Integrator Configuration

The Integrator configuration covers service identity, worker pool sizing, all integration targets (InfluxDB, Splunk, Elastic, Kafka, Zabbix, Canopsis, ServiceNow, GLPI, Jira), notification channels, and data export.

Tip: you don’t have to write this file by hand — the Component Config Builder generates a ready-to-run integrator.json from a few guided questions.

Service Configuration (integrator.json)

This file must be in the same directory as the executable.

Minimal Example

{
  "name": "integrator1",
  "port": "8052",
  "logLevel": "info"
}

Full Example

{
  "name": "integrator1",
  "ip": "",
  "port": "8052",
  "location": "Datacenter-1",
  "description": "Main data integration hub",
  "logLevel": "info",
  "nbworker": "4",
  "queuesize": "10000",
  "backupInterval": "24",
  "nbDaysBackup": "336",
  "maxBackups": "5",
  "maxSize": "10",
  "maxAge": "28",
  "logCompress": "true",
  "send2CSVEnabled": "false",
  "send2JSONEnabled": "false",
  "influxDBEnabled": "false",
  "splunkEnabled": "false",
  "elasticEnabled": "false",
  "kafkaEnabled": "false",
  "zabbixEnabled": "false",
  "canopsisEnabled": "false",
  "serviceNowEnabled": "false",
  "glpiEnabled": "false",
  "jiraEnabled": "false",
  "smtpEnabled": "false"
}

Settings Reference

Identity & Network

Field Type Description Default
name string Unique integrator identifier required
ip string Bind IP address (empty = all interfaces) ""
port string TCP port for the REST API "8052"
location string Geographic/logical location label ""
description string Free-text description ""

Worker Pool

Field Type Description Default
nbworker string Number of worker goroutines processing the task queue "4"
queuesize string Maximum tasks in the queue before dropping "10000"
notifBufferSize string Max failed notifications held on disk for retry (oldest dropped when full) "500"
Sizing guidance: For high-volume environments (>1000 monitors), increase nbworker to 8-16 and queuesize to 50000+. Each worker processes tasks sequentially, so more workers = more parallelism.

Data Management

Field Type Description Default
backupInterval int Hours between automated KV store backups 24
nbDaysBackup int Days to retain backup files 336

Logging

Field Type Description Default
logLevel string debug, info, warn, error "info"
maxBackups int Rotated log files to keep 5
maxSize int Max log file size (MB) 10
maxAge int Max log file age (days) 28
logCompress string Compress rotated logs "true"

Correlation Engine

Field Type Description Default
correlationEnabled string Enable cross-agent root-cause correlation "false"
correlationWindowMinutes string Minutes to look back for an upstream breach "10"
Opt-in. The correlation engine is disabled by default. When enabled, breaches on url/api/db monitors are correlated against earlier db/disco breaches on the same probe and logged with an [RCA] hint. See Integrator — Cross-Agent Correlation Engine for the full model. Both fields can also be pushed live from the Webserver UI without restarting the service.

Integration Targets

| Field | Description | |-------|-------------| | `influxDBEnabled` | `"true"` to enable | | `influxDBVersion` | `"1.x"`, `"2.x"`, or `"3.x"` | | `influxDBServer` | InfluxDB server hostname | | `influxDBPort` | InfluxDB server port (e.g., `"8086"`) | | `influxDBIndex` | Database name (v1.x) | | `influxDBOrg` | Organization (v2.x/v3.x) | | `influxDBBucket` | Bucket name (v2.x/v3.x) | | `influxDBToken` | Authentication token (v2.x/v3.x) | | `influxDBUser` | Username (v1.x basic auth) | | `influxDBPwd` | Password (v1.x basic auth) | | `influxDBSSL` | `"true"` for HTTPS connection | See [Integration with InfluxDB](/integration/integration-with-influxdb/) for setup instructions.
| Field | Description | |-------|-------------| | `splunkEnabled` | `"true"` to enable | | `splunkCollectorServer` | Splunk HEC server hostname | | `splunkCollectorPort` | HEC port (default: `"8088"`) | | `splunkAuthorizationToken` | HEC authorization token | | `splunkIndex` | Target Splunk index | | `splunkSSL` | `"true"` for HTTPS | See [Integration with Splunk](/integration/integration-with-splunk/) for setup instructions.
| Field | Description | |-------|-------------| | `elasticEnabled` | `"true"` to enable | | `elasticServer` | Elasticsearch server hostname | | `elasticPort` | Server port (default: `"9200"`) | | `elasticUser` | Username for basic auth | | `elasticPwd` | Password for basic auth | | `elasticSSL` | `"true"` for HTTPS | See [Integration with Elastic](/integration/integration-with-elastic/) for setup instructions.
| Field | Description | |-------|-------------| | `kafkaEnabled` | `"true"` to enable | | `kafkaBrokers` | Comma-separated broker addresses (e.g., `"broker1:9092,broker2:9092"`) | | `kafkaTopic` | Target topic name | | `kafkaTLS` | `"true"` for TLS connections | | `kafkaCAFile` | Path to CA certificate file | | `kafkaCertFile` | Path to client certificate | | `kafkaKeyFile` | Path to client private key | | `kafkaSASLMechanism` | SASL mechanism: `"PLAIN"`, `"SCRAM-SHA256"`, `"SCRAM-SHA512"` | | `kafkaSASLUser` | SASL username | | `kafkaSASLPwd` | SASL password |
| Field | Description | |-------|-------------| | `zabbixEnabled` | `"true"` to enable | | `zabbixServer` | Zabbix server hostname | | `zabbixPort` | Zabbix API port | | `zabbixAuthType` | `"userPwd"` or `"token"` | | `zabbixUser` | Username (when `authType` is `"userPwd"`) | | `zabbixPwd` | Password (when `authType` is `"userPwd"`) | | `zabbixToken` | API token (when `authType` is `"token"`) | | `zabbixVersion` | Zabbix version (e.g., `"6.x"`) | | `zabbixSSL` | `"true"` for HTTPS | See [Integration with Zabbix](/integration/integration-with-zabbix/) for setup instructions.
| Field | Description | |-------|-------------| | `canopsisEnabled` | `"true"` to enable | | `canopsisServer` | Canopsis server hostname | | `canopsisPort` | Server port | | `canopsisUser` | Username | | `canopsisPwd` | Password | | `canopsisSSL` | `"true"` for HTTPS |
| Field | Description | |-------|-------------| | `serviceNowEnabled` | `"true"` to enable | | `serviceNowServer` | ServiceNow instance host (e.g. `dev12345.service-now.com`) | | `serviceNowPort` | Server port (usually `443`) | | `serviceNowUser` | Integration user | | `serviceNowPwd` | Password | | `serviceNowSSL` | `"true"` for HTTPS | | `serviceNowResolvedState` | Incident `state` set on auto-resolve (default `6` = Resolved) | | `serviceNowCloseCode` | `close_code` set on auto-resolve (default `Resolved by caller`) | | `serviceNowAutoResolve` | `"true"` (default) to auto-resolve on recovery. An incident a human has taken (assigned / past New) is never auto-closed — a recovery work note is posted instead | | `serviceNowGraceSeconds` | Flap-dampening window in seconds before an incident is opened on breach. If the monitor recovers within the window the flap is suppressed and no incident is created. Default `0` = open immediately | Opens an incident on breach and auto-resolves it on recovery, correlated by `correlation_id`.
| Field | Description | |-------|-------------| | `glpiEnabled` | `"true"` to enable | | `glpiServer` | GLPI host (e.g. `glpi.example.com`) | | `glpiPort` | Server port (usually `443`) | | `glpiUser` | Integration user | | `glpiPwd` | Password | | `glpiAppToken` | API client App-Token (leave empty if the GLPI API client has none) | | `glpiSSL` | `"true"` for HTTPS | | `glpiSolvedStatus` | Ticket status set on auto-resolve (default `5` = Solved; `6` = Closed) | | `glpiAutoResolve` | `"true"` (default) to auto-resolve on recovery. A ticket a human has taken (assigned / processing / pending) is never auto-closed — a recovery follow-up is posted instead | | `glpiGraceSeconds` | Flap-dampening window in seconds before a ticket is opened on breach. If the monitor recovers within the window the flap is suppressed and no ticket is created. Default `0` = open immediately | Opens a ticket on breach and auto-resolves it on recovery, correlated by an embedded key in the ticket title.
| Field | Description | |-------|-------------| | `jiraEnabled` | `"true"` to enable | | `jiraServer` | Jira Cloud host (e.g. `your-domain.atlassian.net`) | | `jiraPort` | Server port (usually `443`) | | `jiraUser` | Account email (Basic auth user) | | `jiraPwd` | API token (Basic auth password) | | `jiraSSL` | `"true"` for HTTPS | | `jiraProjectKey` | Target project key (e.g. `OPS`) where issues are created | | `jiraIssueType` | Issue type for created issues (default `Bug`) | | `jiraResolveTransition` | Workflow transition name used to auto-resolve (default `Done`) | | `jiraAutoResolve` | `"true"` (default) to auto-resolve on recovery. An issue a human has taken (assigned / In Progress) is never auto-closed — a recovery comment is posted instead | | `jiraGraceSeconds` | Flap-dampening window in seconds before an issue is opened on breach. Recovery within the window suppresses the flap (no issue). Default `0` = open immediately | Opens an issue on breach and auto-resolves it (via a workflow transition) on recovery, correlated by a label matched with JQL.

Data Export

Field Type Description Default
send2CSVEnabled string Export data to CSV files in data/ "false"
send2JSONEnabled string Export data to JSON files in data/ "false"

Notification Settings

| Field | Description | |-------|-------------| | `smtpEnabled` | `"true"` to enable email notifications | | `smtpServerName` | SMTP server hostname | | `smtpPort` | SMTP port (25, 465, 587) | | `smtpUsername` | SMTP username | | `smtpPwd` | SMTP password (stored encrypted) | | `smtpTLS` | `"true"` for TLS |
| Field | Description | |-------|-------------| | `slackChannel` | Default notification channel | | `slackToken` | Bot token (stored encrypted) |
| Field | Description | |-------|-------------| | `teamsWebhook` | Incoming webhook URL (stored encrypted) |
| Field | Description | |-------|-------------| | `pagerDutyAPIKey` | API key for incident creation (stored encrypted) |
| Field | Description | |-------|-------------| | `emailOnF` | Send email on failure | | `emailOnSC` | Send email on status change | | `slackOnF` | Send Slack on failure | | `slackOnSC` | Send Slack on status change | | `teamsOnF` | Send Teams on failure | | `teamsOnSC` | Send Teams on status change | | `pdOnF` | Send PagerDuty on failure | | `pdOnSC` | Send PagerDuty on status change | | `scriptOnF` | Run script on failure | | `scriptOnSC` | Run script on status change |

Security Notes

All sensitive fields (passwords, tokens, API keys, webhooks) are:

  1. Encrypted at rest using AES-256-GCM before storage in the embedded key-value store
  2. Never logged in plaintext – masked in debug output
  3. Protected by mutex for thread-safe access during configuration updates

The encryption key is generated during installation and stored in the config/sec/ directory.

Translations