# logcorrelator configuration file
# Format: directive value [value...]
# Lines starting with # are comments

# Service configuration
service.name logcorrelator
service.language go

# Input sources (at least 2 required)
# Format: input.unix_socket <name> <path> [format]
input.unix_socket apache_source /var/run/logcorrelator/apache.sock json
input.unix_socket network_source /var/run/logcorrelator/network.sock json

# File output
output.file.enabled true
output.file.path /var/log/logcorrelator/correlated.log

# ClickHouse output
output.clickhouse.enabled false
output.clickhouse.dsn clickhouse://user:pass@localhost:9000/db
output.clickhouse.table correlated_logs_http_network
output.clickhouse.batch_size 500
output.clickhouse.flush_interval_ms 200
output.clickhouse.max_buffer_size 5000
output.clickhouse.drop_on_overflow true
output.clickhouse.async_insert true
output.clickhouse.timeout_ms 1000

# Stdout output (for debugging)
output.stdout.enabled false

# Correlation configuration
correlation.key src_ip,src_port
correlation.time_window.value 1
correlation.time_window.unit s

# Orphan policy
# apache_always_emit: always emit A events even without matching B
# network_emit: emit B events alone (usually false)
correlation.orphan_policy.apache_always_emit true
correlation.orphan_policy.network_emit false