Server Settings 


The interval in seconds before reloading built-in dictionaries.

ClickHouse reloads built-in dictionaries every x seconds. This makes it possible to edit dictionaries “on the fly” without restarting the server.

Default value: 3600.




Data compression settings for MergeTree-engine tables.

Configuration template:


<case> fields:

  • min_part_size – The minimum size of a data part.
  • min_part_size_ratio – The ratio of the data part size to the table size.
  • method – Compression method. Acceptable values: lz4 or zstd.

You can configure multiple <case> sections.

Actions when conditions are met:

  • If a data part matches a condition set, ClickHouse uses the specified compression method.
  • If a data part matches multiple condition sets, ClickHouse uses the first matched condition set.

If no conditions met for a data part, ClickHouse uses the lz4 compression.


<compression incl="clickhouse_compression">


The default database.

To get a list of databases, use the SHOW DATABASES query.




Default settings profile.

Settings profiles are located in the file specified in the parameter user_config.




The path to the config file for external dictionaries.


  • Specify the absolute path or the path relative to the server config file.
  • The path can contain wildcards * and ?.

See also “External dictionaries”.




Lazy loading of dictionaries.

If true, then each dictionary is created on first use. If dictionary creation failed, the function that was using the dictionary throws an exception.

If false, all dictionaries are created when the server starts, and if there is an error, the server shuts down.

The default is true.




The path to the directory with the schemes for the input data, such as schemas for the CapnProto format.


  <!-- Directory containing schema files for various input formats. -->


Sending data to Graphite.


  • host – The Graphite server.
  • port – The port on the Graphite server.
  • interval – The interval for sending, in seconds.
  • timeout – The timeout for sending data, in seconds.
  • root_path – Prefix for keys.
  • metrics – Sending data from the system.metrics table.
  • events – Sending deltas data accumulated for the time period from the table.
  • events_cumulative – Sending cumulative data from the table.
  • asynchronous_metrics – Sending data from the system.asynchronous_metrics table.

You can configure multiple <graphite> clauses. For instance, you can use this for sending different data at different intervals.




Settings for thinning data for Graphite.

For more details, see GraphiteMergeTree.




The port for connecting to the server over HTTP(s).

If https_port is specified, openSSL must be configured.

If http_port is specified, the OpenSSL configuration is ignored even if it is set.




The page that is shown by default when you access the ClickHouse HTTP(s) server.
The default value is “Ok.” (with a line feed at the end)


Opens when accessing http://localhost: http_port.

  <![CDATA[<html ng-app="SMI2"><head><base href=""></head><body><div ui-view="" class="content-ui"></div><script src=""></script></body></html>]]>


The path to the file with substitutions.

For more information, see the section “Configuration files”.




Port for exchanging data between ClickHouse servers.




The hostname that can be used by other servers to access this server.

If omitted, it is defined in the same way as the hostname-f command.

Useful for breaking away from a specific network interface.




The username and password used to authenticate during replication with the Replicated* engines. These credentials are used only for communication between replicas and are unrelated to credentials for ClickHouse clients. The server is checking these credentials for connecting replicas and use the same credentials when connecting to other replicas. So, these credentials should be set the same for all replicas in a cluster.
By default, the authentication is not used.

This section contains the following parameters:

  • user — username.
  • password — password.




The number of seconds that ClickHouse waits for incoming requests before closing the connection. Defaults to 3 seconds.




Restriction on hosts that requests can come from. If you want the server to answer all of them, specify ::.




Logging settings.


  • level – Logging level. Acceptable values: trace, debug, information, warning, error.
  • log – The log file. Contains all the entries according to level.
  • errorlog – Error log file.
  • size – Size of the file. Applies to loganderrorlog. Once the file reaches size, ClickHouse archives and renames it, and creates a new log file in its place.
  • count – The number of archived log files that ClickHouse stores.



Writing to the syslog is also supported. Config example:



  • use_syslog — Required setting if you want to write to the syslog.
  • address — The host[:port] of syslogd. If omitted, the local daemon is used.
  • hostname — Optional. The name of the host that logs are sent from.
  • facility — The syslog facility keyword in uppercase letters with the “LOG_” prefix: (LOG_USER, LOG_DAEMON, LOG_LOCAL3, and so on).
    Default value: LOG_USER if address is specified, LOG_DAEMON otherwise.
  • format – Message format. Possible values: bsd and syslog.


Settings for opt-in sending crash reports to the ClickHouse core developers team via Sentry.
Enabling it, especially in pre-production environments, is greatly appreciated.

The server will need an access to public Internet via IPv4 (at the time of writing IPv6 is not supported by Sentry) for this feature to be functioning properly.


  • enabled – Boolean flag to enable the feature. Set to true to allow sending crash reports.
  • endpoint – Overrides the Sentry endpoint.
  • anonymize - Avoid attaching the server hostname to crash report.
  • http_proxy - Configure HTTP proxy for sending crash reports.
  • debug - Sets the Sentry client into debug mode.
  • tmp_path - Filesystem path for temporary crash report state.

Recommended way to use



Parameter substitutions for replicated tables.

Can be omitted if replicated tables are not used.

For more information, see the section “Creating replicated tables”.


<macros incl="macros" optional="true" />


Approximate size (in bytes) of the cache of marks used by table engines of the MergeTree family.

The cache is shared for the server and memory is allocated as needed. The cache size must be at least 5368709120.




Limits total RAM usage by the ClickHouse server. You can specify it only for the default profile.

Possible values:

  • Positive integer.
  • 0 — Unlimited.

Default value: 0.

Additional Info

On hosts with low RAM and swap, you possibly need setting max_server_memory_usage_to_ram_ratio > 1.

See also


The maximum number of simultaneously processed requests.




The maximum number of inbound connections.




The maximum number of open files.

By default: maximum.

We recommend using this option in Mac OS X since the getrlimit() function returns an incorrect value.




Restriction on deleting tables.

If the size of a MergeTree table exceeds max_table_size_to_drop (in bytes), you can’t delete it using a DROP query.

If you still need to delete the table without restarting the ClickHouse server, create the <clickhouse-path>/flags/force_drop_table file and run the DROP query.

Default value: 50 GB.

The value 0 means that you can delete all tables without any restrictions.




The maximum number of threads in the Global Thread pool.

Default value: 10000.




Fine tuning for tables in the MergeTree.

For more information, see the MergeTreeSettings.h header file.




SSL client/server configuration.

Support for SSL is provided by the libpoco library. The interface is described in the file SSLManager.h

Keys for server/client settings:

  • privateKeyFile – The path to the file with the secret key of the PEM certificate. The file may contain a key and certificate at the same time.
  • certificateFile – The path to the client/server certificate file in PEM format. You can omit it if privateKeyFile contains the certificate.
  • caConfig – The path to the file or directory that contains trusted root certificates.
  • verificationMode – The method for checking the node’s certificates. Details are in the description of the Context class. Possible values: none, relaxed, strict, once.
  • verificationDepth – The maximum length of the verification chain. Verification will fail if the certificate chain length exceeds the set value.
  • loadDefaultCAFile – Indicates that built-in CA certificates for OpenSSL will be used. Acceptable values: true, false. |
  • cipherList – Supported OpenSSL encryptions. For example: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH.
  • cacheSessions – Enables or disables caching sessions. Must be used in combination with sessionIdContext. Acceptable values: true, false.
  • sessionIdContext – A unique set of random characters that the server appends to each generated identifier. The length of the string must not exceed SSL_MAX_SSL_SESSION_ID_LENGTH. This parameter is always recommended since it helps avoid problems both if the server caches the session and if the client requested caching. Default value: ${}.
  • sessionCacheSize – The maximum number of sessions that the server caches. Default value: 1024*20. 0 – Unlimited sessions.
  • sessionTimeout – Time for caching the session on the server.
  • extendedVerification – Automatically extended verification of certificates after the session ends. Acceptable values: true, false.
  • requireTLSv1 – Require a TLSv1 connection. Acceptable values: true, false.
  • requireTLSv1_1 – Require a TLSv1.1 connection. Acceptable values: true, false.
  • requireTLSv1 – Require a TLSv1.2 connection. Acceptable values: true, false.
  • fips – Activates OpenSSL FIPS mode. Supported if the library’s OpenSSL version supports FIPS.
  • privateKeyPassphraseHandler – Class (PrivateKeyPassphraseHandler subclass) that requests the passphrase for accessing the private key. For example: <privateKeyPassphraseHandler>, <name>KeyFileHandler</name>, <options><password>test</password></options>, </privateKeyPassphraseHandler>.
  • invalidCertificateHandler – Class (a subclass of CertificateHandler) for verifying invalid certificates. For example: <invalidCertificateHandler> <name>ConsoleCertificateHandler</name> </invalidCertificateHandler> .
  • disableProtocols – Protocols that are not allowed to use.
  • preferServerCiphers – Preferred server ciphers on the client.

Example of settings:

        <!-- openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt -->
        <!-- openssl dhparam -out /etc/clickhouse-server/dhparam.pem 4096 -->
        <!-- Use for self-signed: <verificationMode>none</verificationMode> -->
            <!-- Use for self-signed: <name>AcceptCertificateHandler</name> -->


Logging events that are associated with MergeTree. For instance, adding or merging data. You can use the log to simulate merge algorithms and compare their characteristics. You can visualize the merge process.

Queries are logged in the system.part_log table, not in a separate file. You can configure the name of this table in the table parameter (see below).

Use the following parameters to configure logging:

  • database – Name of the database.
  • table – Name of the system table.
  • partition_by – Sets a custom partitioning key.
  • flush_interval_milliseconds – Interval for flushing data from the buffer in memory to the table.




The path to the directory containing data.




Exposing metrics data for scraping from Prometheus.


  • endpoint – HTTP endpoint for scraping metrics by prometheus server. Start from ‘/’.
  • port – Port for endpoint.
  • metrics – Flag that sets to expose metrics from the system.metrics table.
  • events – Flag that sets to expose metrics from the table.
  • asynchronous_metrics – Flag that sets to expose current metrics values from the system.asynchronous_metrics table.




Setting for logging queries received with the log_queries=1 setting.

Queries are logged in the system.query_log table, not in a separate file. You can change the name of the table in the table parameter (see below).

Use the following parameters to configure logging:

  • database – Name of the database.
  • table – Name of the system table the queries will be logged in.
  • partition_by – Sets a custom partitioning key for a table.
  • flush_interval_milliseconds – Interval for flushing data from the buffer in memory to the table.

If the table doesn’t exist, ClickHouse will create it. If the structure of the query log changed when the ClickHouse server was updated, the table with the old structure is renamed, and a new table is created automatically.




Setting for logging threads of queries received with the log_query_threads=1 setting.

Queries are logged in the system.query_thread_log table, not in a separate file. You can change the name of the table in the table parameter (see below).

Use the following parameters to configure logging:

  • database – Name of the database.
  • table – Name of the system table the queries will be logged in.
  • partition_by – Sets a custom partitioning key for a system table.
  • flush_interval_milliseconds – Interval for flushing data from the buffer in memory to the table.

If the table doesn’t exist, ClickHouse will create it. If the structure of the query thread log changed when the ClickHouse server was updated, the table with the old structure is renamed, and a new table is created automatically.




Settings for the trace_log system table operation.


  • database — Database for storing a table.
  • table — Table name.
  • partition_byCustom partitioning key for a system table.
  • flush_interval_milliseconds — Interval for flushing data from the buffer in memory to the table.

The default server configuration file config.xml contains the following settings section:



Regexp-based rules, which will be applied to queries as well as all log messages before storing them in server logs,
system.query_log, system.text_log, system.processes table, and in logs sent to the client. That allows preventing
sensitive data leakage from SQL queries (like names, emails, personal
identifiers or credit card numbers) to logs.


        <name>hide SSN</name>

Config fields:
- name - name for the rule (optional)
- regexp - RE2 compatible regular expression (mandatory)
- replace - substitution string for sensitive data (optional, by default - six asterisks)

The masking rules are applied to the whole query (to prevent leaks of sensitive data from malformed / non-parsable queries). table have counter QueryMaskingRulesMatch which have an overall number of query masking rules matches.

For distributed queries each server have to be configured separately, otherwise, subqueries passed to other
nodes will be stored without masking.


Configuration of clusters used by the Distributed table engine and by the cluster table function.


<remote_servers incl="clickhouse_remote_servers" />

For the value of the incl attribute, see the section “Configuration files”.

See Also


The server’s time zone.

Specified as an IANA identifier for the UTC timezone or geographic location (for example, Africa/Abidjan).

The time zone is necessary for conversions between String and DateTime formats when DateTime fields are output to text format (printed on the screen or in a file), and when getting DateTime from a string. Besides, the time zone is used in functions that work with the time and date if they didn’t receive the time zone in the input parameters.




Port for communicating with clients over the TCP protocol.




TCP port for secure communication with clients. Use it with OpenSSL settings.

Possible values

Positive integer.

Default value



Port for communicating with clients over MySQL protocol.

Possible values

Positive integer.




Path to temporary data for processing large queries.




Policy from storage_configuration to store temporary files.

If not set, tmp_path is used, otherwise it is ignored.

  • keep_free_space_bytes is ignored.
  • max_data_part_size_bytes is ignored.
  • Уou must have exactly one volume in that policy.


Cache size (in bytes) for uncompressed data used by table engines from the MergeTree.

There is one shared cache for the server. Memory is allocated on demand. The cache is used if the option use_uncompressed_cache is enabled.

The uncompressed cache is advantageous for very short queries in individual cases.




The directory with user files. Used in the table function file().




Path to the file that contains:

  • User configurations.
  • Access rights.
  • Settings profiles.
  • Quota settings.




Contains settings that allow ClickHouse to interact with a ZooKeeper cluster.

ClickHouse uses ZooKeeper for storing metadata of replicas when using replicated tables. If replicated tables are not used, this section of parameters can be omitted.

This section contains the following parameters:

  • node — ZooKeeper endpoint. You can set multiple endpoints.

    For example:

    <node index="1">
  The `index` attribute specifies the node order when trying to connect to the ZooKeeper cluster.
  • session_timeout — Maximum timeout for the client session in milliseconds.
  • root — The znode that is used as the root for znodes used by the ClickHouse server. Optional.
  • identity — User and password, that can be required by ZooKeeper to give access to requested znodes. Optional.

Example configuration

    <!-- Optional. Chroot suffix. Should exist. -->
    <!-- Optional. Zookeeper digest ACL string. -->

See Also


Storage method for data part headers in ZooKeeper.

This setting only applies to the MergeTree family. It can be specified:

  • Globally in the merge_tree section of the config.xml file.

    ClickHouse uses the setting for all the tables on the server. You can change the setting at any time. Existing tables change their behaviour when the setting changes.

  • For each table.

    When creating a table, specify the corresponding engine setting. The behaviour of an existing table with this setting does not change, even if the global setting changes.

Possible values

  • 0 — Functionality is turned off.
  • 1 — Functionality is turned on.

If use_minimalistic_part_header_in_zookeeper = 1, then replicated tables store the headers of the data parts compactly using a single znode. If the table contains many columns, this storage method significantly reduces the volume of the data stored in Zookeeper.

Default value: 0.


Disables the internal DNS cache. Recommended for operating ClickHouse in systems
with frequently changing infrastructure such as Kubernetes.

Default value: 0.


The period of updating IP addresses stored in the ClickHouse internal DNS cache (in seconds).
The update is performed asynchronously, in a separate system thread.

Default value: 15.

See also


Path to a folder where a ClickHouse server stores user and role configurations created by SQL commands.

Default value: /var/lib/clickhouse/access/.

See also

Rating: 3.5 - 4 votes

Was this content helpful?