Configuration settings
The Neo4j configuration settings are set in neo4j.conf. Refer to The neo4j.conf file for details on how to use configuration settings.
Dynamic configuration settings
Dynamic settings can be changed at runtime, without restarting the service.
Dynamic settings are labeled Dynamic.
Changes to the configuration at runtime are not persisted. To avoid losing changes when restarting Neo4j, make sure you update neo4j.conf as well. In a clustered environment, Each member of the cluster has its own neo4j.conf file. It is recommended that the settings for a database are the same across all members of the cluster. |
For more information on how to update dynamic configuration settings, see Update dynamic settings.
Checkpoint settings
Checkpointing is the process of flushing all pending page updates from the page cache to the store files. This is done periodically and is used to recover the database in case of a crash. The checkpoint settings control the frequency of checkpoints, and the amount of data that is written to disk in each checkpoint. See also, Transaction log settings.
db.checkpoint
Description |
Configures the general policy for when checkpoints should occur. Possible values are:
|
Valid values |
One of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC]. |
Default value |
|
db.checkpoint.interval.time
Description |
Configures the time interval between checkpoints. The database does not checkpoint more often than the specified interval (unless checkpointing is triggered by a different event) but might checkpoint less often if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs from which recovery starts. Longer checkpoint intervals typically mean that recovery takes longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.checkpoint.interval.tx
Description |
Configures the transaction interval between checkpoints.
The database does not checkpoint more often than the specified interval (unless checkpointing is triggered by a different event) but might checkpoint less often if performing a checkpoint takes longer time than the configured interval.
A checkpoint is a point in the transaction logs from which recovery starts.
Longer checkpoint intervals typically mean that recovery takes longer to complete in case of a crash.
On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files.
The default is |
Valid values |
An integer that is minimum |
Default value |
|
db.checkpoint.interval.volume
Description |
Configures the volume of transaction logs between checkpoints. The database does not checkpoint more often than the specified interval (unless checkpointing is triggered by a different event) but might checkpoint less often if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery takes longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
db.checkpoint.iops.limit
Enterprise Edition Dynamic
Description |
Limit the number of IOs the background checkpoint process consumes per second.
This setting is advisory.
It is ignored in Neo4j Community Edition and is followed to best effort in Enterprise Edition.
An IO is, in this case, an 8 KiB (mostly sequential) write.
Limiting the write IO in this way leaves more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory.
The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash.
A lower number means lower IO pressure and, consequently, longer checkpoint times.
Set this to |
Valid values |
An integer. |
Default value |
|
Cluster settings
The cluster settings are used to configure the behavior of a Neo4j cluster. For more information, see also Clustering settings.
db.cluster.catchup.pull_interval
Description |
The interval at which a secondary server fetches updates for a specific database from the primary server for that database. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.cluster.raft.apply.buffer.max_bytes
Description |
The maximum number of bytes in the apply buffer. This parameter limits the amount of memory that can be consumed by the apply buffer. If the bytes limit is reached, buffer size will be limited even if max_entries is not exceeded. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
db.cluster.raft.apply.buffer.max_entries
Description |
The maximum number of entries in the raft log entry prefetch buffer. |
Valid values |
An integer. |
Default value |
|
db.cluster.raft.in_queue.batch.max_bytes
Description |
Largest batch processed by RAFT in bytes. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
db.cluster.raft.so_keepalive_enabled
Description |
Set the keepalive socket option (SO_KEEPALIVE) for all Raft TCP channels. |
Valid values |
A boolean. |
Default value |
|
db.cluster.raft.in_queue.max_bytes
Description |
Maximum number of bytes in the RAFT in-queue. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
db.cluster.raft.leader_transfer.priority_group
Description |
The name of a server_group whose members should be prioritized as leaders. This does not guarantee that the leader will always be a member of this group, but the cluster will attempt to transfer the leadership to such a member when possible. If a database is specified using |
Valid values |
A string identifying a server tag. |
Default value |
db.cluster.raft.leader_transfer.priority_tag
Description |
The name of a server tag whose members should be prioritized as leaders. This does not guarantee that the leader will always be a member of this tag, but the cluster will attempt to transfer the leadership to such a member when possible. If a database is specified using |
Valid values |
A string identifying a server tag. |
Default value |
db.cluster.raft.log.prune_strategy
Description |
RAFT log pruning strategy that determines which logs are to be pruned. Neo4j only prunes log entries up to the last applied index, which guarantees that logs are only marked for pruning once the transactions within are safely copied over to the local transaction logs and safely committed by a majority of cluster members. Possible values are a byte size or a number of transactions (e.g., 200K txs). |
Valid values |
A string. |
Default value |
|
db.cluster.raft.log_shipping.buffer.max_bytes
Description |
The maximum number of bytes in the in-flight cache. This parameter limits the amount of memory that can be consumed by the cache. If the bytes limit is reached, cache size will be limited even if max_entries is not exceeded. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
db.cluster.raft.log_shipping.buffer.max_entries
Description |
The maximum number of entries in the in-flight cache. Increasing size requires more memory but might improve performance in high-load situations. |
Valid values |
An integer. |
Default value |
|
dbms.cluster.catchup.client_inactivity_timeout
Description |
The catch-up protocol times out if the given duration elapses with no network activity. Every message received by the client from the server extends the timeout duration. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.network.client_inactivity_timeout
Description |
A network request times out if the given duration elapses with no network activity. Every message received by the client from the server extends the timeout duration. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.discovery.endpoints
Description |
A comma-separated list of endpoints that a server should contact in order to discover other cluster members. Typically, all cluster members, including the current server, must be specified in this list. The setting configures the endpoints for Discovery service V1. |
Valid values |
A comma-separated list where each element is a socket address in the format of |
Default value |
dbms.cluster.discovery.v2.endpoints
Description |
A comma-separated list of endpoints that a server should contact in order to discover other cluster members. Typically, all cluster members, including the current server, must be specified in this list. The setting configures the endpoints for Discovery service V2. |
Valid values |
A comma-separated list where each element is a socket address in the format of |
Default value |
dbms.cluster.discovery.version
Description |
This setting allows you to select which discovery service should be started. Possible values are:
|
Valid values |
One of [V1_ONLY, V1_OVER_V2, V2_OVER_V1, V2_ONLY]. |
Default value |
|
dbms.cluster.discovery.log_level
Description |
The level of middleware logging. |
Valid values |
One of [DEBUG, INFO, WARN, ERROR, NONE]. |
Default value |
|
dbms.cluster.discovery.resolver_type
Description |
Configure the resolver type that the discovery service uses for determining who should be part of the cluster.
Valid values are
|
Valid values |
A string. |
Default value |
|
dbms.cluster.discovery.type
Description |
This setting has been replaced by |
Valid values |
One of [DNS, LIST, SRV, K8S]. |
Default value |
|
dbms.cluster.minimum_initial_system_primaries_count
Description |
Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together, and bootstrapped a highly available system database. As a result, at least this many of the cluster’s initial machines must have |
Valid values |
An integer that is minimum |
Default value |
|
dbms.cluster.network.connect_timeout
Description |
The maximum amount of time to wait for a network connection to be established. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.network.handshake_timeout
Description |
Time out for protocol negotiation handshake. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.network.max_chunk_size
Description |
Maximum chunk size allowable across a network by clustering machinery. |
Valid values |
An integer that is in the range |
Default value |
|
dbms.cluster.network.supported_compression_algos
Description |
Network compression algorithms that this instance will allow in negotiation as a comma-separated list. |
Valid values |
A comma-separated list where each element is a string. |
Default value |
dbms.cluster.raft.binding_timeout
Description |
The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with at least the quorum of the members available. The members are provided by |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.raft.client.max_channels
Description |
The maximum number of TCP channels between two nodes to operate the raft protocol. Each database gets allocated one channel, but a single channel can be used by more than one database. |
Valid values |
An integer. |
Default value |
|
dbms.cluster.raft.election_failure_detection_window
Description |
The rate at which leader elections happen. Note that due to election conflicts, it might take several attempts to find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely. |
Valid values |
A duration-range <min-max> (Valid units are: |
Default value |
|
dbms.cluster.raft.leader_failure_detection_window
Description |
The time window within which the loss of the leader is detected and the first re-election attempt is held. The window should be significantly larger than typical communication delays to make conflicts unlikely. |
Valid values |
A duration-range <min-max> (Valid units are: |
Default value |
|
dbms.cluster.raft.leader_transfer.balancing_strategy
Description |
Which strategy to use when transferring database leaderships around a cluster. Note that if a
|
Valid values |
One of [NO_BALANCING, EQUAL_BALANCING]. |
Default value |
|
dbms.cluster.raft.log.pruning_frequency
Description |
RAFT log pruning frequency. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.raft.log.reader_pool_size
Description |
RAFT log reader pool size. |
Valid values |
An integer. |
Default value |
|
dbms.cluster.raft.log.rotation_size
Description |
RAFT log rotation size. The log will be rotated when it reaches this size. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
dbms.cluster.raft.membership.join_max_lag
Description |
Maximum amount of lag accepted for a new follower to join the Raft group. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.raft.membership.join_timeout
Description |
Timeout for a new member to catch up. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cluster.store_copy.max_retry_time_per_request
Description |
Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. |
Valid values |
A duration (Valid units are: |
Default value |
|
initial.dbms.automatically_enable_free_servers
Description |
Automatically enable free servers. |
Valid values |
A boolean. |
Default value |
|
initial.dbms.database_allocator
Description |
Name of the initial database allocator. After the creation of the DBMS, it can be set by running the |
Valid values |
A string. |
Default value |
|
initial.dbms.default_primaries_count
Description |
The initial default number of primary servers for the standard databases. If the user does not specify the number of primaries in |
Valid values |
An integer that is minimum |
Default value |
|
initial.dbms.default_secondaries_count
Description |
The initial default number of secondary servers for standard databases. If the user does not specify the number of secondaries in |
Valid values |
An integer that is minimum |
Default value |
|
initial.server.allowed_databases
Description |
Names of the databases allowed on this server; all others are denied. Empty means all are allowed. This configuration can be overridden when enabling the server or altered at runtime without changing this setting. Exclusive with |
Valid values |
A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name |
Default value |
initial.server.denied_databases
Description |
Names of the databases not allowed on this server. Empty means nothing is denied. This configuration can be overridden when enabling the server or altered at runtime without changing this setting. Exclusive with |
Valid values |
A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name |
Default value |
initial.server.mode_constraint
Description |
An server can restrict itself to allow databases to be hosted only as primaries or secondaries. This setting is the default input for the |
Valid values |
One of [PRIMARY, SECONDARY, NONE]. |
Default value |
|
initial.server.tags
Description |
A list of tag names for the server used by the database allocation and when configuring load balancing and replication policies. This setting is the default input for the |
Valid values |
A comma-separated list where each element is a string identifying a server tag, which contains no duplicate items. |
Default value |
server.cluster.advertised_address
Description |
Advertised hostname/IP address and port for the transaction shipping server. |
Valid values |
A socket address in the format of |
Default value |
|
server.cluster.catchup.connect_randomly_to_server_group
Description |
Comma-separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used when the list of strategies ( |
Valid values |
A comma-separated list where each element is a string identifying a server tag. |
Default value |
server.cluster.catchup.connect_randomly_to_server_tags
Description |
Comma-separated list of tags to be used by the connect-randomly-to-server-with-tag selection strategy. The connect-randomly-to-server-with-tag strategy is used when the list of strategies ( |
Valid values |
A comma-separated list where each element is a string identifying a server tag. |
Default value |
server.cluster.catchup.upstream_strategy
Description |
A descending-ordered list of strategies secondaries use to choose the upstream server from which to pull transactional updates. If none are valid or the list is empty, the default strategy is |
Valid values |
A comma-separated list where each element is a string. |
Default value |
server.cluster.catchup.user_defined_upstream_strategy
Description |
Configuration of a user-defined upstream selection strategy. The user-defined strategy is used when the list of strategies ( |
Valid values |
A string. |
Default value |
server.cluster.listen_address
Description |
Network interface and port for the transaction shipping server to listen on. Note that it is also possible to run the backup client against this port, so always limit access to it via the firewall and configure an SSL policy. |
Valid values |
A socket address in the format of |
Default value |
|
server.cluster.network.native_transport_enabled
Description |
Use native transport if available. Epoll for Linux or Kqueue for MacOS/BSD. If this setting is set to false, or if native transport is not available, Nio transport will be used. |
Valid values |
A boolean. |
Default value |
|
server.cluster.raft.advertised_address
Description |
Advertised hostname/IP address and port for the RAFT server. |
Valid values |
A socket address in the format of |
Default value |
|
server.cluster.raft.listen_address
Description |
Network interface and port for the RAFT server to listen on. |
Valid values |
A socket address in the format of |
Default value |
|
server.cluster.system_database_mode
Description |
Users must manually specify the mode for the system database on each server. |
Valid values |
One of [PRIMARY, SECONDARY]. |
Default value |
|
server.discovery.listen_address
Description |
Host and port to bind the cluster member discovery management communication. |
Valid values |
A socket address in the format of |
Default value |
|
Connection settings
Connection settings control the communication between servers and between a server and a client. Neo4j provides support for Bolt, HTTP, and HTTPS protocols via connectors. For more information about the connectors, see Configure connectors.
When configuring the HTTPS or Bolt, see also Security settings and SSL framework for details on how to work with SSL certificates.
server.bolt.advertised_address
Description |
Advertised address for this connector. |
Valid values |
A socket address in the format of |
Default value |
|
server.bolt.connection_keep_alive
Description |
The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond. |
Valid values |
A duration (Valid units are: |
Default value |
|
server.bolt.connection_keep_alive_for_requests
Description |
The type of messages to enable keep-alive messages for |
Valid values |
One of [ALL, STREAMING, OFF]. |
Default value |
|
server.bolt.connection_keep_alive_probes
Description |
The total number of probes to be missed before a connection is considered stale. The minimum value is 1. |
Valid values |
An integer that is minimum |
Default value |
|
server.bolt.connection_keep_alive_streaming_scheduling_interval
Description |
The interval between every scheduled keep-alive check on all connections with active queries. Zero duration turns off keep-alive service. |
Valid values |
A duration (Valid units are: |
Default value |
|
server.bolt.enabled
Description |
Enable the Bolt connector. |
Valid values |
A boolean. |
Default value |
|
server.bolt.listen_address
Description |
Address the connector should bind to. |
Valid values |
A socket address in the format of |
Default value |
|
server.bolt.additional_listen_addresses
Description |
Additional addresses the connector should bind to. |
Valid values |
A comma-separated set where each element is a socket address in the format of |
Default value |
server.bolt.ocsp_stapling_enabled
Description |
Enable server OCSP stapling for bolt and http connectors. |
Valid values |
A boolean. |
Default value |
|
server.bolt.telemetry.enabled
Description |
Enable the collection of driver telemetry. |
Valid values |
A boolean. |
Default value |
|
server.bolt.enable_network_error_accounting
Description |
Enables accounting-based reporting of benign errors within the Bolt stack. When enabled, benign errors are reported only when such events occur with unusual frequency. When disabled, all benign network errors are reported. |
Valid values |
A boolean. |
Default value |
|
server.bolt.network_abort_clear_window_duration
Description |
The duration for which network-related connection aborts need to remain at a reasonable level before the error is cleared. |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum |
Default value |
|
server.bolt.network_abort_warn_threshold
Description |
The maximum number of network-related connection aborts allowed within a specified time window before emitting log messages. A value of zero reverts to legacy warning behavior. |
Valid values |
A long that is minimum |
Default value |
|
server.bolt.network_abort_warn_window_duration
Description |
The duration of the window in which network-related connection aborts are sampled. |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum |
Default value |
|
server.bolt.thread_pool_keep_alive
Description |
The maximum time an idle thread in the thread pool bound to this connector waits for new tasks. |
Valid values |
A duration (Valid units are: |
Default value |
|
server.bolt.thread_pool_max_size
Description |
The maximum number of threads allowed in the thread pool bound to this connector. |
Valid values |
An integer. |
Default value |
|
server.bolt.thread_pool_min_size
Description |
The number of threads, including idle, to keep in the thread pool bound to this connector. |
Valid values |
An integer. |
Default value |
|
server.bolt.thread_starvation_clear_window_duration
Description |
The duration for which unscheduled requests need to remain at a reasonable level before the error is cleared. |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum |
Default value |
|
server.bolt.thread_starvation_warn_threshold
Description |
The maximum number of unscheduled requests allowed during thread starvation events within a specified time window before emitting log messages. |
Valid values |
A long that is minimum |
Default value |
|
server.bolt.thread_starvation_warn_window_duration
Description |
The duration of the window in which unscheduled requests are sampled. |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum |
Default value |
|
server.bolt.tls_level
Description |
The encryption level to be used to secure communications with this connector. |
Valid values |
One of [REQUIRED, OPTIONAL, DISABLED]. |
Default value |
|
server.bolt.traffic_accounting_check_period
Description |
Amount of time spent between samples of current traffic usage. Lower values result in more accurate reporting while incurring a higher performance penalty. A value of zero disables traffic accounting. |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is 0s or is minimum |
Default value |
|
server.bolt.traffic_accounting_clear_duration
Description |
Time to be spent below the configured traffic threshold to clear traffic warnings. |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum |
Default value |
|
server.bolt.traffic_accounting_incoming_threshold_mbps
Description |
Maximum permitted incoming traffic within a configured accounting check window before emitting a warning (in Mbps). |
Valid values |
A long that is minimum |
Default value |
|
server.bolt.traffic_accounting_outgoing_threshold_mbps
Description |
Maximum permitted outgoing traffic within a configured accounting check window before emitting a warning (in Mbps). |
Valid values |
A long that is minimum |
Default value |
|
server.http.advertised_address
Description |
Advertised address for this connector. |
Valid values |
A socket address in the format of |
Default value |
|
server.http.enabled
Description |
Enable the HTTP connector. |
Valid values |
A boolean. |
Default value |
|
server.http.listen_address
Description |
Address the connector should bind to. |
Valid values |
A socket address in the format of |
Default value |
|
server.http_enabled_modules
Description |
Defines the set of modules loaded into the Neo4j web server. The enterprise management endpoints are only available in the Еnterprise edition. |
Valid values |
A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS, QUERY_API_ENDPOINTS]. |
Default value |
|
server.http_enabled_transports
Description |
Defines the set of transports available on the HTTP server. |
Valid values |
A comma-separated set where each element is one of [HTTP1_1, HTTP2]. |
Default value |
|
server.https.advertised_address
Description |
Advertised address for this connector. |
Valid values |
A socket address in the format of |
Default value |
|
server.https.enabled
Description |
Enable the HTTPS connector. |
Valid values |
A boolean. |
Default value |
|
server.https.listen_address
Description |
Address the connector should bind to. |
Valid values |
A socket address in the format of |
Default value |
|
server.default_advertised_address
Description |
Default hostname or IP address the server uses to advertise itself. |
Valid values |
A socket address in the format of |
Default value |
|
server.default_listen_address
Description |
Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0". |
Valid values |
A socket address in the format of |
Default value |
|
server.discovery.advertised_address
Description |
Advertised cluster member discovery management communication. |
Valid values |
A socket address in the format of |
Default value |
|
server.routing.advertised_address
Description |
The advertised address for the intra-cluster routing connector. |
Valid values |
A socket address in the format of |
Default value |
|
server.routing.listen_address
Description |
Address routing connector should bind to. |
Valid values |
A socket address in the format of |
Default value |
|
dbms.routing.client_side.enforce_for_domains
Description |
Always use client-side routing (regardless of the default router) for |
Valid values |
A comma-separated set where each element is a string. |
Default value |
dbms.routing.default_router
Description |
Routing strategy for |
Valid values |
One of [SERVER, CLIENT]. |
Default value |
|
dbms.routing.driver.connection.connect_timeout
Description |
Socket connection timeout. A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the operating system level. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.routing.driver.connection.max_lifetime
Description |
Pooled connections older than this threshold will be closed and removed from the pool. Setting this option to a low value will cause a high connection churn and might result in a performance hit. It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network equipment (load balancer, proxy, firewall, etc. can also limit maximum connection lifetime). Zero and negative values result in lifetime not being checked. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.routing.driver.connection.pool.acquisition_timeout
Description |
Maximum amount of time spent attempting to acquire a connection from the connection pool. This timeout only kicks in when all existing connections are being used, and no new connections can be created because the maximum connection pool size has been reached. An error is raised when no connection can be acquired within the configured time. Negative values are allowed, which results in an unlimited acquisition timeout. A value of 0 is allowed, resulting in no timeout and immediate failure when the connection is unavailable. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.routing.driver.connection.pool.idle_test
Description |
Pooled connections that have been idle in the pool for longer than this timeout will be tested to ensure they are still alive before being used again. If the value of this option is too low, acquiring a connection will require an additional network call, which will cause a performance hit. If the value of this option is too high, live connections might no longer be used, leading to errors. Hence, this parameter balances the likelihood of experiencing connection problems and performance. Usually, this parameter should not need tuning. Value 0 means connections will always be tested for validity. No connection liveliness check is done by default. |
Valid values |
A duration (Valid units are: |
Default value |
dbms.routing.driver.connection.pool.max_size
Description |
Maximum total number of connections to be managed by a connection pool.
The limit is enforced for a combination of a host and user. Negative values are allowed and result in unlimited pool. Value of 0 is not allowed. Defaults to |
Valid values |
An integer. |
Default value |
|
dbms.routing.driver.logging.level
Description |
Sets the level for the driver’s internal logging. |
Valid values |
One of [DEBUG, INFO, WARN, ERROR, NONE]. |
Default value |
|
dbms.routing.enabled
Description |
Enable server-side routing in clusters using an additional bolt connector. When configured, this allows requests to be forwarded from one cluster member to another, if the requests cannot be satisfied by the first member (e.g. write requests received by a non-leader). |
Valid values |
A boolean. |
Default value |
|
dbms.routing.load_balancing.plugin
Description |
The load balancing plugin to use. |
Valid values |
A string that specified load balancer plugin exist.. |
Default value |
|
dbms.routing.load_balancing.shuffle_enabled
Description |
Vary the order of the entries in routing tables each time one is produced. This means that different clients should select a range of servers as their first contact, reducing the chance of all clients contacting the same server if alternatives are available. This makes the load across the servers more even. |
Valid values |
A boolean. |
Default value |
|
dbms.routing.reads_on_primaries_enabled
Description |
Configure if the |
Valid values |
A boolean. |
Default value |
|
dbms.routing.reads_on_writers_enabled
Description |
Configure if the |
Valid values |
A boolean. |
Default value |
|
Cypher settings
The Cypher settings affect the behavior of Cypher queries. They can be used to tune the performance of Cypher queries or to restrict the kinds of queries that can be executed. For more information, see Statistics and execution plans.
dbms.cypher.forbid_exhaustive_shortestpath
Description |
This setting is associated with performance optimization. Set this to |
Valid values |
A boolean. |
Default value |
|
dbms.cypher.forbid_shortestpath_common_nodes
Description |
This setting is associated with performance optimization. The shortest path algorithm does not work when the start and end nodes are the same. With this setting set to |
Valid values |
A boolean. |
Default value |
|
dbms.cypher.hints_error
Description |
Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. If true, then non-conformance will result in an error, otherwise only a warning is generated. |
Valid values |
A boolean. |
Default value |
|
dbms.cypher.infer_schema_parts
Description |
Allow label inference during cardinality estimation. If the planner can logically deduce that a node has a label not explicitly expressed in the query, the planner will use this information during cardinality estimation.
|
Valid values |
One of [MOST_SELECTIVE_LABEL, OFF]. |
Default value |
|
For some queries, the planner can infer predicates such as labels or types from the graph structure that can improve estimating the number of rows that each operator produces.
for more information, see Cypher Manual → Execution plans and query tuning → Understanding execution plans.
For details on how to configure this setting on a per-query basis,effectively overriding this setting on that particular query, see Cypher Manual → Query tuning → Cypher infer schema parts.
dbms.cypher.lenient_create_relationship
Description |
Set this to change the behavior for Cypher create relationship when the start or end node is missing. By default this fails the query and stops execution, but by setting this flag the create operation is simply not performed and execution continues. |
Valid values |
A boolean. |
Default value |
|
dbms.cypher.min_replan_interval
Description |
The minimum time between possible Cypher query replanning events. After this time, the graph statistics will be evaluated, and if they have changed by more than the value set by dbms.cypher.statistics_divergence_threshold, the query will be replanned. If the statistics have not changed sufficiently, the same interval will need to pass before the statistics will be evaluated again. Each time they are evaluated, the divergence threshold will be reduced slightly until it reaches 10% after 7h, so that even moderately changing databases will see query replanning after a sufficiently long time interval. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.cypher.planner
Description |
Set this to specify the default planner for the default language version. |
Valid values |
One of [DEFAULT, COST]. |
Default value |
|
dbms.cypher.render_plan_description
Description |
If set to |
Valid values |
A boolean. |
Default value |
|
dbms.cypher.statistics_divergence_threshold
Description |
The threshold for statistics above which a plan is considered stale. If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. Change is calculated as This means that a value of This interval is defined by |
Valid values |
A double that is in the range |
Default value |
|
server.cypher.parallel.worker_limit
Description |
Number of threads to allocate to Cypher worker threads for the parallel runtime.
If set to a positive number, that number of workers will be started.
If set to If set to a negative number, the total number of logical processors available on the server will be reduced by the absolute value of that number.
For example, if the server has 16 available processors and you set |
Valid values |
An integer. |
Default value |
|
Database settings
Database settings affect the behavior of a Neo4j database, for example, the file watcher service, the database format, the database store files, and the database timezone. They can be varied between each database but must be consistent across all configuration files in a cluster/DBMS.
db.filewatcher.enabled
Description |
Allows the enabling or disabling of the file watcher service. This is an auxiliary service but should be left enabled in almost all cases. |
Valid values |
A boolean. |
Default value |
|
db.format
Description |
Database format. This is the format that will be used for new databases. Valid values are |
Valid values |
A string. |
Default value |
|
db.relationship_grouping_threshold
Description |
Relationship count threshold for considering a node to be dense. |
Valid values |
An integer that is minimum |
Default value |
|
db.store.files.preallocate
Description |
Specify if Neo4j should try to preallocate store files as they grow. |
Valid values |
A boolean. |
Default value |
|
db.temporal.timezone
Description |
Database timezone for temporal functions. All Time and DateTime values that are created without an explicit timezone will use this configured default timezone. |
Valid values |
A string describing a timezone, either described by offset (e.g. |
Default value |
|
db.track_query_cpu_time
Description |
Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling |
Valid values |
A boolean. |
Default value |
|
DBMS settings
The DBMS settings affect the Neo4j DBMS as a whole. You can use them to set the default database, the DBMS timezone, a list of seed providers, and the maximum number of databases. The DBMS settings must be consistent across all configuration files in a cluster/DBMS.
initial.dbms.default_database
Description |
Name of the default database (aliases are not supported). The To set the default database, use the |
Valid values |
A valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name system. |
Default value |
|
dbms.db.timezone
Description |
Database timezone. Among other things, this setting influences the monitoring procedures. |
Valid values |
One of [UTC, SYSTEM]. |
Default value |
|
dbms.databases.seed_from_uri_providers
Description |
Databases can be created from an existing seed (a database backup or dump) stored at a specific source URI.
Different implementations of The following values are available:
This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from URI functionality is effectively disabled. See Seed from URI for more information. |
Valid values |
A comma-separated list where each element is a string. |
Default value |
|
Import settings
The import settings control the size of the internal buffer used by LOAD CSV
and the escaping of quotes in CSV files.
db.import.csv.buffer_size
Description |
The size of the internal buffer in bytes used by |
Valid values |
A long that is minimum |
Default value |
|
db.import.csv.legacy_quote_escaping
Description |
Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using |
Valid values |
A boolean. |
Default value |
|
Index settings
The index settings control the full-text index and the background index sampling (chunk size limit and sample size). For more information, see Index configuration.
db.index.fulltext.default_analyzer
Description |
The name of the analyzer that the full-text indexes should use by default. |
Valid values |
A string. |
Default value |
|
db.index.fulltext.eventually_consistent
Description |
Whether or not full-text indexes should be eventually consistent by default or not. |
Valid values |
A boolean. |
Default value |
|
db.index.fulltext.eventually_consistent_apply_parallelism
Description |
The number of threads processing queued index updates for eventually consistent full-text indexes. |
Valid values |
An integer that is minimum 1. |
Default value |
|
db.index.fulltext.eventually_consistent_refresh_interval
Description |
How often an eventually consistent full-text index is refreshed (changes are guaranteed to be visible). If set to |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s). |
Default value |
|
db.index.fulltext.eventually_consistent_refresh_parallelism
Description |
The number of threads that can do full-text index refresh in parallel, i.e. the number of eventually consistent full-text indexes that can be refreshed in parallel. |
Valid values |
An integer that is minimum 1. |
Default value |
|
db.index.fulltext.eventually_consistent_index_update_queue_max_length
Description |
The eventually consistent mode of the full-text indexes works by queueing up index updates to be applied later in a background thread. This newBuilder sets an upper bound on how many index updates are allowed to be in this queue at any one point in time. When it is reached, the commit process will slow down and wait for the index update applier thread to make some more room in the queue. |
Valid values |
An integer that is in the range |
Default value |
|
db.index_sampling.background_enabled
Description |
Enable or disable background index sampling. |
Valid values |
A boolean. |
Default value |
|
Logging settings
Neo4j has two different configuration files for logging, one for the neo4j.log, which contains general information about Neo4j, and one configuration file for all other types of logging via Log4j 2 (except gc.log which is handled by the Java Virtual Machine(JVM). For more information, see Logging.
db.logs.query.annotation_data_as_json_enabled
Description |
Log the annotation data as JSON strings instead of a Cypher map. This configuration has an effect only when the query log is in JSON format.
From 5.9, if |
Valid values |
A boolean. |
Default value |
|
Replaced by |
db.logs.query.annotation_data_format
Description |
The format to use for the JSON annotation data.
This only have effect when the query log is in JSON format. |
Valid values |
One of [CYPHER, JSON, FLAT_JSON]. |
Default value |
|
db.logs.query.early_raw_logging_enabled
Description |
Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts. |
Valid values |
A boolean. |
Default value |
|
db.logs.query.enabled
Description |
Log executed queries. Valid values are
Log entries are written to the query log. This feature is available in the Neo4j Enterprise Edition. |
Valid values |
One of [OFF, INFO, VERBOSE]. |
Default value |
|
db.logs.query.max_parameter_length
Description |
Sets a maximum character length use for each parameter in the log. This only takes effect if |
Valid values |
An integer. |
Default value |
|
db.logs.query.obfuscate_literals
Description |
Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have an immediate effect, you must also call |
Valid values |
A boolean. |
Default value |
|
db.logs.query.parameter_logging_enabled
Description |
Log parameters for the executed queries being logged. |
Valid values |
A boolean. |
Default value |
|
db.logs.query.plan_description_enabled
Description |
Log query plan description table, useful for debugging purposes. |
Valid values |
A boolean. |
Default value |
|
db.logs.query.threshold
Description |
If the execution of a query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.logs.query.transaction.enabled
Description |
Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. OFF: no logging. INFO: log the start and end of transactions that take longer than the configured threshold, db.logs.query.transaction.threshold. VERBOSE: log the start and end of all transactions. Log entries are written to the query log. |
Valid values |
One of [OFF, INFO, VERBOSE]. |
Default value |
|
db.logs.query.transaction.threshold
Description |
If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.logs.http.enabled
Description |
Enable HTTP request logging. |
Valid values |
A boolean. |
Default value |
|
server.logs.config
Description |
Path to the logging configuration for debug, query, http and security logs. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
server.logs.debug.enabled
Description |
Enable the debug log. |
Valid values |
A boolean. |
Default value |
|
server.logs.gc.enabled
Description |
Enable GC Logging. |
Valid values |
A boolean. |
Default value |
|
server.logs.gc.options
Description |
GC Logging Options. |
Valid values |
A string. |
Default value |
|
server.logs.gc.rotation.keep_number
Description |
Number of GC logs to keep. |
Valid values |
An integer. |
Default value |
|
Memory settings
Memory settings control how much memory is allocated to Neo4j and how it is used. It is recommended to perform a certain amount of testing and tuning of these settings to figure out the optimal division of the available memory. For more information on how to tune these settings, see Memory configuration, Disks, RAM and other tips, and Tuning of the garbage collector.
db.memory.pagecache.warmup.enable
Description |
Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. According to that profile pages can be reloaded on the restart, replication, etc. This setting allows disabling that behavior. This feature is available in Neo4j Enterprise Edition. |
Valid values |
A boolean. |
Default value |
|
db.memory.pagecache.warmup.preload
Description |
Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. Files to be prefetched can be filtered by 'dbms.memory.pagecache.warmup.preload.allowlist'. Enabling this disables warmup by profile. |
Valid values |
A boolean. |
Default value |
|
db.memory.pagecache.warmup.preload.allowlist
Description |
Page cache warmup prefetch file allowlist regex. By default matches all files. |
Valid values |
A string. |
Default value |
|
db.memory.pagecache.warmup.profile.interval
Description |
The profiling frequency for the page cache. Accurate profiles allow the page cache to do an active warmup after a restart, reducing the mean time to performance. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.memory.transaction.max
Description |
Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm', and gigabytes with 'g'). Zero means 'largest possible value'. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
db.memory.transaction.total.max
Description |
Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
db.tx_state.memory_allocation
Description |
Defines whether memory for transaction state should be allocated on- or off-heap. Note that for small transactions you can gain up to 25% write speed by setting it to |
Valid values |
One of [ON_HEAP, OFF_HEAP]. |
Default value |
|
server.db.query_cache_size
Description |
The number of cached Cypher query execution plans per database. The max number of query plans that can be kept in cache is the |
Valid values |
An integer that is minimum |
Default value |
|
Replaced by |
dbms.memory.tracking.enable
Description |
Enable off heap and on heap memory tracking. Should not be set to |
Valid values |
A boolean. |
Default value |
|
dbms.memory.transaction.total.max
Description |
Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. Defaults to 70% of the heap size limit. |
Valid values |
A byte size (valid multipliers are |
Default value |
server.memory.heap.initial_size
Description |
Initial heap size. By default it is calculated based on available system resources. |
Valid values |
A byte size (valid multipliers are |
Default value |
server.memory.heap.max_size
Description |
Maximum heap size. By default it is calculated based on available system resources. |
Valid values |
A byte size (valid multipliers are |
Default value |
server.memory.off_heap.block_cache_size
Description |
Defines the size of the off-heap memory blocks cache. The cache will contain this number of blocks for each block size that is power of two. Thus, maximum amount of memory used by blocks cache can be calculated as 2 * server.memory.off_heap.max_cacheable_block_size * |
Valid values |
An integer that is minimum |
Default value |
|
server.memory.off_heap.max_cacheable_block_size
Description |
Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. The value must be a power of 2. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
server.memory.off_heap.transaction_max_size
Description |
The maximum amount of off-heap memory that can be used to store transaction state data; it’s a total amount of memory shared across all active transactions. Zero means 'unlimited'. Used when db.tx_state.memory_allocation is set to 'OFF_HEAP'. |
Valid values |
A byte size (valid multipliers are |
Default value |
|
server.memory.pagecache.directio
Description |
Use direct I/O for page cache. This setting is supported only on Linux and only for a subset of record formats that use platform-aligned page size. |
Valid values |
A boolean. |
Default value |
|
server.memory.pagecache.flush.buffer.enabled
Description |
Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. |
Valid values |
A boolean. |
Default value |
|
server.memory.pagecache.flush.buffer.size_in_pages
Description |
Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush the buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled. |
Valid values |
An integer that is in the range |
Default value |
|
server.memory.pagecache.scan.prefetchers
Description |
The maximum number of worker threads to use for pre-fetching data when doing sequential scans. Set to '0' to disable pre-fetching for scans. |
Valid values |
An integer that is in the range |
Default value |
|
server.memory.pagecache.size
Description |
The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. By default the size of page cache will be 50% of available RAM minus the max heap size. The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap. |
Valid values |
A byte size (valid multipliers are |
Default value |
server.memory.query_cache.sharing_enabled
Description |
Enable sharing cache space between different databases. With this option turned on, databases will share cache space, but not cache entries. This means that a database may store and retrieve entries from the shared cache, but it may not retrieve entries produced by another database. The database may, however, evict entries from other databases as necessary, according to the constrained cache size and cache eviction policy. In essence, databases may compete for cache space, but may not observe each other’s entries. When this option is turned on, the cache space available to all databases is configured with |
Valid values |
A boolean. |
Default value |
|
server.memory.query_cache.shared_cache_num_entries
Description |
The number of cached queries for all databases.
The maximum number of queries that can be kept in a cache is exactly |
Valid values |
An integer that is minimum |
Default value |
|
server.memory.query_cache.per_db_cache_num_entries
Description |
The number of cached queries per database.
The maximum number of queries that can be kept in a cache is |
Valid values |
An integer that is minimum |
Default value |
|
Metrics settings
The metrics settings control whether Neo4j will log metrics, what metrics to log, how to log them, and how to expose them. For better understanding of the metrics settings and how to configure them, see Metrics.
server.metrics.csv.enabled
Description |
Set to |
Valid values |
A boolean. |
Default value |
|
server.metrics.csv.interval
Description |
The reporting interval for the CSV files. That is, how often new rows with numbers are appended to the CSV files. |
Valid values |
A duration (Valid units are: |
Default value |
|
server.metrics.csv.rotation.compression
Description |
Decides what compression to use for the csv history files. |
Valid values |
One of [NONE, ZIP, GZ]. |
Default value |
|
server.metrics.csv.rotation.keep_number
Description |
Maximum number of history files for the csv files. |
Valid values |
An integer that is minimum |
Default value |
|
server.metrics.csv.rotation.size
Description |
The file size in bytes at which the csv files will auto-rotate. If set to zero then no rotation will occur. Accepts a binary suffix |
Valid values |
A byte size (valid multipliers are |
Default value |
|
server.metrics.enabled
Description |
Enable metrics. Setting this to |
Valid values |
A boolean. |
Default value |
|
server.metrics.filter
Description |
Specifies which metrics should be enabled by using a comma separated list of globbing patterns. Only the metrics matching the filter will be enabled. For example |
Valid values |
A comma-separated list where each element is A simple globbing pattern that can use |
Default value |
|
server.metrics.graphite.enabled
Description |
Set to |
Valid values |
A boolean. |
Default value |
|
server.metrics.graphite.interval
Description |
The reporting interval for Graphite. That is, how often to send updated metrics to Graphite. |
Valid values |
A duration (Valid units are: |
Default value |
|
server.metrics.graphite.server
Description |
The hostname or IP address of the Graphite server. |
Valid values |
A socket address in the format of |
Default value |
|
server.metrics.jmx.enabled
Description |
Set to |
Valid values |
A boolean. |
Default value |
|
server.metrics.prefix
Description |
A common prefix for the reported metrics field names. |
Valid values |
A string. |
Default value |
|
server.metrics.prometheus.enabled
Description |
Set to |
Valid values |
A boolean. |
Default value |
|
server.metrics.prometheus.endpoint
Description |
The hostname and port to use as Prometheus endpoint. |
Valid values |
A socket address in the format of |
Default value |
|
Neo4j Browser and client settings
Neo4j Browser and client settings apply only to Neo4j Browser and the client.
browser.allow_outgoing_connections
Description |
Configure the policy for outgoing Neo4j Browser connections. |
Valid values |
A boolean. |
Default value |
|
browser.credential_timeout
Description |
Configure the Neo4j Browser to time out logged in users after this idle period. Setting this to 0 indicates no limit. |
Valid values |
A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s). |
Default value |
|
browser.post_connect_cmd
Description |
Commands to be run when Neo4j Browser successfully connects to this server. Separate multiple commands with semi-colon. |
Valid values |
A string. |
Default value |
browser.remote_content_hostname_whitelist
Description |
Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from. |
Valid values |
A string. |
Default value |
|
browser.retain_connection_credentials
Description |
Configure the Neo4j Browser to store or not store user credentials. |
Valid values |
A boolean. |
Default value |
|
Kubernetes settings
The Kubernetes settings are used to configure a cluster running on Kubernetes, where each server is running as a Kubernetes service. The addresses of the other servers can be obtained using the List Service API, as described in the Kubernetes API documentation. For more information, see Discovery in Kubernetes.
dbms.kubernetes.address
Description |
Address for Kubernetes API. |
Valid values |
A socket address in the format of |
Default value |
|
dbms.kubernetes.ca_crt
Description |
File location of CA certificate for Kubernetes API. |
Valid values |
A path. |
Default value |
|
dbms.kubernetes.cluster_domain
Description |
Kubernetes cluster domain. |
Valid values |
A string. |
Default value |
|
dbms.kubernetes.label_selector
Description |
LabelSelector for Kubernetes API. |
Valid values |
A string. |
Default value |
dbms.kubernetes.namespace
Description |
File location of namespace for Kubernetes API. |
Valid values |
A path. |
Default value |
|
dbms.kubernetes.service_port_name
Description |
Service port name for discovery for Kubernetes API. |
Valid values |
A string. |
Default value |
Security settings
The security settings are used to configure the security of your Neo4j deployment. Refer to the Security section for thorough information on security in Neo4j.
dbms.security.allow_csv_import_from_file_urls
Description |
Determines if Cypher will allow using file URLs when loading data using |
Valid values |
A boolean. |
Default value |
|
dbms.security.auth_cache_max_capacity
Description |
The maximum capacity for authentication and authorization caches (respectively). |
Valid values |
An integer. |
Default value |
|
dbms.security.auth_cache_ttl
Description |
The time to live (TTL) for cached authentication and authorization info when using external auth providers (OIDC, LDAP or plugin). Setting the TTL to 0 will disable auth caching. Disabling caching while using the LDAP auth provider requires the use of an LDAP system account for resolving authorization information. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.security.auth_cache_use_ttl
Description |
Enable time-based eviction of the authentication and authorization info cache for external auth providers (OIDC, LDAP or plugin). Disabling this setting will make the cache live forever and only be evicted when |
Valid values |
A boolean. |
Default value |
|
dbms.security.auth_enabled
Description |
Enable auth requirement to access Neo4j. |
Valid values |
A boolean. |
Default value |
|
dbms.security.auth_minimum_password_length
Description |
The minimum number of characters required in a password. |
Valid values |
An integer that is minimum |
Default value |
|
dbms.security.auth_lock_time
Description |
The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to a low value is not recommended because it might make it easier for an attacker to brute force the password. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.security.auth_max_failed_attempts
Description |
The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by |
Valid values |
An integer that is minimum |
Default value |
|
dbms.security.authentication_providers
Description |
A list of security authentication providers containing the users and roles. This can be any of the built-in |
Valid values |
A comma-separated list where each element is a string. |
Default value |
|
dbms.security.authorization_providers
Description |
A list of security authorization providers containing the users and roles. This can be any of the built-in |
Valid values |
A comma-separated list where each element is a string. |
Default value |
|
dbms.security.cluster_status_auth_enabled
Description |
Require authorization for access to the Causal Clustering status endpoints. |
Valid values |
A boolean. |
Default value |
|
dbms.security.http_access_control_allow_origin
Description |
Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. This defaults to '*', which allows broadest compatibility. Note that any URI provided here limits HTTP/HTTPS access to that URI only. |
Valid values |
A string. |
Default value |
|
dbms.security.http_auth_allowlist
Description |
Defines an allowlist of http paths where Neo4j authentication is not required. |
Valid values |
A comma-separated list where each element is a string. |
Default value |
|
dbms.security.http_strict_transport_security
Description |
Value of the HTTP Strict-Transport-Security (HSTS) response header. This header tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. It is attached to every HTTPS response. Setting is not set by default so 'Strict-Transport-Security' header is not sent. Value is expected to contain directives like 'max-age', 'includeSubDomains' and 'preload'. |
Valid values |
A string. |
Default value |
dbms.security.http_static_content_security_policy_header
Description |
Defines the Content-Security-Policy header to return to content returned on static endpoints. |
Valid values |
A string. |
Default value |
|
dbms.security.key.name
Description |
Name of the 256 length AES encryption key, which is used for the symmetric encryption. |
Valid values |
A string. |
Default value |
|
dbms.security.keystore.password
Description |
Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption. |
Valid values |
A secure string. |
Default value |
dbms.security.keystore.path
Description |
Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database. |
Valid values |
A path. |
Default value |
dbms.security.ldap.authentication.attribute
Description |
The attribute to use when looking up users.
Using this setting requires |
Valid values |
A string that matches the pattern |
Default value |
|
dbms.security.ldap.authentication.cache_enabled
Description |
Determines if the result of authentication via the LDAP server should be cached or not. Caching is used to limit the number of LDAP requests that have to be made over the network for users that have already been authenticated successfully. A user can be authenticated against an existing cache entry (instead of via an LDAP server) as long as it is alive (see |
Valid values |
A boolean. |
Default value |
|
dbms.security.ldap.authentication.mechanism
Description |
LDAP authentication mechanism. This is one of |
Valid values |
A string. |
Default value |
|
dbms.security.ldap.authentication.search_for_attribute
Description |
Perform authentication by searching for an unique attribute of a user.
Using this setting requires |
Valid values |
A boolean. |
Default value |
|
dbms.security.ldap.authentication.user_dn_template
Description |
LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory’s schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string. |
Valid values |
A string that Must be a string containing '{0}' to understand where to insert the runtime authentication principal.. |
Default value |
|
dbms.security.ldap.authorization.access_permitted_group
Description |
The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via dbms.security.ldap.authorization.group_to_role_mapping. |
Valid values |
A string. |
Default value |
dbms.security.ldap.authorization.group_membership_attributes
Description |
A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. This setting is ignored when |
Valid values |
A comma-separated list where each element is a string, which Can not be empty. |
Default value |
|
dbms.security.ldap.authorization.group_to_role_mapping
Description |
An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 You could also use whitespaces and quotes around group names to make this mapping more readable, for example: `dbms.security.ldap.authorization.group_to_role_mapping`=\ "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \ "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \ "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin |
Valid values |
A string that must be a semicolon-separated list of key-value pairs or empty. |
Default value |
dbms.security.ldap.authorization.nested_groups_enabled
Description |
This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). If set to |
Valid values |
A boolean. |
Default value |
|
dbms.security.ldap.authorization.nested_groups_search_filter
Description |
The search template which will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token |
Valid values |
A string. |
Default value |
|
dbms.security.ldap.authorization.system_password
Description |
An LDAP system account password to use for authorization searches when |
Valid values |
A secure string. |
Default value |
dbms.security.ldap.authorization.system_username
Description |
An LDAP system account username to use for authorization searches when |
Valid values |
A string. |
Default value |
dbms.security.ldap.authorization.use_system_account
Description |
Perform LDAP search for authorization info using a system account instead of the user’s own account.
If this is set to |
Valid values |
A boolean. |
Default value |
|
dbms.security.ldap.authorization.user_search_base
Description |
The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of |
Valid values |
A string that Can not be empty. |
Default value |
|
dbms.security.ldap.authorization.user_search_filter
Description |
The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal. |
Valid values |
A string. |
Default value |
|
dbms.security.ldap.connection_timeout
Description |
The timeout for establishing an LDAP connection. If a connection with the LDAP server cannot be established within the given time the attempt is aborted. A value of 0 means to use the network protocol’s (i.e., TCP’s) timeout value. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.security.ldap.host
Description |
URL of LDAP server to use for authentication and authorization. The format of the setting is |
Valid values |
A string. |
Default value |
|
dbms.security.ldap.read_timeout
Description |
The timeout for an LDAP read request (i.e. search). If the LDAP server does not respond within the given time the request will be aborted. A value of 0 means wait for a response indefinitely. |
Valid values |
A duration (Valid units are: |
Default value |
|
dbms.security.ldap.referral
Description |
The LDAP referral behavior when creating a connection. This is one of
|
Valid values |
A string. |
Default value |
|
dbms.security.ldap.use_starttls
Description |
Use secure communication with the LDAP server using opportunistic TLS. First an initial insecure connection will be made with the LDAP server, and a STARTTLS command will be issued to negotiate an upgrade of the connection to TLS before initiating authentication. |
Valid values |
A boolean. |
Default value |
|
dbms.security.log_successful_authentication
Description |
Set to log successful authentication events to the security log. If this is set to |
Valid values |
A boolean. |
Default value |
|
dbms.security.logs.ldap.groups_at_debug_level_enabled
Description |
When set to |
Valid values |
A boolean. |
Default value |
|
dbms.security.oidc.<provider>.audience
Description |
Expected values of the Audience (aud) claim in the id token. |
Valid values |
A comma-separated list where each element is a string, which Can not be empty. |
dbms.security.oidc.<provider>.auth_endpoint
Description |
The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. |
Valid values |
a URI |
dbms.security.oidc.<provider>.auth_flow
Description |
The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are |
Valid values |
One of [PKCE, IMPLICIT]. |
Default value |
|
dbms.security.oidc.<provider>.auth_params
Description |
Optional additional parameters that the auth endpoint requires. Please use params instead. The map is a semicolon separated list of key-value pairs. For example: |
Valid values |
A simple key value map pattern |
Default value |
|
dbms.security.oidc.<provider>.authorization.group_to_role_mapping
Description |
An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 You could also use whitespaces and quotes around group names to make this mapping more readable, for example: dbms.security.oidc.<provider>.authorization.group_to_role_mapping=\ "Neo4j Read Only" = reader; \ "Neo4j Read-Write" = publisher; \ "Neo4j Schema Manager" = architect; \ "Neo4j Administrator" = admin |
Valid values |
A string that must be semicolon-separated list of key-value pairs or empty |
dbms.security.oidc.<provider>.claims.groups
Description |
The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc.<provider>.authorization.group_to_role_mapping. From Neo4j 5.4, the JWT claim may also contain a single group returned as A string. as well as a list of groups as was previously required. |
Valid values |
A string. |
dbms.security.oidc.<provider>.claims.username
Description |
The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email. |
Valid values |
A string. |
Default value |
|
dbms.security.oidc.<provider>.client_id
Description |
Client id. Not used. This value was previously used to validate the |
Valid values |
A string. |
dbms.security.oidc.<provider>.config
Description |
The accepted values (all optional) are:
|
Valid values |
A simple key-value map pattern |
Default value |
|
dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled
Description |
When set to
|
||
Valid values |
A boolean. |
||
Default value |
|
dbms.security.oidc.<provider>.display_name
Description |
The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.). |
Valid values |
A string. |
dbms.security.oidc.<provider>.get_groups_from_user_info
Description |
When turned on, Neo4j gets the groups from the provider user info endpoint. |
Valid values |
A boolean. |
Default value |
|
dbms.security.oidc.<provider>.get_username_from_user_info
Description |
When turned on, Neo4j gets the username from the provider user info endpoint. |
Valid values |
A boolean. |
Default value |
|
dbms.security.oidc.<provider>.issuer
Description |
The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. |
Valid values |
A string. |
dbms.security.oidc.<provider>.jwks_uri
Description |
The location of the JWK public key set for the identity provider. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. |
Valid values |
a URI |
dbms.security.oidc.<provider>.params
Description |
The map is a semicolon separated list of key-value pairs. For example: client_id: the SSO Idp client idenfifier. response_type: code if auth_flow is pkce or token for implicit auth_flow. scope: often containing a subset of 'email profile openid groups'. For example: |
Valid values |
A simple key-value map pattern |
Default value |
|
dbms.security.oidc.<provider>.token_endpoint
Description |
The OIDC token endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri. |
Valid values |
a URI |
dbms.security.oidc.<provider>.token_params
Description |
Optional query parameters that the token endpoint requires. The map is a semicolon separated list of key-value pairs. For example: |
Valid values |
A simple key value map pattern |
Default value |
|
dbms.security.oidc.<provider>.user_info_uri
Description |
The identity providers user info uri. |
Valid values |
a URI |
dbms.security.oidc.<provider>.well_known_discovery_uri
Description |
OpenID Connect Discovery endpoint used to fetch identity provider settings. If not provided, |
Valid values |
a URI |
dbms.security.procedures.allowlist
Description |
A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard |
Valid values |
A comma-separated list where each element is a string. |
Default value |
|
dbms.security.procedures.unrestricted
Description |
A list of procedures and user-defined functions (comma separated) that are allowed full access to the database. The list may contain both fully-qualified procedure names, and partial names with the wildcard |
Valid values |
A comma-separated list where each element is a string. |
Default value |
dbms.security.require_local_user
Description |
This controls if a local user has to be created for external authentication. If set to the default ( |
Valid values |
A boolean. |
Default value |
|
Server directories settings
The server directories settings can be used to change the default locations of your Neo4j files. For more information, see Default file locations.
server.directories.cluster_state
Description |
Directory to hold cluster state including Raft log. |
Valid values |
A path. If relative, it is resolved from server.directories.data. |
Default value |
|
server.directories.data
Description |
Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
server.directories.dumps.root
Description |
Root location where Neo4j will store database dumps optionally produced when dropping said databases. |
Valid values |
A path. If relative, it is resolved from server.directories.data. |
Default value |
|
server.directories.import
Description |
Sets the root directory for file URLs used with the Cypher |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
server.directories.lib
Description |
Path of the lib directory. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
server.directories.licenses
Description |
Path of the licenses directory. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
server.directories.logs
Description |
Path of the logs directory. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
server.directories.metrics
Description |
The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
server.directories.neo4j_home
Description |
Root relative to which directory settings are resolved. Calculated and set by the server on startup. Defaults to the current working directory. |
Valid values |
A path that is absolute. |
Default value |
server.directories.plugins
Description |
Location of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
server.directories.run
Description |
Path of the run directory. This directory holds Neo4j’s runtime state, such as a pidfile when it is running in the background. The pidfile is created when starting neo4j and removed when stopping it. It may be placed on an in-memory filesystem such as tmpfs. |
Valid values |
A path. If relative, it is resolved from server.directories.neo4j_home. |
Default value |
|
Server settings
Server settings apply only to the specific server and can be varied between configuration files across a cluster/DBMS.
server.backup.enabled
Description |
Enable support for running online backups. |
Valid values |
A boolean. |
Default value |
|
server.backup.exec_connector.command
Description |
Command to execute for ExecDataConnector list |
Valid values |
A string. |
Default value |
server.backup.exec_connector.scheme
Description |
Schemes ExecDataConnector will match on |
Valid values |
A comma-separated list where each element is a string. |
Default value |
server.backup.listen_address
Description |
Network interface and port for the backup server to listen on. |
Valid values |
A socket address in the format of |
Default value |
|
server.backup.store_copy_max_retry_time_per_request
Description |
Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend. |
Valid values |
A duration (Valid units are: |
Default value |
|
server.config.strict_validation.enabled
Description |
A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times. |
Valid values |
A boolean. |
Default value |
|
server.databases.default_to_read_only
Description |
Whether or not any database on this instance is read_only by default. If false, individual databases may be marked as read_only using server.database.read_only. If true, individual databases may be marked as writable using server.databases.writable. |
Valid values |
A boolean. |
Default value |
|
server.databases.read_only
Description |
List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of server.databases.default_to_read_only. |
Valid values |
A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name system. |
Default value |
server.databases.writable
Description |
List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless server.databases.default_to_read_only is set to true. |
Valid values |
A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name system. |
Default value |
server.dynamic.setting.allowlist
Description |
A list of setting name patterns (comma separated) that are allowed to be dynamically changed. The list may contain both full setting names, and partial names with the wildcard |
Valid values |
A comma-separated list where each element is a string. |
Default value |
|
server.jvm.additional
Description |
Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string. |
Valid values |
One or more jvm arguments. |
Default value |
server.max_databases
Description |
The maximum number of databases. |
Valid values |
A long that is minimum |
Default value |
|
Replaced by |
server.panic.shutdown_on_panic
Description |
If there is a Database Management System Panic (an irrecoverable error) should the neo4j process shut down or continue running. Following a DbMS panic it is likely that a significant amount of functionality will be lost. Recovering full functionality will require a Neo4j restart. Default is |
Valid values |
A boolean. |
Default value |
|
server.threads.worker_count
Description |
Number of Neo4j worker threads. This setting is only valid for REST and does not influence bolt-server. It sets the number of worker threads for the Jetty server used by neo4j-server. This option can be tuned when you plan to execute multiple, concurrent REST requests, to get more throughput from the database. Your OS might enforce a lower limit than the maximum value specified here. Number of available processors, or 500 for machines that have more than 500 processors. |
Valid values |
An integer that is in the range |
Default value |
Transaction settings
The transaction settings helps you manage the transactions in your database, for example, the transaction timeout, the lock acquisition timeout, the maximum number of concurrently running transactions, etc. For more information, see Manage transactions and Concurrent data access.
db.lock.acquisition.timeout
Description |
The maximum time interval within which lock should be acquired. Zero (default) means the timeout is disabled. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.shutdown_transaction_end_timeout
Description |
The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.transaction.bookmark_ready_timeout
Description |
The maximum amount of time to wait for the database state represented by the bookmark. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.transaction.concurrent.maximum
Description |
The maximum number of concurrently running transactions. If set to 0, the limit is disabled. |
Valid values |
An integer. |
Default value |
|
db.transaction.monitor.check.interval
Description |
Configures the time interval between transaction monitor checks. Determines how often the monitor thread will check a transaction for timeout. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.transaction.sampling.percentage
Description |
Transaction sampling percentage. |
Valid values |
An integer that is in the range |
Default value |
|
db.transaction.timeout
Description |
The maximum time interval of a transaction within which it should be completed. |
Valid values |
A duration (Valid units are: |
Default value |
|
db.transaction.tracing.level
Description |
Transaction creation tracing level. |
Valid values |
One of [DISABLED, SAMPLE, ALL]. |
Default value |
|
server.http.transaction_idle_timeout
Description |
Timeout for idle transactions in the HTTP Server. |
Valid values |
A duration (Valid units are: |
Default value |
|
server.queryapi.transaction_idle_timeout
Description |
Timeout for idle transactions in the Query API. |
Valid values |
A duration (Valid units are: |
Default value |
|
Transaction log settings
Transaction logs keep the list of transactions that have not yet been applied to the store files. This is necessary for recovery. The following settings configure the number of transaction logs left after a pruning operation and the size of the transaction log files.
See also Checkpoint settings.
db.recovery.fail_on_missing_files
Description |
If |
Valid values |
A boolean. |
Default value |
|
db.tx_log.buffer.size
Description |
On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when the buffer will be full. By default, the size of the byte buffer is based on the number of available CPU’s with a minimal buffer size of 512KB. Every other 4 CPU’s will add another 512KB into the buffer size. The maximal buffer size in this default scheme is 4MB taking into account that you can have one transaction log writer per database in multi-database env. For example, runtime with 4 CPUs will have the buffer size of 1MB; runtime with 8 CPUs will have the buffer size of 1MB 512KB; runtime with 12 CPUs will have the buffer size of 2MB. |
Valid values |
A long that is minimum |
Default value |
db.tx_log.preallocate
Description |
Specify if Neo4j should try to preallocate the logical log file in advance. It optimizes file system by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation. |
Valid values |
A boolean. |
Default value |
|
db.tx_log.rotation.retention_policy
Description |
Specify how long Neo4j should keep logical transaction logs to backup the database.
For example, |
Valid values |
A string that matches the pattern |
Default value |
|
db.tx_log.rotation.size
Description |
Specifies at which file size the logical log will auto-rotate. The minimum accepted value is 128 KiB. |
Valid values |
A byte size (valid multipliers are |
Default value |
|