hadoop.security.credential.provider.path | Path to interrogate for protected credentials. (see: https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html) | EMPTY | localjceks://file/home/mypath/my.jceks |
logsearch.admin.kerberos.cookie.domain | Domain for Kerberos cookie. | localhost | c6401.ambari.apache.org localhost |
logsearch.admin.kerberos.cookie.path | Cookie path of the kerberos cookie | / | / |
logsearch.admin.kerberos.token.valid.seconds | Kerberos token validity in seconds. | 30 | 30 |
logsearch.auth.external_auth.enabled | Enable external authentication (currently Ambari acts as an external authentication server). | false | true false |
logsearch.auth.external_auth.host_url | External authentication server URL (host and port). | http://ip:port | https://c6401.ambari.apache.org:8080 |
logsearch.auth.external_auth.login_url | Login URL for external authentication server ($USERNAME parameter is replaced with the Login username). | /api/v1/users/$USERNAME/privileges?fields=* | /api/v1/users/$USERNAME/privileges?fields=* |
logsearch.auth.file.enabled | Enable file based authentication (in json file at logsearch configuration folder). | true | true false |
logsearch.auth.jwt.audiances | Comma separated list of acceptable audiences for the JWT token. | EMPTY | audiance1,audiance2 |
logsearch.auth.jwt.cookie.name | The name of the cookie that contains the JWT token. | hadoop-jwt | hadoop-jwt |
logsearch.auth.jwt.enabled | Enable JWT based authentication (e.g.: for KNOX). | false | true false |
logsearch.auth.jwt.provider_url | URL to the JWT authentication server. | EMPTY | https://c6401.ambari.apache.org:8443/mypath |
logsearch.auth.jwt.public_key | PEM formatted public key for JWT token without the header and the footer. | EMPTY | MIGfMA0GCSqGSIb3DQEBA... |
logsearch.auth.jwt.query.param.original_url | Name of the original request URL which is used to redirect to Log Search Portal. | originalUrl | myUrl |
logsearch.auth.jwt.user.agents | Comma separated web user agent list. (Used as prefixes) | Mozilla,Opera,Chrome | Mozilla,Chrome |
logsearch.auth.ldap.base.dn | Base DN of LDAP database. | EMPTY | dc=apache,dc=org |
logsearch.auth.ldap.enabled | Enable LDAP based authentication (currenty not supported). | false | true false |
logsearch.auth.ldap.group.role.attribute | Attribute for identifying LDAP groups (group name) | cn | cn |
logsearch.auth.ldap.group.role.map | Map of LDAP groups to Log Search roles | EMPTY | ROLE_CUSTOM1:ROLE_USER,ROLE_CUSTOM2:ROLE_ADMIN |
logsearch.auth.ldap.group.search.base | Group search base - defines where to find LDAP groups. Won't do any authority/role mapping if this field is empty. | EMPTY | ou=people |
logsearch.auth.ldap.group.search.filter | Group search filter which is used to get membership data for a specific user | EMPTY | (memberUid={0}) |
logsearch.auth.ldap.manager.dn | DN of the LDAP manger user (it is a must if LDAP groups are used). | EMPTY | cn=admin,dc=apache,dc=org |
logsearch.auth.ldap.manager.password | Password of the LDAP manager user. | EMPTY | mypassword |
logsearch.auth.ldap.manager.password.file | File that contains password of the LDAP manager user. | EMPTY | /my/path/passwordfile |
logsearch.auth.ldap.password.attribute | Password attribute for LDAP authentication | userPassword | password |
logsearch.auth.ldap.referral.method | Set the method to handle referrals for LDAP | ignore | follow |
logsearch.auth.ldap.role.prefix | Role prefix that is added for LDAP groups (as authorities) | ROLE_ | ROLE_ |
logsearch.auth.ldap.url | URL of LDAP database. | EMPTY | ldap://localhost:389 |
logsearch.auth.ldap.user.dn.pattern | DN pattern that is used during login (dn should contain the username), can be used instead of user filter | EMPTY | uid={0},ou=people |
logsearch.auth.ldap.user.search.base | User search base for user search filter | EMPTY | ou=people |
logsearch.auth.ldap.user.search.filter | Used for get a user based on on LDAP search (username is the input), if it is empty, user dn pattern is used. | EMPTY | uid={0} |
logsearch.auth.proxyserver.ip | IP of trusted Knox Proxy server(s) that Log Search will trust on | EMPTY | 192.168.0.1,192.168.0.2 |
logsearch.auth.proxyuser.groups | List of user-groups which trusted-proxy user ‘knox’ can proxy for | * | admin,user |
logsearch.auth.proxyuser.hosts | List of hosts from which trusted-proxy user ‘knox’ can connect from | * | host1,host2 |
logsearch.auth.proxyuser.users | List of users which the trusted-proxy user ‘knox’ can proxy for | knox | knox,hdfs |
logsearch.auth.redirect.forward | Forward redirects for HTTP calls. (useful in case of proxies) | false | true |
logsearch.auth.simple.enabled | Enable simple authentication. That means you won't require password to log in. | false | true false |
logsearch.auth.trusted.proxy | A boolean property to enable/disable trusted-proxy ‘knox’ authentication | false | true |
logsearch.authr.file.enabled | A boolean property to enable/disable file based authorization | false | true |
logsearch.authr.role.file | Simple file that contains user/role mappings. | roles.json | logsearch-roles.json |
logsearch.cert.algorithm | Algorithm to generate certificates for SSL (if needed). | sha256WithRSA | sha256WithRSA |
logsearch.cert.folder.location | Folder where the generated certificates (SSL) will be located. Make sure the user of Log Search Server can access it. | /usr/lib/ambari-logsearch-portal/conf/keys | /etc/mypath/keys |
logsearch.config.api.enabled | Enable config API feature and shipperconfig API endpoints. | true | false |
logsearch.config.api.filter.solr.enabled | Use solr as a log level filter storage | false | true |
logsearch.config.api.filter.zk.enabled | Use zookeeper as a log level filter storage | false | true |
logsearch.config.zk_acls | ZooKeeper ACLs for handling configs. (read & write) | world:anyone:cdrwa | world:anyone:r,sasl:solr:cdrwa,sasl:logsearch:cdrwa |
logsearch.config.zk_connect_string | ZooKeeper connection string. | EMPTY | localhost1:2181,localhost2:2181/znode |
logsearch.config.zk_connection_retry_time_out_ms | The maximum elapsed time for connecting to ZooKeeper in milliseconds. 0 means retrying forever. | EMPTY | 1200000 |
logsearch.config.zk_connection_time_out_ms | ZooKeeper connection timeout in milliseconds | EMPTY | 30000 |
logsearch.config.zk_root | ZooKeeper root node where the shippers are stored. (added to the connection string) | EMPTY | /logsearch |
logsearch.config.zk_session_time_out_ms | ZooKeeper session timeout in milliseconds | EMPTY | 60000 |
logsearch.hadoop.security.auth_to_local | Rules that will be applied on authentication names and map them into local usernames. | DEFAULT | RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// DEFAULT |
logsearch.http.header.access-control-allow-credentials | Access-Control-Allow-Credentials header for Log Search Server. | true | true false |
logsearch.http.header.access-control-allow-headers | Access-Control-Allow-Headers header for Log Search Server. | origin, content-type, accept, authorization | content-type, authorization |
logsearch.http.header.access-control-allow-methods | Access-Control-Allow-Methods header for Log Search Server. | GET, POST, PUT, DELETE, OPTIONS, HEAD | GET, POST |
logsearch.http.header.access-control-allow-origin | Access-Control-Allow-Origin header for Log Search Server. | * | * http://c6401.ambari.apache.org |
logsearch.http.port | Log Search http port | 61888 | 61888 8888 |
logsearch.https.port | Log Search https port | 61889 | 61889 8889 |
logsearch.jetty.access.log.enabled | Enable jetty access logs | false | true |
logsearch.login.credentials.file | Name of the credential file which contains the users for file authentication (see: logsearch.auth.file.enabled). | user_pass.json | logsearch-admin.json |
logsearch.protocol | Log Search Protocol (http or https) | http | http https |
logsearch.roles.allowed | Comma separated roles for external authentication. | AMBARI.ADMINISTRATOR,CLUSTER.ADMINISTRATOR | AMBARI.ADMINISTRATOR |
logsearch.session.timeout | Log Search http session timeout in minutes. | 30 | 300 |
logsearch.solr.audit.logs.alias.name | Alias name for audit log collection (can be used for Log Search audit collection and ranger collection as well). | audit_logs_alias | audit_logs_alias |
logsearch.solr.audit.logs.collection | Name of Log Search audit collection. | audit_logs | audit_logs |
logsearch.solr.audit.logs.config.name | Solr configuration name of the audit collection. | audit_logs | audit_logs |
logsearch.solr.audit.logs.config_set.folder | Location of Log Search audit collection configs for Solr. | /usr/lib/ambari-logsearch-portal/conf/solr_configsets | /usr/lib/ambari-logsearch-portal/conf/solr_configsets |
logsearch.solr.audit.logs.numshards | Number of Solr shards for audit collection (bootstrapping). | 1 | 2 |
logsearch.solr.audit.logs.replication.factor | Solr replication factor for audit collection (bootstrapping). | 1 | 2 |
logsearch.solr.audit.logs.url | URL of Solr (non cloud mode) - currently unsupported. | EMPTY | localhost1:8868 |
logsearch.solr.audit.logs.zk.acls | List of Zookeeper ACLs for Log Search audit collection (Log Search and Solr must be able to read/write collection details) | EMPTY | world:anyone:r,sasl:solr:cdrwa,sasl:logsearch:cdrwa |
logsearch.solr.audit.logs.zk_connect_string | Zookeeper connection string for Solr (used for audit log collection). | EMPTY | localhost1:2181,localhost2:2181/mysolr_znode |
logsearch.solr.config_set.folder | Location of Solr collection configs. | /usr/lib/ambari-logsearch-portal/conf/solr_configsets | /usr/lib/ambari-logsearch-portal/conf/solr_configsets |
logsearch.solr.implicit.routing | Use implicit routing for Solr Collections. | false | true |
logsearch.solr.implicit.routing | Use implicit routing for Solr Collections. | false | true |
logsearch.solr.jaas.file | Path of the JAAS file for Kerberos based Solr Cloud authentication. | /usr/lib/ambari-logsearch-portal/logsearch_solr_jaas.conf | /my/path/jaas_file.conf |
logsearch.solr.kerberos.enable | Enable Kerberos Authentication for Solr Cloud. | false | true false |
logsearch.solr.metadata | Name of Log Search metadata collection. | logsearch_metadata | logsearch_metadata |
logsearch.solr.metadata.config.name | Solr configuration name of the logsearch metadata collection. | logsearch_metadata | logsearch_metadata |
logsearch.solr.metadata.numshards | Number of Solr shards for logsearch metadta collection (bootstrapping). | 2 | 3 |
logsearch.solr.metadata.replication.factor | Solr replication factor for event metadata collection (bootstrapping). | 2 | 3 |
logsearch.solr.metadata.schema.fields.populate.interval.mins | Interval in minutes for populating schema fiels for metadata collections. | 1 | 10 |
logsearch.solr.ranger.audit.logs.collection | Name of Ranger audit collections (can be used if ranger audits managed by the same Solr which is used for Log Search). | EMPTY | ranger_audits |
logsearch.solr.service.logs | Name of Log Search service log collection. | hadoop_logs | hadoop_logs |
logsearch.solr.service.logs.config.name | Solr configuration name of the service log collection. | hadoop_logs | hadoop_logs |
logsearch.solr.service.logs.numshards | Number of Solr shards for service log collection (bootstrapping). | 1 | 2 |
logsearch.solr.service.logs.replication.factor | Solr replication factor for service log collection (bootstrapping). | 1 | 2 |
logsearch.solr.url | URL of Solr (non cloud mode) - currently unsupported. | EMPTY | localhost1:8868 |
logsearch.solr.zk.acls | List of Zookeeper ACLs for Log Search Collections (Log Search and Solr must be able to read/write collection details) | EMPTY | world:anyone:r,sasl:solr:cdrwa,sasl:logsearch:cdrwa |
logsearch.solr.zk_connect_string | Zookeeper connection string for Solr. | EMPTY | localhost1:2181,localhost2:2181/mysolr_znode |
logsearch.spnego.kerberos.enabled | Enable SPNEGO based authentication for Log Search Server. | false | true false |
logsearch.spnego.kerberos.host | | localhost | c6401.ambari.apache.org localhost |
logsearch.spnego.kerberos.keytab | Keytab for SPNEGO authentication for Http requests. | EMPTY | /etc/security/keytabs/mykeytab.keytab |
logsearch.spnego.kerberos.principal | Principal for SPNEGO authentication for Http requests | EMPTY | myuser@EXAMPLE.COM |
logsearch.web.audit_logs.component.labels | Map of component component labels. | ambari:Ambari,hdfs:Hdfs,RangerAudit:Ranger | ambari:Ambari,RangerAudit:ranger |
logsearch.web.audit_logs.field.common.excludes | List of fields that will be excluded from metadata schema responses for every audit components. | tags,tags_str,seq_num | reqUser,resp,tag_str |
logsearch.web.audit_logs.field.common.filterable.common.excludes | List of fields that will be excluded from filter selection on the UI for every audit components. | EMPTY | tag_str,resp,tag_str |
logsearch.web.audit_logs.field.common.labels | Map of fields labels for audits (common). | enforcer:Access Enforcer,access:Access Type,cliIP:Client Ip,cliType:Client Type,dst:DST,evtTime:Event Time,ip:IP,logtime:Log Time,sess:Session,ugi:UGI,reqUser:User,repo:Audit Source | reqUser:Req User,resp:Response |
logsearch.web.audit_logs.field.common.visible | List of fields that will be displayed by default on the UI for every audit components. | access,cliIP,evtTime,repo,resource,result,reqUser | reqUser,resp |
logsearch.web.audit_logs.field.excludes | List of fields that will be excluded from metadata schema responses for different audit components. | EMPTY | ambari:reqUser,resp,hdfs:ws_user,ws_role |
logsearch.web.audit_logs.field.filterable.excludes | List of fields that will be excluded from filter selection on the UI for different audit components. | EMPTY | ambari:tag_str,resp,tag_str;RangerAudit:path,ip |
logsearch.web.audit_logs.field.filterable.excludes | Enable label fallback. (replace _ with spaces and capitalize properly) | true | false |
logsearch.web.audit_logs.field.labels | Map of fields (key-value pairs) labels for different component types. | EMPTY | ambari#reqUser:Ambari User,ws_response:Response;RangerAudit#reqUser:Req User |
logsearch.web.audit_logs.field.visible | List of fields that will be displayed by default on the UI for different audit components. | EMPTY | ambari:reqUser,resp;RangerAudit:reqUser,repo |
logsearch.web.labels.service_logs.field.fallback.prefixes | List of prefixes that should be removed during fallback of audit field labels. | ws_,std_ | ws_,std_,sdi_ |
logsearch.web.labels.service_logs.field.fallback.prefixes | List of prefixes that should be removed during fallback of service field labels. | ws_,sdi_,std_ | ws_,std_,sdi_ |
logsearch.web.labels.service_logs.field.fallback.suffixes | List of suffixes that should be removed during fallback of audit field labels. | _i,_l,_s,_b | _i,_l,_s,_b |
logsearch.web.labels.service_logs.field.fallback.suffixes | List of suffixes that should be removed during fallback of service field labels. | _i,_l,_s,_b | _i,_l,_s,_b |
logsearch.web.service_logs.component.labels | Map of serivce component labels. | EMPTY | ambari_agent:Ambari Agent,ambari_server:Ambari Servcer |
logsearch.web.service_logs.field.excludes | List of fields that will be excluded from metadata schema responses. | id,tags,text,message,seq_num,case_id,bundle_id,rowtype,event_count | seq_num,tag |
logsearch.web.service_logs.field.filterable.excludes | List of fields that will be excluded from filter selection on the UI. | EMPTY | path,method,logger_name |
logsearch.web.service_logs.field.labels | Map of serivce field labels. | log_message:Message,type:Component,logtime:Log Time,thread_name:Thread | log_message:Message,ip:IP Address |
logsearch.web.service_logs.field.visible | List of fields that will be displayed by default on the UI. | log_message,level,logtime,type | log_message,path,logtime |
logsearch.web.service_logs.group.labels | Map of serivce group labels | EMPTY | ambari:Ambari,yarn:YARN |