Breadcrumbs

Configure the Data Indexer

  You must be logged in as an Administrator to take this action.


Whether your Data Indexer cluster is one node or 3 to 20 nodes, you only have to access the Configuration Manager on the Platform Manager.

Do not attempt to modify any configuration files manually. If you have any issues, contact LogRhythm Support.

To configure the Data Indexer:

  1. Open the Configuration Manager.

  2. On the left, click Data Indexers.

  3. To enable the Advanced View, on the bottom of the page, click Show.

  4. Modify or verify the following settings:

    Transporter


    Transporter Max Log Size (bytes)

    Maximum allowable size of a log, above which Transporter rejects the log

    Transporter Webserver Port

    Port number bound by the Transporter web server

    Transporter Route Handler Timer (sec)

    Maximum number of seconds that an indexing HTTP request lives before timing out

    Database Information


    Database User ID

    SQL user name used by the Data Indexer to connect to the LogRhythm database server

    Database Password

    SQL password used the Data Indexer to connect to the LogRhythm database server

    Elasticsearch Data Path

    Fully qualified path where Elasticsearch stores cluster data; value of path.data

    GoMaintain


    GoMaintain TTL Logs (#indices)

    Maximum number of logs indices to store. Default value is -1 to manage automatically based on available resources

    GoMaintain ForceMerge

    Periodic Elasticsearch defragmentation of indices to reduce heap consumption

    Potentially resource intensive.

    GoMaintain IndexManage Elasticsearch Sample Interval (sec)

    Number of seconds between GoMaintain samples of Elasticsearch heap and disk utilization for index TTL management

    GoMaintain IndexManage Elasticsearch Samples (#samples)

    Maximum number of accumulated samples before GoMaintain performs index TTL management

    GoMaintain IndexManage Disk HWM (%diskutil)

    Maximum disk utilization above which GoMaintain performs index TTL management

    GoMaintain IndexManage Elasticsearch Heap HWM (%esheap)

    Maximum Elasticsearch heap usage (filtered) above which GoMaintain performs index TTL management

    Integrated Security


    Integrated Security

    Enable domain credential access and encryption for EMDB connections

    Carpenter


    Carpenter SQL Paging Size (#records)

    The number of records per EMDB request used by Carpenter to sync metadata to Elasticsearch

    Carpenter EMDB Sync Interval (#minutes)

    The number of minutes between Carpenter metadata sync operations with the EMDB

    Enabling Warm Replicas


    Enable Warm Replicas

    Enables replicas on warm indices when cluster has more than one DXW node


  5. Click Save after making changes to the configuration. You can also click Save in the Edit menu in the upper-left corner of the Configuration Manager.