Skip to main content
Skip table of contents

Configure the Data Indexer

  You must be logged in as an Administrator to take this action.


Whether your Data Indexer cluster is one node or 3 to 20 nodes, you only have to access the Configuration Manager on the Platform Manager.

Do not attempt to modify any configuration files manually. If you have any issues, contact LogRhythm Support.

To configure the Data Indexer:

  1. Open the Configuration Manager.
  2. On the left, click Data Indexers.
  3. To enable the Advanced View, on the bottom of the page, click Show.

  4. Modify or verify the following settings:

    Transporter
    Transporter Max Log Size (bytes)Maximum allowable size of a log, above which Transporter rejects the log
    Transporter Webserver PortPort number bound by the Transporter web server
    Transporter Route Handler Timer (sec)Maximum number of seconds that an indexing HTTP request lives before timing out
    Database Information
    Database User IDSQL user name used by the Data Indexer to connect to the LogRhythm database server
    Database PasswordSQL password used the Data Indexer to connect to the LogRhythm database server
    Elasticsearch Data PathFully qualified path where Elasticsearch stores cluster data; value of path.data
    GoMaintain

    GoMaintain TTL Logs (#indices)

    		Maximum number of logs indices to store. Default value is -1 to manage automatically based on available resources

    GoMaintain ForceMerge

    Periodic Elasticsearch defragmentation of indices to reduce heap consumption

    Potentially resource intensive.

    GoMaintain IndexManage Elasticsearch Sample Interval (sec)

    		Number of seconds between GoMaintain samples of Elasticsearch heap and disk utilization for index TTL management

    GoMaintain IndexManage Elasticsearch Samples (#samples)

    		Maximum number of accumulated samples before GoMaintain performs index TTL management

    GoMaintain IndexManage Disk HWM (%diskutil)

    		Maximum disk utilization above which GoMaintain performs index TTL management
    GoMaintain IndexManage Elasticsearch Heap HWM (%esheap)Maximum Elasticsearch heap usage (filtered) above which GoMaintain performs index TTL management
    Integrated Security
    Integrated SecurityEnable domain credential access and encryption for EMDB connections
    Carpenter

    Carpenter SQL Paging Size (#records)

    		The number of records per EMDB request used by Carpenter to sync metadata to Elasticsearch
    Carpenter EMDB Sync Interval (#minutes)The number of minutes between Carpenter metadata sync operations with the EMDB
    Enabling Warm Replicas
    Enable Warm ReplicasEnables replicas on warm indices when cluster has more than one DXW node

  5. Click Save after making changes to the configuration. You can also click Save in the Edit menu in the upper-left corner of the Configuration Manager.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close