Configuration Reference
This page lists the available configurations in Lenses.
Basics
Reference documentation of all configuration and authentication options:
Set in lenses.conf
Key | Description | Default | Type | Required |
---|---|---|---|---|
lenses.ip | Bind HTTP at the given endpoint. Use in conjunction with | 0.0.0.0 | string | no |
lenses.port | The HTTP port to listen for API, UI and WS calls | 9991 | int | no |
lenses.jmx.port | Bind JMX port to enable monitoring Lenses | int | no | |
lenses.root.path | The path from which all the Lenses URLs are served | string | no | |
lenses.secret.file | The full path to | security.conf | string | no |
lenses.sql.execution.mode | Streaming SQL mode | IN_PROC | string | no |
lenses.offset.workers | Number of workers to monitor topic offsets | 5 | int | no |
lenses.telemetry.enable | Enable telemetry data collection | true | boolean | no |
lenses.kafka.control.topics | An array of topics to be treated as “system topics” | list | array | no |
lenses.grafana | Add your Grafana url i.e. http://grafanahost:port | string | no | |
lenses.api.response.cache.enable | If enabled, it disables client cache on the Lenses API HTTP responses by adding these HTTP Headers: | false | boolean | no |
lenses.workspace | Directory to write temp files. If write access is denied, Lenses will fallback to | /run | string | no |
Default system topics
System or control topics are created by services for their internal use. Below is the list of built-in configurations to identify them.
_schemas
__consumer_offsets
_kafka_lenses_
lsql_*
lsql-*
__transaction_state
__topology
__topology__metrics
_confluent*
*-KSTREAM-*
*-TableSource-*
*-changelog
__amazon_msk*
Wildcard (*
) is used to match any name in the path to capture a list of topics not just one. When the wildcard is not specified, Lenses matches on the entry name provided.
Security
Set in security.conf
TLS
Key | Description | Default |
---|---|---|
lenses.access.control.allow.methods | HTTP verbs allowed in cross-origin HTTP requests |
|
lenses.access.control.allow.origin | Allowed hosts for cross-origin HTTP requests |
|
lenses.allow.weak.ssl | Allow |
|
lenses.ssl.keystore.location | The full path to the keystore file used to enable TLS on Lenses port | |
lenses.ssl.keystore.password | Password for the keystore file | |
lenses.ssl.key.password | Password for the ssl certificate used | |
lenses.ssl.enabled.protocols | Version of TLS protocol to use |
|
lenses.ssl.algorithm | X509 or PKIX algorithm to use for TLS termination |
|
lenses.ssl.cipher.suites | Comma separated list of ciphers allowed for TLS negotiation |
LDAP
LDAP or AD connectivity is optional. All settings are string.
Set in security.conf
Key | Description | Default |
---|---|---|
lenses.security.ldap.url | LDAP server URL (TLS, StartTLS and unencrypted supported) | |
lenses.security.ldap.user | LDAP user account. Must be able to list users and their groups. The distinguished name (DN) must be used | |
lenses.security.ldap.password | LDAP account password | |
lenses.security.ldap.base | LDAP base path for querying user accounts. All user accounts that will be able to access Lenses should be under this path | |
lenses.security.ldap.filter | LDAP query filter for matching users. Lenses will request all entries under the base path that satisfy this filter. The result should be unique |
|
lenses.security.ldap.plugin.class | Full classpath that implements the LDAP query for the user’s groups. You can use the implementation that comes with Lenses if your LDAP setup is supported | |
lenses.security.ldap.plugin.memberof.key | LDAP user attribute that provides memberOf information. In most implementations the attribute has the same name, so you don’t have to set anything. Used by the default plugin |
|
lenses.security.ldap.plugin.group.extract.regex | A regular expression to extract a part of the user’s groups. If this part matches a Lenses group, the user will be granted all the permissions of this group. Lenses checks against the list of memberOf attribute values and uses the first regex group that is returned |
|
lenses.security.ldap.plugin.person.name.key | This key is used by the included LDAP plugin class LdapMemberOfUserGroupPlugin. It expects the LDAP user attribute that provides the full name of the user |
|
An additional configuration setting lenses.security.ldap.use.service.user.search
when set to true will use the lenses.security.ldap.user
account to read the groups of the currently logged user. The default behaviour (false) uses the currently logged user to read group memberships.
SSO SAML
Set in security.conf
Key | Description | Default |
---|---|---|
lenses.security.saml.base.url | Lenses HTTPS URL that matches the Service Provider (SP) and part of the Identity Provider (IdP) SAML handshake i.e. | |
lenses.security.saml.sp.entityid | SAML Service Provider (SP) Entity ID for Lenses, used as part of the SAML handshake protocol. | |
lenses.security.saml.idp.provider | The Identity Provider (IdP) type: | |
lenses.security.saml.idp.metadata.file | Path to XML file provided by the Identity Provider. e.g. /path/to/saml-idp.xml | |
lenses.security.saml.idp.session.lifetime.max | The maximum “duration since login” to accept from IdP. A SAML safety measure that is usually not used. See the duration syntax. |
|
lenses.security.saml.keystore.location | Location for the Java keystore file to be used for SAML crypto i.e. | |
lenses.security.saml.keystore.password | Password for accessing the keystore | |
lenses.security.saml.key.alias | Alias to use for the private key within the keystore (only required when the keystore has multiple keys) | |
lenses.security.saml.key.password | Password for accessing the private key within the keystore |
Kerberos
Key | Description | Default |
---|---|---|
lenses.security.kerberos.service.principal | The Kerberos principal for Lenses to use in the SPNEGO form: | |
lenses.security.kerberos.keytab | Path to Kerberos keytab with the service principal. It should not be password protected | |
lenses.security.kerberos.debug | Enable Java’s JAAS debugging information |
|
Persistent storage
Common
Key | Description | Default | Type | Required |
---|---|---|---|---|
lenses.storage.hikaricp.[*] | To pass additional properties to HikariCP connection pool | no |
H2
Key | Description | Default | Type | Required |
---|---|---|---|---|
lenses.storage.directory | The full path to a directory for Lenses to use for persistence |
| string | no |
Postgres
Set in security.conf
Key | Description | Default | Type | Required |
---|---|---|---|---|
lenses.storage.postgres.host | Host of PostgreSQL server for Lenses to use for persistence | string | no | |
lenses.storage.postgres.port | Port of PostgreSQL server for Lenses to use for persistence |
| integer | no |
lenses.storage.postgres.username | Username for PostgreSQL database user | string | no | |
lenses.storage.postgres.password | Password for PostgreSQL database user | string | no | |
lenses.storage.postgres.database | PostgreSQL database name for Lenses to use for persistence | string | no | |
lenses.storage.postgres.schema | PostgreSQL schema name for Lenses to use for persistence |
| string | no |
lenses.storage.postgres.properties.[*] | To pass additional properties to PostgreSQL JDBC driver | no |
Schema registries
Set in lenses.conf
If the records schema is centralized, the connectivity to Schema Registry nodes is defined by a Lenses Connection.
There are two static config entries to enable/disable the deletion of schemas:
Key | Description | Type |
---|---|---|
lenses.schema.registry.delete | Allow schemas to be deleted. Default is | boolean |
lenses.schema.registry.cascade.delete | Deletes associated schemas when a topic is deleted. Default is | boolean |
Deployments
Set in lenses.conf
Options for specific deployment targets:
Global options
Kubernetes
Global options
Common settings, independently of the underlying deployment target:
Key | Description | Default |
---|---|---|
lenses.deployments.events.buffer.size | Buffer size for events coming from Deployment targets such as Kubernetes |
|
lenses.deployments.errors.buffer.size | Buffer size for errors happening on the communication between Lenses and the Deployment targets such as Kubernetes |
|
Kubernetes
Kubernetes connectivity is optional. Minimum supported K8 version 0.11.10. All settings are string.
Set in lenses.conf
Key | Description | Default |
---|---|---|
lenses.kubernetes.processor.image.name | The url for the streaming SQL Docker for K8 |
|
lenses.kubernetes.processor.image.tag | The version/tag of the above container |
|
lenses.kubernetes.config.file | The path for the |
|
lenses.kubernetes.pull.policy | Pull policy for K8 containers: |
|
lenses.kubernetes.service.account | The service account for deployments. Will also pull the image |
|
lenses.kubernetes.init.container.image.name | The docker/container repository url and name of the Init Container image used to deploy applications to Kubernetes |
|
lenses.kubernetes.init.container.image.tag | The tag of the Init Container image used to deploy applications to Kubernetes |
|
lenses.kubernetes.watch.reconnect.limit | How many times to reconnect to Kubernetes Watcher before considering the cluster unavailable |
|
lenses.kubernetes.watch.reconnect.interval | How often to wait between Kubernetes Watcher reconnection attempts expressed in milliseconds |
|
lenses.kubernetes.websocket.timeout | How long to wait for a Kubernetes Websocket response expressed in milliseconds |
|
lenses.kubernetes.websocket.ping.interval | How often to ping Kubernetes Websocket to check it’s alive expressed in milliseconds |
|
lenses.kubernetes.pod.heap | The max amount of memory the underlying Java process will use |
|
lenses.kubernetes.pod.min.heap | The initial amount of memory the underlying Java process will allocate |
|
lenses.kubernetes.pod.mem.request | The value will control how much memory resource the Pod Container will request |
|
lenses.kubernetes.pod.mem.limit | The value will control the Pod Container memory limit |
|
lenses.kubernetes.pod.cpu.request | The value will control how much cpu resource the Pod Container will request |
|
lenses.kubernetes.pod.cpu.limit | The value will control the Pod Container cpu limit |
|
lenses.kubernetes.namespaces | Object setting a list of Kubernetes namespaces that Lenses will see for each of the specified and configured cluster |
|
lenses.kubernetes.pod.liveness.initial.delay | Amount of time Kubernetes will wait to check Processor’s health for the first time. It can be expressed like 30 second, 2 minute or 3 hour, mind the time unit is singular |
|
lenses.deployments.events.buffer.size | Buffer size for events coming from Deployment targets such as Kubernetes |
|
lenses.deployments.errors.buffer.size | Buffer size for errors happening on the communication between Lenses and the Deployment targets such as Kubernetes |
|
lenses.kubernetes.config.reload.interval | Time interval to reload the Kubernetes configuration file. Expressed in milliseconds. |
|
SQL snapshot (Explore & Studio)
Optimization settings for SQL queries.
Set in lenses.conf
Key | Description | Type | Default |
---|---|---|---|
lenses.sql.settings.max.size | Restricts the max bytes that a kafka sql query will return | long |
|
lenses.sql.settings.max.query.time | Max time (in msec) that a sql query will run | int |
|
lenses.sql.settings.max.idle.time | Max time (in msec) for a query when it reaches the end of the topic | int |
|
lenses.sql.settings.show.bad.records | By default show bad records when querying a kafka topic | boolean |
|
lenses.sql.settings.format.timestamp | By default convert AVRO date to human readable format | boolean |
|
lenses.sql.settings.live.aggs | By default allow aggregation queries on kafka data | boolean |
|
lenses.sql.sample.default | Number of messages to sample when live tailing a kafka topic | int |
|
lenses.sql.sample.window | How frequently to sample messages when tailing a kafka topic | int |
|
lenses.sql.websocket.buffer | Buffer size for messages in a SQL query | int |
|
lenses.metrics.workers | Number of workers for parallelising SQL queries | int |
|
lenses.kafka.ws.buffer.size | Buffer size for WebSocket consumer | int |
|
lenses.kafka.ws.max.poll.records | Max number of kafka messages to return in a single poll() | long |
|
lenses.sql.state.dir | Folder to store KStreams state. | string |
|
lenses.sql.udf.packages | The list of allowed java packages for UDFs/UDAFs | array of strings |
|
Lenses internal Kafka topics
Lenses requires these Kafka topics to be available, otherwise, it will try to create them. The topics can be created manually before Lenses is run, or allow Lenses the correct Kafka ACLs to create the topics:
Set in lenses.conf
Key | Description | Partition | Replication | Default | Compacted | Retention |
---|---|---|---|---|---|---|
lenses.topics.external.topology | Topic for applications to publish their topology |
|
|
| yes | N/A |
lenses.topics.external.metrics | Topic for external application to publish their metrics |
|
|
| no | 1 day |
lenses.topics.metrics | Topic for SQL Processor to send the metrics |
|
|
| no |
To allow for fine-grained control over the replication factor of the three topics, the following settings are available:
Key | Description | Default |
---|---|---|
lenses.topics.replication.external.topology | Replication factor for the | 1 |
lenses.topics.replication.external.metrics | Replication factor for the | 1 |
lenses.topics.replication.metrics | Replication factor for the | 1 |
When configuring the replication factor for your deployment, it's essential to consider the requirements imposed by your cloud provider. Many cloud providers enforce a minimum replication factor to ensure data durability and high availability. For example, IBM Cloud mandates a minimum replication factor of 3. Therefore, it's crucial to set the replication factor for the Lenses internal topics to at least 3 when deploying Lenses on IBM Cloud.
Advanced
All time configuration options are in milliseconds.
Set in lenses.conf
Key | Description | Type | Default |
---|---|---|---|
lenses.interval.summary | How often to refresh kafka topic list and configs | long |
|
lenses.interval.consumers.refresh.ms | How often to refresh kafka consumer group info | long |
|
lenses.interval.consumers.timeout.ms | How long to wait for kafka consumer group info to be retrieved | long |
|
lenses.interval.partitions.messages | How often to refresh kafka partition info | long |
|
lenses.interval.type.detection | How often to check kafka topic payload info | long |
|
lenses.interval.user.session.ms | How long a client-session stays alive if inactive (4 hours) | long |
|
lenses.interval.user.session.refresh | How often to check for idle client sessions | long |
|
lenses.interval.topology.topics.metrics | How often to refresh topology info | long |
|
lenses.interval.schema.registry.healthcheck | How often to check the schema registries health | long |
|
lenses.interval.schema.registry.refresh.ms | How often to refresh schema registry data | long |
|
lenses.interval.metrics.refresh.zk | How often to refresh ZK metrics | long |
|
lenses.interval.metrics.refresh.sr | How often to refresh Schema Registry metrics | long |
|
lenses.interval.metrics.refresh.broker | How often to refresh Kafka Broker metrics | long |
|
lenses.interval.metrics.refresh.connect | How often to refresh Kafka Connect metrics | long |
|
lenses.interval.metrics.refresh.brokers.in.zk | How often to refresh from ZK the Kafka broker list | long |
|
lenses.interval.topology.timeout.ms | Time period when a metric is considered stale | long |
|
lenses.interval.audit.data.cleanup | How often to clean up dataset view entries from the audit log | long |
|
lenses.audit.to.log.file | Path to a file to write audits to in JSON format. | string | |
lenses.interval.jmxcache.refresh.ms | How often to refresh the JMX cache used in the Explore page | long |
|
lenses.interval.jmxcache.graceperiod.ms | How long to pause for when a JMX connectity error occurs | long |
|
lenses.interval.jmxcache.timeout.ms | How long to wait for a JMX response | long |
|
lenses.interval.sql.udf | How often to look for new UDF/UDAF (user defined [aggregate] functions) | long |
|
lenses.kafka.consumers.batch.size | How many consumer groups to retrieve in a single request | Int |
|
lenses.kafka.ws.heartbeat.ms | How often to send heartbeat messages in TCP connection | long |
|
lenses.kafka.ws.poll.ms | Max time for kafka consumer data polling on WS APIs | long |
|
lenses.kubernetes.config.reload.interval | Time interval to reload the Kubernetes configuration file. | long |
|
lenses.kubernetes.watch.reconnect.limit | How many times to reconnect to Kubernetes Watcher before considering the cluster unavailable | long |
|
lenses.kubernetes.watch.reconnect.interval | How often to wait between Kubernetes Watcher reconnection attempts | long |
|
lenses.kubernetes.websocket.timeout | How long to wait for a Kubernetes Websocket response | long |
|
lenses.kubernetes.websocket.ping.interval | How often to ping Kubernetes Websocket to check it’s alive | long |
|
lenses.akka.request.timeout.ms | Max time for a response in an Akka Actor | long |
|
lenses.sql.monitor.frequency | How often to emit healthcheck and performance metrics on Streaming SQL | long |
|
lenses.audit.data.access | Record dataset access as audit log entries | boolean |
|
lenses.audit.data.max.records | How many dataset view entries to retain in the audit log. Set to | int |
|
lenses.explore.lucene.max.clause.count | Override Lucene’s maximum number of clauses permitted per BooleanQuery | int |
|
lenses.explore.queue.size | Optional setting to bound Lenses internal queue used by the catalog subsystem. It needs to be positive integer or it will be ignored. | int | N/A |
lenses.interval.kafka.connect.http.timeout.ms | How long to wait for Kafka Connect response to be retrieved | int |
|
lenses.interval.kafka.connect.healthcheck | How often to check the Kafka health | int |
|
lenses.interval.schema.registry.http.timeout.ms | How long to wait for Schema Registry response to be retrieved | int |
|
lenses.interval.zookeeper.healthcheck | How often to check the Zookeeper health | int |
|
lenses.ui.topics.row.limit | The number of Kafka records to load automatically when exploring a topic | int |
|
lenses.deployments.connect.failure.alert.check.interval | Time interval in seconds to check the connector failure grace period has completed. Used by the Connect auto-restart failed connectors functionality. It needs too be a value between (1,600]. | int |
|
lenses.provisioning.path | Folder on the filesystem containing the provisioning data. See [provisioning docs](link to provisioning docs) for further details | string | |
lenses.provisioning.interval | Time interval in seconds to check for changes on the provisioning resources | int | |
lenses.schema.registry.client.http.retryOnTooManyRequest | When enabled, Lenses will retry a request whenever the schema registry returns a | boolean | |
lenses.schema.registry.client.http.maxRetryAwait | Max amount of time to wait whenever a | duration | |
lenses.schema.registry.client.http.maxRetryCount | Max retry count whenever a | integer | 2 |
lenses.schema.registry.client.http.rate.type | Specifies if http requests to the configured schema registry should be rate limited. Can be "session" or "unlimited" | "unlimited" | "session" | |
lenses.schema.registry.client.http.rate.maxRequests | Whenever the rate limiter is "session" this configuration will determine the max amount of requests per window size that are allowed. | integer | N/A |
lenses.schema.registry.client.http.rate.window | Whenever the rate limiter is "session" this configuration will determine the duration of the window used. | duration | N/A |
lenses.schema.connect.client.http.retryOnTooManyRequest | Retry a request whenever a connect cluster returns a 429 | boolean | |
lenses.schema.connect.client.http.maxRetryAwait | Max amount of time to wait whenever a | duration | |
lenses.schema.connect.client.http.maxRetryCount | Max retry count whenever a | integer | 2 |
lenses.connect.client.http.rate.type | Specifies if http requests to the configured connect cluster should be rate limited. Can be "session" or "unlimited" | "unlimited" | "session" | |
lenses.connect.client.http.rate.maxRequests | Whenever the rate limiter is "session" this configuration will determine the max amount of requests per window size that are allowed. | integer | N/A |
lenses.connect.client.http.rate.window | Whenever the rate limiter is "session" this configuration will determine the duration of the window used. | duration | N/A |
Connectors topology
Set in lenses.conf
Control how Lenses identifies your connectors in the Topology view. Catalogue your connector types, set their icons, and control how Lenses extracts the topics used by your connectors.
Lenses comes preconfigured for some of the popular connectors as well as the Stream Reactor connectors. If you see that Lenses doesn’t automatically identify your connector type then use the lenses.connectors.info
setting to register it with Lenses.
Add a new HOCON object {}
for every new Connector in your lenses.connectors.info
list :
This configuration allows the connector to work with the topology graph, and also have the RBAC rules applied to it.
Source example
To extract the topic information from the connector configuration, source connectors require an extra configuration. The extractor class should be: io.lenses.config.kafka.connect.SimpleTopicsExtractor
. Using this extractor requires an extra property configuration. It specifies the field in the connector configuration which determines the topics data is sent to.
Here is an example for the file source:
Sink example
An example of a Splunk sink connector and a Debezium SQL server connector
External Applications
Set in lenses.conf
Key | Description | Default | Type | Required |
---|---|---|---|---|
apps.external.http.state.refresh.ms | When registering a runner for external app, a health-check interval can be specified. If it is not, this default interval is used (value in milliseconds) |
| int | no |
apps.external.http.state.cache.expiration.ms | Last known state of the runner is stored in a cache. The entries in the cache are being invalidated after a time that is defined by following configuration key (value in milliseconds). This value should not be lower than the |
| int | no |
Last updated