Server Configuration
Many Seq options can be configured through the Settings section of the web user interface. Lower-level settings, especially those that control the HTTP endpoint, or require a restart to be applied, are stored in the Seq.json configuration file, and manipulated using the seq config
command-line. Stop Seq before changing these settings.
The seq config
command-line
seq config
command-lineFrom an administrative command prompt on the Seq server, running seq config list
will list the available settings and their values:
seq config list
Docker syntax
The
seq config
commands can be invoked on the Docker container:docker run --rm -it -v <volume> datalust/seq config list
or, within init scripts via
seqsvr
, e.g.seqsvr config list
.
Setting values can be changed with seq config set
by specifying the setting name and value:
seq config set -k api.listenUris -v https://example.com,https://example.com:45341
seq config clear -k storage.queryParallelism
seq service restart
Settings that accept multiple values can be specified by listing values separated by a comma ,
.
Values can be reset to their defaults using seq config clear
and the setting name. The details of these commands are listed in the Server Command Line documentation.
Seq reads settings Seq.json at startup, so the Seq service must be restarted for changes to take effect.
Environment variable overrides
Each setting value can be overridden at runtime by specifying an environment variable of the form SEQ_<setting path>
, where <setting path>
contains one element for each dotted segment of the setting name, separated by underscores.
For example the setting api.listenUris
can overridden with the SEQ_API_LISTENURIS
variable.
Secret Store overrides
Some setting values, for example, certificates.defaultPassword
, metastore.postgres.connectionString
, or metastore.msSql.connectionString
, should not be stored in plain text.
Seq provides the secret set
command as an alternative to config set
for this purpose:
echo p@ssw0rd | seq secret set -k certificates.defaultPassword --value-stdin
The --value-stdin
parameter avoids leaving sensitive information in the shell command history, or exposing it to other privileged processes via the seq
process's command-line.
The secret set
command encrypts values using the secret key and stores them in Secrets/
. Secret Store values are applied last, so they will override values in Seq.json
as well as any values supplied in environment variables.
In Docker
To load values into the secret store under Docker, call
seqsrv secret set
from an init script. The script can pull the secret value from an external store, or read it from a file alongside the script which the script can delete after reading.
Settings
Settings can be viewed and updated from the command-line using the seq config
commands. Settings also support overrides in environment variables and the secret store. The matching environment variable name for each setting is shown in the detailed documentation below.
api.canonicalUri
api.canonicalUri
The address that the server can be accessed on externally. If specified, Seq will assume that all requests are served under this URL, all inbound links and redirects Seq generates will be based on this URL.
The value can be overridden using the SEQ_API_CANONICALURI
environment variable.
api.corsAllowedOrigins
api.corsAllowedOrigins
Origins from which the full API will be accessible using CORS. Note that this is not necessary for ingestion - events can always be sent to the ingestion endpoint using CORS.
The value can be overridden using the SEQ_API_CORSALLOWEDORIGINS
environment variable.
api.frameAncestors
api.frameAncestors
Value of the content security policy frame-ancestors directive. Comma-delimited list of hosts that are allowed to embed the Seq UI within an iframe
.
The value can be overridden using the SEQ_API_FRAMEANCESTORS
environment variable.
api.globalQueueLimit
api.globalQueueLimit
The maximum number of waiting API requests to queue. This setting has no effect unless GlobalRateLimit
is also set.
The value can be overridden using the SEQ_API_GLOBALQUEUELIMIT
environment variable.
api.globalRateLimit
api.globalRateLimit
The maximum number of concurrent API requests to allow
The value can be overridden using the SEQ_API_GLOBALRATELIMIT
environment variable.
api.hardSessionExpirySeconds
api.hardSessionExpirySeconds
If non-null, this will override the various session expiry timeouts used by the different authentication providers. The initial value is null (no additional hard session expiry override).
The value can be overridden using the SEQ_API_HARDSESSIONEXPIRYSECONDS
environment variable.
api.hstsIncludeSubDomains
api.hstsIncludeSubDomains
The includeSubdomains
field set in the HSTS header, if enabled.
The value can be overridden using the SEQ_API_HSTSINCLUDESUBDOMAINS
environment variable.
api.hstsMaxAge
api.hstsMaxAge
The max-age
specified in the HSTS header in seconds, if enabled. The initial value is 31536000 (365 days).
The value can be overridden using the SEQ_API_HSTSMAXAGE
environment variable.
api.idleSessionExpirySeconds
api.idleSessionExpirySeconds
If non-null, this will set an expiry timeout that will revoke user sessions after a period of inactivity. The initial value is 172800 (48 hours).
The value can be overridden using the SEQ_API_IDLESESSIONEXPIRYSECONDS
environment variable.
api.ingestionPort
api.ingestionPort
Maintained for compatibility reasons. New configurations should use api.ingestionPorts
.
The value can be overridden using the SEQ_API_INGESTIONPORT
environment variable.
api.ingestionPorts
api.ingestionPorts
The ports that the server will limit to event ingestion.Note that corresponding entries (with the same ports) must also exist in api.listenUris
.
The value can be overridden using the SEQ_API_INGESTIONPORTS
environment variable.
api.ingestQueueLimit
api.ingestQueueLimit
The maximum number of waiting ingestion requests to queue. This setting has no effect unless IngestRateLimit
is also set.
The value can be overridden using the SEQ_API_INGESTQUEUELIMIT
environment variable.
api.ingestRateLimit
api.ingestRateLimit
The maximum number of concurrent ingestion requests to allow
The value can be overridden using the SEQ_API_INGESTRATELIMIT
environment variable.
api.integratedAuthenticationScheme
api.integratedAuthenticationScheme
Windows: The authentication scheme used for Windows authentication. IntegratedWindowsAuthentication
(the default) and Negotiate
are supported.
The value can be overridden using the SEQ_API_INTEGRATEDAUTHENTICATIONSCHEME
environment variable.
api.listenUris
api.listenUris
The addresses that the server will listen on. The first entry listed will be used as the default when generating URIs for apps and notifications unless overriden by api.canonicalUri
.
The value can be overridden using the SEQ_API_LISTENURIS
environment variable.
api.minRequestBodyDataRateBytesPerSecond
api.minRequestBodyDataRateBytesPerSecond
The minimum request body data rate in bytes/second. The default is 240 bytes/second. Clear this setting todisable the limit entirely. Not supported when using HTTP.sys on Windows.
The value can be overridden using the SEQ_API_MINREQUESTBODYDATARATEBYTESPERSECOND
environment variable.
api.minRequestBodyDataRateGracePeriodMilliseconds
api.minRequestBodyDataRateGracePeriodMilliseconds
The time limit within which the client must increase its request body data rate up to the minimum. The default is 5000 (5 seconds). Not supported when using HTTP.sys on Windows.
The value can be overridden using the SEQ_API_MINREQUESTBODYDATARATEGRACEPERIODMILLISECONDS
environment variable.
api.queryQueueLimit
api.queryQueueLimit
The maximum number of waiting query requests to queue. This setting has no effect unless QueryRateLimit
is also set.
The value can be overridden using the SEQ_API_QUERYQUEUELIMIT
environment variable.
api.queryRateLimit
api.queryRateLimit
The maximum number of concurrent query requests to allow
The value can be overridden using the SEQ_API_QUERYRATELIMIT
environment variable.
api.redirectHttpToHttps
api.redirectHttpToHttps
Whether to redirect HTTP requests to the first HTTPS endpoint listed in api.listenUris
. If set to True
, the HSTS header will also be set.
The value can be overridden using the SEQ_API_REDIRECTHTTPTOHTTPS
environment variable.
api.webServer
api.webServer
Windows: The web server that will host the API. Allowed values are HttpSys
(HTTP.sys, the default) and Kestrel
. OpenTelemetry ingestion requires Kestrel
for gRPC support. Integrated Windows Authentication requires HttpSys
.
Supported values are:
HttpSys
- The Windows HTTP.sys web server.Kestrel
- The Kestrel web server.
The value can be overridden using the SEQ_API_WEBSERVER
environment variable.
appHost.executionPolicy
appHost.executionPolicy
Control whether installed Seq Apps packages can be executed. This setting is provided as an additional defensive security measure for high-sensitivity environments. The default is to allow installed apps to be executed.
Supported values are:
AllowAll
- Allow execution of installed apps.Disallow
- Disallow execution of installed apps.
The value can be overridden using the SEQ_APPHOST_EXECUTIONPOLICY
environment variable.
appHost.installPolicy
appHost.installPolicy
Control whether Seq App packages can be installed from configured feeds. This setting is provided as an additional defensive security measure for high-sensitivity environments. The default is to allow new packages to be installed.
Supported values are:
AllowAll
- Allow installation of new app packages.Disallow
- Disallow the installation of any new app packages.
The value can be overridden using the SEQ_APPHOST_INSTALLPOLICY
environment variable.
audit.auditPath
audit.auditPath
The fully-qualified local path where Seq should write audit files. Filenames have the form seq-audit-YYYYMMDD-SESSION.ndjson
, where YYYYMMDD
is the file creation year, month, and day (UTC), and SESSION
is the unique audit session identifier.
The value can be overridden using the SEQ_AUDIT_AUDITPATH
environment variable.
audit.auditServerApiKey
audit.auditServerApiKey
API key for the audit server. Should be supplied if AuditServerUrl
is configured.
The value can be overridden using the SEQ_AUDIT_AUDITSERVERAPIKEY
environment variable.
audit.auditServerUrl
audit.auditServerUrl
The address of a second Seq instance to receive audit logs. The URL should use the https
scheme.
The value can be overridden using the SEQ_AUDIT_AUDITSERVERURL
environment variable.
certificates.certificatesPath
certificates.certificatesPath
Optionally, a folder to search for certificate files; if not specified, Certificates/
under thestorage root will be used.
The value can be overridden using the SEQ_CERTIFICATES_CERTIFICATESPATH
environment variable.
certificates.defaultPassword
certificates.defaultPassword
The default password used when decrypting encoded certificate bundles (.pfx
files).
The value can be overridden using the SEQ_CERTIFICATES_DEFAULTPASSWORD
environment variable.
diagnostics.internalLoggingLevel
diagnostics.internalLoggingLevel
Seq's own internal logging level. Modifying this value may cause significantly higher I/O load and is not recommended. The default is Information
.
The value can be overridden using the SEQ_DIAGNOSTICS_INTERNALLOGGINGLEVEL
environment variable.
diagnostics.internalLogPath
diagnostics.internalLogPath
The location for Seq's own internal log files.
The value can be overridden using the SEQ_DIAGNOSTICS_INTERNALLOGPATH
environment variable.
diagnostics.internalLogServerApiKey
diagnostics.internalLogServerApiKey
API key for the internal log server.
The value can be overridden using the SEQ_DIAGNOSTICS_INTERNALLOGSERVERAPIKEY
environment variable.
diagnostics.internalLogServerUrl
diagnostics.internalLogServerUrl
Send Seq's internal logs to another Seq server.
The value can be overridden using the SEQ_DIAGNOSTICS_INTERNALLOGSERVERURL
environment variable.
diagnostics.metricsSamplingIntervalSeconds
diagnostics.metricsSamplingIntervalSeconds
Interval (seconds) at which Seq will write metrics information to its internal log file.
The value can be overridden using the SEQ_DIAGNOSTICS_METRICSSAMPLINGINTERVALSECONDS
environment variable.
diagnostics.nativeStorageMetricsSamplingIntervalMinutes
diagnostics.nativeStorageMetricsSamplingIntervalMinutes
Interval (minutes) at which Seq will write native storage metrics to its internal log file.
The value can be overridden using the SEQ_DIAGNOSTICS_NATIVESTORAGEMETRICSSAMPLINGINTERVALMINUTES
environment variable.
diagnostics.telemetryServerUrl
diagnostics.telemetryServerUrl
Send Seq's error telemetry (if enabled) to another Seq server.
The value can be overridden using the SEQ_DIAGNOSTICS_TELEMETRYSERVERURL
environment variable.
features.enabled
features.enabled
The non-default features enabled on the Seq instance.
The value can be overridden using the SEQ_FEATURES_ENABLED
environment variable.
firstRun.adminPassword
firstRun.adminPassword
A less-secure, convenience alternative to the firstRun.adminPasswordHash
setting, which overrides this setting when present. A plain text password for the administrator account, ignored after the first time Seq is run. Leading and trailing whitespace in the value will be trimmed.
The value can be overridden using the SEQ_FIRSTRUN_ADMINPASSWORD
environment variable.
firstRun.adminPasswordHash
firstRun.adminPasswordHash
A salted, cryptographically-hashed, Base64-encoded default password for the administrator account, ignored after the first time Seq is run. Use seq config hash
to compute a value that can be stored in this setting. Alternatively, consider using the --default-admin-password-stdin
argument to the seq run
command. The default when no password is supplied is to not enable authentication.
The value can be overridden using the SEQ_FIRSTRUN_ADMINPASSWORDHASH
environment variable.
firstRun.adminUsername
firstRun.adminUsername
A default username for the administrator account, ignored after the first time Seq is run. The default is admin
.
The value can be overridden using the SEQ_FIRSTRUN_ADMINUSERNAME
environment variable.
firstRun.requireAuthenticationForHttpIngestion
firstRun.requireAuthenticationForHttpIngestion
If true
, API keys or user authentication will be required for HTTP/S ingestion; ignored after thefirst time Seq is run.
The value can be overridden using the SEQ_FIRSTRUN_REQUIREAUTHENTICATIONFORHTTPINGESTION
environment variable.
metastore.msSql.connectionString
metastore.msSql.connectionString
A connection string for the Microsoft SQL Server/Azure SQL instance into which metadata will be stored. If null
,local metadata storage will be used. The default is null
.
The value can be overridden using the SEQ_METASTORE_MSSQL_CONNECTIONSTRING
environment variable.
metastore.msSql.msiResource
metastore.msSql.msiResource
If the connection must use an Azure Managed Service Identity, the resource for which to request an access token; normally this will be https://database.windows.net/
; the default is to not use an Azure MSI.
The value can be overridden using the SEQ_METASTORE_MSSQL_MSIRESOURCE
environment variable.
metastore.msSql.msiTenantId
metastore.msSql.msiTenantId
If using an Azure Managed Service Identity and the identity has access to multiple tenants, the tenant id; the default is to not specify a tenant id.
The value can be overridden using the SEQ_METASTORE_MSSQL_MSITENANTID
environment variable.
metastore.msSql.schema
metastore.msSql.schema
The name of the schema under which Seq should store metadata. The default is dbo
.
The value can be overridden using the SEQ_METASTORE_MSSQL_SCHEMA
environment variable.
metastore.postgres.connectionString
metastore.postgres.connectionString
A connection string for the PostgreSQL instance into which metadata will be stored. If null
,local metadata storage will be used. The default is null
.
The value can be overridden using the SEQ_METASTORE_POSTGRES_CONNECTIONSTRING
environment variable.
metastore.postgres.schema
metastore.postgres.schema
The name of the schema under which Seq should store metadata. The default is seq
.
The value can be overridden using the SEQ_METASTORE_POSTGRES_SCHEMA
environment variable.
process.workingSetLimitBytes
process.workingSetLimitBytes
Windows: the maximum working set that may be consumed by the Seq process, in bytes. The default is no limit.
The value can be overridden using the SEQ_PROCESS_WORKINGSETLIMITBYTES
environment variable.
runtime.expressionNestingLimit
runtime.expressionNestingLimit
The nesting limit applied to expressions in queries and filters. Higher values may allow very complex queries to cause server crashes. The default is platform-dependent.
The value can be overridden using the SEQ_RUNTIME_EXPRESSIONNESTINGLIMIT
environment variable.
runtime.nativeExpressionNestingLimit
runtime.nativeExpressionNestingLimit
The nesting limit applied to expressions in queries and filters executed in the underlying storage engine. Higher values may allow very complex queries to cause server crashes. The default is based on runtime.expressionNestingLimit
(SEQ_RUNTIME_EXPRESSIONNESTINGLIMIT
).
The value can be overridden using the SEQ_RUNTIME_NATIVEEXPRESSIONNESTINGLIMIT
environment variable.
secretKey.provider
secretKey.provider
An executable that will write the Base64-encoded secret key to STDOUT
when invoked. If specified, this will override the secret key found in Seq.json
or any environment variables.
The value can be overridden using the SEQ_SECRETKEY_PROVIDER
environment variable.
secretKey.providerArgs
secretKey.providerArgs
Command-line arguments to pass to the secret key provider executable, if configured.
The value can be overridden using the SEQ_SECRETKEY_PROVIDERARGS
environment variable.
services.servicesBaseUri
services.servicesBaseUri
The base URL Seq uses for service discovery, if enabled. The default is https://datalust.co
.
The value can be overridden using the SEQ_SERVICES_SERVICESBASEURI
environment variable.
storage.disableFreeDiskSpaceChecking
storage.disableFreeDiskSpaceChecking
Disable free disk space checking for filesystems where it may be very inefficient or unnecessary. If checking is disabled Seq can't protect from running out of disk space.
The value can be overridden using the SEQ_STORAGE_DISABLEFREEDISKSPACECHECKING
environment variable.
storage.flare.concurrentReaderLimit
storage.flare.concurrentReaderLimit
The maximum number of read queries that can concurrently execute within the storage engine. Increasing this value can improve throughput, at the expense of additional risk of stampedes causingservice instability. The default is 5.
The value can be overridden using the SEQ_STORAGE_FLARE_CONCURRENTREADERLIMIT
environment variable.
storage.flare.indexerPriority
storage.flare.indexerPriority
The priority assigned to storage management and indexing; the default value 0 will cause all required management tasks to proceed normally. Higher values represent the fraction of maintenance time during which these tasks should yield.
The value can be overridden using the SEQ_STORAGE_FLARE_INDEXERPRIORITY
environment variable.
storage.flare.readerParallelismLimit
storage.flare.readerParallelismLimit
The maximum number of storage engine threads to create for each parallel query. The default is calculated from available system resources.
The value can be overridden using the SEQ_STORAGE_FLARE_READERPARALLELISMLIMIT
environment variable.
storage.maximumFutureTimestampDriftSeconds
storage.maximumFutureTimestampDriftSeconds
The future time difference allowed between the server clock and incoming event timestamps, before server timestamps will be used. This setting prevents performance and usability problems associated with far-future event timestamps. Past timestamps are always accepted as-is. The default is 3420 (57 minutes); clear this setting to accept all future timestamps.
The value can be overridden using the SEQ_STORAGE_MAXIMUMFUTURETIMESTAMPDRIFTSECONDS
environment variable.
storage.secretKey
storage.secretKey
The encryption key used to protect secrets and sensitive values in the Seq metadata store.
Windows: this value is itself encrypted and must be retrieved using the seq show-key
command for secure backup.
Linux/macOS: this value is stored unencrypted in Seq.json
; use the SEQ_STORAGE_SECRETKEY
variable for improved confidentiality, or configure secretKey.provider
.
The value can be overridden using the SEQ_STORAGE_SECRETKEY
environment variable.
Seq.json
Example
Seq.json
ExampleAn example Seq.json
configuration file is shown below.
{
"api": {
"ingestionPorts": [
45341
],
"canonicalUri": null,
"corsAllowedOrigins": [],
"frameAncestors": [],
"hardSessionExpirySeconds": null,
"hstsIncludeSubDomains": false,
"hstsMaxAge": 31536000,
"idleSessionExpirySeconds": 172800,
"ingestionPort": null,
"integratedAuthenticationScheme": null,
"listenUris": [
"https://seq.example.com",
"https://seq.example.com:45341"
],
"redirectHttpToHttps": false,
"minRequestBodyDataRateBytesPerSecond": 240.0,
"minRequestBodyDataRateGracePeriodMilliseconds": 5000,
"webServer": null,
"globalRateLimit": null,
"globalQueueLimit": null,
"ingestRateLimit": null,
"ingestQueueLimit": null,
"queryRateLimit": null,
"queryQueueLimit": null
},
"appHost": {
"installPolicy": null,
"executionPolicy": null
},
"audit": {
"auditServerUrl": null,
"auditServerApiKey": null,
"auditPath": null
},
"certificates": {
"certificatesPath": null,
"defaultPassword": null
},
"diagnostics": {
"internalLogPath": null,
"internalLoggingLevel": "Information",
"internalLogServerApiKey": null,
"internalLogServerUrl": null,
"metricsSamplingIntervalSeconds": 300,
"nativeStorageMetricsSamplingIntervalMinutes": 60,
"telemetryServerUrl": null
},
"features": {
"enabled": []
},
"firstRun": {
"adminPasswordHash": null,
"adminPassword": null,
"adminUsername": null,
"requireAuthenticationForHttpIngestion": false
},
"metastore": {
"msSql": {
"connectionString": null,
"msiResource": null,
"msiTenantId": null,
"schema": null
},
"postgres": {
"connectionString": null,
"schema": null
}
},
"process": {
"workingSetLimitBytes": null
},
"runtime": {
"expressionNestingLimit": null,
"nativeExpressionNestingLimit": null
},
"secretKey": {
"provider": null,
"providerArgs": null
},
"services": {
"servicesBaseUri": null
},
"storage": {
"secretKey": "pmk.uvCM0+giLUmW+R1Ecsw2/Q==",
"flare": {
"concurrentReaderLimit": null,
"readerParallelismLimit": null,
"indexerPriority": 0.0
},
"disableFreeDiskSpaceChecking": false,
"maximumFutureTimestampDriftSeconds": 3420
}
}
Updated 8 months ago