throughput - [inactive_read_throughput: | default = 300] + # Table period. + [period: ] - inactive_write_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.enabled - [enabled: | default = false] + # A map to be added to all managed tables. + [tags: ] - # AWS AutoScaling role ARN - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.role-arn - [role_arn: | default = ""] +# Configured how the chunks are updated and stored. +chunks: + # Table prefix for all period tables. + [prefix: | default = ""] - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.min-capacity - [min_capacity: | default = 3000] + # Table period. + [period: ] - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.max-capacity - [max_capacity: | default = 6000] + # A map to be added to all managed tables. + [tags: ] - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +# How many shards will be created. Only used if schema is v10 or greater. +[row_shards: | default = 16] +``` - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +### querier - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.target-value - [target: | default = 80] +Configures the `querier`. Only appropriate when running all modules or just the querier. - inactive_read_scale: - # Should we enable autoscale for the table. - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.enabled - [enabled: | default = false] +```yaml +# Maximum duration for which the live tailing requests are served. +# CLI flag: -querier.tail-max-duration +[tail_max_duration: | default = 1h] - # AWS AutoScaling role ARN - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.role-arn - [role_arn: | default = ""] +# Time to wait before sending more than the minimum successful query requests. +# CLI flag: -querier.extra-query-delay +[extra_query_delay: | default = 0s] - # DynamoDB minimum provision capacity. - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.min-capacity - [min_capacity: | default = 3000] +# Maximum lookback beyond which queries are not sent to ingester. 0 means all +# queries are sent to ingester. +# CLI flag: -querier.query-ingesters-within +[query_ingesters_within: | default = 3h] - # DynamoDB maximum provision capacity. - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.max-capacity - [max_capacity: | default = 6000] +engine: + # The maximum amount of time to look back for log lines. Used only for instant + # log queries. + # CLI flag: -querier.engine.max-lookback-period + [max_look_back_period: | default = 30s] - # DynamoDB minimum seconds between each autoscale up. - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.out-cooldown - [out_cooldown: | default = 1800] +# The maximum number of queries that can be simultaneously processed by the +# querier. +# CLI flag: -querier.max-concurrent +[max_concurrent: | default = 4] - # DynamoDB minimum seconds between each autoscale down. - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.in-cooldown - [in_cooldown: | default = 1800] +# Only query the store, and not attempt any ingesters. This is useful for +# running a standalone querier pool operating only against stored data. +# CLI flag: -querier.query-store-only +[query_store_only: | default = false] - # DynamoDB target ratio of consumed capacity to provisioned capacity. - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.target-value - [target: | default = 80] +# When true, queriers only query the ingesters, and not stored data. This is +# useful when the object store is unavailable. +# CLI flag: -querier.query-ingester-only +[query_ingester_only: | default = false] - # Number of last inactive tables to enable write autoscale. - # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale-last-n - [inactive_write_scale_lastn: | default = 4] +# When true, allow queries to span multiple tenants. +# CLI flag: -querier.multi-tenant-queries-enabled +[multi_tenant_queries_enabled: | default = false] - # Number of last inactive tables to enable read autoscale. - # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale-last-n - [inactive_read_scale_lastn: | default = 4] +# When true, querier limits sent via a header are enforced. +# CLI flag: -querier.per-request-limits-enabled +[per_request_limits_enabled: | default = false] ``` -### runtime_config +### query_range -Configuration for 'runtime config' module, responsible for reloading runtime configuration file. +The `query_range` block configures the query splitting and caching in the Loki query-frontend. ```yaml -# How often to check runtime config files. -# CLI flag: -runtime-config.reload-period -[period: | default = 10s] +# Mutate incoming queries to align their start and end with their step. +# CLI flag: -querier.align-querier-with-step +[align_queries_with_step: | default = false] -# Comma separated list of yaml files with the configuration that can be updated -# at runtime. Runtime config files will be merged from left to right. -# CLI flag: -runtime-config.file -[file: | default = ""] -``` +results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: frontend + [cache: ] -### operational_config + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.compression + [compression: | default = ""] -These are values which allow you to control aspects of Loki's operation, most commonly used for controlling types of higher verbosity logging, the values here can be overridden in the `configs` section of the `runtime_config` file. +# Cache query results. +# CLI flag: -querier.cache-results +[cache_results: | default = false] -```yaml -# Log every new stream created by a push request (very verbose, recommend to -# enable via runtime config only). -# CLI flag: -operation-config.log-stream-creation -[log_stream_creation: | default = false] +# Maximum number of retries for a single request; beyond this, the downstream +# error is returned. +# CLI flag: -querier.max-retries-per-request +[max_retries: | default = 5] -# Log every push request (very verbose, recommend to enable via runtime config -# only). -# CLI flag: -operation-config.log-push-request -[log_push_request: | default = false] +# Perform query parallelisations based on storage sharding configuration and +# query ASTs. This feature is supported only by the chunks storage engine. +# CLI flag: -querier.parallelise-shardable-queries +[parallelise_shardable_queries: | default = true] -# Log every stream in a push request (very verbose, recommend to enable via -# runtime config only). -# CLI flag: -operation-config.log-push-request-streams -[log_push_request_streams: | default = false] +# A comma-separated list of LogQL vector and range aggregations that should be +# sharded +# CLI flag: -querier.shard-aggregations +[shard_aggregations: | default = ""] -# Log push errors with a rate limited logger, will show client push errors -# without overly spamming logs. -# CLI flag: -operation-config.limited-log-push-errors -[limited_log_push_errors: | default = true] -``` +# Cache index stats query results. +# CLI flag: -querier.cache-index-stats-results +[cache_index_stats_results: | default = true] -### tracing +# If a cache config is not specified and cache_index_stats_results is true, the +# config for the results cache is used. +index_stats_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.index-stats-results-cache + [cache: ] -Configuration for `tracing`. + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.index-stats-results-cache.compression + [compression: | default = ""] -```yaml -# Set to false to disable tracing. -# CLI flag: -tracing.enabled -[enabled: | default = true] -``` +# Cache volume query results. +# CLI flag: -querier.cache-volume-results +[cache_volume_results: | default = true] -### analytics +# If a cache config is not specified and cache_volume_results is true, the +# config for the results cache is used. +volume_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.volume-results-cache + [cache: ] -Configuration for `analytics`. + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.volume-results-cache.compression + [compression: | default = ""] -```yaml -# Enable anonymous usage reporting. -# CLI flag: -reporting.enabled -[reporting_enabled: | default = true] +# Cache instant metric query results. +# CLI flag: -querier.cache-instant-metric-results +[cache_instant_metric_results: | default = false] -# URL to which reports are sent -# CLI flag: -reporting.usage-stats-url -[usage_stats_url: | default = "https://stats.grafana.org/loki-usage-report"] -``` - -### common - -Common configuration to be shared between multiple modules. If a more specific configuration is given in other sections, the related configuration within this section will be ignored. - -```yaml -[path_prefix: | default = ""] - -storage: - # The s3_storage_config block configures the connection to Amazon S3 object - # storage backend. - # The CLI flags prefix for this block configuration is: common - [s3: ] - - # The gcs_storage_config block configures the connection to Google Cloud - # Storage object storage backend. - # The CLI flags prefix for this block configuration is: common.storage - [gcs: ] - - # The azure_storage_config block configures the connection to Azure object - # storage backend. - # The CLI flags prefix for this block configuration is: common.storage - [azure: ] - - # The alibabacloud_storage_config block configures the connection to Alibaba - # Cloud Storage object storage backend. - [alibabacloud: ] - - # The bos_storage_config block configures the connection to Baidu Object - # Storage (BOS) object storage backend. - # The CLI flags prefix for this block configuration is: common.storage - [bos: ] - - # The swift_storage_config block configures the connection to OpenStack Object - # Storage (Swift) object storage backend. - # The CLI flags prefix for this block configuration is: common.storage - [swift: ] - - filesystem: - # Directory to store chunks in. - # CLI flag: -common.storage.filesystem.chunk-directory - [chunks_directory: | default = ""] - - # Directory to store rules in. - # CLI flag: -common.storage.filesystem.rules-directory - [rules_directory: | default = ""] - - hedging: - # If set to a non-zero value a second request will be issued at the provided - # duration. Default is 0 (disabled) - # CLI flag: -common.storage.hedge-requests-at - [at: | default = 0s] - - # The maximum of hedge requests allowed. - # CLI flag: -common.storage.hedge-requests-up-to - [up_to: | default = 2] +# If a cache config is not specified and cache_instant_metric_results is true, +# the config for the results cache is used. +instant_metric_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.instant-metric-results-cache + [cache: ] - # The maximum of hedge requests allowed per seconds. - # CLI flag: -common.storage.hedge-max-per-second - [max_per_second: | default = 5] + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.instant-metric-results-cache.compression + [compression: | default = ""] - # The cos_storage_config block configures the connection to IBM Cloud Object - # Storage (COS) backend. - # The CLI flags prefix for this block configuration is: common.storage - [cos: ] +# Whether to align the splits of instant metric query with splitByInterval and +# query's exec time. Useful when instant_metric_cache is enabled +# CLI flag: -querier.instant-metric-query-split-align +[instant_metric_query_split_align: | default = false] - congestion_control: - # Use storage congestion control (default: disabled). - # CLI flag: -common.storage.congestion-control.enabled - [enabled: | default = false] +# Cache series query results. +# CLI flag: -querier.cache-series-results +[cache_series_results: | default = true] - controller: - # Congestion control strategy to use (default: none, options: 'aimd'). - # CLI flag: -common.storage.congestion-control.strategy - [strategy: | default = ""] +# If series_results_cache is not configured and cache_series_results is true, +# the config for the results cache is used. +series_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.series-results-cache + [cache: ] - aimd: - # AIMD starting throughput window size: how many requests can be sent - # per second (default: 2000). - # CLI flag: -common.storage.congestion-control.strategy.aimd.start - [start: | default = 2000] + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.series-results-cache.compression + [compression: | default = ""] - # AIMD maximum throughput window size: upper limit of requests sent per - # second (default: 10000). - # CLI flag: -common.storage.congestion-control.strategy.aimd.upper-bound - [upper_bound: | default = 10000] +# Cache label query results. +# CLI flag: -querier.cache-label-results +[cache_label_results: | default = true] - # AIMD backoff factor when upstream service is throttled to decrease - # number of requests sent per second (default: 0.5). - # CLI flag: -common.storage.congestion-control.strategy.aimd.backoff-factor - [backoff_factor: | default = 0.5] +# If label_results_cache is not configured and cache_label_results is true, the +# config for the results cache is used. +label_results_cache: + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: + # frontend.label-results-cache + [cache: ] - retry: - # Congestion control retry strategy to use (default: none, options: - # 'limited'). - # CLI flag: -common.storage.congestion-control.retry.strategy - [strategy: | default = ""] + # Use compression in cache. The default is an empty value '', which disables + # compression. Supported values are: 'snappy' and ''. + # CLI flag: -frontend.label-results-cache.compression + [compression: | default = ""] +``` - # Maximum number of retries allowed. - # CLI flag: -common.storage.congestion-control.retry.strategy.limited.limit - [limit: | default = 2] +### query_scheduler - hedging: - config: - [at: ] +The `query_scheduler` block configures the Loki query scheduler. When configured it separates the tenant query queues from the query-frontend. - [up_to: ] +```yaml +# Maximum number of outstanding requests per tenant per query-scheduler. +# In-flight requests above this limit will fail with HTTP response status code +# 429. +# CLI flag: -query-scheduler.max-outstanding-requests-per-tenant +[max_outstanding_requests_per_tenant: | default = 32000] - [max_per_second: ] +# Maximum number of levels of nesting of hierarchical queues. 0 means that +# hierarchical queues are disabled. +# CLI flag: -query-scheduler.max-queue-hierarchy-levels +[max_queue_hierarchy_levels: | default = 3] - # Congestion control hedge strategy to use (default: none, options: - # 'limited'). - # CLI flag: -common.storage.congestion-control.hedge.strategy - [strategy: | default = ""] +# If a querier disconnects without sending notification about graceful shutdown, +# the query-scheduler will keep the querier in the tenant's shard until the +# forget delay has passed. This feature is useful to reduce the blast radius +# when shuffle-sharding is enabled. +# CLI flag: -query-scheduler.querier-forget-delay +[querier_forget_delay: | default = 0s] -[persist_tokens: ] +# This configures the gRPC client used to report errors back to the +# query-frontend. +# The CLI flags prefix for this block configuration is: +# query-scheduler.grpc-client-config +[grpc_client_config: ] -[replication_factor: ] +# Set to true to have the query schedulers create and place themselves in a +# ring. If no frontend_address or scheduler_address are present anywhere else in +# the configuration, Loki will toggle this value to true. +# CLI flag: -query-scheduler.use-scheduler-ring +[use_scheduler_ring: | default = false] -ring: +# The hash ring configuration. This option is required only if +# use_scheduler_ring is true. +scheduler_ring: kvstore: # Backend storage to use for the ring. Supported values are: consul, etcd, # inmemory, memberlist, multi. - # CLI flag: -common.storage.ring.store + # CLI flag: -query-scheduler.ring.store [store: | default = "consul"] # The prefix for the keys in the store. Should end with a /. - # CLI flag: -common.storage.ring.prefix + # CLI flag: -query-scheduler.ring.prefix [prefix: | default = "collectors/"] # Configuration for a Consul client. Only applies if the selected kvstore is # consul. - # The CLI flags prefix for this block configuration is: common.storage.ring + # The CLI flags prefix for this block configuration is: query-scheduler.ring [consul: ] # Configuration for an ETCD v3 client. Only applies if the selected kvstore # is etcd. - # The CLI flags prefix for this block configuration is: common.storage.ring + # The CLI flags prefix for this block configuration is: query-scheduler.ring [etcd: ] multi: # Primary backend storage used by multi-client. - # CLI flag: -common.storage.ring.multi.primary + # CLI flag: -query-scheduler.ring.multi.primary [primary: | default = ""] # Secondary backend storage used by multi-client. - # CLI flag: -common.storage.ring.multi.secondary + # CLI flag: -query-scheduler.ring.multi.secondary [secondary: | default = ""] # Mirror writes to secondary store. - # CLI flag: -common.storage.ring.multi.mirror-enabled + # CLI flag: -query-scheduler.ring.multi.mirror-enabled [mirror_enabled: | default = false] # Timeout for storing value to secondary store. - # CLI flag: -common.storage.ring.multi.mirror-timeout + # CLI flag: -query-scheduler.ring.multi.mirror-timeout [mirror_timeout: | default = 2s] # Period at which to heartbeat to the ring. 0 = disabled. - # CLI flag: -common.storage.ring.heartbeat-period + # CLI flag: -query-scheduler.ring.heartbeat-period [heartbeat_period: | default = 15s] # The heartbeat timeout after which compactors are considered unhealthy within # the ring. 0 = never (timeout disabled). - # CLI flag: -common.storage.ring.heartbeat-timeout + # CLI flag: -query-scheduler.ring.heartbeat-timeout [heartbeat_timeout: | default = 1m] # File path where tokens are stored. If empty, tokens are not stored at # shutdown and restored at startup. - # CLI flag: -common.storage.ring.tokens-file-path + # CLI flag: -query-scheduler.ring.tokens-file-path [tokens_file_path: | default = ""] # True to enable zone-awareness and replicate blocks across different # availability zones. - # CLI flag: -common.storage.ring.zone-awareness-enabled + # CLI flag: -query-scheduler.ring.zone-awareness-enabled [zone_awareness_enabled: | default = false] - # Number of tokens to own in the ring. - # CLI flag: -common.storage.ring.num-tokens - [num_tokens: | default = 128] - - # Factor for data replication. - # CLI flag: -common.storage.ring.replication-factor - [replication_factor: | default = 3] - # Instance ID to register in the ring. - # CLI flag: -common.storage.ring.instance-id + # CLI flag: -query-scheduler.ring.instance-id [instance_id: | default = ""] # Name of network interface to read address from. - # CLI flag: -common.storage.ring.instance-interface-names + # CLI flag: -query-scheduler.ring.instance-interface-names [instance_interface_names: | default = []] # Port to advertise in the ring (defaults to server.grpc-listen-port). - # CLI flag: -common.storage.ring.instance-port + # CLI flag: -query-scheduler.ring.instance-port [instance_port: | default = 0] # IP address to advertise in the ring. - # CLI flag: -common.storage.ring.instance-addr + # CLI flag: -query-scheduler.ring.instance-addr [instance_addr: | default = ""] # The availability zone where this instance is running. Required if # zone-awareness is enabled. - # CLI flag: -common.storage.ring.instance-availability-zone + # CLI flag: -query-scheduler.ring.instance-availability-zone [instance_availability_zone: | default = ""] # Enable using a IPv6 instance address. - # CLI flag: -common.storage.ring.instance-enable-ipv6 + # CLI flag: -query-scheduler.ring.instance-enable-ipv6 [instance_enable_ipv6: | default = false] +``` -[instance_interface_names: | default = []] - -[instance_addr: | default = ""] +### ruler -# the http address of the compactor in the form http://host:port -# CLI flag: -common.compactor-address -[compactor_address: | default = ""] +The `ruler` block configures the Loki ruler. -# the grpc address of the compactor in the form host:port -# CLI flag: -common.compactor-grpc-address -[compactor_grpc_address: | default = ""] -``` +```yaml +# Base URL of the Grafana instance. +# CLI flag: -ruler.external.url +[external_url: ] -### consul +# Datasource UID for the dashboard. +# CLI flag: -ruler.datasource-uid +[datasource_uid: | default = ""] -Configuration for a Consul client. Only applies if the selected kvstore is `consul`. The supported CLI flags `` used to reference this configuration block are: +# Labels to add to all alerts. +[external_labels: ] -- `bloom-compactor.ring` -- `common.storage.ring` -- `compactor.ring` -- `distributor.ring` -- `index-gateway.ring` -- `pattern-ingester` -- `query-scheduler.ring` -- `ruler.ring` +# The grpc_client block configures the gRPC client used to communicate between a +# client and server component in Loki. +# The CLI flags prefix for this block configuration is: ruler.client +[ruler_client: ] -  +# How frequently to evaluate rules. +# CLI flag: -ruler.evaluation-interval +[evaluation_interval: | default = 1m] -```yaml -# Hostname and port of Consul. -# CLI flag: -.consul.hostname -[host: | default = "localhost:8500"] +# How frequently to poll for rule changes. +# CLI flag: -ruler.poll-interval +[poll_interval: | default = 1m] -# ACL Token used to interact with Consul. -# CLI flag: -.consul.acl-token -[acl_token: | default = ""] +# Deprecated: Use -ruler-storage. CLI flags and their respective YAML config +# options instead. +storage: + # Method to use for backend rule storage (configdb, azure, gcs, s3, swift, + # local, bos, cos) + # CLI flag: -ruler.storage.type + [type: | default = ""] -# HTTP timeout when talking to Consul -# CLI flag: -.consul.client-timeout -[http_client_timeout: | default = 20s] + # Configures backend rule storage for Azure. + # The CLI flags prefix for this block configuration is: ruler.storage + [azure: ] -# Enable consistent reads to Consul. -# CLI flag: -.consul.consistent-reads -[consistent_reads: | default = false] + # Configures backend rule storage for AlibabaCloud Object Storage (OSS). + # The CLI flags prefix for this block configuration is: ruler + [alibabacloud: ] -# Rate limit when watching key or prefix in Consul, in requests per second. 0 -# disables the rate limit. -# CLI flag: -.consul.watch-rate-limit -[watch_rate_limit: | default = 1] + # Configures backend rule storage for GCS. + # The CLI flags prefix for this block configuration is: ruler.storage + [gcs: ] -# Burst size used in rate limit. Values less than 1 are treated as 1. -# CLI flag: -.consul.watch-burst-size -[watch_burst_size: | default = 1] + # Configures backend rule storage for S3. + # The CLI flags prefix for this block configuration is: ruler + [s3: ] -# Maximum duration to wait before retrying a Compare And Swap (CAS) operation. -# CLI flag: -.consul.cas-retry-delay -[cas_retry_delay: | default = 1s] -``` + # Configures backend rule storage for Baidu Object Storage (BOS). + # The CLI flags prefix for this block configuration is: ruler.storage + [bos: ] -### etcd + # Configures backend rule storage for Swift. + # The CLI flags prefix for this block configuration is: ruler.storage + [swift: ] -Configuration for an ETCD v3 client. Only applies if the selected kvstore is `etcd`. The supported CLI flags `` used to reference this configuration block are: + # Configures backend rule storage for IBM Cloud Object Storage (COS). + # The CLI flags prefix for this block configuration is: ruler.storage + [cos: ] -- `bloom-compactor.ring` -- `common.storage.ring` -- `compactor.ring` -- `distributor.ring` -- `index-gateway.ring` -- `pattern-ingester` -- `query-scheduler.ring` -- `ruler.ring` + # Configures backend rule storage for a local file system directory. + local: + # Directory to scan for rules + # CLI flag: -ruler.storage.local.directory + [directory: | default = ""] -  +# File path to store temporary rule files. +# CLI flag: -ruler.rule-path +[rule_path: | default = "/rules"] -```yaml -# The etcd endpoints to connect to. -# CLI flag: -.etcd.endpoints -[endpoints: | default = []] +# Comma-separated list of Alertmanager URLs to send notifications to. Each +# Alertmanager URL is treated as a separate group in the configuration. Multiple +# Alertmanagers in HA per group can be supported by using DNS resolution via +# '-ruler.alertmanager-discovery'. +# CLI flag: -ruler.alertmanager-url +[alertmanager_url: | default = ""] -# The dial timeout for the etcd connection. -# CLI flag: -.etcd.dial-timeout -[dial_timeout: | default = 10s] +# Use DNS SRV records to discover Alertmanager hosts. +# CLI flag: -ruler.alertmanager-discovery +[enable_alertmanager_discovery: | default = false] -# The maximum number of retries to do for failed ops. -# CLI flag: -.etcd.max-retries -[max_retries: | default = 10] +# How long to wait between refreshing DNS resolutions of Alertmanager hosts. +# CLI flag: -ruler.alertmanager-refresh-interval +[alertmanager_refresh_interval: | default = 1m] -# Enable TLS. -# CLI flag: -.etcd.tls-enabled -[tls_enabled: | default = false] +# If enabled requests to Alertmanager will utilize the V2 API. +# CLI flag: -ruler.alertmanager-use-v2 +[enable_alertmanager_v2: | default = false] -# Path to the client certificate, which will be used for authenticating with the -# server. Also requires the key path to be configured. -# CLI flag: -.etcd.tls-cert-path -[tls_cert_path: | default = ""] +# List of alert relabel configs. +[alert_relabel_configs: ] -# Path to the key for the client certificate. Also requires the client -# certificate to be configured. -# CLI flag: -.etcd.tls-key-path -[tls_key_path: | default = ""] +# Capacity of the queue for notifications to be sent to the Alertmanager. +# CLI flag: -ruler.notification-queue-capacity +[notification_queue_capacity: | default = 10000] -# Path to the CA certificates to validate server certificate against. If not -# set, the host's root CA certificates are used. -# CLI flag: -.etcd.tls-ca-path -[tls_ca_path: | default = ""] +# HTTP timeout duration when sending notifications to the Alertmanager. +# CLI flag: -ruler.notification-timeout +[notification_timeout: | default = 10s] -# Override the expected name on the server certificate. -# CLI flag: -.etcd.tls-server-name -[tls_server_name: | default = ""] +alertmanager_client: + # Path to the client certificate, which will be used for authenticating with + # the server. Also requires the key path to be configured. + # CLI flag: -ruler.alertmanager-client.tls-cert-path + [tls_cert_path: | default = ""] -# Skip validating server certificate. -# CLI flag: -.etcd.tls-insecure-skip-verify -[tls_insecure_skip_verify: | default = false] + # Path to the key for the client certificate. Also requires the client + # certificate to be configured. + # CLI flag: -ruler.alertmanager-client.tls-key-path + [tls_key_path: | default = ""] -# Override the default cipher suite list (separated by commas). Allowed values: -# -# Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_AES_128_GCM_SHA256 -# - TLS_AES_256_GCM_SHA384 -# - TLS_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -# -# Insecure Ciphers: -# - TLS_RSA_WITH_RC4_128_SHA -# - TLS_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_RSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -# CLI flag: -.etcd.tls-cipher-suites -[tls_cipher_suites: | default = ""] + # Path to the CA certificates to validate server certificate against. If not + # set, the host's root CA certificates are used. + # CLI flag: -ruler.alertmanager-client.tls-ca-path + [tls_ca_path: | default = ""] -# Override the default minimum TLS version. Allowed values: VersionTLS10, -# VersionTLS11, VersionTLS12, VersionTLS13 -# CLI flag: -.etcd.tls-min-version -[tls_min_version: | default = ""] + # Override the expected name on the server certificate. + # CLI flag: -ruler.alertmanager-client.tls-server-name + [tls_server_name: | default = ""] -# Etcd username. -# CLI flag: -.etcd.username -[username: | default = ""] + # Skip validating server certificate. + # CLI flag: -ruler.alertmanager-client.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] -# Etcd password. -# CLI flag: -.etcd.password -[password: | default = ""] -``` + # Override the default cipher suite list (separated by commas). Allowed + # values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -ruler.alertmanager-client.tls-cipher-suites + [tls_cipher_suites: | default = ""] -### memberlist + # Override the default minimum TLS version. Allowed values: VersionTLS10, + # VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -ruler.alertmanager-client.tls-min-version + [tls_min_version: | default = ""] -Configuration for `memberlist` client. Only applies if the selected kvstore is memberlist. + # HTTP Basic authentication username. It overrides the username set in the URL + # (if any). + # CLI flag: -ruler.alertmanager-client.basic-auth-username + [basic_auth_username: | default = ""] -When a memberlist config with atleast 1 join_members is defined, kvstore of type memberlist is automatically selected for all the components that require a ring unless otherwise specified in the component's configuration section. + # HTTP Basic authentication password. It overrides the password set in the URL + # (if any). + # CLI flag: -ruler.alertmanager-client.basic-auth-password + [basic_auth_password: | default = ""] -```yaml -# Name of the node in memberlist cluster. Defaults to hostname. -# CLI flag: -memberlist.nodename -[node_name: | default = ""] + # HTTP Header authorization type (default: Bearer). + # CLI flag: -ruler.alertmanager-client.type + [type: | default = "Bearer"] -# Add random suffix to the node name. -# CLI flag: -memberlist.randomize-node-name -[randomize_node_name: | default = true] + # HTTP Header authorization credentials. + # CLI flag: -ruler.alertmanager-client.credentials + [credentials: | default = ""] -# The timeout for establishing a connection with a remote node, and for -# read/write operations. -# CLI flag: -memberlist.stream-timeout -[stream_timeout: | default = 10s] + # HTTP Header authorization credentials file. + # CLI flag: -ruler.alertmanager-client.credentials-file + [credentials_file: | default = ""] -# Multiplication factor used when sending out messages (factor * log(N+1)). -# CLI flag: -memberlist.retransmit-factor -[retransmit_factor: | default = 4] +# Max time to tolerate outage for restoring "for" state of alert. +# CLI flag: -ruler.for-outage-tolerance +[for_outage_tolerance: | default = 1h] -# How often to use pull/push sync. -# CLI flag: -memberlist.pullpush-interval -[pull_push_interval: | default = 30s] +# Minimum duration between alert and restored "for" state. This is maintained +# only for alerts with configured "for" time greater than the grace period. +# CLI flag: -ruler.for-grace-period +[for_grace_period: | default = 10m] -# How often to gossip. -# CLI flag: -memberlist.gossip-interval -[gossip_interval: | default = 200ms] +# Minimum amount of time to wait before resending an alert to Alertmanager. +# CLI flag: -ruler.resend-delay +[resend_delay: | default = 1m] -# How many nodes to gossip to. -# CLI flag: -memberlist.gossip-nodes -[gossip_nodes: | default = 3] +# Distribute rule evaluation using ring backend. +# CLI flag: -ruler.enable-sharding +[enable_sharding: | default = false] -# How long to keep gossiping to dead nodes, to give them chance to refute their -# death. -# CLI flag: -memberlist.gossip-to-dead-nodes-time -[gossip_to_dead_nodes_time: | default = 30s] +# The sharding strategy to use. Supported values are: default, shuffle-sharding. +# CLI flag: -ruler.sharding-strategy +[sharding_strategy: | default = "default"] -# How soon can dead node's name be reclaimed with new address. 0 to disable. -# CLI flag: -memberlist.dead-node-reclaim-time -[dead_node_reclaim_time: | default = 0s] +# The sharding algorithm to use for deciding how rules & groups are sharded. +# Supported values are: by-group, by-rule. +# CLI flag: -ruler.sharding-algo +[sharding_algo: | default = "by-group"] -# Enable message compression. This can be used to reduce bandwidth usage at the -# cost of slightly more CPU utilization. -# CLI flag: -memberlist.compression-enabled -[compression_enabled: | default = true] +# Time to spend searching for a pending ruler when shutting down. +# CLI flag: -ruler.search-pending-for +[search_pending_for: | default = 5m] -# Gossip address to advertise to other members in the cluster. Used for NAT -# traversal. -# CLI flag: -memberlist.advertise-addr -[advertise_addr: | default = ""] +# Ring used by Loki ruler. The CLI flags prefix for this block configuration is +# 'ruler.ring'. +ring: + kvstore: + # Backend storage to use for the ring. Supported values are: consul, etcd, + # inmemory, memberlist, multi. + # CLI flag: -ruler.ring.store + [store: | default = "consul"] -# Gossip port to advertise to other members in the cluster. Used for NAT -# traversal. -# CLI flag: -memberlist.advertise-port -[advertise_port: | default = 7946] + # The prefix for the keys in the store. Should end with a /. + # CLI flag: -ruler.ring.prefix + [prefix: | default = "rulers/"] -# The cluster label is an optional string to include in outbound packets and -# gossip streams. Other members in the memberlist cluster will discard any -# message whose label doesn't match the configured one, unless the -# 'cluster-label-verification-disabled' configuration option is set to true. -# CLI flag: -memberlist.cluster-label -[cluster_label: | default = ""] + # Configuration for a Consul client. Only applies if the selected kvstore is + # consul. + # The CLI flags prefix for this block configuration is: ruler.ring + [consul: ] -# When true, memberlist doesn't verify that inbound packets and gossip streams -# have the cluster label matching the configured one. This verification should -# be disabled while rolling out the change to the configured cluster label in a -# live memberlist cluster. -# CLI flag: -memberlist.cluster-label-verification-disabled -[cluster_label_verification_disabled: | default = false] + # Configuration for an ETCD v3 client. Only applies if the selected kvstore + # is etcd. + # The CLI flags prefix for this block configuration is: ruler.ring + [etcd: ] -# Other cluster members to join. Can be specified multiple times. It can be an -# IP, hostname or an entry specified in the DNS Service Discovery format. -# CLI flag: -memberlist.join -[join_members: | default = []] + multi: + # Primary backend storage used by multi-client. + # CLI flag: -ruler.ring.multi.primary + [primary: | default = ""] -# Min backoff duration to join other cluster members. -# CLI flag: -memberlist.min-join-backoff -[min_join_backoff: | default = 1s] + # Secondary backend storage used by multi-client. + # CLI flag: -ruler.ring.multi.secondary + [secondary: | default = ""] -# Max backoff duration to join other cluster members. -# CLI flag: -memberlist.max-join-backoff -[max_join_backoff: | default = 1m] + # Mirror writes to secondary store. + # CLI flag: -ruler.ring.multi.mirror-enabled + [mirror_enabled: | default = false] -# Max number of retries to join other cluster members. -# CLI flag: -memberlist.max-join-retries -[max_join_retries: | default = 10] + # Timeout for storing value to secondary store. + # CLI flag: -ruler.ring.multi.mirror-timeout + [mirror_timeout: | default = 2s] -# If this node fails to join memberlist cluster, abort. -# CLI flag: -memberlist.abort-if-join-fails -[abort_if_cluster_join_fails: | default = false] + # Interval between heartbeats sent to the ring. 0 = disabled. + # CLI flag: -ruler.ring.heartbeat-period + [heartbeat_period: | default = 5s] -# If not 0, how often to rejoin the cluster. Occasional rejoin can help to fix -# the cluster split issue, and is harmless otherwise. For example when using -# only few components as a seed nodes (via -memberlist.join), then it's -# recommended to use rejoin. If -memberlist.join points to dynamic service that -# resolves to all gossiping nodes (eg. Kubernetes headless service), then rejoin -# is not needed. -# CLI flag: -memberlist.rejoin-interval -[rejoin_interval: | default = 0s] + # The heartbeat timeout after which ruler ring members are considered + # unhealthy within the ring. 0 = never (timeout disabled). + # CLI flag: -ruler.ring.heartbeat-timeout + [heartbeat_timeout: | default = 1m] -# How long to keep LEFT ingesters in the ring. -# CLI flag: -memberlist.left-ingesters-timeout -[left_ingesters_timeout: | default = 5m] + # Name of network interface to read addresses from. + # CLI flag: -ruler.ring.instance-interface-names + [instance_interface_names: | default = []] -# Timeout for leaving memberlist cluster. -# CLI flag: -memberlist.leave-timeout -[leave_timeout: | default = 20s] + # The number of tokens the lifecycler will generate and put into the ring if + # it joined without transferring tokens from another lifecycler. + # CLI flag: -ruler.ring.num-tokens + [num_tokens: | default = 128] -# How much space to use for keeping received and sent messages in memory for -# troubleshooting (two buffers). 0 to disable. -# CLI flag: -memberlist.message-history-buffer-bytes -[message_history_buffer_bytes: | default = 0] +# Period with which to attempt to flush rule groups. +# CLI flag: -ruler.flush-period +[flush_period: | default = 1m] -# IP address to listen on for gossip messages. Multiple addresses may be -# specified. Defaults to 0.0.0.0 -# CLI flag: -memberlist.bind-addr -[bind_addr: | default = []] +# Enable the ruler API. +# CLI flag: -ruler.enable-api +[enable_api: | default = true] -# Port to listen on for gossip messages. -# CLI flag: -memberlist.bind-port -[bind_port: | default = 7946] +# Comma separated list of tenants whose rules this ruler can evaluate. If +# specified, only these tenants will be handled by ruler, otherwise this ruler +# can process rules from all tenants. Subject to sharding. +# CLI flag: -ruler.enabled-tenants +[enabled_tenants: | default = ""] -# Timeout used when connecting to other nodes to send packet. -# CLI flag: -memberlist.packet-dial-timeout -[packet_dial_timeout: | default = 2s] +# Comma separated list of tenants whose rules this ruler cannot evaluate. If +# specified, a ruler that would normally pick the specified tenant(s) for +# processing will ignore them instead. Subject to sharding. +# CLI flag: -ruler.disabled-tenants +[disabled_tenants: | default = ""] -# Timeout for writing 'packet' data. -# CLI flag: -memberlist.packet-write-timeout -[packet_write_timeout: | default = 5s] +# Report the wall time for ruler queries to complete as a per user metric and as +# an info level log message. +# CLI flag: -ruler.query-stats-enabled +[query_stats_enabled: | default = false] -# Enable TLS on the memberlist transport layer. -# CLI flag: -memberlist.tls-enabled -[tls_enabled: | default = false] +# Disable the rule_group label on exported metrics. +# CLI flag: -ruler.disable-rule-group-label +[disable_rule_group_label: | default = false] -# Path to the client certificate, which will be used for authenticating with the -# server. Also requires the key path to be configured. -# CLI flag: -memberlist.tls-cert-path -[tls_cert_path: | default = ""] +wal: + # The directory in which to write tenant WAL files. Each tenant will have its + # own directory one level below this directory. + # CLI flag: -ruler.wal.dir + [dir: | default = "ruler-wal"] -# Path to the key for the client certificate. Also requires the client -# certificate to be configured. -# CLI flag: -memberlist.tls-key-path -[tls_key_path: | default = ""] + # Frequency with which to run the WAL truncation process. + # CLI flag: -ruler.wal.truncate-frequency + [truncate_frequency: | default = 1h] -# Path to the CA certificates to validate server certificate against. If not -# set, the host's root CA certificates are used. -# CLI flag: -memberlist.tls-ca-path -[tls_ca_path: | default = ""] + # Minimum age that samples must exist in the WAL before being truncated. + # CLI flag: -ruler.wal.min-age + [min_age: | default = 5m] -# Override the expected name on the server certificate. -# CLI flag: -memberlist.tls-server-name -[tls_server_name: | default = ""] + # Maximum age that samples must exist in the WAL before being truncated. + # CLI flag: -ruler.wal.max-age + [max_age: | default = 4h] -# Skip validating server certificate. -# CLI flag: -memberlist.tls-insecure-skip-verify -[tls_insecure_skip_verify: | default = false] +wal_cleaner: + # The minimum age of a WAL to consider for cleaning. + # CLI flag: -ruler.wal-cleaner.min-age + [min_age: | default = 12h] -# Override the default cipher suite list (separated by commas). Allowed values: -# -# Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_AES_128_GCM_SHA256 -# - TLS_AES_256_GCM_SHA384 -# - TLS_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -# -# Insecure Ciphers: -# - TLS_RSA_WITH_RC4_128_SHA -# - TLS_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_RSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -# CLI flag: -memberlist.tls-cipher-suites -[tls_cipher_suites: | default = ""] - -# Override the default minimum TLS version. Allowed values: VersionTLS10, -# VersionTLS11, VersionTLS12, VersionTLS13 -# CLI flag: -memberlist.tls-min-version -[tls_min_version: | default = ""] -``` - -### grpc_client - -The `grpc_client` block configures the gRPC client used to communicate between a client and server component in Loki. The supported CLI flags `` used to reference this configuration block are: - -- `bigtable` -- `bloom-gateway-client.grpc` -- `boltdb.shipper.index-gateway-client.grpc` -- `frontend.grpc-client-config` -- `ingester.client` -- `pattern-ingester.client` -- `querier.frontend-client` -- `query-scheduler.grpc-client-config` -- `ruler.client` -- `tsdb.shipper.index-gateway-client.grpc` - -  - -```yaml -# gRPC client max receive message size (bytes). -# CLI flag: -.grpc-max-recv-msg-size -[max_recv_msg_size: | default = 104857600] - -# gRPC client max send message size (bytes). -# CLI flag: -.grpc-max-send-msg-size -[max_send_msg_size: | default = 104857600] - -# Use compression when sending messages. Supported values are: 'gzip', 'snappy' -# and '' (disable compression) -# CLI flag: -.grpc-compression -[grpc_compression: | default = ""] - -# Rate limit for gRPC client; 0 means disabled. -# CLI flag: -.grpc-client-rate-limit -[rate_limit: | default = 0] - -# Rate limit burst for gRPC client. -# CLI flag: -.grpc-client-rate-limit-burst -[rate_limit_burst: | default = 0] - -# Enable backoff and retry when we hit rate limits. -# CLI flag: -.backoff-on-ratelimits -[backoff_on_ratelimits: | default = false] - -backoff_config: - # Minimum delay when backing off. - # CLI flag: -.backoff-min-period - [min_period: | default = 100ms] - - # Maximum delay when backing off. - # CLI flag: -.backoff-max-period - [max_period: | default = 10s] - - # Number of times to backoff and retry before failing. - # CLI flag: -.backoff-retries - [max_retries: | default = 10] - -# Initial stream window size. Values less than the default are not supported and -# are ignored. Setting this to a value other than the default disables the BDP -# estimator. -# CLI flag: -.initial-stream-window-size -[initial_stream_window_size: | default = 63KiB1023B] - -# Initial connection window size. Values less than the default are not supported -# and are ignored. Setting this to a value other than the default disables the -# BDP estimator. -# CLI flag: -.initial-connection-window-size -[initial_connection_window_size: | default = 63KiB1023B] - -# Enable TLS in the gRPC client. This flag needs to be enabled when any other -# TLS flag is set. If set to false, insecure connection to gRPC server will be -# used. -# CLI flag: -.tls-enabled -[tls_enabled: | default = false] - -# Path to the client certificate, which will be used for authenticating with the -# server. Also requires the key path to be configured. -# CLI flag: -.tls-cert-path -[tls_cert_path: | default = ""] - -# Path to the key for the client certificate. Also requires the client -# certificate to be configured. -# CLI flag: -.tls-key-path -[tls_key_path: | default = ""] - -# Path to the CA certificates to validate server certificate against. If not -# set, the host's root CA certificates are used. -# CLI flag: -.tls-ca-path -[tls_ca_path: | default = ""] - -# Override the expected name on the server certificate. -# CLI flag: -.tls-server-name -[tls_server_name: | default = ""] - -# Skip validating server certificate. -# CLI flag: -.tls-insecure-skip-verify -[tls_insecure_skip_verify: | default = false] - -# Override the default cipher suite list (separated by commas). Allowed values: -# -# Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_AES_128_GCM_SHA256 -# - TLS_AES_256_GCM_SHA384 -# - TLS_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -# -# Insecure Ciphers: -# - TLS_RSA_WITH_RC4_128_SHA -# - TLS_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_RSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -# CLI flag: -.tls-cipher-suites -[tls_cipher_suites: | default = ""] - -# Override the default minimum TLS version. Allowed values: VersionTLS10, -# VersionTLS11, VersionTLS12, VersionTLS13 -# CLI flag: -.tls-min-version -[tls_min_version: | default = ""] - -# The maximum amount of time to establish a connection. A value of 0 means -# default gRPC client connect timeout and backoff. -# CLI flag: -.connect-timeout -[connect_timeout: | default = 5s] + # How often to run the WAL cleaner. 0 = disabled. + # CLI flag: -ruler.wal-cleaner.period + [period: | default = 0s] -# Initial backoff delay after first connection failure. Only relevant if -# ConnectTimeout > 0. -# CLI flag: -.connect-backoff-base-delay -[connect_backoff_base_delay: | default = 1s] +# Remote-write configuration to send rule samples to a Prometheus remote-write +# endpoint. +remote_write: + # Deprecated: Use 'clients' instead. Configure remote write client. + [client: ] -# Maximum backoff delay when establishing a connection. Only relevant if -# ConnectTimeout > 0. -# CLI flag: -.connect-backoff-max-delay -[connect_backoff_max_delay: | default = 5s] -``` + # Configure remote write clients. A map with remote client id as key. + [clients: ] -### tls_config + # Enable remote-write functionality. + # CLI flag: -ruler.remote-write.enabled + [enabled: | default = false] -The TLS configuration. + # Minimum period to wait between refreshing remote-write reconfigurations. + # This should be greater than or equivalent to + # -limits.per-user-override-period. + # CLI flag: -ruler.remote-write.config-refresh-period + [config_refresh_period: | default = 10s] -```yaml -# Path to the client certificate, which will be used for authenticating with the -# server. Also requires the key path to be configured. -# CLI flag: -frontend.tail-tls-config.tls-cert-path -[tls_cert_path: | default = ""] + # Add X-Scope-OrgID header in remote write requests. + # CLI flag: -ruler.remote-write.add-org-id-header + [add_org_id_header: | default = true] -# Path to the key for the client certificate. Also requires the client -# certificate to be configured. -# CLI flag: -frontend.tail-tls-config.tls-key-path -[tls_key_path: | default = ""] +# Configuration for rule evaluation. +evaluation: + # The evaluation mode for the ruler. Can be either 'local' or 'remote'. If set + # to 'local', the ruler will evaluate rules locally. If set to 'remote', the + # ruler will evaluate rules remotely. If unset, the ruler will evaluate rules + # locally. + # CLI flag: -ruler.evaluation.mode + [mode: | default = "local"] -# Path to the CA certificates to validate server certificate against. If not -# set, the host's root CA certificates are used. -# CLI flag: -frontend.tail-tls-config.tls-ca-path -[tls_ca_path: | default = ""] + # Upper bound of random duration to wait before rule evaluation to avoid + # contention during concurrent execution of rules. Jitter is calculated + # consistently for a given rule. Set 0 to disable (default). + # CLI flag: -ruler.evaluation.max-jitter + [max_jitter: | default = 0s] -# Override the expected name on the server certificate. -# CLI flag: -frontend.tail-tls-config.tls-server-name -[tls_server_name: | default = ""] + query_frontend: + # GRPC listen address of the query-frontend(s). Must be a DNS address + # (prefixed with dns:///) to enable client side load balancing. + # CLI flag: -ruler.evaluation.query-frontend.address + [address: | default = ""] -# Skip validating server certificate. -# CLI flag: -frontend.tail-tls-config.tls-insecure-skip-verify -[tls_insecure_skip_verify: | default = false] + # Set to true if query-frontend connection requires TLS. + # CLI flag: -ruler.evaluation.query-frontend.tls-enabled + [tls_enabled: | default = false] -# Override the default cipher suite list (separated by commas). Allowed values: -# -# Secure Ciphers: -# - TLS_RSA_WITH_AES_128_CBC_SHA -# - TLS_RSA_WITH_AES_256_CBC_SHA -# - TLS_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_AES_128_GCM_SHA256 -# - TLS_AES_256_GCM_SHA384 -# - TLS_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -# -# Insecure Ciphers: -# - TLS_RSA_WITH_RC4_128_SHA -# - TLS_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_RSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_RC4_128_SHA -# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -# CLI flag: -frontend.tail-tls-config.tls-cipher-suites -[tls_cipher_suites: | default = ""] + # Path to the client certificate, which will be used for authenticating with + # the server. Also requires the key path to be configured. + # CLI flag: -ruler.evaluation.query-frontend.tls-cert-path + [tls_cert_path: | default = ""] -# Override the default minimum TLS version. Allowed values: VersionTLS10, -# VersionTLS11, VersionTLS12, VersionTLS13 -# CLI flag: -frontend.tail-tls-config.tls-min-version -[tls_min_version: | default = ""] -``` + # Path to the key for the client certificate. Also requires the client + # certificate to be configured. + # CLI flag: -ruler.evaluation.query-frontend.tls-key-path + [tls_key_path: | default = ""] -### cache_config + # Path to the CA certificates to validate server certificate against. If not + # set, the host's root CA certificates are used. + # CLI flag: -ruler.evaluation.query-frontend.tls-ca-path + [tls_ca_path: | default = ""] -The `cache_config` block configures the cache backend for a specific Loki component. The supported CLI flags `` used to reference this configuration block are: + # Override the expected name on the server certificate. + # CLI flag: -ruler.evaluation.query-frontend.tls-server-name + [tls_server_name: | default = ""] -- `bloom-gateway-client.cache` -- `bloom.metas-cache` -- `frontend` -- `frontend.index-stats-results-cache` -- `frontend.instant-metric-results-cache` -- `frontend.label-results-cache` -- `frontend.series-results-cache` -- `frontend.volume-results-cache` -- `store.chunks-cache` -- `store.chunks-cache-l2` -- `store.index-cache-read` -- `store.index-cache-write` + # Skip validating server certificate. + # CLI flag: -ruler.evaluation.query-frontend.tls-insecure-skip-verify + [tls_insecure_skip_verify: | default = false] -  + # Override the default cipher suite list (separated by commas). Allowed + # values: + # + # Secure Ciphers: + # - TLS_AES_128_GCM_SHA256 + # - TLS_AES_256_GCM_SHA384 + # - TLS_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + # + # Insecure Ciphers: + # - TLS_RSA_WITH_RC4_128_SHA + # - TLS_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA + # - TLS_RSA_WITH_AES_256_CBC_SHA + # - TLS_RSA_WITH_AES_128_CBC_SHA256 + # - TLS_RSA_WITH_AES_128_GCM_SHA256 + # - TLS_RSA_WITH_AES_256_GCM_SHA384 + # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_RC4_128_SHA + # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + # CLI flag: -ruler.evaluation.query-frontend.tls-cipher-suites + [tls_cipher_suites: | default = ""] -```yaml -# The default validity of entries for caches unless overridden. -# CLI flag: -.default-validity -[default_validity: | default = 1h] + # Override the default minimum TLS version. Allowed values: VersionTLS10, + # VersionTLS11, VersionTLS12, VersionTLS13 + # CLI flag: -ruler.evaluation.query-frontend.tls-min-version + [tls_min_version: | default = ""] +``` -background: - # At what concurrency to write back to cache. - # CLI flag: -.background.write-back-concurrency - [writeback_goroutines: | default = 1] +### runtime_config - # How many key batches to buffer for background write-back. Default is large - # to prefer size based limiting. - # CLI flag: -.background.write-back-buffer - [writeback_buffer: | default = 500000] +Configuration for 'runtime config' module, responsible for reloading runtime configuration file. - # Size limit in bytes for background write-back. - # CLI flag: -.background.write-back-size-limit - [writeback_size_limit: | default = 500MB] +```yaml +# How often to check runtime config files. +# CLI flag: -runtime-config.reload-period +[period: | default = 10s] -memcached: - # How long keys stay in the memcache. - # CLI flag: -.memcached.expiration - [expiration: | default = 0s] +# Comma separated list of yaml files with the configuration that can be updated +# at runtime. Runtime config files will be merged from left to right. +# CLI flag: -runtime-config.file +[file: | default = ""] +``` - # How many keys to fetch in each batch. - # CLI flag: -.memcached.batchsize - [batch_size: | default = 4] +### s3_storage_config - # Maximum active requests to memcache. - # CLI flag: -.memcached.parallelism - [parallelism: | default = 5] +The `s3_storage_config` block configures the connection to Amazon S3 object storage backend. The supported CLI flags `` used to reference this configuration block are: -memcached_client: - # Hostname for memcached service to use. If empty and if addresses is unset, - # no memcached will be used. - # CLI flag: -.memcached.hostname - [host: | default = ""] +- `common` +- `ruler` - # SRV service used to discover memcache servers. - # CLI flag: -.memcached.service - [service: | default = "memcached"] +  - # Comma separated addresses list in DNS Service Discovery format: - # https://grafana.com/docs/mimir/latest/configure/about-dns-service-discovery/#supported-discovery-modes - # CLI flag: -.memcached.addresses - [addresses: | default = ""] +```yaml +# S3 endpoint URL with escaped Key and Secret encoded. If only region is +# specified as a host, proper endpoint will be deduced. Use +# inmemory:/// to use a mock in-memory implementation. +# CLI flag: -.storage.s3.url +[s3: ] - # Maximum time to wait before giving up on memcached requests. - # CLI flag: -.memcached.timeout - [timeout: | default = 100ms] +# Set this to `true` to force the request to use path-style addressing. +# CLI flag: -.storage.s3.force-path-style +[s3forcepathstyle: | default = false] - # Maximum number of idle connections in pool. - # CLI flag: -.memcached.max-idle-conns - [max_idle_conns: | default = 16] +# Comma separated list of bucket names to evenly distribute chunks over. +# Overrides any buckets specified in s3.url flag +# CLI flag: -.storage.s3.buckets +[bucketnames: | default = ""] - # The maximum size of an item stored in memcached. Bigger items are not - # stored. If set to 0, no maximum size is enforced. - # CLI flag: -.memcached.max-item-size - [max_item_size: | default = 0] +# S3 Endpoint to connect to. +# CLI flag: -.storage.s3.endpoint +[endpoint: | default = ""] - # Period with which to poll DNS for memcache servers. - # CLI flag: -.memcached.update-interval - [update_interval: | default = 1m] +# AWS region to use. +# CLI flag: -.storage.s3.region +[region: | default = ""] - # Use consistent hashing to distribute to memcache servers. - # CLI flag: -.memcached.consistent-hash - [consistent_hash: | default = true] +# AWS Access Key ID +# CLI flag: -.storage.s3.access-key-id +[access_key_id: | default = ""] - # Trip circuit-breaker after this number of consecutive dial failures (if zero - # then circuit-breaker is disabled). - # CLI flag: -.memcached.circuit-breaker-consecutive-failures - [circuit_breaker_consecutive_failures: | default = 10] +# AWS Secret Access Key +# CLI flag: -.storage.s3.secret-access-key +[secret_access_key: | default = ""] - # Duration circuit-breaker remains open after tripping (if zero then 60 - # seconds is used). - # CLI flag: -.memcached.circuit-breaker-timeout - [circuit_breaker_timeout: | default = 10s] +# AWS Session Token +# CLI flag: -.storage.s3.session-token +[session_token: | default = ""] - # Reset circuit-breaker counts after this long (if zero then never reset). - # CLI flag: -.memcached.circuit-breaker-interval - [circuit_breaker_interval: | default = 10s] +# Disable https on s3 connection. +# CLI flag: -.storage.s3.insecure +[insecure: | default = false] - # Enable connecting to Memcached with TLS. - # CLI flag: -.memcached.tls-enabled - [tls_enabled: | default = false] +http_config: + # Timeout specifies a time limit for requests made by s3 Client. + # CLI flag: -.storage.s3.http.timeout + [timeout: | default = 0s] - # Path to the client certificate, which will be used for authenticating with - # the server. Also requires the key path to be configured. - # CLI flag: -.memcached.tls-cert-path - [tls_cert_path: | default = ""] + # The maximum amount of time an idle connection will be held open. + # CLI flag: -.storage.s3.http.idle-conn-timeout + [idle_conn_timeout: | default = 1m30s] - # Path to the key for the client certificate. Also requires the client - # certificate to be configured. - # CLI flag: -.memcached.tls-key-path - [tls_key_path: | default = ""] + # If non-zero, specifies the amount of time to wait for a server's response + # headers after fully writing the request. + # CLI flag: -.storage.s3.http.response-header-timeout + [response_header_timeout: | default = 0s] - # Path to the CA certificates to validate server certificate against. If not - # set, the host's root CA certificates are used. - # CLI flag: -.memcached.tls-ca-path - [tls_ca_path: | default = ""] + # Set to true to skip verifying the certificate chain and hostname. + # CLI flag: -.storage.s3.http.insecure-skip-verify + [insecure_skip_verify: | default = false] - # Override the expected name on the server certificate. - # CLI flag: -.memcached.tls-server-name - [tls_server_name: | default = ""] + # Path to the trusted CA file that signed the SSL certificate of the S3 + # endpoint. + # CLI flag: -.storage.s3.http.ca-file + [ca_file: | default = ""] - # Skip validating server certificate. - # CLI flag: -.memcached.tls-insecure-skip-verify - [tls_insecure_skip_verify: | default = false] +# The signature version to use for authenticating against S3. Supported values +# are: v4. +# CLI flag: -.storage.s3.signature-version +[signature_version: | default = "v4"] - # Override the default cipher suite list (separated by commas). Allowed - # values: - # - # Secure Ciphers: - # - TLS_RSA_WITH_AES_128_CBC_SHA - # - TLS_RSA_WITH_AES_256_CBC_SHA - # - TLS_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_RSA_WITH_AES_256_GCM_SHA384 - # - TLS_AES_128_GCM_SHA256 - # - TLS_AES_256_GCM_SHA384 - # - TLS_CHACHA20_POLY1305_SHA256 - # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - # - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - # - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - # - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - # - # Insecure Ciphers: - # - TLS_RSA_WITH_RC4_128_SHA - # - TLS_RSA_WITH_3DES_EDE_CBC_SHA - # - TLS_RSA_WITH_AES_128_CBC_SHA256 - # - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - # - TLS_ECDHE_RSA_WITH_RC4_128_SHA - # - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - # - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - # - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - # CLI flag: -.memcached.tls-cipher-suites - [tls_cipher_suites: | default = ""] +# The S3 storage class which objects will use. Supported values are: GLACIER, +# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS, +# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. +# CLI flag: -.storage.s3.storage-class +[storage_class: | default = "STANDARD"] + +sse: + # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. + # CLI flag: -.storage.s3.sse.type + [type: | default = ""] - # Override the default minimum TLS version. Allowed values: VersionTLS10, - # VersionTLS11, VersionTLS12, VersionTLS13 - # CLI flag: -.memcached.tls-min-version - [tls_min_version: | default = ""] + # KMS Key ID used to encrypt objects in S3 + # CLI flag: -.storage.s3.sse.kms-key-id + [kms_key_id: | default = ""] -redis: - # Redis Server or Cluster configuration endpoint to use for caching. A - # comma-separated list of endpoints for Redis Cluster or Redis Sentinel. If - # empty, no redis will be used. - # CLI flag: -.redis.endpoint - [endpoint: | default = ""] + # KMS Encryption Context used for object encryption. It expects JSON formatted + # string. + # CLI flag: -.storage.s3.sse.kms-encryption-context + [kms_encryption_context: | default = ""] - # Redis Sentinel master name. An empty string for Redis Server or Redis - # Cluster. - # CLI flag: -.redis.master-name - [master_name: | default = ""] +# Configures back off when S3 get Object. +backoff_config: + # Minimum backoff time when s3 get Object + # CLI flag: -.storage.s3.min-backoff + [min_period: | default = 100ms] - # Maximum time to wait before giving up on redis requests. - # CLI flag: -.redis.timeout - [timeout: | default = 500ms] + # Maximum backoff time when s3 get Object + # CLI flag: -.storage.s3.max-backoff + [max_period: | default = 3s] - # How long keys stay in the redis. - # CLI flag: -.redis.expiration - [expiration: | default = 0s] + # Maximum number of times to retry when s3 get Object + # CLI flag: -.storage.s3.max-retries + [max_retries: | default = 5] +``` - # Database index. - # CLI flag: -.redis.db - [db: | default = 0] +### schema_config - # Maximum number of connections in the pool. - # CLI flag: -.redis.pool-size - [pool_size: | default = 0] +Configures the chunk index schema and where it is stored. - # Username to use when connecting to redis. - # CLI flag: -.redis.username - [username: | default = ""] +```yaml +[configs: ] +``` - # Password to use when connecting to redis. - # CLI flag: -.redis.password - [password: | default = ""] +### server - # Enable connecting to redis with TLS. - # CLI flag: -.redis.tls-enabled - [tls_enabled: | default = false] +Configures the `server` of the launched module(s). - # Skip validating server certificate. - # CLI flag: -.redis.tls-insecure-skip-verify - [tls_insecure_skip_verify: | default = false] +```yaml +# HTTP server listen network, default tcp +# CLI flag: -server.http-listen-network +[http_listen_network: | default = "tcp"] - # Close connections after remaining idle for this duration. If the value is - # zero, then idle connections are not closed. - # CLI flag: -.redis.idle-timeout - [idle_timeout: | default = 0s] +# HTTP server listen address. +# CLI flag: -server.http-listen-address +[http_listen_address: | default = ""] - # Close connections older than this duration. If the value is zero, then the - # pool does not close connections based on age. - # CLI flag: -.redis.max-connection-age - [max_connection_age: | default = 0s] +# HTTP server listen port. +# CLI flag: -server.http-listen-port +[http_listen_port: | default = 3100] - # By default, the Redis client only reads from the master node. Enabling this - # option can lower pressure on the master node by randomly routing read-only - # commands to the master and any available replicas. - # CLI flag: -.redis.route-randomly - [route_randomly: | default = false] +# Maximum number of simultaneous http connections, <=0 to disable +# CLI flag: -server.http-conn-limit +[http_listen_conn_limit: | default = 0] -embedded_cache: - # Whether embedded cache is enabled. - # CLI flag: -.embedded-cache.enabled - [enabled: | default = false] +# gRPC server listen network +# CLI flag: -server.grpc-listen-network +[grpc_listen_network: | default = "tcp"] - # Maximum memory size of the cache in MB. - # CLI flag: -.embedded-cache.max-size-mb - [max_size_mb: | default = 100] +# gRPC server listen address. +# CLI flag: -server.grpc-listen-address +[grpc_listen_address: | default = ""] - # Maximum number of entries in the cache. - # CLI flag: -.embedded-cache.max-size-items - [max_size_items: | default = 0] +# gRPC server listen port. +# CLI flag: -server.grpc-listen-port +[grpc_listen_port: | default = 9095] - # The time to live for items in the cache before they get purged. - # CLI flag: -.embedded-cache.ttl - [ttl: | default = 1h] -``` +# Maximum number of simultaneous grpc connections, <=0 to disable +# CLI flag: -server.grpc-conn-limit +[grpc_listen_conn_limit: | default = 0] -### period_config +# Comma-separated list of cipher suites to use. If blank, the default Go cipher +# suites is used. +# CLI flag: -server.tls-cipher-suites +[tls_cipher_suites: | default = ""] -The `period_config` block configures what index schemas should be used for from specific time periods. +# Minimum TLS version to use. Allowed values: VersionTLS10, VersionTLS11, +# VersionTLS12, VersionTLS13. If blank, the Go TLS minimum version is used. +# CLI flag: -server.tls-min-version +[tls_min_version: | default = ""] -```yaml -# The date of the first day that index buckets should be created. Use a date in -# the past if this is your only period_config, otherwise use a date when you -# want the schema to switch over. In YYYY-MM-DD format, for example: 2018-04-15. -[from: ] +http_tls_config: + # Server TLS certificate. This configuration parameter is YAML only. + [cert: | default = ""] -# store and object_store below affect which key is used. Which -# index to use. Either tsdb or boltdb-shipper. Following stores are deprecated: -# aws, aws-dynamo, gcp, gcp-columnkey, bigtable, bigtable-hashed, cassandra, -# grpc. -[store: | default = ""] + # Server TLS key. This configuration parameter is YAML only. + [key: | default = ""] -# Which store to use for the chunks. Either aws (alias s3), azure, gcs, -# alibabacloud, bos, cos, swift, filesystem, or a named_store (refer to -# named_stores_config). Following stores are deprecated: aws-dynamo, gcp, -# gcp-columnkey, bigtable, bigtable-hashed, cassandra, grpc. -[object_store: | default = ""] + # Root certificate authority used to verify client certificates. This + # configuration parameter is YAML only. + [client_ca: | default = ""] -# The schema version to use, current recommended schema is v13. -[schema: | default = ""] + # HTTP server cert path. + # CLI flag: -server.http-tls-cert-path + [cert_file: | default = ""] -# Configures how the index is updated and stored. -index: - # Path prefix for index tables. Prefix always needs to end with a path - # delimiter '/', except when the prefix is empty. - [path_prefix: | default = "index/"] + # HTTP server key path. + # CLI flag: -server.http-tls-key-path + [key_file: | default = ""] - # Table prefix for all period tables. - [prefix: | default = ""] + # HTTP TLS Client Auth type. + # CLI flag: -server.http-tls-client-auth + [client_auth_type: | default = ""] - # Table period. - [period: ] + # HTTP TLS Client CA path. + # CLI flag: -server.http-tls-ca-path + [client_ca_file: | default = ""] - # A map to be added to all managed tables. - [tags: ] +grpc_tls_config: + # Server TLS certificate. This configuration parameter is YAML only. + [cert: | default = ""] -# Configured how the chunks are updated and stored. -chunks: - # Table prefix for all period tables. - [prefix: | default = ""] + # Server TLS key. This configuration parameter is YAML only. + [key: | default = ""] - # Table period. - [period: ] + # Root certificate authority used to verify client certificates. This + # configuration parameter is YAML only. + [client_ca: | default = ""] - # A map to be added to all managed tables. - [tags: ] + # GRPC TLS server cert path. + # CLI flag: -server.grpc-tls-cert-path + [cert_file: | default = ""] -# How many shards will be created. Only used if schema is v10 or greater. -[row_shards: | default = 16] -``` + # GRPC TLS server key path. + # CLI flag: -server.grpc-tls-key-path + [key_file: | default = ""] -### aws_storage_config + # GRPC TLS Client Auth type. + # CLI flag: -server.grpc-tls-client-auth + [client_auth_type: | default = ""] -The `aws_storage_config` block configures the connection to dynamoDB and S3 object storage. Either one of them or both can be configured. + # GRPC TLS Client CA path. + # CLI flag: -server.grpc-tls-ca-path + [client_ca_file: | default = ""] -```yaml -# Deprecated: Configures storing indexes in DynamoDB. -dynamodb: - # DynamoDB endpoint URL with escaped Key and Secret encoded. If only region is - # specified as a host, proper endpoint will be deduced. Use - # inmemory:/// to use a mock in-memory implementation. - # CLI flag: -dynamodb.url - [dynamodb_url: ] +# Register the intrumentation handlers (/metrics etc). +# CLI flag: -server.register-instrumentation +[register_instrumentation: | default = true] - # DynamoDB table management requests per second limit. - # CLI flag: -dynamodb.api-limit - [api_limit: | default = 2] +# If set to true, gRPC statuses will be reported in instrumentation labels with +# their string representations. Otherwise, they will be reported as "error". +# CLI flag: -server.report-grpc-codes-in-instrumentation-label-enabled +[report_grpc_codes_in_instrumentation_label_enabled: | default = false] - # DynamoDB rate cap to back off when throttled. - # CLI flag: -dynamodb.throttle-limit - [throttle_limit: | default = 10] +# Timeout for graceful shutdowns +# CLI flag: -server.graceful-shutdown-timeout +[graceful_shutdown_timeout: | default = 30s] - metrics: - # Use metrics-based autoscaling, via this query URL - # CLI flag: -metrics.url - [url: | default = ""] +# Read timeout for entire HTTP request, including headers and body. +# CLI flag: -server.http-read-timeout +[http_server_read_timeout: | default = 30s] - # Queue length above which we will scale up capacity - # CLI flag: -metrics.target-queue-length - [target_queue_length: | default = 100000] +# Read timeout for HTTP request headers. If set to 0, value of +# -server.http-read-timeout is used. +# CLI flag: -server.http-read-header-timeout +[http_server_read_header_timeout: | default = 0s] + +# Write timeout for HTTP server +# CLI flag: -server.http-write-timeout +[http_server_write_timeout: | default = 30s] + +# Idle timeout for HTTP server +# CLI flag: -server.http-idle-timeout +[http_server_idle_timeout: | default = 2m] - # Scale up capacity by this multiple - # CLI flag: -metrics.scale-up-factor - [scale_up_factor: | default = 1.3] +# Log closed connections that did not receive any response, most likely because +# client didn't send any request within timeout. +# CLI flag: -server.http-log-closed-connections-without-response-enabled +[http_log_closed_connections_without_response_enabled: | default = false] - # Ignore throttling below this level (rate per second) - # CLI flag: -metrics.ignore-throttle-below - [ignore_throttle_below: | default = 1] +# Limit on the size of a gRPC message this server can receive (bytes). +# CLI flag: -server.grpc-max-recv-msg-size-bytes +[grpc_server_max_recv_msg_size: | default = 4194304] - # query to fetch ingester queue length - # CLI flag: -metrics.queue-length-query - [queue_length_query: | default = "sum(avg_over_time(loki_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m])) or sum(avg_over_time(cortex_ingester_flush_queue_length{job=\"cortex/ingester\"}[2m]))"] +# Limit on the size of a gRPC message this server can send (bytes). +# CLI flag: -server.grpc-max-send-msg-size-bytes +[grpc_server_max_send_msg_size: | default = 4194304] - # query to fetch throttle rates per table - # CLI flag: -metrics.write-throttle-query - [write_throttle_query: | default = "sum(rate(cortex_dynamo_throttled_total{operation=\"DynamoDB.BatchWriteItem\"}[1m])) by (table) > 0"] +# Limit on the number of concurrent streams for gRPC calls per client connection +# (0 = unlimited) +# CLI flag: -server.grpc-max-concurrent-streams +[grpc_server_max_concurrent_streams: | default = 100] - # query to fetch write capacity usage per table - # CLI flag: -metrics.usage-query - [write_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.BatchWriteItem\"}[15m])) by (table) > 0"] +# The duration after which an idle connection should be closed. Default: +# infinity +# CLI flag: -server.grpc.keepalive.max-connection-idle +[grpc_server_max_connection_idle: | default = 2562047h47m16.854775807s] - # query to fetch read capacity usage per table - # CLI flag: -metrics.read-usage-query - [read_usage_query: | default = "sum(rate(cortex_dynamo_consumed_capacity_total{operation=\"DynamoDB.QueryPages\"}[1h])) by (table) > 0"] +# The duration for the maximum amount of time a connection may exist before it +# will be closed. Default: infinity +# CLI flag: -server.grpc.keepalive.max-connection-age +[grpc_server_max_connection_age: | default = 2562047h47m16.854775807s] - # query to fetch read errors per table - # CLI flag: -metrics.read-error-query - [read_error_query: | default = "sum(increase(cortex_dynamo_failures_total{operation=\"DynamoDB.QueryPages\",error=\"ProvisionedThroughputExceededException\"}[1m])) by (table) > 0"] +# An additive period after max-connection-age after which the connection will be +# forcibly closed. Default: infinity +# CLI flag: -server.grpc.keepalive.max-connection-age-grace +[grpc_server_max_connection_age_grace: | default = 2562047h47m16.854775807s] - # Number of chunks to group together to parallelise fetches (zero to disable) - # CLI flag: -dynamodb.chunk-gang-size - [chunk_gang_size: | default = 10] +# Duration after which a keepalive probe is sent in case of no activity over the +# connection., Default: 2h +# CLI flag: -server.grpc.keepalive.time +[grpc_server_keepalive_time: | default = 2h] - # Max number of chunk-get operations to start in parallel - # CLI flag: -dynamodb.chunk.get-max-parallelism - [chunk_get_max_parallelism: | default = 32] +# After having pinged for keepalive check, the duration after which an idle +# connection should be closed, Default: 20s +# CLI flag: -server.grpc.keepalive.timeout +[grpc_server_keepalive_timeout: | default = 20s] - backoff_config: - # Minimum backoff time - # CLI flag: -dynamodb.min-backoff - [min_period: | default = 100ms] +# Minimum amount of time a client should wait before sending a keepalive ping. +# If client sends keepalive ping more often, server will send GOAWAY and close +# the connection. +# CLI flag: -server.grpc.keepalive.min-time-between-pings +[grpc_server_min_time_between_pings: | default = 10s] - # Maximum backoff time - # CLI flag: -dynamodb.max-backoff - [max_period: | default = 50s] +# If true, server allows keepalive pings even when there are no active +# streams(RPCs). If false, and client sends ping when there are no active +# streams, server will send GOAWAY and close the connection. +# CLI flag: -server.grpc.keepalive.ping-without-stream-allowed +[grpc_server_ping_without_stream_allowed: | default = true] - # Maximum number of times to retry an operation - # CLI flag: -dynamodb.max-retries - [max_retries: | default = 20] +# If non-zero, configures the amount of GRPC server workers used to serve the +# requests. +# CLI flag: -server.grpc.num-workers +[grpc_server_num_workers: | default = 0] - # KMS key used for encrypting DynamoDB items. DynamoDB will use an Amazon - # owned KMS key if not provided. - # CLI flag: -dynamodb.kms-key-id - [kms_key_id: | default = ""] +# Output log messages in the given format. Valid formats: [logfmt, json] +# CLI flag: -log.format +[log_format: | default = "logfmt"] -# S3 endpoint URL with escaped Key and Secret encoded. If only region is -# specified as a host, proper endpoint will be deduced. Use -# inmemory:/// to use a mock in-memory implementation. -# CLI flag: -s3.url -[s3: ] +# Only log messages with the given severity or above. Valid levels: [debug, +# info, warn, error] +# CLI flag: -log.level +[log_level: | default = "info"] -# Set this to `true` to force the request to use path-style addressing. -# CLI flag: -s3.force-path-style -[s3forcepathstyle: | default = false] +# Optionally log the source IPs. +# CLI flag: -server.log-source-ips-enabled +[log_source_ips_enabled: | default = false] -# Comma separated list of bucket names to evenly distribute chunks over. -# Overrides any buckets specified in s3.url flag -# CLI flag: -s3.buckets -[bucketnames: | default = ""] +# Header field storing the source IPs. Only used if +# server.log-source-ips-enabled is true. If not set the default Forwarded, +# X-Real-IP and X-Forwarded-For headers are used +# CLI flag: -server.log-source-ips-header +[log_source_ips_header: | default = ""] -# S3 Endpoint to connect to. -# CLI flag: -s3.endpoint -[endpoint: | default = ""] +# Regex for matching the source IPs. Only used if server.log-source-ips-enabled +# is true. If not set the default Forwarded, X-Real-IP and X-Forwarded-For +# headers are used +# CLI flag: -server.log-source-ips-regex +[log_source_ips_regex: | default = ""] -# AWS region to use. -# CLI flag: -s3.region -[region: | default = ""] +# Optionally log request headers. +# CLI flag: -server.log-request-headers +[log_request_headers: | default = false] -# AWS Access Key ID -# CLI flag: -s3.access-key-id -[access_key_id: | default = ""] +# Optionally log requests at info level instead of debug level. Applies to +# request headers as well if server.log-request-headers is enabled. +# CLI flag: -server.log-request-at-info-level-enabled +[log_request_at_info_level_enabled: | default = false] -# AWS Secret Access Key -# CLI flag: -s3.secret-access-key -[secret_access_key: | default = ""] +# Comma separated list of headers to exclude from loggin. Only used if +# server.log-request-headers is true. +# CLI flag: -server.log-request-headers-exclude-list +[log_request_exclude_headers_list: | default = ""] -# AWS Session Token -# CLI flag: -s3.session-token -[session_token: | default = ""] +# Base path to serve all API routes from (e.g. /v1/) +# CLI flag: -server.path-prefix +[http_path_prefix: | default = ""] +``` -# Disable https on s3 connection. -# CLI flag: -s3.insecure -[insecure: | default = false] +### storage_config -http_config: - # Timeout specifies a time limit for requests made by s3 Client. - # CLI flag: -s3.http.timeout - [timeout: | default = 0s] +The `storage_config` block configures one of many possible stores for both the index and chunks. Which configuration to be picked should be defined in schema_config block. - # The maximum amount of time an idle connection will be held open. - # CLI flag: -s3.http.idle-conn-timeout - [idle_conn_timeout: | default = 1m30s] +```yaml +# The alibabacloud_storage_config block configures the connection to Alibaba +# Cloud Storage object storage backend. +# The CLI flags prefix for this block configuration is: common +[alibabacloud: ] - # If non-zero, specifies the amount of time to wait for a server's response - # headers after fully writing the request. - # CLI flag: -s3.http.response-header-timeout - [response_header_timeout: | default = 0s] +# The aws_storage_config block configures the connection to dynamoDB and S3 +# object storage. Either one of them or both can be configured. +[aws: ] - # Set to true to skip verifying the certificate chain and hostname. - # CLI flag: -s3.http.insecure-skip-verify - [insecure_skip_verify: | default = false] +# The azure_storage_config block configures the connection to Azure object +# storage backend. +[azure: ] - # Path to the trusted CA file that signed the SSL certificate of the S3 - # endpoint. - # CLI flag: -s3.http.ca-file - [ca_file: | default = ""] +# The bos_storage_config block configures the connection to Baidu Object Storage +# (BOS) object storage backend. +[bos: ] -# The signature version to use for authenticating against S3. Supported values -# are: v4. -# CLI flag: -s3.signature-version -[signature_version: | default = "v4"] +# Deprecated: Configures storing indexes in Bigtable. Required fields only +# required when bigtable is defined in config. +bigtable: + # Bigtable project ID. + # CLI flag: -bigtable.project + [project: | default = ""] -# The S3 storage class which objects will use. Supported values are: GLACIER, -# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS, -# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. -# CLI flag: -s3.storage-class -[storage_class: | default = "STANDARD"] + # Bigtable instance ID. Please refer to + # https://cloud.google.com/docs/authentication/production for more information + # about how to configure authentication. + # CLI flag: -bigtable.instance + [instance: | default = ""] -sse: - # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. - # CLI flag: -s3.sse.type - [type: | default = ""] + # The grpc_client block configures the gRPC client used to communicate between + # a client and server component in Loki. + # The CLI flags prefix for this block configuration is: bigtable + [grpc_client_config: ] - # KMS Key ID used to encrypt objects in S3 - # CLI flag: -s3.sse.kms-key-id - [kms_key_id: | default = ""] + # If enabled, once a tables info is fetched, it is cached. + # CLI flag: -bigtable.table-cache.enabled + [table_cache_enabled: | default = true] - # KMS Encryption Context used for object encryption. It expects JSON formatted - # string. - # CLI flag: -s3.sse.kms-encryption-context - [kms_encryption_context: | default = ""] + # Duration to cache tables before checking again. + # CLI flag: -bigtable.table-cache.expiration + [table_cache_expiration: | default = 30m] -# Configures back off when S3 get Object. -backoff_config: - # Minimum backoff time when s3 get Object - # CLI flag: -s3.min-backoff - [min_period: | default = 100ms] +# Configures storing chunks in GCS. Required fields only required when gcs is +# defined in config. +[gcs: ] - # Maximum backoff time when s3 get Object - # CLI flag: -s3.max-backoff - [max_period: | default = 3s] +# Deprecated: Configures storing chunks and/or the index in Cassandra. +cassandra: + # Comma-separated hostnames or IPs of Cassandra instances. + # CLI flag: -cassandra.addresses + [addresses: | default = ""] - # Maximum number of times to retry when s3 get Object - # CLI flag: -s3.max-retries - [max_retries: | default = 5] -``` + # Port that Cassandra is running on + # CLI flag: -cassandra.port + [port: | default = 9042] + + # Keyspace to use in Cassandra. + # CLI flag: -cassandra.keyspace + [keyspace: | default = ""] -### azure_storage_config + # Consistency level for Cassandra. + # CLI flag: -cassandra.consistency + [consistency: | default = "QUORUM"] -The `azure_storage_config` block configures the connection to Azure object storage backend. The supported CLI flags `` used to reference this configuration block are: + # Replication factor to use in Cassandra. + # CLI flag: -cassandra.replication-factor + [replication_factor: | default = 3] -- `common.storage` -- `ruler.storage` + # Instruct the cassandra driver to not attempt to get host info from the + # system.peers table. + # CLI flag: -cassandra.disable-initial-host-lookup + [disable_initial_host_lookup: | default = false] -  + # Use SSL when connecting to cassandra instances. + # CLI flag: -cassandra.ssl + [SSL: | default = false] -```yaml -# Azure Cloud environment. Supported values are: AzureGlobal, AzureChinaCloud, -# AzureGermanCloud, AzureUSGovernment. -# CLI flag: -.azure.environment -[environment: | default = "AzureGlobal"] + # Require SSL certificate validation. + # CLI flag: -cassandra.host-verification + [host_verification: | default = true] -# Azure storage account name. -# CLI flag: -.azure.account-name -[account_name: | default = ""] + # Policy for selecting Cassandra host. Supported values are: round-robin, + # token-aware. + # CLI flag: -cassandra.host-selection-policy + [host_selection_policy: | default = "round-robin"] -# Azure storage account key. -# CLI flag: -.azure.account-key -[account_key: | default = ""] + # Path to certificate file to verify the peer. + # CLI flag: -cassandra.ca-path + [CA_path: | default = ""] -# If `connection-string` is set, the values of `account-name` and -# `endpoint-suffix` values will not be used. Use this method over `account-key` -# if you need to authenticate via a SAS token. Or if you use the Azurite -# emulator. -# CLI flag: -.azure.connection-string -[connection_string: | default = ""] + # Path to certificate file used by TLS. + # CLI flag: -cassandra.tls-cert-path + [tls_cert_path: | default = ""] -# Name of the storage account blob container used to store chunks. This -# container must be created before running cortex. -# CLI flag: -.azure.container-name -[container_name: | default = "loki"] + # Path to private key file used by TLS. + # CLI flag: -cassandra.tls-key-path + [tls_key_path: | default = ""] -# Azure storage endpoint suffix without schema. The storage account name will be -# prefixed to this value to create the FQDN. -# CLI flag: -.azure.endpoint-suffix -[endpoint_suffix: | default = ""] + # Enable password authentication when connecting to cassandra. + # CLI flag: -cassandra.auth + [auth: | default = false] -# Use Managed Identity to authenticate to the Azure storage account. -# CLI flag: -.azure.use-managed-identity -[use_managed_identity: | default = false] + # Username to use when connecting to cassandra. + # CLI flag: -cassandra.username + [username: | default = ""] -# Use Federated Token to authenticate to the Azure storage account. -# CLI flag: -.azure.use-federated-token -[use_federated_token: | default = false] + # Password to use when connecting to cassandra. + # CLI flag: -cassandra.password + [password: | default = ""] -# User assigned identity ID to authenticate to the Azure storage account. -# CLI flag: -.azure.user-assigned-id -[user_assigned_id: | default = ""] + # File containing password to use when connecting to cassandra. + # CLI flag: -cassandra.password-file + [password_file: | default = ""] -# Use Service Principal to authenticate through Azure OAuth. -# CLI flag: -.azure.use-service-principal -[use_service_principal: | default = false] + # If set, when authenticating with cassandra a custom authenticator will be + # expected during the handshake. This flag can be set multiple times. + # CLI flag: -cassandra.custom-authenticator + [custom_authenticators: | default = []] -# Azure Service Principal ID(GUID). -# CLI flag: -.azure.client-id -[client_id: | default = ""] + # Timeout when connecting to cassandra. + # CLI flag: -cassandra.timeout + [timeout: | default = 2s] -# Azure Service Principal secret key. -# CLI flag: -.azure.client-secret -[client_secret: | default = ""] + # Initial connection timeout, used during initial dial to server. + # CLI flag: -cassandra.connect-timeout + [connect_timeout: | default = 5s] -# Azure Tenant ID is used to authenticate through Azure OAuth. -# CLI flag: -.azure.tenant-id -[tenant_id: | default = ""] + # Interval to retry connecting to cassandra nodes marked as DOWN. + # CLI flag: -cassandra.reconnent-interval + [reconnect_interval: | default = 1s] -# Chunk delimiter for blob ID to be used -# CLI flag: -.azure.chunk-delimiter -[chunk_delimiter: | default = "-"] + # Number of retries to perform on a request. Set to 0 to disable retries. + # CLI flag: -cassandra.max-retries + [max_retries: | default = 0] -# Preallocated buffer size for downloads. -# CLI flag: -.azure.download-buffer-size -[download_buffer_size: | default = 512000] + # Maximum time to wait before retrying a failed request. + # CLI flag: -cassandra.retry-max-backoff + [retry_max_backoff: | default = 10s] -# Preallocated buffer size for uploads. -# CLI flag: -.azure.upload-buffer-size -[upload_buffer_size: | default = 256000] + # Minimum time to wait before retrying a failed request. + # CLI flag: -cassandra.retry-min-backoff + [retry_min_backoff: | default = 100ms] -# Number of buffers used to used to upload a chunk. -# CLI flag: -.azure.download-buffer-count -[upload_buffer_count: | default = 1] + # Limit number of concurrent queries to Cassandra. Set to 0 to disable the + # limit. + # CLI flag: -cassandra.query-concurrency + [query_concurrency: | default = 0] -# Timeout for requests made against azure blob storage. -# CLI flag: -.azure.request-timeout -[request_timeout: | default = 30s] + # Number of TCP connections per host. + # CLI flag: -cassandra.num-connections + [num_connections: | default = 2] -# Number of retries for a request which times out. -# CLI flag: -.azure.max-retries -[max_retries: | default = 5] + # Convict hosts of being down on failure. + # CLI flag: -cassandra.convict-hosts-on-failure + [convict_hosts_on_failure: | default = true] -# Minimum time to wait before retrying a request. -# CLI flag: -.azure.min-retry-delay -[min_retry_delay: | default = 10ms] + # Table options used to create index or chunk tables. This value is used as + # plain text in the table `WITH` like this, "CREATE TABLE + # (...) WITH ". For details, + # see https://cortexmetrics.io/docs/production/cassandra. By default it will + # use the default table options of your Cassandra cluster. + # CLI flag: -cassandra.table-options + [table_options: | default = ""] -# Maximum time to wait before retrying a request. -# CLI flag: -.azure.max-retry-delay -[max_retry_delay: | default = 500ms] -``` +# Deprecated: Configures storing index in BoltDB. Required fields only required +# when boltdb is present in the configuration. +boltdb: + # Location of BoltDB index files. + # CLI flag: -boltdb.dir + [directory: | default = ""] -### alibabacloud_storage_config +# Configures storing the chunks on the local file system. Required fields only +# required when filesystem is present in the configuration. +[filesystem: ] -The `alibabacloud_storage_config` block configures the connection to Alibaba Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: +# The swift_storage_config block configures the connection to OpenStack Object +# Storage (Swift) object storage backend. +[swift: ] -- `common` -- `ruler` +# Deprecated: +grpc_store: + # Hostname or IP of the gRPC store instance. + # CLI flag: -grpc-store.server-address + [server_address: | default = ""] -  +hedging: + # If set to a non-zero value a second request will be issued at the provided + # duration. Default is 0 (disabled) + # CLI flag: -store.hedge-requests-at + [at: | default = 0s] -```yaml -# Name of OSS bucket. -# CLI flag: -common.storage.oss.bucketname -[bucket: | default = ""] + # The maximum of hedge requests allowed. + # CLI flag: -store.hedge-requests-up-to + [up_to: | default = 2] -# oss Endpoint to connect to. -# CLI flag: -common.storage.oss.endpoint -[endpoint: | default = ""] + # The maximum of hedge requests allowed per seconds. + # CLI flag: -store.hedge-max-per-second + [max_per_second: | default = 5] -# alibabacloud Access Key ID -# CLI flag: -common.storage.oss.access-key-id -[access_key_id: | default = ""] +# Configures additional object stores for a given storage provider. +# Supported stores: aws, azure, bos, filesystem, gcs, swift. +# Example: +# storage_config: +# named_stores: +# aws: +# store-1: +# endpoint: s3://foo-bucket +# region: us-west1 +# Named store from this example can be used by setting object_store to store-1 +# in period_config. +[named_stores: ] -# alibabacloud Secret Access Key -# CLI flag: -common.storage.oss.secret-access-key -[secret_access_key: | default = ""] -``` +# The cos_storage_config block configures the connection to IBM Cloud Object +# Storage (COS) backend. +[cos: ] -### gcs_storage_config +# Cache validity for active index entries. Should be no higher than +# -ingester.max-chunk-idle. +# CLI flag: -store.index-cache-validity +[index_cache_validity: | default = 5m] -The `gcs_storage_config` block configures the connection to Google Cloud Storage object storage backend. The supported CLI flags `` used to reference this configuration block are: +congestion_control: + # Use storage congestion control (default: disabled). + # CLI flag: -store.congestion-control.enabled + [enabled: | default = false] -- `common.storage` -- `ruler.storage` + controller: + # Congestion control strategy to use (default: none, options: 'aimd'). + # CLI flag: -store.congestion-control.strategy + [strategy: | default = ""] -  + aimd: + # AIMD starting throughput window size: how many requests can be sent per + # second (default: 2000). + # CLI flag: -store.congestion-control.strategy.aimd.start + [start: | default = 2000] -```yaml -# Name of GCS bucket. Please refer to -# https://cloud.google.com/docs/authentication/production for more information -# about how to configure authentication. -# CLI flag: -.gcs.bucketname -[bucket_name: | default = ""] + # AIMD maximum throughput window size: upper limit of requests sent per + # second (default: 10000). + # CLI flag: -store.congestion-control.strategy.aimd.upper-bound + [upper_bound: | default = 10000] + + # AIMD backoff factor when upstream service is throttled to decrease + # number of requests sent per second (default: 0.5). + # CLI flag: -store.congestion-control.strategy.aimd.backoff-factor + [backoff_factor: | default = 0.5] -# Service account key content in JSON format, refer to -# https://cloud.google.com/iam/docs/creating-managing-service-account-keys for -# creation. -# CLI flag: -.gcs.service-account -[service_account: | default = ""] + retry: + # Congestion control retry strategy to use (default: none, options: + # 'limited'). + # CLI flag: -store.congestion-control.retry.strategy + [strategy: | default = ""] -# The size of the buffer that GCS client for each PUT request. 0 to disable -# buffering. -# CLI flag: -.gcs.chunk-buffer-size -[chunk_buffer_size: | default = 0] + # Maximum number of retries allowed. + # CLI flag: -store.congestion-control.retry.strategy.limited.limit + [limit: | default = 2] -# The duration after which the requests to GCS should be timed out. -# CLI flag: -.gcs.request-timeout -[request_timeout: | default = 0s] + hedging: + config: + [at: ] -# Enable OpenCensus (OC) instrumentation for all requests. -# CLI flag: -.gcs.enable-opencensus -[enable_opencensus: | default = true] + [up_to: ] -# Enable HTTP2 connections. -# CLI flag: -.gcs.enable-http2 -[enable_http2: | default = true] + [max_per_second: ] -# Enable automatic retries of failed idempotent requests. -# CLI flag: -.gcs.enable-retries -[enable_retries: | default = true] -``` + # Congestion control hedge strategy to use (default: none, options: + # 'limited'). + # CLI flag: -store.congestion-control.hedge.strategy + [strategy: | default = ""] -### s3_storage_config +# Experimental. Sets a constant prefix for all keys inserted into object +# storage. Example: loki/ +# CLI flag: -store.object-prefix +[object_prefix: | default = ""] -The `s3_storage_config` block configures the connection to Amazon S3 object storage backend. The supported CLI flags `` used to reference this configuration block are: +# The cache_config block configures the cache backend for a specific Loki +# component. +# The CLI flags prefix for this block configuration is: store.index-cache-read +[index_queries_cache_config: ] -- `common` -- `ruler` +# Disable broad index queries which results in reduced cache usage and faster +# query performance at the expense of somewhat higher QPS on the index store. +# CLI flag: -store.disable-broad-index-queries +[disable_broad_index_queries: | default = false] -  +# Maximum number of parallel chunk reads. +# CLI flag: -store.max-parallel-get-chunk +[max_parallel_get_chunk: | default = 150] -```yaml -# S3 endpoint URL with escaped Key and Secret encoded. If only region is -# specified as a host, proper endpoint will be deduced. Use -# inmemory:/// to use a mock in-memory implementation. -# CLI flag: -.storage.s3.url -[s3: ] +# The maximum number of chunks to fetch per batch. +# CLI flag: -store.max-chunk-batch-size +[max_chunk_batch_size: | default = 50] -# Set this to `true` to force the request to use path-style addressing. -# CLI flag: -.storage.s3.force-path-style -[s3forcepathstyle: | default = false] +# Configures storing index in an Object Store +# (GCS/S3/Azure/Swift/COS/Filesystem) in the form of boltdb files. Required +# fields only required when boltdb-shipper is defined in config. +boltdb_shipper: + # Directory where ingesters would write index files which would then be + # uploaded by shipper to configured storage + # CLI flag: -boltdb.shipper.active-index-directory + [active_index_directory: | default = ""] -# Comma separated list of bucket names to evenly distribute chunks over. -# Overrides any buckets specified in s3.url flag -# CLI flag: -.storage.s3.buckets -[bucketnames: | default = ""] + # Cache location for restoring index files from storage for queries + # CLI flag: -boltdb.shipper.cache-location + [cache_location: | default = ""] -# S3 Endpoint to connect to. -# CLI flag: -.storage.s3.endpoint -[endpoint: | default = ""] + # TTL for index files restored in cache for queries + # CLI flag: -boltdb.shipper.cache-ttl + [cache_ttl: | default = 24h] -# AWS region to use. -# CLI flag: -.storage.s3.region -[region: | default = ""] + # Resync downloaded files with the storage + # CLI flag: -boltdb.shipper.resync-interval + [resync_interval: | default = 5m] -# AWS Access Key ID -# CLI flag: -.storage.s3.access-key-id -[access_key_id: | default = ""] + # Number of days of common index to be kept downloaded for queries. For per + # tenant index query readiness, use limits overrides config. + # CLI flag: -boltdb.shipper.query-ready-num-days + [query_ready_num_days: | default = 0] -# AWS Secret Access Key -# CLI flag: -.storage.s3.secret-access-key -[secret_access_key: | default = ""] + index_gateway_client: + # The grpc_client block configures the gRPC client used to communicate + # between a client and server component in Loki. + # The CLI flags prefix for this block configuration is: + # boltdb.shipper.index-gateway-client.grpc + [grpc_client_config: ] -# AWS Session Token -# CLI flag: -.storage.s3.session-token -[session_token: | default = ""] + # Hostname or IP of the Index Gateway gRPC server running in simple mode. + # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A + # record with multiple IP's, a DNS SRV record with a followup A record + # lookup, or a DNS SRV record without a followup A record lookup, + # respectively. + # CLI flag: -boltdb.shipper.index-gateway-client.server-address + [server_address: | default = ""] -# Disable https on s3 connection. -# CLI flag: -.storage.s3.insecure -[insecure: | default = false] + # Whether requests sent to the gateway should be logged or not. + # CLI flag: -boltdb.shipper.index-gateway-client.log-gateway-requests + [log_gateway_requests: | default = false] -http_config: - # Timeout specifies a time limit for requests made by s3 Client. - # CLI flag: -.storage.s3.http.timeout - [timeout: | default = 0s] + [ingestername: | default = ""] - # The maximum amount of time an idle connection will be held open. - # CLI flag: -.storage.s3.http.idle-conn-timeout - [idle_conn_timeout: | default = 1m30s] + [mode: | default = ""] - # If non-zero, specifies the amount of time to wait for a server's response - # headers after fully writing the request. - # CLI flag: -.storage.s3.http.response-header-timeout - [response_header_timeout: | default = 0s] + [ingesterdbretainperiod: ] - # Set to true to skip verifying the certificate chain and hostname. - # CLI flag: -.storage.s3.http.insecure-skip-verify - [insecure_skip_verify: | default = false] + # Build per tenant index files + # CLI flag: -boltdb.shipper.build-per-tenant-index + [build_per_tenant_index: | default = false] - # Path to the trusted CA file that signed the SSL certificate of the S3 - # endpoint. - # CLI flag: -.storage.s3.http.ca-file - [ca_file: | default = ""] +# Configures storing index in an Object Store +# (GCS/S3/Azure/Swift/COS/Filesystem) in a prometheus TSDB-like format. Required +# fields only required when TSDB is defined in config. +tsdb_shipper: + # Directory where ingesters would write index files which would then be + # uploaded by shipper to configured storage + # CLI flag: -tsdb.shipper.active-index-directory + [active_index_directory: | default = ""] -# The signature version to use for authenticating against S3. Supported values -# are: v4. -# CLI flag: -.storage.s3.signature-version -[signature_version: | default = "v4"] + # Cache location for restoring index files from storage for queries + # CLI flag: -tsdb.shipper.cache-location + [cache_location: | default = ""] -# The S3 storage class which objects will use. Supported values are: GLACIER, -# DEEP_ARCHIVE, GLACIER_IR, INTELLIGENT_TIERING, ONEZONE_IA, OUTPOSTS, -# REDUCED_REDUNDANCY, STANDARD, STANDARD_IA. -# CLI flag: -.storage.s3.storage-class -[storage_class: | default = "STANDARD"] + # TTL for index files restored in cache for queries + # CLI flag: -tsdb.shipper.cache-ttl + [cache_ttl: | default = 24h] -sse: - # Enable AWS Server Side Encryption. Supported values: SSE-KMS, SSE-S3. - # CLI flag: -.storage.s3.sse.type - [type: | default = ""] + # Resync downloaded files with the storage + # CLI flag: -tsdb.shipper.resync-interval + [resync_interval: | default = 5m] - # KMS Key ID used to encrypt objects in S3 - # CLI flag: -.storage.s3.sse.kms-key-id - [kms_key_id: | default = ""] + # Number of days of common index to be kept downloaded for queries. For per + # tenant index query readiness, use limits overrides config. + # CLI flag: -tsdb.shipper.query-ready-num-days + [query_ready_num_days: | default = 0] - # KMS Encryption Context used for object encryption. It expects JSON formatted - # string. - # CLI flag: -.storage.s3.sse.kms-encryption-context - [kms_encryption_context: | default = ""] + index_gateway_client: + # The grpc_client block configures the gRPC client used to communicate + # between a client and server component in Loki. + # The CLI flags prefix for this block configuration is: + # tsdb.shipper.index-gateway-client.grpc + [grpc_client_config: ] -# Configures back off when S3 get Object. -backoff_config: - # Minimum backoff time when s3 get Object - # CLI flag: -.storage.s3.min-backoff - [min_period: | default = 100ms] + # Hostname or IP of the Index Gateway gRPC server running in simple mode. + # Can also be prefixed with dns+, dnssrv+, or dnssrvnoa+ to resolve a DNS A + # record with multiple IP's, a DNS SRV record with a followup A record + # lookup, or a DNS SRV record without a followup A record lookup, + # respectively. + # CLI flag: -tsdb.shipper.index-gateway-client.server-address + [server_address: | default = ""] - # Maximum backoff time when s3 get Object - # CLI flag: -.storage.s3.max-backoff - [max_period: | default = 3s] + # Whether requests sent to the gateway should be logged or not. + # CLI flag: -tsdb.shipper.index-gateway-client.log-gateway-requests + [log_gateway_requests: | default = false] - # Maximum number of times to retry when s3 get Object - # CLI flag: -.storage.s3.max-retries - [max_retries: | default = 5] -``` + [ingestername: | default = ""] -### bos_storage_config + [mode: | default = ""] -The `bos_storage_config` block configures the connection to Baidu Object Storage (BOS) object storage backend. The supported CLI flags `` used to reference this configuration block are: + [ingesterdbretainperiod: ] -- `common.storage` -- `ruler.storage` +# Experimental: Configures the bloom shipper component, which contains the store +# abstraction to fetch bloom filters from and put them to object storage. +bloom_shipper: + # Working directory to store downloaded bloom blocks. Supports multiple + # directories, separated by comma. + # CLI flag: -bloom.shipper.working-directory + [working_directory: | default = "/data/blooms"] -  + # Maximum size of bloom pages that should be queried. Larger pages than this + # limit are skipped when querying blooms to limit memory usage. + # CLI flag: -bloom.max-query-page-size + [max_query_page_size: | default = 64MiB] -```yaml -# Name of BOS bucket. -# CLI flag: -.bos.bucket-name -[bucket_name: | default = ""] + # The amount of maximum concurrent bloom blocks downloads. Usually set to 2x + # number of CPU cores. + # CLI flag: -bloom.download-parallelism + [download_parallelism: | default = 8] + + blocks_cache: + # Cache for bloom blocks. Soft limit of the cache in bytes. Exceeding this + # limit will trigger evictions of least recently used items in the + # background. + # CLI flag: -bloom.blocks-cache.soft-limit + [soft_limit: | default = 32GiB] -# BOS endpoint to connect to. -# CLI flag: -.bos.endpoint -[endpoint: | default = "bj.bcebos.com"] + # Cache for bloom blocks. Hard limit of the cache in bytes. Exceeding this + # limit will block execution until soft limit is deceeded. + # CLI flag: -bloom.blocks-cache.hard-limit + [hard_limit: | default = 64GiB] -# Baidu Cloud Engine (BCE) Access Key ID. -# CLI flag: -.bos.access-key-id -[access_key_id: | default = ""] + # Cache for bloom blocks. The time to live for items in the cache before + # they get purged. + # CLI flag: -bloom.blocks-cache.ttl + [ttl: | default = 24h] -# Baidu Cloud Engine (BCE) Secret Access Key. -# CLI flag: -.bos.secret-access-key -[secret_access_key: | default = ""] + # The cache_config block configures the cache backend for a specific Loki + # component. + # The CLI flags prefix for this block configuration is: bloom.metas-cache + [metas_cache: ] ``` ### swift_storage_config @@ -5619,157 +5349,427 @@ The `swift_storage_config` block configures the connection to OpenStack Object S # CLI flag: -.swift.max-retries [max_retries: | default = 3] -# Time after which a connection attempt is aborted. -# CLI flag: -.swift.connect-timeout -[connect_timeout: | default = 10s] +# Time after which a connection attempt is aborted. +# CLI flag: -.swift.connect-timeout +[connect_timeout: | default = 10s] + +# Time after which an idle request is aborted. The timeout watchdog is reset +# each time some data is received, so the timeout triggers after X time no data +# is received on a request. +# CLI flag: -.swift.request-timeout +[request_timeout: | default = 5s] +``` + +### table_manager + +The `table_manager` block configures the table manager for retention. + +```yaml +# If true, disable all changes to DB capacity +# CLI flag: -table-manager.throughput-updates-disabled +[throughput_updates_disabled: | default = false] + +# If true, enables retention deletes of DB tables +# CLI flag: -table-manager.retention-deletes-enabled +[retention_deletes_enabled: | default = false] + +# Tables older than this retention period are deleted. Must be either 0 +# (disabled) or a multiple of 24h. When enabled, be aware this setting is +# destructive to data! +# CLI flag: -table-manager.retention-period +[retention_period: | default = 0s] + +# How frequently to poll backend to learn our capacity. +# CLI flag: -table-manager.poll-interval +[poll_interval: | default = 2m] + +# Periodic tables grace period (duration which table will be created/deleted +# before/after it's needed). +# CLI flag: -table-manager.periodic-table.grace-period +[creation_grace_period: | default = 10m] + +index_tables_provisioning: + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.index-table.enable-ondemand-throughput-mode + [enable_ondemand_throughput_mode: | default = false] + + # Table default write throughput. Supported by DynamoDB + # CLI flag: -table-manager.index-table.write-throughput + [provisioned_write_throughput: | default = 1000] + + # Table default read throughput. Supported by DynamoDB + # CLI flag: -table-manager.index-table.read-throughput + [provisioned_read_throughput: | default = 300] + + write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.write-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.write-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.write-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.write-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.write-throughput.scale.target-value + [target: | default = 80] + + read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.read-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.read-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.read-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.read-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.read-throughput.scale.target-value + [target: | default = 80] + + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.index-table.inactive-enable-ondemand-throughput-mode + [enable_inactive_throughput_on_demand_mode: | default = false] + + # Table write throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.index-table.inactive-write-throughput + [inactive_write_throughput: | default = 1] + + # Table read throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.index-table.inactive-read-throughput + [inactive_read_throughput: | default = 300] + + inactive_write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale.target-value + [target: | default = 80] + + inactive_read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale.target-value + [target: | default = 80] + + # Number of last inactive tables to enable write autoscale. + # CLI flag: -table-manager.index-table.inactive-write-throughput.scale-last-n + [inactive_write_scale_lastn: | default = 4] + + # Number of last inactive tables to enable read autoscale. + # CLI flag: -table-manager.index-table.inactive-read-throughput.scale-last-n + [inactive_read_scale_lastn: | default = 4] + +chunk_tables_provisioning: + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.chunk-table.enable-ondemand-throughput-mode + [enable_ondemand_throughput_mode: | default = false] + + # Table default write throughput. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.write-throughput + [provisioned_write_throughput: | default = 1000] + + # Table default read throughput. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.read-throughput + [provisioned_read_throughput: | default = 300] + + write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.enabled + [enabled: | default = false] + + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.write-throughput.scale.role-arn + [role_arn: | default = ""] + + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.min-capacity + [min_capacity: | default = 3000] + + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.max-capacity + [max_capacity: | default = 6000] + + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] + + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] + + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.write-throughput.scale.target-value + [target: | default = 80] + + read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.enabled + [enabled: | default = false] -# Time after which an idle request is aborted. The timeout watchdog is reset -# each time some data is received, so the timeout triggers after X time no data -# is received on a request. -# CLI flag: -.swift.request-timeout -[request_timeout: | default = 5s] -``` + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.read-throughput.scale.role-arn + [role_arn: | default = ""] -### cos_storage_config + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.min-capacity + [min_capacity: | default = 3000] -The `cos_storage_config` block configures the connection to IBM Cloud Object Storage (COS) backend. The supported CLI flags `` used to reference this configuration block are: + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.max-capacity + [max_capacity: | default = 6000] -- `common.storage` -- `ruler.storage` + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] -  + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] -```yaml -# Set this to `true` to force the request to use path-style addressing. -# CLI flag: -.cos.force-path-style -[forcepathstyle: | default = false] + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.read-throughput.scale.target-value + [target: | default = 80] -# Comma separated list of bucket names to evenly distribute chunks over. -# CLI flag: -.cos.buckets -[bucketnames: | default = ""] + # Enables on demand throughput provisioning for the storage provider (if + # supported). Applies only to tables which are not autoscaled. Supported by + # DynamoDB + # CLI flag: -table-manager.chunk-table.inactive-enable-ondemand-throughput-mode + [enable_inactive_throughput_on_demand_mode: | default = false] -# COS Endpoint to connect to. -# CLI flag: -.cos.endpoint -[endpoint: | default = ""] + # Table write throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.inactive-write-throughput + [inactive_write_throughput: | default = 1] -# COS region to use. -# CLI flag: -.cos.region -[region: | default = ""] + # Table read throughput for inactive tables. Supported by DynamoDB + # CLI flag: -table-manager.chunk-table.inactive-read-throughput + [inactive_read_throughput: | default = 300] -# COS HMAC Access Key ID. -# CLI flag: -.cos.access-key-id -[access_key_id: | default = ""] + inactive_write_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.enabled + [enabled: | default = false] -# COS HMAC Secret Access Key. -# CLI flag: -.cos.secret-access-key -[secret_access_key: | default = ""] + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.role-arn + [role_arn: | default = ""] -http_config: - # The maximum amount of time an idle connection will be held open. - # CLI flag: -.cos.http.idle-conn-timeout - [idle_conn_timeout: | default = 1m30s] + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.min-capacity + [min_capacity: | default = 3000] - # If non-zero, specifies the amount of time to wait for a server's response - # headers after fully writing the request. - # CLI flag: -.cos.http.response-header-timeout - [response_header_timeout: | default = 0s] + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.max-capacity + [max_capacity: | default = 6000] -# Configures back off when cos get Object. -backoff_config: - # Minimum backoff time when cos get Object. - # CLI flag: -.cos.min-backoff - [min_period: | default = 100ms] + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] - # Maximum backoff time when cos get Object. - # CLI flag: -.cos.max-backoff - [max_period: | default = 3s] + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] - # Maximum number of times to retry when cos get Object. - # CLI flag: -.cos.max-retries - [max_retries: | default = 5] + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale.target-value + [target: | default = 80] -# IAM API key to access COS. -# CLI flag: -.cos.api-key -[api_key: | default = ""] + inactive_read_scale: + # Should we enable autoscale for the table. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.enabled + [enabled: | default = false] -# COS service instance id to use. -# CLI flag: -.cos.service-instance-id -[service_instance_id: | default = ""] + # AWS AutoScaling role ARN + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.role-arn + [role_arn: | default = ""] -# IAM Auth Endpoint for authentication. -# CLI flag: -.cos.auth-endpoint -[auth_endpoint: | default = "https://iam.cloud.ibm.com/identity/token"] + # DynamoDB minimum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.min-capacity + [min_capacity: | default = 3000] -# Compute resource token file path. -# CLI flag: -.cos.cr-token-file-path -[cr_token_file_path: | default = ""] + # DynamoDB maximum provision capacity. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.max-capacity + [max_capacity: | default = 6000] -# Name of the trusted profile. -# CLI flag: -.cos.trusted-profile-name -[trusted_profile_name: | default = ""] + # DynamoDB minimum seconds between each autoscale up. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.out-cooldown + [out_cooldown: | default = 1800] -# ID of the trusted profile. -# CLI flag: -.cos.trusted-profile-id -[trusted_profile_id: | default = ""] -``` + # DynamoDB minimum seconds between each autoscale down. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.in-cooldown + [in_cooldown: | default = 1800] -### local_storage_config + # DynamoDB target ratio of consumed capacity to provisioned capacity. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale.target-value + [target: | default = 80] -The `local_storage_config` block configures the usage of local file system as object storage backend. + # Number of last inactive tables to enable write autoscale. + # CLI flag: -table-manager.chunk-table.inactive-write-throughput.scale-last-n + [inactive_write_scale_lastn: | default = 4] -```yaml -# Directory to store chunks in. -# CLI flag: -local.chunk-directory -[directory: | default = ""] + # Number of last inactive tables to enable read autoscale. + # CLI flag: -table-manager.chunk-table.inactive-read-throughput.scale-last-n + [inactive_read_scale_lastn: | default = 4] ``` -### named_stores_config +### tls_config -Configures additional object stores for a given storage provider. -Supported stores: aws, azure, bos, filesystem, gcs, swift. -Example: -storage_config: - named_stores: - aws: - store-1: - endpoint: s3://foo-bucket - region: us-west1 -Named store from this example can be used by setting object_store to store-1 in period_config. +The TLS configuration. ```yaml -[aws: ] - -[azure: ] +# Path to the client certificate, which will be used for authenticating with the +# server. Also requires the key path to be configured. +# CLI flag: -frontend.tail-tls-config.tls-cert-path +[tls_cert_path: | default = ""] -[bos: ] +# Path to the key for the client certificate. Also requires the client +# certificate to be configured. +# CLI flag: -frontend.tail-tls-config.tls-key-path +[tls_key_path: | default = ""] -[filesystem: ] +# Path to the CA certificates to validate server certificate against. If not +# set, the host's root CA certificates are used. +# CLI flag: -frontend.tail-tls-config.tls-ca-path +[tls_ca_path: | default = ""] -[gcs: ] +# Override the expected name on the server certificate. +# CLI flag: -frontend.tail-tls-config.tls-server-name +[tls_server_name: | default = ""] -[alibabacloud: ] +# Skip validating server certificate. +# CLI flag: -frontend.tail-tls-config.tls-insecure-skip-verify +[tls_insecure_skip_verify: | default = false] -[swift: ] +# Override the default cipher suite list (separated by commas). Allowed values: +# +# Secure Ciphers: +# - TLS_AES_128_GCM_SHA256 +# - TLS_AES_256_GCM_SHA384 +# - TLS_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +# - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# +# Insecure Ciphers: +# - TLS_RSA_WITH_RC4_128_SHA +# - TLS_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA +# - TLS_RSA_WITH_AES_256_CBC_SHA +# - TLS_RSA_WITH_AES_128_CBC_SHA256 +# - TLS_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_RC4_128_SHA +# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA +# - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# CLI flag: -frontend.tail-tls-config.tls-cipher-suites +[tls_cipher_suites: | default = ""] -[cos: ] +# Override the default minimum TLS version. Allowed values: VersionTLS10, +# VersionTLS11, VersionTLS12, VersionTLS13 +# CLI flag: -frontend.tail-tls-config.tls-min-version +[tls_min_version: | default = ""] ``` -### attributes_config +### tracing -Define actions for matching OpenTelemetry (OTEL) attributes. +Configuration for `tracing`. ```yaml -# Configures action to take on matching attributes. It allows one of -# [structured_metadata, drop] for all attribute types. It additionally allows -# index_label action for resource attributes -[action: | default = ""] - -# List of attributes to configure how to store them or drop them altogether -[attributes: ] - -# Regex to choose attributes to configure how to store them or drop them -# altogether -[regex: ] +# Set to false to disable tracing. +# CLI flag: -tracing.enabled +[enabled: | default = true] ``` ## Runtime Configuration file diff --git a/loki-build-image/Dockerfile b/loki-build-image/Dockerfile index a8d8e7996056..42c52c18d625 100644 --- a/loki-build-image/Dockerfile +++ b/loki-build-image/Dockerfile @@ -6,7 +6,7 @@ # on how to publish a new build image. # Install helm (https://helm.sh/) and helm-docs (https://github.com/norwoodj/helm-docs) for generating Helm Chart reference. -FROM golang:1.21.9-bullseye as helm +FROM golang:1.22.2-bookworm as helm ARG TARGETARCH ARG HELM_VER="v3.2.3" RUN curl -L "https://get.helm.sh/helm-${HELM_VER}-linux-$TARGETARCH.tar.gz" | tar zx && \ @@ -27,7 +27,7 @@ RUN apk add --no-cache curl && \ FROM alpine:3.18.6 as golangci RUN apk add --no-cache curl && \ cd / && \ - curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2 + curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.1 FROM alpine:3.18.6 as buf ARG TARGETOS @@ -38,7 +38,7 @@ RUN apk add --no-cache curl && \ FROM alpine:3.18.6 as docker RUN apk add --no-cache docker-cli docker-cli-buildx -FROM golang:1.21.9-bullseye as drone +FROM golang:1.22.2-bookworm as drone ARG TARGETARCH RUN curl -L "https://github.com/drone/drone-cli/releases/download/v1.7.0/drone_linux_$TARGETARCH".tar.gz | tar zx && \ install -t /usr/local/bin drone @@ -48,35 +48,35 @@ RUN curl -L "https://github.com/drone/drone-cli/releases/download/v1.7.0/drone_l # Error: # github.com/fatih/faillint@v1.5.0 requires golang.org/x/tools@v0.0.0-20200207224406-61798d64f025 # (not golang.org/x/tools@v0.0.0-20190918214920-58d531046acd from golang.org/x/tools/cmd/goyacc@58d531046acdc757f177387bc1725bfa79895d69) -FROM golang:1.21.9-bullseye as faillint -RUN GO111MODULE=on go install github.com/fatih/faillint@v1.11.0 +FROM golang:1.22.2-bookworm as faillint +RUN GO111MODULE=on go install github.com/fatih/faillint@v1.12.0 RUN GO111MODULE=on go install golang.org/x/tools/cmd/goimports@v0.7.0 -FROM golang:1.21.9-bullseye as delve +FROM golang:1.22.2-bookworm as delve RUN GO111MODULE=on go install github.com/go-delve/delve/cmd/dlv@latest # Install ghr used to push binaries and template the release # This collides with the version of go tools used in the base image, thus we install it in its own image and copy it over. -FROM golang:1.21.9-bullseye as ghr +FROM golang:1.22.2-bookworm as ghr RUN GO111MODULE=on go install github.com/tcnksm/ghr@9349474 # Install nfpm (https://nfpm.goreleaser.com) for creating .deb and .rpm packages. -FROM golang:1.21.9-bullseye as nfpm +FROM golang:1.22.2-bookworm as nfpm RUN GO111MODULE=on go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.11.3 # Install gotestsum -FROM golang:1.21.9-bullseye as gotestsum +FROM golang:1.22.2-bookworm as gotestsum RUN GO111MODULE=on go install gotest.tools/gotestsum@v1.8.2 # Install tools used to compile jsonnet. -FROM golang:1.21.9-bullseye as jsonnet -RUN GO111MODULE=on go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@v0.4.0 -RUN GO111MODULE=on go install github.com/monitoring-mixins/mixtool/cmd/mixtool@bca3066 -RUN GO111MODULE=on go install github.com/google/go-jsonnet/cmd/jsonnet@v0.18.0 +FROM golang:1.22.2-bookworm as jsonnet +RUN GO111MODULE=on go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@v0.5.1 +RUN GO111MODULE=on go install github.com/monitoring-mixins/mixtool/cmd/mixtool@16dc166166d91e93475b86b9355a4faed2400c18 +RUN GO111MODULE=on go install github.com/google/go-jsonnet/cmd/jsonnet@v0.20.0 FROM aquasec/trivy as trivy -FROM golang:1.21.9-bullseye +FROM golang:1.22.2-bookworm RUN apt-get update && \ apt-get install -qy \ musl gnupg ragel \ diff --git a/pkg/querier/queryrange/queryrangebase/queryrange.pb.go b/pkg/querier/queryrange/queryrangebase/queryrange.pb.go index 2b1f7b951903..f376455df4c2 100644 --- a/pkg/querier/queryrange/queryrangebase/queryrange.pb.go +++ b/pkg/querier/queryrange/queryrangebase/queryrange.pb.go @@ -9,11 +9,11 @@ import ( proto "github.com/gogo/protobuf/proto" _ "github.com/gogo/protobuf/types" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" - _ "github.com/golang/protobuf/ptypes/duration" github_com_grafana_loki_v3_pkg_logproto "github.com/grafana/loki/v3/pkg/logproto" logproto "github.com/grafana/loki/v3/pkg/logproto" definitions "github.com/grafana/loki/v3/pkg/querier/queryrange/queryrangebase/definitions" resultscache "github.com/grafana/loki/v3/pkg/storage/chunk/cache/resultscache" + _ "google.golang.org/protobuf/types/known/durationpb" io "io" math "math" math_bits "math/bits" @@ -1022,7 +1022,7 @@ func (this *PrometheusRequest) String() string { `Start:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Start), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, `End:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.End), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, `Step:` + fmt.Sprintf("%v", this.Step) + `,`, - `Timeout:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Timeout), "Duration", "duration.Duration", 1), `&`, ``, 1) + `,`, + `Timeout:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Timeout), "Duration", "durationpb.Duration", 1), `&`, ``, 1) + `,`, `Query:` + fmt.Sprintf("%v", this.Query) + `,`, `CachingOptions:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CachingOptions), "CachingOptions", "resultscache.CachingOptions", 1), `&`, ``, 1) + `,`, `Headers:` + repeatedStringForHeaders + `,`, diff --git a/pkg/querier/stats/stats.pb.go b/pkg/querier/stats/stats.pb.go index bae01dd0eeed..f4d7e4cc1d27 100644 --- a/pkg/querier/stats/stats.pb.go +++ b/pkg/querier/stats/stats.pb.go @@ -8,7 +8,7 @@ import ( _ "github.com/gogo/protobuf/gogoproto" proto "github.com/gogo/protobuf/proto" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" - _ "github.com/golang/protobuf/ptypes/duration" + _ "google.golang.org/protobuf/types/known/durationpb" io "io" math "math" math_bits "math/bits" @@ -251,7 +251,7 @@ func (this *Stats) String() string { return "nil" } s := strings.Join([]string{`&Stats{`, - `WallTime:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.WallTime), "Duration", "duration.Duration", 1), `&`, ``, 1) + `,`, + `WallTime:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.WallTime), "Duration", "durationpb.Duration", 1), `&`, ``, 1) + `,`, `FetchedSeriesCount:` + fmt.Sprintf("%v", this.FetchedSeriesCount) + `,`, `FetchedChunkBytes:` + fmt.Sprintf("%v", this.FetchedChunkBytes) + `,`, `}`, diff --git a/pkg/ruler/base/ruler.pb.go b/pkg/ruler/base/ruler.pb.go index 5b3b1f1b4d5d..81ef01420b28 100644 --- a/pkg/ruler/base/ruler.pb.go +++ b/pkg/ruler/base/ruler.pb.go @@ -11,13 +11,13 @@ import ( proto "github.com/gogo/protobuf/proto" _ "github.com/gogo/protobuf/types" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" - _ "github.com/golang/protobuf/ptypes/duration" _ "github.com/grafana/loki/v3/pkg/logproto" github_com_grafana_loki_v3_pkg_logproto "github.com/grafana/loki/v3/pkg/logproto" rulespb "github.com/grafana/loki/v3/pkg/ruler/rulespb" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" + _ "google.golang.org/protobuf/types/known/durationpb" io "io" math "math" math_bits "math/bits" @@ -1433,7 +1433,7 @@ func (this *GroupStateDesc) String() string { `Group:` + strings.Replace(fmt.Sprintf("%v", this.Group), "RuleGroupDesc", "rulespb.RuleGroupDesc", 1) + `,`, `ActiveRules:` + repeatedStringForActiveRules + `,`, `EvaluationTimestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.EvaluationTimestamp), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, - `EvaluationDuration:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.EvaluationDuration), "Duration", "duration.Duration", 1), `&`, ``, 1) + `,`, + `EvaluationDuration:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.EvaluationDuration), "Duration", "durationpb.Duration", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -1454,7 +1454,7 @@ func (this *RuleStateDesc) String() string { `LastError:` + fmt.Sprintf("%v", this.LastError) + `,`, `Alerts:` + repeatedStringForAlerts + `,`, `EvaluationTimestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.EvaluationTimestamp), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, - `EvaluationDuration:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.EvaluationDuration), "Duration", "duration.Duration", 1), `&`, ``, 1) + `,`, + `EvaluationDuration:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.EvaluationDuration), "Duration", "durationpb.Duration", 1), `&`, ``, 1) + `,`, `}`, }, "") return s diff --git a/pkg/ruler/rulespb/rules.pb.go b/pkg/ruler/rulespb/rules.pb.go index 91afa25a655e..3765e9dd88a7 100644 --- a/pkg/ruler/rulespb/rules.pb.go +++ b/pkg/ruler/rulespb/rules.pb.go @@ -9,9 +9,9 @@ import ( proto "github.com/gogo/protobuf/proto" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" types "github.com/gogo/protobuf/types" - _ "github.com/golang/protobuf/ptypes/duration" _ "github.com/grafana/loki/v3/pkg/logproto" github_com_grafana_loki_v3_pkg_logproto "github.com/grafana/loki/v3/pkg/logproto" + _ "google.golang.org/protobuf/types/known/durationpb" io "io" math "math" math_bits "math/bits" @@ -657,7 +657,7 @@ func (this *RuleGroupDesc) String() string { s := strings.Join([]string{`&RuleGroupDesc{`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, - `Interval:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Interval), "Duration", "duration.Duration", 1), `&`, ``, 1) + `,`, + `Interval:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Interval), "Duration", "durationpb.Duration", 1), `&`, ``, 1) + `,`, `Rules:` + repeatedStringForRules + `,`, `User:` + fmt.Sprintf("%v", this.User) + `,`, `Options:` + repeatedStringForOptions + `,`, @@ -674,7 +674,7 @@ func (this *RuleDesc) String() string { `Expr:` + fmt.Sprintf("%v", this.Expr) + `,`, `Record:` + fmt.Sprintf("%v", this.Record) + `,`, `Alert:` + fmt.Sprintf("%v", this.Alert) + `,`, - `For:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.For), "Duration", "duration.Duration", 1), `&`, ``, 1) + `,`, + `For:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.For), "Duration", "durationpb.Duration", 1), `&`, ``, 1) + `,`, `Labels:` + fmt.Sprintf("%v", this.Labels) + `,`, `Annotations:` + fmt.Sprintf("%v", this.Annotations) + `,`, `}`, diff --git a/pkg/storage/chunk/client/grpc/grpc.pb.go b/pkg/storage/chunk/client/grpc/grpc.pb.go index d76002adfc38..6468535c2ab1 100644 --- a/pkg/storage/chunk/client/grpc/grpc.pb.go +++ b/pkg/storage/chunk/client/grpc/grpc.pb.go @@ -9,10 +9,10 @@ import ( fmt "fmt" proto "github.com/gogo/protobuf/proto" github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" - empty "github.com/golang/protobuf/ptypes/empty" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" + emptypb "google.golang.org/protobuf/types/known/emptypb" io "io" math "math" math_bits "math/bits" @@ -1998,30 +1998,30 @@ const _ = grpc.SupportPackageIsVersion4 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. type GrpcStoreClient interface { // / WriteIndex writes batch of indexes to the index tables. - WriteIndex(ctx context.Context, in *WriteIndexRequest, opts ...grpc.CallOption) (*empty.Empty, error) + WriteIndex(ctx context.Context, in *WriteIndexRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) // / QueryIndex reads the indexes required for given query & sends back the batch of rows // / in rpc streams QueryIndex(ctx context.Context, in *QueryIndexRequest, opts ...grpc.CallOption) (GrpcStore_QueryIndexClient, error) // / DeleteIndex deletes the batch of index entries from the index tables - DeleteIndex(ctx context.Context, in *DeleteIndexRequest, opts ...grpc.CallOption) (*empty.Empty, error) + DeleteIndex(ctx context.Context, in *DeleteIndexRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) // / PutChunks saves the batch of chunks into the chunk tables. - PutChunks(ctx context.Context, in *PutChunksRequest, opts ...grpc.CallOption) (*empty.Empty, error) + PutChunks(ctx context.Context, in *PutChunksRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) // / GetChunks requests for batch of chunks and the batch of chunks are sent back in rpc streams // / batching needs to be performed at server level as per requirement instead of sending single chunk per stream. // / In GetChunks rpc request send buf as nil GetChunks(ctx context.Context, in *GetChunksRequest, opts ...grpc.CallOption) (GrpcStore_GetChunksClient, error) // / DeleteChunks deletes the chunks based on chunkID. - DeleteChunks(ctx context.Context, in *ChunkID, opts ...grpc.CallOption) (*empty.Empty, error) + DeleteChunks(ctx context.Context, in *ChunkID, opts ...grpc.CallOption) (*emptypb.Empty, error) // / Lists all the tables that exists in the database. - ListTables(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*ListTablesResponse, error) + ListTables(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*ListTablesResponse, error) // / Creates a table with provided name & attributes. - CreateTable(ctx context.Context, in *CreateTableRequest, opts ...grpc.CallOption) (*empty.Empty, error) + CreateTable(ctx context.Context, in *CreateTableRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) // Deletes a table using table name provided. - DeleteTable(ctx context.Context, in *DeleteTableRequest, opts ...grpc.CallOption) (*empty.Empty, error) + DeleteTable(ctx context.Context, in *DeleteTableRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) // Describes a table information for the provided table. DescribeTable(ctx context.Context, in *DescribeTableRequest, opts ...grpc.CallOption) (*DescribeTableResponse, error) // Update a table with newly provided table information. - UpdateTable(ctx context.Context, in *UpdateTableRequest, opts ...grpc.CallOption) (*empty.Empty, error) + UpdateTable(ctx context.Context, in *UpdateTableRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) } type grpcStoreClient struct { @@ -2032,8 +2032,8 @@ func NewGrpcStoreClient(cc *grpc.ClientConn) GrpcStoreClient { return &grpcStoreClient{cc} } -func (c *grpcStoreClient) WriteIndex(ctx context.Context, in *WriteIndexRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) +func (c *grpcStoreClient) WriteIndex(ctx context.Context, in *WriteIndexRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) err := c.cc.Invoke(ctx, "/grpc.grpc_store/WriteIndex", in, out, opts...) if err != nil { return nil, err @@ -2073,8 +2073,8 @@ func (x *grpcStoreQueryIndexClient) Recv() (*QueryIndexResponse, error) { return m, nil } -func (c *grpcStoreClient) DeleteIndex(ctx context.Context, in *DeleteIndexRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) +func (c *grpcStoreClient) DeleteIndex(ctx context.Context, in *DeleteIndexRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) err := c.cc.Invoke(ctx, "/grpc.grpc_store/DeleteIndex", in, out, opts...) if err != nil { return nil, err @@ -2082,8 +2082,8 @@ func (c *grpcStoreClient) DeleteIndex(ctx context.Context, in *DeleteIndexReques return out, nil } -func (c *grpcStoreClient) PutChunks(ctx context.Context, in *PutChunksRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) +func (c *grpcStoreClient) PutChunks(ctx context.Context, in *PutChunksRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) err := c.cc.Invoke(ctx, "/grpc.grpc_store/PutChunks", in, out, opts...) if err != nil { return nil, err @@ -2123,8 +2123,8 @@ func (x *grpcStoreGetChunksClient) Recv() (*GetChunksResponse, error) { return m, nil } -func (c *grpcStoreClient) DeleteChunks(ctx context.Context, in *ChunkID, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) +func (c *grpcStoreClient) DeleteChunks(ctx context.Context, in *ChunkID, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) err := c.cc.Invoke(ctx, "/grpc.grpc_store/DeleteChunks", in, out, opts...) if err != nil { return nil, err @@ -2132,7 +2132,7 @@ func (c *grpcStoreClient) DeleteChunks(ctx context.Context, in *ChunkID, opts .. return out, nil } -func (c *grpcStoreClient) ListTables(ctx context.Context, in *empty.Empty, opts ...grpc.CallOption) (*ListTablesResponse, error) { +func (c *grpcStoreClient) ListTables(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*ListTablesResponse, error) { out := new(ListTablesResponse) err := c.cc.Invoke(ctx, "/grpc.grpc_store/ListTables", in, out, opts...) if err != nil { @@ -2141,8 +2141,8 @@ func (c *grpcStoreClient) ListTables(ctx context.Context, in *empty.Empty, opts return out, nil } -func (c *grpcStoreClient) CreateTable(ctx context.Context, in *CreateTableRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) +func (c *grpcStoreClient) CreateTable(ctx context.Context, in *CreateTableRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) err := c.cc.Invoke(ctx, "/grpc.grpc_store/CreateTable", in, out, opts...) if err != nil { return nil, err @@ -2150,8 +2150,8 @@ func (c *grpcStoreClient) CreateTable(ctx context.Context, in *CreateTableReques return out, nil } -func (c *grpcStoreClient) DeleteTable(ctx context.Context, in *DeleteTableRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) +func (c *grpcStoreClient) DeleteTable(ctx context.Context, in *DeleteTableRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) err := c.cc.Invoke(ctx, "/grpc.grpc_store/DeleteTable", in, out, opts...) if err != nil { return nil, err @@ -2168,8 +2168,8 @@ func (c *grpcStoreClient) DescribeTable(ctx context.Context, in *DescribeTableRe return out, nil } -func (c *grpcStoreClient) UpdateTable(ctx context.Context, in *UpdateTableRequest, opts ...grpc.CallOption) (*empty.Empty, error) { - out := new(empty.Empty) +func (c *grpcStoreClient) UpdateTable(ctx context.Context, in *UpdateTableRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + out := new(emptypb.Empty) err := c.cc.Invoke(ctx, "/grpc.grpc_store/UpdateTable", in, out, opts...) if err != nil { return nil, err @@ -2180,67 +2180,67 @@ func (c *grpcStoreClient) UpdateTable(ctx context.Context, in *UpdateTableReques // GrpcStoreServer is the server API for GrpcStore service. type GrpcStoreServer interface { // / WriteIndex writes batch of indexes to the index tables. - WriteIndex(context.Context, *WriteIndexRequest) (*empty.Empty, error) + WriteIndex(context.Context, *WriteIndexRequest) (*emptypb.Empty, error) // / QueryIndex reads the indexes required for given query & sends back the batch of rows // / in rpc streams QueryIndex(*QueryIndexRequest, GrpcStore_QueryIndexServer) error // / DeleteIndex deletes the batch of index entries from the index tables - DeleteIndex(context.Context, *DeleteIndexRequest) (*empty.Empty, error) + DeleteIndex(context.Context, *DeleteIndexRequest) (*emptypb.Empty, error) // / PutChunks saves the batch of chunks into the chunk tables. - PutChunks(context.Context, *PutChunksRequest) (*empty.Empty, error) + PutChunks(context.Context, *PutChunksRequest) (*emptypb.Empty, error) // / GetChunks requests for batch of chunks and the batch of chunks are sent back in rpc streams // / batching needs to be performed at server level as per requirement instead of sending single chunk per stream. // / In GetChunks rpc request send buf as nil GetChunks(*GetChunksRequest, GrpcStore_GetChunksServer) error // / DeleteChunks deletes the chunks based on chunkID. - DeleteChunks(context.Context, *ChunkID) (*empty.Empty, error) + DeleteChunks(context.Context, *ChunkID) (*emptypb.Empty, error) // / Lists all the tables that exists in the database. - ListTables(context.Context, *empty.Empty) (*ListTablesResponse, error) + ListTables(context.Context, *emptypb.Empty) (*ListTablesResponse, error) // / Creates a table with provided name & attributes. - CreateTable(context.Context, *CreateTableRequest) (*empty.Empty, error) + CreateTable(context.Context, *CreateTableRequest) (*emptypb.Empty, error) // Deletes a table using table name provided. - DeleteTable(context.Context, *DeleteTableRequest) (*empty.Empty, error) + DeleteTable(context.Context, *DeleteTableRequest) (*emptypb.Empty, error) // Describes a table information for the provided table. DescribeTable(context.Context, *DescribeTableRequest) (*DescribeTableResponse, error) // Update a table with newly provided table information. - UpdateTable(context.Context, *UpdateTableRequest) (*empty.Empty, error) + UpdateTable(context.Context, *UpdateTableRequest) (*emptypb.Empty, error) } // UnimplementedGrpcStoreServer can be embedded to have forward compatible implementations. type UnimplementedGrpcStoreServer struct { } -func (*UnimplementedGrpcStoreServer) WriteIndex(ctx context.Context, req *WriteIndexRequest) (*empty.Empty, error) { +func (*UnimplementedGrpcStoreServer) WriteIndex(ctx context.Context, req *WriteIndexRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method WriteIndex not implemented") } func (*UnimplementedGrpcStoreServer) QueryIndex(req *QueryIndexRequest, srv GrpcStore_QueryIndexServer) error { return status.Errorf(codes.Unimplemented, "method QueryIndex not implemented") } -func (*UnimplementedGrpcStoreServer) DeleteIndex(ctx context.Context, req *DeleteIndexRequest) (*empty.Empty, error) { +func (*UnimplementedGrpcStoreServer) DeleteIndex(ctx context.Context, req *DeleteIndexRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method DeleteIndex not implemented") } -func (*UnimplementedGrpcStoreServer) PutChunks(ctx context.Context, req *PutChunksRequest) (*empty.Empty, error) { +func (*UnimplementedGrpcStoreServer) PutChunks(ctx context.Context, req *PutChunksRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method PutChunks not implemented") } func (*UnimplementedGrpcStoreServer) GetChunks(req *GetChunksRequest, srv GrpcStore_GetChunksServer) error { return status.Errorf(codes.Unimplemented, "method GetChunks not implemented") } -func (*UnimplementedGrpcStoreServer) DeleteChunks(ctx context.Context, req *ChunkID) (*empty.Empty, error) { +func (*UnimplementedGrpcStoreServer) DeleteChunks(ctx context.Context, req *ChunkID) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method DeleteChunks not implemented") } -func (*UnimplementedGrpcStoreServer) ListTables(ctx context.Context, req *empty.Empty) (*ListTablesResponse, error) { +func (*UnimplementedGrpcStoreServer) ListTables(ctx context.Context, req *emptypb.Empty) (*ListTablesResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ListTables not implemented") } -func (*UnimplementedGrpcStoreServer) CreateTable(ctx context.Context, req *CreateTableRequest) (*empty.Empty, error) { +func (*UnimplementedGrpcStoreServer) CreateTable(ctx context.Context, req *CreateTableRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method CreateTable not implemented") } -func (*UnimplementedGrpcStoreServer) DeleteTable(ctx context.Context, req *DeleteTableRequest) (*empty.Empty, error) { +func (*UnimplementedGrpcStoreServer) DeleteTable(ctx context.Context, req *DeleteTableRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method DeleteTable not implemented") } func (*UnimplementedGrpcStoreServer) DescribeTable(ctx context.Context, req *DescribeTableRequest) (*DescribeTableResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method DescribeTable not implemented") } -func (*UnimplementedGrpcStoreServer) UpdateTable(ctx context.Context, req *UpdateTableRequest) (*empty.Empty, error) { +func (*UnimplementedGrpcStoreServer) UpdateTable(ctx context.Context, req *UpdateTableRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateTable not implemented") } @@ -2363,7 +2363,7 @@ func _GrpcStore_DeleteChunks_Handler(srv interface{}, ctx context.Context, dec f } func _GrpcStore_ListTables_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(empty.Empty) + in := new(emptypb.Empty) if err := dec(in); err != nil { return nil, err } @@ -2375,7 +2375,7 @@ func _GrpcStore_ListTables_Handler(srv interface{}, ctx context.Context, dec fun FullMethod: "/grpc.grpc_store/ListTables", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(GrpcStoreServer).ListTables(ctx, req.(*empty.Empty)) + return srv.(GrpcStoreServer).ListTables(ctx, req.(*emptypb.Empty)) } return interceptor(ctx, in, info, handler) } diff --git a/tools/doc-generator/main.go b/tools/doc-generator/main.go index c2748cee925e..24f6c82ef0cf 100644 --- a/tools/doc-generator/main.go +++ b/tools/doc-generator/main.go @@ -15,6 +15,7 @@ import ( "github.com/grafana/loki/v3/pkg/loki" "github.com/grafana/loki/v3/tools/doc-generator/parse" + "golang.org/x/exp/slices" ) const ( @@ -94,6 +95,18 @@ func annotateFlagPrefix(blocks []*parse.ConfigBlock) { } func generateBlocksMarkdown(blocks []*parse.ConfigBlock) string { + slices.SortFunc(blocks, func(a, b *parse.ConfigBlock) int { + if a.Name < b.Name { + return -1 + } + + if a.Name > b.Name { + return 1 + } + + return 0 + }) + md := &markdownWriter{} md.writeConfigDoc(blocks) return md.string() diff --git a/tools/doc-generator/parse/root_blocks.go b/tools/doc-generator/parse/root_blocks.go index 79f98dfd6777..daa862e2b295 100644 --- a/tools/doc-generator/parse/root_blocks.go +++ b/tools/doc-generator/parse/root_blocks.go @@ -12,6 +12,7 @@ import ( "github.com/grafana/dskit/kv/memberlist" "github.com/grafana/dskit/runtimeconfig" "github.com/grafana/dskit/server" + "golang.org/x/exp/slices" "github.com/grafana/loki/v3/pkg/analytics" "github.com/grafana/loki/v3/pkg/bloomcompactor" @@ -288,3 +289,16 @@ Named store from this example can be used by setting object_store to store-1 in }, } ) + +func init() { + slices.SortFunc(RootBlocks, func(a, b RootBlock) int { + if a.Name < b.Name { + return -1 + } + if a.Name > b.Name { + return 1 + } + + return 0 + }) +}