These docs are for v4. Click to read the latest docs for v2024.2.

JSON Configuration

Seq stores basic configuration data in Seq.json under the storage root path.

An example Seq.json file is shown below.

  "cache": {
    "systemRamTarget": 0.9
  "diagnostics": {
    "internalLogPath": "C:\\ProgramData\\Seq\\Logs\\",
    "internalLoggingLevel": "Information"
  "api": {
    "listenUris": [
  "storage": {
    "masterKey": "pmk.AQAAANCMnd8...czTLquKHNbg==$EGn+mjGa/e7qky0pXDZM1w=="

Seq will read Seq.json at startup, so changes to the values in this file require the Seq Windows service to be restarted.

The purposes of these values are as follows.


Seq uses RAM heavily to speed up query processing. On shared machines (or local developer workstations) it may be desirable to limit this behavior.

Specifying a smaller fractional value here (e.g. 0.5) will cause Seq to release memory once system memory usage surpasses the threshold (e.g. 50%).


Seq writes its internal logs to the path specified here. Note that this is independent of the storage path and must be configured explicitly, otherwise the default C:\ProgramData\Seq\Logs will be used.


This logging level (matching those used by Serilog may be useful when troubleshooting Seq.


Internal logging levels more verbose than Information may negatively impact system performance and consume significant disk resources.


This lists the URIs that Seq will listen on. Any localhost value is treated as a wildcard.

If Seq is being run as a restricted (non-administrative) Windows user, the seq install command must be used to change these values.

api.ingestionPort (3.3)

If present, only ingestion will be permitted on the specified (numeric) port.


Make sure that an entry for the port including the protocol and hostname to listen on is present in api.listenUris in addition to the ingestionPort setting.

api.corsAllowedOrigins (3.3)

If present, an array of origins from which the full API will be accessible using CORS. Note that this is not necessary for ingestion - events can always be sent to the ingestion endpoint using CORS.


This is the master encryption key used when creating backups or storing sensitive configuration information.

This value cannot be manipulated directly as DPAPI is used to protect the value stored in Seq.json. Use the seq.exe show-key command to retrieve the cleartext key for backup purposes.