# cat /etc/elasticsearch/elasticsearch.yml

# ======================== Elasticsearch Configuration =========================

#

# NOTE: Elasticsearch comes with reasonable defaults for most settings.

#       Before you set out to tweak and tune the configuration, make sure you

#       understand what are you trying to accomplish and the consequences.

#

# The primary way of configuring a node is via this file. This template lists

# the most important settings you may want to configure for a production cluster.

#

# Please consult the documentation for further information on configuration options:

# https://www.elastic.co/guide/en/elasticsearch/reference/index.html

#

# ---------------------------------- Cluster -----------------------------------

#

# Use a descriptive name for your cluster:

#

cluster.name: graylog

#

# ------------------------------------ Node ------------------------------------

#

# Use a descriptive name for the node:

#

node.name: shop-log-

#

# Add custom attributes to the node:

#

#node.attr.rack: r1

#

# ----------------------------------- Paths ------------------------------------

#

# Path to directory where to store the data (separate multiple locations by comma):

#

path.data: /data/elasticsearch/db

#

# Path to log files:

#

path.logs: /data/elasticsearch/logs

#

# ----------------------------------- Memory -----------------------------------

#

# Lock the memory on startup:

#

#bootstrap.memory_lock: true

#

# Make sure that the heap size is set to about half the memory available

# on the system and that the owner of the process is allowed to use this

# limit.

#

# Elasticsearch performs poorly when the system is swapping the memory.

#

# ---------------------------------- Network -----------------------------------

#

# Set the bind address to a specific IP (IPv4 or IPv6):

#

network.host: 10.2.2.42

#

# Set a custom port for HTTP:

#

http.port:

#

# For more information, consult the network module documentation.

#

# --------------------------------- Discovery ----------------------------------

#

# Pass an initial list of hosts to perform discovery when new node is started:

# The default list of hosts is ["127.0.0.1", "[::1]"]

#

# 这里给其他两个节点的地址

discovery.zen.ping.unicast.hosts: ["10.2.2.41", "10.2.2.43"]

#

# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes /  + ):

#

discovery.zen.minimum_master_nodes:

#

# For more information, consult the zen discovery module documentation.

#

# ---------------------------------- Gateway -----------------------------------

#

# Block initial recovery after a full cluster restart until N nodes are started:

#

#gateway.recover_after_nodes:

#

# For more information, consult the gateway module documentation.

#

# ---------------------------------- Various -----------------------------------

#

# Require explicit names when deleting indices:

#

#action.destructive_requires_name: true

http.cors.enabled: true

http.cors.allow-origin: "*"

 # cat /etc/graylog/server/server.conf

 ############################

 # GRAYLOG CONFIGURATION FILE

 ############################

 #

 # This is the Graylog configuration file. The file has to use ISO -/Latin- character encoding.

 # Characters that cannot be directly represented in this encoding can be written using Unicode escapes

 # as defined in https://docs.oracle.com/javase/specs/jls/se8/html/jls-3.html#jls-3.3, using the \u prefix.

 # For example, \u002c.

 #

 # * Entries are generally expected to be a single line of the form, one of the following:

 #

 # propertyName=propertyValue

 # propertyName:propertyValue

 #

 # * White space that appears between the property name and property value is ignored,

 #   so the following are equivalent:

 #

 # name=Stephen

 # name = Stephen

 #

 # * White space at the beginning of the line is also ignored.

 #

 # * Lines that start with the comment characters ! or # are ignored. Blank lines are also ignored.

 #

 # * The property value is generally terminated by the end of the line. White space following the

 #   property value is not ignored, and is treated as part of the property value.

 #

 # * A property value can span several lines if each line is terminated by a backslash (鈥榎鈥 character.

 #   For example:

 #

 # targetCities=\

 #         Detroit,\

 #         Chicago,\

 #         Los Angeles

 #

 #   This is equivalent to targetCities=Detroit,Chicago,Los Angeles (white space at the beginning of lines is ignored).

 #

 # * The characters newline, carriage return, and tab can be inserted with characters \n, \r, and \t, respectively.

 #

 # * The backslash character must be escaped as a double backslash. For example:

 #

 # path=c:\\docs\\doc1

 #

 # If you are running more than one instances of Graylog server you have to select one of these

 # instances as master. The master will perform some periodical tasks that non-masters won't perform.

 is_master = false

 # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea

 # to use an absolute file path here if you are starting Graylog server from init scripts or similar.

 node_id_file = /etc/graylog/server/node-id

 # You MUST set a secret to secure/pepper the stored user passwords here. Use at least  characters.

 # Generate one by using for example: pwgen -N  -s

 password_secret = BjwAAuTEWDQNtAKhUL5lQ3TvW41saWseKpRdTSrecBFifsCJDXak4fudnACBcaMyl0I4yzJDF801Kyasdfsdfasdfasdfasd

 # The default root user is named 'admin'

 root_username = admin

 # You MUST specify a hash password for the root user (which you only need to initially set up the

 # system and in case you lose connectivity to your authentication backend)

 # This password cannot be changed using the API or via the web interface. If you need to change it,

 # modify it in this file.

 # Create one by using for example: echo -n yourpassword | shasum -a

 # and put the resulting hash value into the following line

 root_password_sha2 = 926c00b3f65df24b65a9a7b58a989add920c81441dccd2

 dsfasdfasdf

 # The email address of the root user.

 # Default is empty

 #root_email = ""

 # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.

 # Default is UTC

 root_timezone = Asia/Shanghai

 # Set plugin directory here (relative or absolute)

 plugin_dir = /usr/share/graylog-server/plugin

 # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.

 # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.

 rest_listen_uri = http://10.2.2.42:9000/api/

 # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri

 # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.

 # If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on

 # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)

 # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting

 # the scheme, host name or URI.

 # This must not contain a wildcard address (0.0.0.0).

 rest_transport_uri = http://10.2.2.42:9000/api/

 # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.

 # If these are disabled, modern browsers will not be able to retrieve resources from the server.

 # This is enabled by default. Uncomment the next line to disable it.

 #rest_enable_cors = false

 # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce

 # overall round trip times. This is enabled by default. Uncomment the next line to disable it.

 #rest_enable_gzip = false

 # Enable HTTPS support for the REST API. This secures the communication with the REST API with

 # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the

 # next line to enable it.

 #rest_enable_tls = true

 # The X. certificate chain file in PEM format to use for securing the REST API.

 #rest_tls_cert_file = /path/to/graylog.crt

 # The PKCS# private key file in PEM format to use for securing the REST API.

 #rest_tls_key_file = /path/to/graylog.key

 # The password to unlock the private key used for securing the REST API.

 #rest_tls_key_password = secret

 # The maximum size of the HTTP request headers in bytes.

 #rest_max_header_size = 

 # The maximal length of the initial HTTP/1.1 line in bytes.

 #rest_max_initial_line_length = 

 # The size of the thread pool used exclusively for serving the REST API.

 #rest_thread_pool_size = 

 # Comma separated list of trusted proxies that are allowed to set the client address with X-Forwarded-For

 # header. May be subnets, or hosts.

 #trusted_proxies = 127.0.0.1/, :::::::/

 # Enable the embedded Graylog web interface.

 # Default: true

 web_enable = true

 # Web interface listen URI.

 # Configuring a path for the URI here effectively prefixes all URIs in the web interface. This is a replacement

 # for the application.context configuration parameter in pre-2.0 versions of the Graylog web interface.

 web_listen_uri = http://10.2.2.42:9000/

 # Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header.

 # Default: $rest_transport_uri

 web_endpoint_uri = http://42.111.111.111:9000/api

 # Enable CORS headers for the web interface. This is necessary for JS-clients accessing the server directly.

 # If these are disabled, modern browsers will not be able to retrieve resources from the server.

 web_enable_cors = true

 # Enable/disable GZIP support for the web interface. This compresses HTTP responses and therefore helps to reduce

 # overall round trip times. This is enabled by default. Uncomment the next line to disable it.

 #web_enable_gzip = false

 # Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface

 # using TLS to prevent request forgery and eavesdropping.

 # This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.

 #web_enable_tls = true

 # The X. certificate chain file in PEM format to use for securing the web interface.

 #web_tls_cert_file = /path/to/graylog-web.crt

 # The PKCS# private key file in PEM format to use for securing the web interface.

 #web_tls_key_file = /path/to/graylog-web.key

 # The password to unlock the private key used for securing the web interface.

 #web_tls_key_password = secret

 # The maximum size of the HTTP request headers in bytes.

 #web_max_header_size = 

 # The maximal length of the initial HTTP/1.1 line in bytes.

 #web_max_initial_line_length = 

 # The size of the thread pool used exclusively for serving the web interface.

 #web_thread_pool_size = 

 # List of Elasticsearch hosts Graylog should connect to.

 # Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes.

 # If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that

 # requires authentication.

 #

 # Default: http://127.0.0.1:9200

 elasticsearch_hosts = http://grayloguser:3KKLg8294CE0@10.2.2.41:9200,http://grayloguser:3KKLg8294CE0@10.2.2.42:9200,http://grayloguser:3KKLg8294CE0@10.2.2.43:9200

 # Maximum amount of time to wait for successfull connection to Elasticsearch HTTP port.

 #

 # Default:  Seconds

 #elasticsearch_connect_timeout = 10s

 # Maximum amount of time to wait for reading back a response from an Elasticsearch server.

 #

 # Default:  seconds

 #elasticsearch_socket_timeout = 60s

 # Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will

 # be tore down.

 #

 # Default: inf

 #elasticsearch_idle_timeout = -1s

 # Maximum number of total connections to Elasticsearch.

 #

 # Default:

 #elasticsearch_max_total_connections = 

 # Maximum number of total connections per Elasticsearch route (normally this means per

 # elasticsearch server).

 #

 # Default:

 #elasticsearch_max_total_connections_per_route = 

 # Maximum number of times Graylog will retry failed requests to Elasticsearch.

 #

 # Default:

 #elasticsearch_max_retries = 

 # Enable automatic Elasticsearch node discovery through Nodes Info,

 # see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html

 #

 # WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield.

 #

 # Default: false

 #elasticsearch_discovery_enabled = true

 # Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes,

 # see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes

 #

 # Default: empty

 #elasticsearch_discovery_filter = rack:

 # Frequency of the Elasticsearch node discovery.

 #

 # Default: 30s

 # elasticsearch_discovery_frequency = 30s

 # Enable payload compression for Elasticsearch requests.

 #

 # Default: false

 #elasticsearch_compression_enabled = true

 # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine

 # when to rotate the currently active write index.

 # It supports multiple rotation strategies:

 #   - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure

 #   - "size" per index, use elasticsearch_max_size_per_index below to configure

 # valid values are "count", "size" and "time", default is "count"

 #

 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these

 #            to your previous .x settings so they will be migrated to the database!

 rotation_strategy = count

 # (Approximate) maximum number of documents in an Elasticsearch index before a new index

 # is being created, also see no_retention and elasticsearch_max_number_of_indices.

 # Configure this if you used 'rotation_strategy = count' above.

 #

 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these

 #            to your previous .x settings so they will be migrated to the database!

 elasticsearch_max_docs_per_index = 

 # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see

 # no_retention and elasticsearch_max_number_of_indices. Default is 1GB.

 # Configure this if you used 'rotation_strategy = size' above.

 #

 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these

 #            to your previous .x settings so they will be migrated to the database!

 #elasticsearch_max_size_per_index = 

 # (Approximate) maximum time before a new Elasticsearch index is being created, also see

 # no_retention and elasticsearch_max_number_of_indices. Default is  day.

 # Configure this if you used 'rotation_strategy = time' above.

 # Please note that this rotation period does not look at the time specified in the received messages, but is

 # using the real clock value to decide when to rotate the index!

 # Specify the time using a duration and a suffix indicating which unit you want:

 #  1w  =  week

 #  1d  =  day

 #  12h =  hours

 # Permitted suffixes are: d for day, h for hour, m for minute, s for second.

 #

 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these

 #            to your previous .x settings so they will be migrated to the database!

 #elasticsearch_max_time_per_index = 1d

 # Disable checking the version of Elasticsearch for being compatible with this Graylog release.

 # WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!

 #elasticsearch_disable_version_check = true

 # Disable message retention on this node, i. e. disable Elasticsearch index rotation.

 #no_retention = false

 # How many indices do you want to keep?

 #

 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these

 #            to your previous .x settings so they will be migrated to the database!

 elasticsearch_max_number_of_indices = 

 # Decide what happens with the oldest indices when the maximum number of indices is reached.

 # The following strategies are availble:

 #   - delete # Deletes the index completely (Default)

 #   - close # Closes the index and hides it from the system. Can be re-opened later.

 #

 # ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these

 #            to your previous .x settings so they will be migrated to the database!

 retention_strategy = delete

 # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.

 # ATTENTION: These settings have been moved to the database in Graylog 2.2.. When you upgrade, make sure to set these

 #            to your previous settings so they will be migrated to the database!

 elasticsearch_shards =

 elasticsearch_replicas = 

 # Prefix for all Elasticsearch indices and index aliases managed by Graylog.

 #

 # ATTENTION: These settings have been moved to the database in Graylog 2.2.. When you upgrade, make sure to set these

 #            to your previous settings so they will be migrated to the database!

 elasticsearch_index_prefix = graylog

 # Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping.

 # Default: graylog-internal

 #

 # ATTENTION: These settings have been moved to the database in Graylog 2.2.. When you upgrade, make sure to set these

 #            to your previous settings so they will be migrated to the database!

 #elasticsearch_template_name = graylog-internal

 # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only

 # be enabled with care. See also: http://docs.graylog.org/en/2.1/pages/queries.html

 allow_leading_wildcard_searches = false

 # Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and

 # should only be enabled after making sure your Elasticsearch cluster has enough memory.

 allow_highlighting = true

 # Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.

 # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom

 # Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html

 # Note that this setting only takes effect on newly created indices.

 #

 # ATTENTION: These settings have been moved to the database in Graylog 2.2.. When you upgrade, make sure to set these

 #            to your previous settings so they will be migrated to the database!

 elasticsearch_analyzer = standard

 # Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range

 # calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.

 # Default: 1m

 #elasticsearch_request_timeout = 1m

 # Global timeout for index optimization (force merge) requests.

 # Default: 1h

 #elasticsearch_index_optimization_timeout = 1h

 # Maximum number of concurrently running index optimization (force merge) jobs.

 # If you are using lots of different index sets, you might want to increase that number.

 # Default:

 #elasticsearch_index_optimization_jobs = 

 # Time interval for index range information cleanups. This setting defines how often stale index range information

 # is being purged from the database.

 # Default: 1h

 #index_ranges_cleanup_interval = 1h

 # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output

 # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been

 # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember

 # that every outputbuffer processor manages its own batch and performs its own batch write calls.

 # ("outputbuffer_processors" variable)

 output_batch_size = 

 # Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two

 # batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages

 # for this time period is less than output_batch_size * outputbuffer_processors.

 output_flush_interval = 

 # As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and

 # over again. To prevent this, the following configuration options define after how many faults an output will

 # not be tried again for an also configurable amount of seconds.

 output_fault_count_threshold =

 output_fault_penalty_seconds = 

 # The number of parallel running processors.

 # Raise this number if your buffers are filling up.

 processbuffer_processors =

 outputbuffer_processors = 

 #outputbuffer_processor_keep_alive_time =

 #outputbuffer_processor_threads_core_pool_size =

 #outputbuffer_processor_threads_max_pool_size = 

 # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).

 #udp_recvbuffer_sizes = 

 # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)

 # Possible types:

 #  - yielding

 #     Compromise between performance and CPU usage.

 #  - sleeping

 #     Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.

 #  - blocking

 #     High throughput, low latency, higher CPU usage.

 #  - busy_spinning

 #     Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.

 processor_wait_strategy = blocking

 # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.

 # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.

 # Must be a power of . (, , , ...)

 ring_size = 

 inputbuffer_ring_size =

 inputbuffer_processors =

 inputbuffer_wait_strategy = blocking

 # Enable the disk based message journal.

 message_journal_enabled = true

 # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and

 # must not contain any other files than the ones created by Graylog itself.

 #

 # ATTENTION:

 #   If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found'

 #   in the root directory, you need to create a sub directory for your journal.

 #   Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start.

 message_journal_dir = /var/lib/graylog-server/journal

 # Journal hold messages before they could be written to Elasticsearch.

 # For a maximum of  hours or  GB whichever happens first.

 # During normal operation the journal will be smaller.

 #message_journal_max_age = 12h

 #message_journal_max_size = 5gb

 #message_journal_flush_age = 1m

 #message_journal_flush_interval =

 #message_journal_segment_age = 1h

 #message_journal_segment_size = 100mb

 # Number of threads used exclusively for dispatching internal events. Default is .

 #async_eventbus_processors = 

 # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual

 # shutdown process. Set to  if you have no status checking load balancers in front.

 lb_recognition_period_seconds = 

 # Journal usage percentage that triggers requesting throttling for this server node from load balancers. The feature is

 # disabled if not set.

 #lb_throttle_threshold_percentage = 

 # Every message is matched against the configured streams and it can happen that a stream contains rules which

 # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.

 # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other

 # streams, Graylog limits the execution time for each stream.

 # The default values are noted below, the timeout is in milliseconds.

 # If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times

 # that stream is disabled and a notification is shown in the web interface.

 #stream_processing_timeout =

 #stream_processing_max_faults = 

 # Length of the interval in seconds in which the alert conditions for all streams should be checked

 # and alarms are being sent.

 #alert_check_interval = 

 # Since 0.21 the Graylog server supports pluggable output modules. This means a single message can be written to multiple

 # outputs. The next setting defines the timeout for a single output module, including the default output module where all

 # messages end up.

 #

 # Time in milliseconds to wait for all message outputs to finish writing a single message.

 #output_module_timeout = 

 # Time in milliseconds after which a detected stale master node is being rechecked on startup.

 #stale_master_timeout = 

 # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.

 #shutdown_timeout = 

 # MongoDB connection string

 # See https://docs.mongodb.com/manual/reference/connection-string/ for details

 mongodb_uri = mongodb://graylog:75PN76Db66En@10.2.2.41:27017,10.2.2.42:27017,10.2.2.43:27017/graylog?replicaSet=rs0

 # Authenticate against the MongoDB server

 #mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog

 # Use a replica set instead of a single host

 #mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog

 # Increase this value according to the maximum connections your MongoDB server can handle from a single client

 # if you encounter MongoDB connection problems.

 mongodb_max_connections = 

 # Number of threads allowed to be blocked by MongoDB connections multiplier. Default:

 # If mongodb_max_connections is , and mongodb_threads_allowed_to_block_multiplier is ,

 # then  threads can block. More than that and an exception will be thrown.

 # http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier

 mongodb_threads_allowed_to_block_multiplier = 

 # Drools Rule File (Use to rewrite incoming log messages)

 # See: http://docs.graylog.org/en/2.1/pages/drools.html

 #rules_file = /etc/graylog/server/rules.drl

 # Email transport

 #transport_email_enabled = false

 #transport_email_hostname = mail.example.com

 #transport_email_port =

 #transport_email_use_auth = true

 #transport_email_use_tls = true

 #transport_email_use_ssl = true

 #transport_email_auth_username = you@example.com

 #transport_email_auth_password = secret

 #transport_email_subject_prefix = [graylog]

 #transport_email_from_email = graylog@example.com

 # Specify and uncomment this if you want to include links to the stream in your stream alert mails.

 # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.

 #transport_email_web_interface_url = https://graylog.example.com

 # The default connect timeout for outgoing HTTP connections.

 # Values must be a positive duration (and between  and  when converted to milliseconds).

 # Default: 5s

 #http_connect_timeout = 5s

 # The default read timeout for outgoing HTTP connections.

 # Values must be a positive duration (and between  and  when converted to milliseconds).

 # Default: 10s

 #http_read_timeout = 10s

 # The default write timeout for outgoing HTTP connections.

 # Values must be a positive duration (and between  and  when converted to milliseconds).

 # Default: 10s

 #http_write_timeout = 10s

 # HTTP proxy for outgoing HTTP connections

 #http_proxy_uri =

 # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch

 # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize

 # cycled indices.

 #

 # ATTENTION: These settings have been moved to the database in Graylog 2.2.. When you upgrade, make sure to set these

 #            to your previous settings so they will be migrated to the database!

 #disable_index_optimization = true

 # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch

 # on heavily used systems with large indices, but it will decrease search performance. The default is .

 #

 # ATTENTION: These settings have been moved to the database in Graylog 2.2.. When you upgrade, make sure to set these

 #            to your previous settings so they will be migrated to the database!

 #index_optimization_max_num_segments = 

 # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification

 # will be generated to warn the administrator about possible problems with the system. Default is  second.

 #gc_warning_threshold = 1s

 # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.

 #ldap_connection_timeout = 

 # Disable the use of SIGAR for collecting system stats

 #disable_sigar = false

 # The default cache time for dashboard widgets. (Default:  seconds, minimum:  second)

 #dashboard_widget_default_cache_time = 10s

 # Automatically load content packs in "content_packs_dir" on the first start of Graylog.

 #content_packs_loader_enabled = true

 # The directory which contains content packs which should be loaded on the first start of Graylog.

 content_packs_dir = /usr/share/graylog-server/contentpacks

 # A comma-separated list of content packs (files in "content_packs_dir") which should be applied on

 # the first start of Graylog.

 # Default: empty

 content_packs_auto_load = grok-patterns.json

 # For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number

 # of threads available for this. Increase it, if '/cluster/*' requests take long to complete.

 # Should be rest_thread_pool_size * average_cluster_size if you have a high number of concurrent users.

 proxied_requests_thread_pool_size = 

# cat /etc/mongod.conf

# mongod.conf

# for documentation of all options, see:

#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.

systemLog:

  destination: file

  logAppend: true

  path: /var/log/mongodb/mongod.log

# Where and how to store data.

storage:

  dbPath: /var/lib/mongo

  journal:

    enabled: true

#  engine:

#  mmapv1:

#  wiredTiger:

# how the process runs

processManagement:

  fork: true  # fork and run in background

  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile

# network interfaces

net:

  port:

#  bindIp: 127.0.0.1  # Listen to local interface only, comment to listen on all interfaces.

#security:

#operationProfiling:

replication:

  replSetName: rs0

#sharding:

## Enterprise-Only Options

#auditLog:

#snmp:

$ rs.conf()

{

   "_id" : "rs0",

   "version" : ,

   "protocolVersion" : NumberLong(),

   "members" : [

      {

         "_id" : ,

         "host" : "mongodb0.example.net:27017",

         "arbiterOnly" : false,

         "buildIndexes" : true,

         "hidden" : false,

         "priority" : ,

         "tags" : {

         },

         "slaveDelay" : NumberLong(),

         "votes" :

      }

   ],

   "settings" : {

      "chainingAllowed" : true,

      "heartbeatIntervalMillis" : ,

      "heartbeatTimeoutSecs" : ,

      "electionTimeoutMillis" : ,

      "catchUpTimeoutMillis" : ,

      "getLastErrorModes" : {

      },

      "getLastErrorDefaults" : {

         "w" : ,

         "wtimeout" :

      },

      "replicaSetId" : ObjectId("585ab9df685f726db2c6a840")

   }

}