Integrator Configuration
The Integrator configuration covers service identity, worker pool sizing, all integration targets (InfluxDB, Splunk, Elastic, Kafka, Zabbix, Canopsis, ServiceNow, GLPI, Jira), notification channels, and data export.
Tip: you don’t have to write this file by hand — the Component Config Builder generates a ready-to-run
integrator.json from a few guided questions.
Service Configuration (integrator.json)
This file must be in the same directory as the executable.
Minimal Example
{
"name": "integrator1",
"port": "8052",
"logLevel": "info"
}
Full Example
{
"name": "integrator1",
"ip": "",
"port": "8052",
"location": "Datacenter-1",
"description": "Main data integration hub",
"logLevel": "info",
"nbworker": "4",
"queuesize": "10000",
"backupInterval": "24",
"nbDaysBackup": "336",
"maxBackups": "5",
"maxSize": "10",
"maxAge": "28",
"logCompress": "true",
"send2CSVEnabled": "false",
"send2JSONEnabled": "false",
"influxDBEnabled": "false",
"splunkEnabled": "false",
"elasticEnabled": "false",
"kafkaEnabled": "false",
"zabbixEnabled": "false",
"canopsisEnabled": "false",
"serviceNowEnabled": "false",
"glpiEnabled": "false",
"jiraEnabled": "false",
"smtpEnabled": "false"
}
Settings Reference
Identity & Network
| Field | Type | Description | Default |
|---|---|---|---|
name |
string | Unique integrator identifier | required |
ip |
string | Bind IP address (empty = all interfaces) | "" |
port |
string | TCP port for the REST API | "8052" |
location |
string | Geographic/logical location label | "" |
description |
string | Free-text description | "" |
Worker Pool
| Field | Type | Description | Default |
|---|---|---|---|
nbworker |
string | Number of worker goroutines processing the task queue | "4" |
queuesize |
string | Maximum tasks in the queue before dropping | "10000" |
notifBufferSize |
string | Max failed notifications held on disk for retry (oldest dropped when full) | "500" |
Sizing guidance: For high-volume environments (>1000 monitors), increase
nbworker to 8-16 and queuesize to 50000+. Each worker processes tasks sequentially, so more workers = more parallelism.
Data Management
| Field | Type | Description | Default |
|---|---|---|---|
backupInterval |
int | Hours between automated KV store backups | 24 |
nbDaysBackup |
int | Days to retain backup files | 336 |
Logging
| Field | Type | Description | Default |
|---|---|---|---|
logLevel |
string | debug, info, warn, error |
"info" |
maxBackups |
int | Rotated log files to keep | 5 |
maxSize |
int | Max log file size (MB) | 10 |
maxAge |
int | Max log file age (days) | 28 |
logCompress |
string | Compress rotated logs | "true" |
Correlation Engine
| Field | Type | Description | Default |
|---|---|---|---|
correlationEnabled |
string | Enable cross-agent root-cause correlation | "false" |
correlationWindowMinutes |
string | Minutes to look back for an upstream breach | "10" |
Opt-in. The correlation engine is disabled by default. When enabled, breaches on
url/api/db monitors are correlated against earlier db/disco breaches on the same probe and logged with an [RCA] hint. See Integrator — Cross-Agent Correlation Engine for the full model. Both fields can also be pushed live from the Webserver UI without restarting the service.
Integration Targets
| Field | Description |
|-------|-------------|
| `influxDBEnabled` | `"true"` to enable |
| `influxDBVersion` | `"1.x"`, `"2.x"`, or `"3.x"` |
| `influxDBServer` | InfluxDB server hostname |
| `influxDBPort` | InfluxDB server port (e.g., `"8086"`) |
| `influxDBIndex` | Database name (v1.x) |
| `influxDBOrg` | Organization (v2.x/v3.x) |
| `influxDBBucket` | Bucket name (v2.x/v3.x) |
| `influxDBToken` | Authentication token (v2.x/v3.x) |
| `influxDBUser` | Username (v1.x basic auth) |
| `influxDBPwd` | Password (v1.x basic auth) |
| `influxDBSSL` | `"true"` for HTTPS connection |
See [Integration with InfluxDB](/integration/integration-with-influxdb/) for setup instructions.
| Field | Description |
|-------|-------------|
| `splunkEnabled` | `"true"` to enable |
| `splunkCollectorServer` | Splunk HEC server hostname |
| `splunkCollectorPort` | HEC port (default: `"8088"`) |
| `splunkAuthorizationToken` | HEC authorization token |
| `splunkIndex` | Target Splunk index |
| `splunkSSL` | `"true"` for HTTPS |
See [Integration with Splunk](/integration/integration-with-splunk/) for setup instructions.
| Field | Description |
|-------|-------------|
| `elasticEnabled` | `"true"` to enable |
| `elasticServer` | Elasticsearch server hostname |
| `elasticPort` | Server port (default: `"9200"`) |
| `elasticUser` | Username for basic auth |
| `elasticPwd` | Password for basic auth |
| `elasticSSL` | `"true"` for HTTPS |
See [Integration with Elastic](/integration/integration-with-elastic/) for setup instructions.
| Field | Description |
|-------|-------------|
| `kafkaEnabled` | `"true"` to enable |
| `kafkaBrokers` | Comma-separated broker addresses (e.g., `"broker1:9092,broker2:9092"`) |
| `kafkaTopic` | Target topic name |
| `kafkaTLS` | `"true"` for TLS connections |
| `kafkaCAFile` | Path to CA certificate file |
| `kafkaCertFile` | Path to client certificate |
| `kafkaKeyFile` | Path to client private key |
| `kafkaSASLMechanism` | SASL mechanism: `"PLAIN"`, `"SCRAM-SHA256"`, `"SCRAM-SHA512"` |
| `kafkaSASLUser` | SASL username |
| `kafkaSASLPwd` | SASL password |
| Field | Description |
|-------|-------------|
| `zabbixEnabled` | `"true"` to enable |
| `zabbixServer` | Zabbix server hostname |
| `zabbixPort` | Zabbix API port |
| `zabbixAuthType` | `"userPwd"` or `"token"` |
| `zabbixUser` | Username (when `authType` is `"userPwd"`) |
| `zabbixPwd` | Password (when `authType` is `"userPwd"`) |
| `zabbixToken` | API token (when `authType` is `"token"`) |
| `zabbixVersion` | Zabbix version (e.g., `"6.x"`) |
| `zabbixSSL` | `"true"` for HTTPS |
See [Integration with Zabbix](/integration/integration-with-zabbix/) for setup instructions.
| Field | Description |
|-------|-------------|
| `canopsisEnabled` | `"true"` to enable |
| `canopsisServer` | Canopsis server hostname |
| `canopsisPort` | Server port |
| `canopsisUser` | Username |
| `canopsisPwd` | Password |
| `canopsisSSL` | `"true"` for HTTPS |
| Field | Description |
|-------|-------------|
| `serviceNowEnabled` | `"true"` to enable |
| `serviceNowServer` | ServiceNow instance host (e.g. `dev12345.service-now.com`) |
| `serviceNowPort` | Server port (usually `443`) |
| `serviceNowUser` | Integration user |
| `serviceNowPwd` | Password |
| `serviceNowSSL` | `"true"` for HTTPS |
| `serviceNowResolvedState` | Incident `state` set on auto-resolve (default `6` = Resolved) |
| `serviceNowCloseCode` | `close_code` set on auto-resolve (default `Resolved by caller`) |
| `serviceNowAutoResolve` | `"true"` (default) to auto-resolve on recovery. An incident a human has taken (assigned / past New) is never auto-closed — a recovery work note is posted instead |
| `serviceNowGraceSeconds` | Flap-dampening window in seconds before an incident is opened on breach. If the monitor recovers within the window the flap is suppressed and no incident is created. Default `0` = open immediately |
Opens an incident on breach and auto-resolves it on recovery, correlated by `correlation_id`.
| Field | Description |
|-------|-------------|
| `glpiEnabled` | `"true"` to enable |
| `glpiServer` | GLPI host (e.g. `glpi.example.com`) |
| `glpiPort` | Server port (usually `443`) |
| `glpiUser` | Integration user |
| `glpiPwd` | Password |
| `glpiAppToken` | API client App-Token (leave empty if the GLPI API client has none) |
| `glpiSSL` | `"true"` for HTTPS |
| `glpiSolvedStatus` | Ticket status set on auto-resolve (default `5` = Solved; `6` = Closed) |
| `glpiAutoResolve` | `"true"` (default) to auto-resolve on recovery. A ticket a human has taken (assigned / processing / pending) is never auto-closed — a recovery follow-up is posted instead |
| `glpiGraceSeconds` | Flap-dampening window in seconds before a ticket is opened on breach. If the monitor recovers within the window the flap is suppressed and no ticket is created. Default `0` = open immediately |
Opens a ticket on breach and auto-resolves it on recovery, correlated by an embedded key in the ticket title.
| Field | Description |
|-------|-------------|
| `jiraEnabled` | `"true"` to enable |
| `jiraServer` | Jira Cloud host (e.g. `your-domain.atlassian.net`) |
| `jiraPort` | Server port (usually `443`) |
| `jiraUser` | Account email (Basic auth user) |
| `jiraPwd` | API token (Basic auth password) |
| `jiraSSL` | `"true"` for HTTPS |
| `jiraProjectKey` | Target project key (e.g. `OPS`) where issues are created |
| `jiraIssueType` | Issue type for created issues (default `Bug`) |
| `jiraResolveTransition` | Workflow transition name used to auto-resolve (default `Done`) |
| `jiraAutoResolve` | `"true"` (default) to auto-resolve on recovery. An issue a human has taken (assigned / In Progress) is never auto-closed — a recovery comment is posted instead |
| `jiraGraceSeconds` | Flap-dampening window in seconds before an issue is opened on breach. Recovery within the window suppresses the flap (no issue). Default `0` = open immediately |
Opens an issue on breach and auto-resolves it (via a workflow transition) on recovery, correlated by a label matched with JQL.
Data Export
| Field | Type | Description | Default |
|---|---|---|---|
send2CSVEnabled |
string | Export data to CSV files in data/ |
"false" |
send2JSONEnabled |
string | Export data to JSON files in data/ |
"false" |
Notification Settings
| Field | Description |
|-------|-------------|
| `smtpEnabled` | `"true"` to enable email notifications |
| `smtpServerName` | SMTP server hostname |
| `smtpPort` | SMTP port (25, 465, 587) |
| `smtpUsername` | SMTP username |
| `smtpPwd` | SMTP password (stored encrypted) |
| `smtpTLS` | `"true"` for TLS |
| Field | Description |
|-------|-------------|
| `slackChannel` | Default notification channel |
| `slackToken` | Bot token (stored encrypted) |
| Field | Description |
|-------|-------------|
| `teamsWebhook` | Incoming webhook URL (stored encrypted) |
| Field | Description |
|-------|-------------|
| `pagerDutyAPIKey` | API key for incident creation (stored encrypted) |
| Field | Description |
|-------|-------------|
| `emailOnF` | Send email on failure |
| `emailOnSC` | Send email on status change |
| `slackOnF` | Send Slack on failure |
| `slackOnSC` | Send Slack on status change |
| `teamsOnF` | Send Teams on failure |
| `teamsOnSC` | Send Teams on status change |
| `pdOnF` | Send PagerDuty on failure |
| `pdOnSC` | Send PagerDuty on status change |
| `scriptOnF` | Run script on failure |
| `scriptOnSC` | Run script on status change |
Security Notes
All sensitive fields (passwords, tokens, API keys, webhooks) are:
- Encrypted at rest using AES-256-GCM before storage in the embedded key-value store
- Never logged in plaintext – masked in debug output
- Protected by mutex for thread-safe access during configuration updates
The encryption key is generated during installation and stored in the config/sec/ directory.