Below is a list of configuration options or keys that you can set with the Show
This list is not intended to be an exhaustive list of Tableau Server configuration settings. It represents a subset of configuration keys that can be set by server administrators. Finally, some keys used internally by Tableau Server do not appear in this list. Note: Configuration keys are case-sensitive. Basic Use of tsm configuration keysSetting a configuration key In some cases, you must include the After setting a configuration key value you must apply the pending configuration changes using Resetting a configuration key to defaultTo reset a configuration key back to its default value, use the Viewing the current value of a configuration keyTo see what a configuration key is currently set to, use the There are two special cases that will not return a useful current value for a key:
adminviews.disabledDefault value: Disables access to the Tableau Administrative views. By default, access to views is enabled (this option is set to "false"). api.server.enabledDefault value: Allows access to the Tableau Server REST API(Link opens in a new window). By default, this functionality is enabled. We strongly recommend that you maintain this setting. Disabling the REST API will disrupt the functionality of a broad range of Tableau features. It will not improve performance or enhance security. If you choose to disable the REST API on your Tableau Server installation, test the functionality you require carefully. Functionality impacted by disabling the REST API includes:
auditing.enabledDefault value: Allows access to the PostgreSQL (Tableau Server's own database) historical auditing tables. backgrounder.default_run_now_priorityDefault value (integer): 0 This setting controls what priority is assigned to run now jobs, with 0 being the highest priority. Values should be specified should be in the range of 0 – 100. backgrounder.enable_parallel_adsyncVersion: Added in version 2018.3.6 Default value: Controls whether parallel processing of external directory group synchronization jobs is allowed when there are multiple backgrounders. By default a scheduled synchronization of external directory groups is handled serially, by a single backgrounder. Set this to backgrounder.externalquerycachewarmup.enabledDefault value: Controls the caching of workbook query results after scheduled extract refresh tasks. backgrounder.externalquerycachewarmup.view_thresholdDefault vaule: The threshold for caching workbook query results after scheduled extract refresh tasks. The threshold is equal to the number of views that a workbook has received in the past seven days divided by the number of refreshes scheduled in the next seven days. The following two backgrounder command options determine how long a flow task can run before the flow background task is canceled. These two commands together determine the total timeout value for flow tasks. Default value: The number of seconds beyond the setting in backgrounder.default_timeout.run_flowDefault value: The number of seconds before a flow run task is canceled. 14,400 seconds is 4 hours. backgrounder.failure_threshold_for_run_preventionDefault value: The number of consecutive failures of a subscription, extract, or flow run job before that job is suspended. Suspending continuously failing jobs helps preserver backgrounder resources for other jobs. To disable suspension of failing background tasks, set this to backgrounder.log.levelVersion: Added in version 2020.3.0. Default value: The logging level for the backgrounder process. This is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. backgrounder.querylimitDefault value: Longest allowable time, in seconds, for completing a single extract refresh job. 7200 seconds = 2 hours. Note: If a background job reaches this time limit, it may continue to run for an additional several minutes while being canceled. backgrounder.restrict_serial_collections_to_site_levelDefault value: In Tableau Server, you can schedule extract refreshes, subscriptions, or flows to run periodically. These scheduled items are referred to as tasks. The Backgrounder process initiates unique instances of these tasks to run them at the scheduled time. The unique instances of the tasks that are initiated as a result are referred to as jobs. This setting affects schedules that are configured to run serially. By default, when a schedule is configured to
run serially, all jobs using that schedule will run serially. When this setting is set to The example below illustrate this scenario: Tableau Server includes a schedule named "Daily" to run jobs every day at 7 am. The "Daily" schedule is configured to run serially. Site "HR" and site "Payroll" each have multiple scheduled tasks that use the schedule,
"Daily". When this setting is set to backgrounder.notifications_enabledDefault value: Controls whether extract refresh and flow run alerts are enabled for all sites on the server. By default alerts are enabled. To disable the
alerts for all sites on a server, set this to Extract alerts can be enabled or disabled on a site basis by site administrators in site settings, or at the user level in user settings. backgrounder.sort_jobs_by_type_schedule_boundary_heuristics_milliSecondsDefault value: Controls the time window that identifies backgrounder jobs which are determined to have the same scheduled start time. The backgrounder process orders work that is scheduled at the same time to be executed by job type, running the fastest category of jobs first: Subscriptions, then Incremental Extracts, then Full Extracts. Jobs are batched to determine which jobs are scheduled at the “same time”. A value 60,000 milliseconds (the default) indicates jobs for schedules starting within a 1 minute window should be classified in the same batch and so are ordered by type within that batch. backgrounder.subscription_failure_threshold_for_run_preventionDefault value: Determines the number of consecutive subscription failures that must occur before alerting for a condition is suspended. When set to the default of backgrounder.subscription_image_cachingDefault value: Controls whether backgrounder will cache images that are generated for subscriptions. Cached images do not have to be regenerated each time so caching improves subscription performance. By default image caching is enabled. To
disable image caching for all sites on a server, set this to backgrounder.timeout_tasksDefault value: The default value may be different, depending on your version of Tableau Server. To see the default value list for your version of Tableau, run the tsm configuration get -k backgrounder.timeout_tasks The list of tasks that can be canceled if they run longer than the combined values in backgrounder.timeout.single_subscription_notifyVersion: Added in version 2021.2. Default Value: This is the maximum allowable time specified in seconds for completing a single subscription job. backgrounder.vInstances_max_overflow_queue_sizeVersion: Added in version 20221.2. Default Value: The maximum number of jobs that can be in the secondary queue. A secondary queue is created when the number of jobs running is at the set concurrency limit. The default maximum is set to 1000 jobs - meaning if there are more than 1000 jobs when the concurrency limit is hit, anything more than 1000 jobs will not be queued. Use the backgrounder.vInstance_max_overflow_queue_size tsm command to make changes to the overflow maximum queue size. The values should be specified in whole numbers. backup.zstd.thread_countVersion: Added in version 2021.1.0. This key is dynamically configurable. For more information, see Tableau Server Dynamic Topology Changes Default value: 2 The number of threads that should be used when creating a backup. Increasing this number can improve backup performance, but we recommend thread count not exceed the number of logical processors on the Tableau Server computer, up to four. basefilepath.backuprestoreDefault value: The location in which the
basefilepath.log_archiveDefault value: The location in which the basefilepath.site_export.exportsDefault
value: The location in which the basefilepath.site_import.exportsDefault value: The location in which the clustercontroller.log.levelVersion: Added in version 2020.3.0. Default value: The logging level for Cluster Controller. This is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. clustercontroller.zk_session_timeout_msDefault value: The length of time, in milliseconds, that Cluster Controller will wait for the Coordination Service (ZooKeeper), before determining that failover is required. dataAlerts.checkIntervalInMinutesDefault value: The frequency, in minutes, at which Tableau Server checks to determine if data-alert conditions are true. (The server also checks whenever extracts related to data alerts are refreshed.) dataAlerts.retryFailedAlertsAfterCheckIntervalDefault value: Determines how often Tableau Server rechecks failing data alerts. When set to (The server also checks whenever extracts related to data alerts are refreshed.) dataAlerts.SuspendFailureThresholdDefault value: Determines the number of consecutive data alert failures that must occur before alerting for a condition is suspended. When set to the default of 350, alerting is suspended after roughly two weeks of alerts. This threshold is server-wide, so applies to any data alert defined on the server. databaseservice.max_database_deletes_per_runDefault value: null Use this option to adjust the maximum number of embedded external assets (databases and tables) that can be deleted each time the backgrounder process, controlled by For more information, see features.DeleteOrphanedEmbeddedDatabaseAsset. This option was added beginning with Tableau Server version: 2021.2. dataserver.log.levelVersion: Added in version 2020.3.0. Default value: The logging level for Data Server. This is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. dataserver_<n>.portPort that the data server instance (specified by "<n>") runs on. elasticserver.vmoptsVersion: Added in version: 2019.1. Removed: 2022.1 This configuration option is not valid for Tableau Server versions 2022.1 and later. For Tableau Server versions 2022.1 and later, use Default value: " The default value varies based on the amount of system memory. The JVM maximum heap size is scaled to be 3.125% of the total system RAM. Controls the Elastic Server heap size. Because the default value scales automatically, use this option to override the default value only when absolutely necessary. Append the letter 'k' to the value to indicate kilobytes, 'm' for megabytes, or 'g' to indicate gigabytes. As a general rule, set initial heap size ( excel.shadow_copy_all_remote.enabledVersion: Added in versions 2019.1.5, 2019.2.1. Default value: Controls whether Tableau Server creates a "shadow copy" of a shared Excel spreadsheet ( Note: Tableau Server always attempts to create a shadow copy of a features.ActiveMQVersion: Added in version 2019.4. Default
value: Controls whether Tableau Server uses the Apache ActiveMQ service (Tableau Server Messaging Service) for the internal messaging mechanism. features.DeleteOrphanedEmbeddedDatabaseAssetVersion: Added in version 2021.2. Default value: Controls a backgrounder process, for Tableau Catalog (or
Tableau Metadata API), that deletes embedded external assets (databases and tables) that are no longer associated with downstream Tableau content. This process runs everyday at 22:00:00 UTC (coordinated universal time) and can delete a maximum of 100 external assets each day until there are no remaining external assets without connections to downstream Tableau content. You can set this option to For more information see, Troubleshoot missing content. features.DesktopReportingDefault value: Controls whether Desktop License Reporting is enabled on the server. When set to features.MessageBusEnabledVersion: Added in version 2019.4. Default value: Controls whether Tableau Server uses the new internal messaging mechanism. features.PasswordlessBootstrapInitDefault value: Controls whether Tableau Server allows embedded credentials in bootstrap files. When enabled (the default), embedded credentials are included in the bootstrap file unless you specify that they should not be included. Set this to This option was added beginning with Tableau Server version 2019.3. features.PasswordResetDefault value: Applies only to servers that use local authentication. Set to filestore.empty_folders_reaper.enabled Version: Added in 2020.x (2020.1.14, 2020.2.11, 2020.3.6, 2020.4.2) and 2021.1.x. The default value was changed to Default value: Enables the job that "reaps" (removes) empty Filestore folders. filestore_empty_folders_reap.frequencyVersion: Added in 2020.x (2020.1.14, 2020.2.11, 2020.3.6, 2020.4.2). This is not yet available in 2021.1. Default value: Specifies in minutes, how often to run the job that removes empty Filestore folders. filestore.log.levelVersion: Added in version 2020.3.0 Default value: The logging level for File Store. This is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. filestore.reapemptyfoldersholdoffmsVersion: Added in 2020.x (2020.1.14, 2020.2.11, 2020.3.6, 2020.4.2). This is not yet available in 2021.1. Default value: Specifies in milliseconds, the amount of time to wait before removing empty Filestore folders. floweditor.max_datafile_upload_size_in_kbVersion: Added in version 2020.4 Default value: For Tableau Prep flow web authoring, the maximum size of delimited text files (for example, CSV or TXT) that can be uploaded to Tableau Server. gateway.http.cachecontrol.updatedDefault value: The Cache-Control HTTP header specifies whether the client browser should cache content sent from Tableau Server. To disable caching of Tableau Server data on the client, set this option to gateway.http.hstsDefault value: The HTTP Strict Transport Security (HSTS) header forces browsers to use HTTPS on the domain where it is enabled. gateway.http.hsts_optionsDefault value: By default, HSTS policy is set for one year (31536000 seconds). This time period specifies the amount of time in which the browser will access the server over HTTPS. gateway.httpd.loglevelVersion: Added in 2021.3.0. Default value: Specifies the logging level for the Gateway (Apache HTTPD server). By default this is set to gateway.httpd.shmcb.sizeVersion: Added in 2021.4 Default value: Specifies the amount of memory in bytes for the circular buffer when using the gateway.httpd.socacheVersion: Added in 2021.4 Default value: Specifies the storage type of the global/inter-process SSL Session
Cache. By default, this is set to gateway.http.request_size_limitDefault value: The maximum size (bytes) of header content that is allowed to pass through the Apache gateway on HTTP requests. Headers that exceed the value set on this option will result in browser errors, such as HTTP Error 413 (Request Entity Too Large) or authentication failures. A low value for We recommend setting gateway.http.x_content_type_nosniffDefault value: The X-Content-Type-Options response HTTP header specifies that the MIME type in the Content-Type header should not be changed by the browser. In some cases, where MIME type is not specified, a browser may attempt to determine the MIME type by evaluating the characteristics of the payload. The browser will then display the content accordingly. This process is referred to as "sniffing." Misinterpreting the MIME type can lead to security vulnerabilities. The X-Content-Type-Options HTTP header is set to 'nosniff' by default with this option. gateway.http.x_xss_protectionDefault value: The HTTP X-XSS-Protection response header is sent to the browser to enable cross-site scripting (XSS) protection. The X-XSS-Protection response header overrides configurations in cases where users have disabled XXS protection in the browser. The X-XSS-Protection response header is enabled by default with this option. gateway.log.levelVersion: Added in version 2020.3.0. Default value: The logging level for Gateway. This is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. gateway.public.hostDefault value: <hostname> The name (URL) of the server, used for external access to
Tableau Server. If Tableau Server is configured to work with a proxy server or external load balancer, it is the name entered in a browser address bar to reach Tableau Server. For example, if Tableau Server is reached by entering gateway.public.portDefault value: Applies to proxy server environments only. The external port the proxy server listens on. gateway.slow_post_protection.enabledDefault value: Enabling this can provide some help in protecting against slow POST (Denial-of-Service) attacks by timing out POST requests that transfer data at extremely slow rates. Note: This will not eliminate the threat of such attacks, and could have the unintended impact of terminating slow connections. gateway.slow_post_protection.request_read_timeoutDefault value: When enabled by the preceding option, gateway.timeoutDefault value: Longest amount of time, in seconds, that the gateway will wait for certain events before failing a request (7200 seconds = 2 hours). gateway.trustedDefault value: IP address of proxy server machine Applies to proxy server environments only. The IP address(es) or host name(s) of the proxy server. gateway.trusted_hostsDefault value: Alternate names of proxy server Applies to proxy server environments only. Any alternate host name(s) for the proxy server. indexandsearchserver.vmoptsVersion: Added in version: 2022.1. Default value: " The default value is based on the amount of system memory and is 3.125% of the total system RAM. Controls the Index and Search Server heap size. Because the default value scales automatically, use this option to override the default value only when absolutely necessary. Append the letter
'k' to the value to indicate kilobytes, 'm' for megabytes, or 'g' to indicate gigabytes. As a general rule, set initial heap size ( hyper.file_partition_size_limitDefault value: When set to 0, the size is set to unlimited and will use all the disk space that is available. This option is used to set the disk space limit for a query that spools to disk. If your disk space usage by the spool.<id>.tmp file is higher than where you need it to be for your environment, it means that queries are spooling and taking up disk space. Use this option to limit the amount of disk space that any one query can use. The spool.<id>.tmp file can be found in the temp folder of the user account running Tableau Server. You can specify this value in K(KB), M(MB), G(GB), or T(TB) units. For example, you can specify the size limit as 100G when you want to limit the disk space usage to 100 GB. For more information about spooling see the Memory and CPU Usage section in Tableau Server Data Engine. hyper.global_file_partition_size_limitDefault value: When set to 0, the size is set to unlimited and will use all the disk space that is available. This option is used to set the disk space limit for all queries that spool to disk. If your disk space usage by the spool.<id>.tmp file is higher than where you need it to be for your environment, it means that queries are spooling and taking up disk space. The spool.<id>.tmp file can be found in the temp folder of the user account running Tableau Server. Use this option to limit the amount of disk space in sum total that all queries use when spooling to disk . You can specify this value in K(KB), M(MB), G(GB), or T(TB) units. For example, you can specify the size limit as 100G when you want to limit the disk space usage to 100 GB. Tableau recommends that you start with this configuration when fine tuning your spooling limits. For more information about spooling see the Memory and CPU Usage section in Tableau Server Data Engine. hyper.log_queriesDefault value: When set to true, query information is logged. By default query information is logged. If however you find that the log files are too large for the amount of disk space available, you can set it to hyper.enable_accesspaths_symbolic_canonicalizationDefault value: On Windows OS systems, in order to resolve symlinks, Hyper needs to have access to the directory where extracts are stored and all its parent directories. If this is not the case, you may see an error message in the Hyper log that says: Unable
to obtain canonical path for In such cases, you can set this to Note: Setting the value to hyper.log_query_cpuDefault value: Use this setting to log how much time each query takes and the CPU usage. hyper.log_timingDefault value: This setting is useful to find out more information about the queries, like compilation and parsing times. By default this setting is disabled. You can turn this by setting the value to hyper.log_troublesome_query_plansDefault value: When set to hyper.memory_limitDefault value: Controls the maximum amount of memory used by Hyper. Specify the number of bytes. Append the letter 'k' to the value to indicate kilobytes, 'm' to indicate megabytes, 'g' to indicate gigabytes, or 't' to indicate terabytes. For example, hyper.memtracker_hard_reclaim_thresholdDefault value: This setting only applies to Windows. Hyper keeps decompressed and decrypted parts of the extract in memory to make subsequent accesses faster. This setting controls when worker threads will start writing this data out to a disk cache to reduce memory
pressure. If given as a percentage, the value is interpreted as a percentage of the overall hyper.memtracker_soft_reclaim_thresholdDefault value: This setting only applies to Windows. When interacting with a Hyper file, Hyper will write out some data for caching or persisting the data. Windows has the special behavior that it locks freshly written data into memory. To avoid swapping, we force out the data when Hyper reaches the configured limit for the reclaim threshold. When the soft reclaim threshold is reached, Hyper will try to reclaim cached data in the background to attempt to stay below the reclaim threshold. In situations where swapping would happen otherwise, triggering reclamation in Hyper can lead to a better outcome. Therefore, if your Tableau Server installation experiences a lot of swapping, this setting can be used to attempt to reduce the memory pressure. Specify the number of bytes. Append the letter 'k' to the value to indicate kilobytes, 'm' to indicate megabytes, 'g' to indicate gigabytes, or 't' to indicate terabytes. Alternatively, specify the value as a percentage of the overall configured memory for Hyper. For
example, hyper.network_threadsDefault value: Controls the number of network threads used by Hyper. Specify either the number of network threads (for example, Network threads are used for accepting new connections and sending or receiving data and queries. Hyper uses asynchronous networking, so many connections can be served by a single thread. Normally, the amount of work that is done on network threads is very low. The one exception is opening databases on slow file systems, which can take a long time and block the network thread. If connection times are slow when you try to view or edit dashboards that use extracts and have not been used in a while and you frequently see “asio-continuation-slow” messages in the Hyper log and long “construct-protocol” times to Hyper in the Tableau log, try to increase this value. hyper.objectstore_validate_checksumsDefault value: A boolean setting that controls file integrity checks in Hyper. When set to hyper.query_total_time_limitDefault value: Sets an upper bound on the total thread time that can be used by individual queries in Hyper. Append 's' to the value to indicate seconds, 'min' to indicate minutes, or 'h' to indicate hours. For example to restrict all queries to a total time usage of 1500 seconds of total thread time, run the following command: If a query runs longer then the specified limit, the query will fail and an error will be returned. This setting allows you to automatically control runaway queries that would otherwise use too many resources. Hyper executes queries in parallel. For example, if a query executes for 100 seconds and during this time is running on 30 threads, the total thread time would be 3000 seconds. The thread time of each query is reported in the Hyper log in the “query-end” log entries in the “total-time” field. hyper.session_memory_limitDefault value: Controls the maximum memory consumption that an individual query can have. Specify the number of bytes. Append the letter 'k' to the value to indicate kilobytes, 'm' to indicate megabytes, 'g' to indicate gigabytes, or 't' to indicate terabytes. For example, to set the memory limit to 900 megabytes, run the following command: Alternatively, to specify the session memory limit as a percentage of the overall available system memory run the following command: Lowering this value can help when a query is using excessive amounts of memory and making other queries fail over a long period of time. By lowering the limit, the single big query would fail (or resort to spooling if spooling isn’t turned off) and not have a negative impact on other queries. hyper_standalone.consistent_hashing.enabledDefault value: Improves the chance that the extract for a query is already cached. If the node with the extract cached cannot support additional load, you will be routed to a new node and the extract will be loaded into cache on the new node. This results in better system utilization because extracts are only loaded into memory if there is load that justifies the need. hyper_standalone.health.enabledDefault value: Switches the load balancing metric from random selection to picking the Data Engine (Hyper) node based on a health score that is made of up of a combination of current Hyper activity and system resource usage. Based on these values, the load balancer will pick the node that is most capable of handling an extract query. hyper.temp_disk_space_limitDefault value: Sets the upper limit of disk space at which Hyper will stop allocating space for temporary files. This setting can help to stop the hard disk from filling up with temporary files from Hyper and running out of disk space. If disk space reaches this threshold, Hyper will attempt to recover automatically without administrator intervention. Specify it as percentage of the overall available disk space to be used. For example, For Data Engine to start, the configured amount of disk space must be available. If not enough disk space is available, you will see a Data Engine log entry that says, “Disk limit for temporary files has been reached. Please free up disk space on the device. See the Hyper log for more information: No space left on device”. hyper.hard_concurrent_query_thread_limitDefault value: 150% Use this option to set the maximum number of threads Hyper should use for running queries. Use this when you want to set a hard limit on the CPU usage. Specify either the number of threads or specify the percentage of threads in relation to the logical core count. Hyper will most likely not use more resources than are configured by this setting but Hyper background and network threads are not affected by this setting (though they tend to not be CPU intensive). It is important to consider that this setting controls the number of concurrent queries that can be executed. So, if you decrease this setting, the chance of queries needing to wait for currently running queries to complete increases, which may affect workbook load times. hyper.soft_concurrent_query_thread_limitDefault value: 100% Use this option to specify the number of threads that a single query can be parallelized across if sufficiently many threads are available given the To illustrate this, here is a simplified example: Let's say you set this value to 10 threads, this means queries can be parallelized up to 10 threads. If only 2 queries are running, the remaining 8 threads are used to parallelize the 2 queries. The hyper. hard_concurrent_query_thread_limit, and hyper.soft_concurrent_query_thread_limit options work together to give you some options to manage your CPU usage while maximizing available CPU resources to complete queries faster. If you don't want the Data Engine to use all the available CPU on the machine, change it to less than 100% to a percentage that is optimal for your environment. The soft limit is a way for you to limit CPU usage but allow it to go beyond the soft limit up to the hard limit if necessary. Note: The hyper.hard_concurrent_query_thread_limit and hyper.soft_concurrent_query_thread_limit options replace hyper.num_job_worker_threads and hyper.num_task_worker_threads options available in Tableau Server versions 2018.3 and earlier, and are deprecated in the current version. For information on the hyper.num_job_worker_threads and hyper.num_task_worker_threads, see tsm configuration set Options.(Link opens in a new window) hyper.use_spooling_fallbackDefault value: When set to Tableau recommends that you use the default setting. You can turn this off by setting the value to For more information about spooling see the Memory and CPU Usage section in Tableau Server Data Engine. jmx.security.enabledVersion: Added in version: 2022.1. Default value: JMX is disabled by default, so secure JMX is also disabled. If you are enabling JMX we strongly recommend you enable secure JMX. This is set to tsm maintenance jmx enable We do not recommend you enable JMX unsecured on a production environment. Would you like to enable security features for JMX? (y/n): y jmx.ssl.enabledVersion: Added in version: 2022.1. Default value: This is set to
tsm maintenance jmx enable ... Would you like to enable SSL? (y/n): y jmx.ssl.require_client_authVersion: Added in version: 2022.1. Default value: This is set to tsm maintenance jmx enable ... Would you like to require client authentication (mTLS)? (y/n): y To complete configuration you must have a client cert and place this in the correct location on your client computer. jmx.ssl.user.nameVersion: Added in version: 2022.1. Default value: This is set when you install or upgrade Tableau Server. jmx.ssl.user.passwordVersion: Added in version: 2022.1. Default value: This is set when you install or upgrade Tableau Server. jmx.user.accessVersion: Added in version: 2022.1. Default value: You can change this to tsm maintenance jmx enable ... JMX access is readonly by default. Would you like to add readwrite access? (y/n): y licensing.login_based_license_management.default_requested_duration_secondsDefault value: Set to the duration (in seconds) that a user's login-based license can be offline with no connection to Tableau Server before they are prompted to activate again. This duration is always refreshed when Tableau Desktop is in use and can connect to Tableau Server. licensing.login_based_license_management.enabledDefault value:
Set to true to enable login-based license management. Set to false to disable login-based license management. Note: In order to use login-based license management, you must activate a product key that is enabled for login-based license management. You can use the licensing.login_based_license_management.max_requested_duration_secondsDefault value: Set to the maximum duration (in seconds) that a user’s login-based license can be offline with no connection to Tableau Server before they are prompted to activate Tableau again. The maximum value is 15552000 seconds (180 days). This duration is always refreshed when Tableau Desktop is in use and can connect to Tableau Server. maestro.app_settings.sampling_max_row_limitDefault value: Sets the maximum number of rows for sampling data from large data sets with Tableau Prep on the web. maestro.input.allowed_pathsDefault value: "" By default, access to any directory will be denied, and only publishing to Tableau Server with content that is included in the tflx file is allowed. A list of allowed network directories for flow input connections. You must enable Tableau Prep Conductor to schedule flows on your Tableau Server. For more information, see Tableau Prep Conductor. The following rules apply and must be considered when configuring this setting:
Important:
For more information and details about configuring allowed directories for flow input and output connections, see Step 4: Safe list Input and Output locations(Link opens in a new window). maestro.output.allowed_pathsDefault value: "" By default, access to any directories will be denied. A list of allowed network directories for flow output connections. You must enable Tableau Prep Conductor to schedule flows on your Tableau Server. For more information, see Tableau Prep Conductor. The following rules apply and must be considered when configuring this setting:
For more information and details about configuring allowed directories for flow input and output connections, see Step 4: Safe list Input and Output locations(Link opens in a new window). maestro.sessionmanagement.maxConcurrentSessionPerUserDefault
value: Sets the maximum number of flow web editing sessions that a user can have open at one time. metadata.ingestor.blocklistDefault value: null When configured, Tableau Catalog blocks specified content from being ingested. To specify which content to block, you must identify the blocklist values, which is a combination of both the site ID, content type, and content ID of the content you want to block, from the server “noninteractive” log files. Blocklist values must be separated by a comma. Important: You should only use this option when directed to do so by Tableau Support. For example, you can use the To validate blocked content, review the server “noninteractive” log files for the following events:
For example: and metadata.ingestor.pipeline.throttleEventsEnableDefault value: Controls whether indexing of new and updated content, also called eventing, is regulated across all sites on the
server. By default, event throttling is turned off. To turn on event throttling, change this setting to For more information about event throttling, see Enable Tableau Catalog. metadata.ingestor.pipeline.throttleLimitDefault value: When event throttling is enabled, this is the maximum number of new and updated content items that can be indexed during a specified period of time. Once the specified limit is reached for a specific item, indexing is deferred. By default, the limit is set to Throttled events can be identified in the server "noninteractive" log files as metadata.ingestor.pipeline.throttlePeriodLengthDefault value: When event throttling is enabled, this is the period of time, in minutes, a specified maximum number of new and updated content items can be indexed. Once the specified time is reached, indexing of any additional new and updated content is deferred. By default, the time is set to 30 minutes. You can use the following command to change the time: metadata.query.limits.timeDefault value: This is the longest allowable time, in seconds, for a Catalog or Metadata API query to run before a timeout occurs and the query is canceled. Tableau recommends incrementally increasing the timeout limit to no more than 60 seconds using the following command: Important: This option should be changed only if you see the error described here, Timeout limit and node limit exceeded messages. Increasing the timeout limit can utilize more CPU for longer, which can impact the performance of tasks across Tableau Server. Increasing the timeout limit can also cause higher memory usage, which can cause issues with the interactive microservices container when queries run in parallel. metadata.query.limits.countDefault value: This is the number of objects (which can loosely map to the number of query results) that Catalog can return before the node limit is exceeded and the query is canceled. Tableau recommends incrementally increasing the timeout limit, to no more than 100,000 using the following command: Important: This option should be changed only if you see the error described here, Timeout limit and node limit exceeded messages. Increasing the node limit can cause higher memory usage, which can cause issues with the interactive microservices container when queries run in parallel. metricsservices.checkIntervalInMinutesDefault value: Controls the interval, in minutes, between refreshes for metrics that rely on live data sources. A metric refreshes when the server checks for new data via the metric’s connected view. metricsservices.enabledVersion: Added in version: 2022.3 Default value: When set to metricsservices.failureCountToWarnUserDefault value: Controls the number of consecutive refresh failures that must occur before the metric owner is warned. When set to the default of 10, a metric refresh must fail 10 times in a row before the owner is sent a notification about the failure. metricsservices.maxFailedRefreshAttemptsDefault value: Controls the number of consecutive refresh failures that must occur before a metric refresh is suspended. mobile.deep_linking.on_prem.enabledDefault value: Controls whether links to Tableau Server are treated as deep links by the Tableau Mobile app. When set to monitoring.dataengine.connection_timeoutDefault value: The length of time, in milliseconds, that Cluster Controller will wait for the data engine, before determining that a connection timeout occurred. The default is 30,000 milliseconds (30 seconds). native_api.connection.limit.<connection class>Set parallel query limit for the specified data source (connection class). This overrides the global limit for the data source. native_api.connection.globallimitDefault value: Global limit for parallel queries. Default is 16 except for Amazon Redshift which has a default of 8. native_api.ExplainDataEnabledDefault value:
This option controls whether Explain Data is enabled or disabled for the server. For more information about Explain Data, see Get Started with Explain Data(Link opens in a new window) in the Tableau Help. This option was added beginning with Tableau Server version: 2019.3. native_api.force_alternative_federation_engineDefault value: Override the operation restrictions when joining data from a single file connection and a single SQL database connection. Set this option to native_api.ProtocolTransitionLegacyFormatDefault
value: Use the legacy name format for constrained delegation. The name format was changed in version 10.1 to allow cross-domain protocol transition (S4U). If this causes problems with existing configurations and you don't need cross-domain protocol transition, configure Tableau Server to use the old behavior by setting this to native_api.InitializeQueryCacheSizeBasedOnWeightsDefault value: Controls whether the query cache size is initialized automatically based on the amount of available system memory. The query cache consists of the logical query cache, metadata cache, and native query cache. By default, this functionality is enabled. native_api.QueryCacheMaxAllowedMBThe maximum size of the query cache in megabytes. This value varies based on the amount of system memory. The query cache consists of the logical query cache, metadata cache, and native query cache. Use the table below to determine your default value:
native_api.LogicalQueryCacheMaxAllowedWeightDefault value: The weight of logical query cache size limit in the total query cache size. native_api.MetadataQueryCachMaxAllowedWeightDefault value: The weight of metadata query cache size limit in the total query cache size. native_api.NativeQueryCacheMaxAllowedWeightDefault value: The weight of native query cache size limit in the total query cache size. native_api.QueryCacheEntryMaxAllowedInPercentDefault value: Specifies the maximum size of query results that can be put into
the query cache. It is set as the percentage of the total query cache size. For example, if the logical query cache size is 100 MB and nlp.concepts_shards_countDefault value: 1 Note: The default shard count value is sufficient for most Tableau Server installations. Controls the number of data shards for the Concepts index of Ask Data, field names, field synonyms, and analytical terms stored in shards in:
The shard count partitions the search index to reduce total index size, which may improve the performance of Ask Data's semantic parser. Adjusting the shard count is another
performance enhancement measure that you can take along with increasing the heap size through Tableau recommends increasing the shard count by 1 for every 50 GB. To reduce the number of times you need to adjust the shard count, calculate the total index size by adding 50% to the current index. For example, if the total index size is less than 50 GB, then 1 shard is sufficient. Actual performance will vary depending on the server, the rate at which the index size grows, and other factors.
You can use the following command to increase the Concepts index shard count from default to 2: nlp.values_shards_countDefault value: 1 Controls the number of data shards for the Concepts index of Ask Data, field names, field synonyms, and analytical terms stored in shards in:
The shard count partitions the search index to reduce total index size, which may improve the performance of Ask Data's semantic parser. Adjusting the shard count is another performance enhancement measure that you can take
along with increasing the heap size through Tableau recommends increasing the shard count by 1 for every 50 GB. To reduce the number of times you need to adjust the shard count, calculate the total index size by adding 50% to the current index. For example, if the total index size is less than 50 GB, then 1 shard is sufficient. Actual performance will vary depending on the server, the rate at which the index size grows, and other factors.
You can use the following command to increase the Values index shard count from default to 2: nlp.defaultNewSiteAskDataModeDefault value: Use this option to set the initial value of the Ask Data Mode when a site is created. For more information see Disable or Enable Ask Data for a Site. Valid options are This option was added beginning with Tableau Server versions: 2019.4.5, 2020.1.3. noninteractivecontainer.vmoptsDefault value: The default value varies based on the amount of system memory. The JVM maximum heap size is scaled to be 6.25% of the total system RAM. This option controls the JVM maximum heap size for Tableau Catalog ingestion. Because the default value scales automatically, use this option to override the default value only when absolutely necessary by modifying the For more information, see Memory for non-interactive microservices containers. pgsql.portDefault value: Port that PostgreSQL listens on. pgsql.preferred_hostSpecifies the computer name of the node with the preferred repository installed. This value is used if the Example: Note: The
pgsql.ssl.ciphersuiteDefault value: Specifies the cipher algorithms that are allowed for SSL for the Repository. For acceptable values and formatting requirements, see ssl_ciphers(Link opens in a new window) on the Postgres website. pgsql.verify_restore.portDefault value: Port used to verify the integrity of the PostgreSQL database. See tsm maintenance backup for more information.
ports.blocklistVersion: Added in version 2021.1 Default value: no ports blocked in the range used for automatic port assignment. Used to specify ports within the port assignment range that should not be used by Tableau when dynamically assigning ports. This is useful when you know that another application is using a port within the range. Separate multiple ports with commas, for example: For more information on using the recommendations.enabledDefault value: Controls the recommendations feature, which powers recommendations for data sources and tables (for Tableau Desktop) and recommendations for views (for Tableau Server). Recommendations are based on the popularity of content and on content used by other users determined to be similar to the current user. recommendations.vizrecs.enabledDefault value: Controls recommendations for views for Tableau Server users. This option is a child of redis.max_memory_in_mbDefault value: Specifies the size in megabytes of the cache server external query cache. refresh_token.absolute_expiry_in_secondsDefault value: Specifies the number of seconds for absolute expiry of refresh and access tokens. The tokens are used by clients (Tableau Mobile, Tableau Desktop, Tableau Prep, etc) for authentication to Tableau Server after initial sign-in. This configuration key also governs personal access token expiry. All refresh and access tokens are a type of OAuth
token. To remove limits set to refresh_token.idle_expiry_in_secondsDefault value: Specifies the number of seconds when idle OAuth tokens will expire. The OAuth tokens are used by
clients for authentication to Tableau Server after initial sign-in. To remove limits set to refresh_token.max_count_per_userDefault value: Specifies the maximum number of refresh tokens that can be issued for each user. If user sessions are expiring more quickly than you expect, either increase this value or set it to rsync.timeoutDefault value: Longest allowable time, in seconds, for completing file synchronization (600 seconds = 10 minutes). File synchronization occurs as part of configuring high availability, or moving the data engine and repository processes. schedules.display_schedule_description_as_nameDefault value: Controls whether a
schedule name displays when creating a subscription or extract refresh (the default), or the "schedule frequency description" name describing the time and frequency of the schedule displays. To configure Tableau Server to display timezone-sensitive names for schedules, set this value to When true, the "schedule frequency description" is also displayed after the schedule name on the schedule list page. schedules.display_schedules_in_client_timezoneDefault value: Shows the "schedule frequency description" in the timezone of the user when true (uses the client browser timezone to calculate the "schedule frequency description"). Default value (boolean): This setting controls whether or not task priority is considered for determining the job rank which determines when to pull jobs off the queue.
Setting this to searchserver.connection_timeout_millisecondsVersion: Added in version 2019.1. Default value, in milliseconds: Specifies, in milliseconds, the amount of time Search & Browse clients will wait to establish a connection to the Search & Browse server. On especially busy Tableau Server computers, or if you see log errors "Failed zookeeper health check. Refusing to start SOLR." increase this value. For more information, see Client session timeouts. searchserver.javamemoptsVersion: Added in version 2019.1. Default value: Determines JVM options for SOLR. Of all configurable options, the maximum heap memory, configured by the Valid values for searchserver.startup.zookeeper_healthcheck_timeout_msVersion: Added in version 2020.1. Default value, in milliseconds: Specifies, in milliseconds, the amount of time Tableau Server should wait for a successful Zookeeper health check on startup. On especially busy Tableau Server computers, or if you see log errors "Failed zookeeper health check. Refusing to start SOLR." increase this value. For more information, see Zookeeper connection health check timeout at startup. searchserver.zookeeper_session_timeout_millisecondsDefault value, in milliseconds: Specifies, in milliseconds, the amount of time Search & Browse clients will wait to establish a connection to the Coordination Service (Zookeeper). For more information, see Client session timeouts. ServerExportCSVMaxRowsByColsVersion: Added in version 2020.3. Default value: Specifies the maximum number of cells of data that can be downloaded from View Data into a CSV file. By default, there is no limit. Specify the number of cells. For example to set a limit of 3 million: tsm configuration set -k ServerExportCSVMaxRowsByCols -v 3000000 tsm pending-changes apply service.jmx_enabledDefault value: Setting to service.max_procsDefault value: <number> Maximum number of server processes. service.port_remapping.enabledDefault value: Determines whether or not Tableau Server will attempt to dynamically remap ports when the default or configured ports are unavailable. Setting to session.ipstickyDefault value: Makes client sessions valid only for the IP address that was used to sign in. If a request is made from an IP address different from that associated with the session token, the session token is considered invalid. In certain circumstances—for example, when Tableau Server is being accessed by computers with known and static IP addresses—this setting can yield improved security. Note: Consider carefully whether this setting will help your server security. This setting requires that the client have a unique IP address and an IP address that stays the same for the duration of the session. For example, different users who are behind a proxy might look like they have the same IP address (namely, the IP address of the proxy); in that case, one user might have access to another user's session. In other circumstances, users might have a dynamic IP address, and their address might change during the course of the session. If so, the user has to sign in again. sheet_image.enabledDefault value: Controls whether you can get images for views with the REST API. For more information, see REST API Reference. ssl.ciphersuiteDefault value: Specifies the cipher algorithms that are allowed for SSL for Gateway. For acceptable values and formatting requirements, see SSLCipherSuite(Link opens in a new window) on the Apache website. ssl.client_certificate_login.blocklisted_signature_algorithmsDefault value:
The default value blocks certificates with the SHA-1 signing algorithm. Specifies the client signing algorithms that are blocked for SSL. To disable blocking of all signature algorithms, run this key with an empty set of quotes. For more information about this key, see the Knowledge Base article, Mutual SSL Fails After Upgrading if Certificates Signed with SHA-1(Link opens in a new window). ssl.client_certificate_login.min_allowed.elliptic_curve_sizeDefault value: Specifies the minimum elliptic curve size required for ECDSA client certificates that are authenticating with Tableau Server over mutual SSL If a client presents an ECDSA client certificate that does not satisfy this minimum curve size, the authentication request will fail. This option was introduced in Tableau Server version 2021.1. ssl.client_certificate_login.min_allowed.rsa_key_sizeDefault value: Specifies the minimum key size for RSA client certificates that are authenticating with Tableau Server over mutual SSL If a client presents an RSA client certificate that does not satisfy this minimum key size, the authentication request will fail. This option was introduced in Tableau Server version 2021.1. storage.monitoring.email_enabledDefault value: Controls whether email
notifications are enabled for server disk space monitoring. By default, email notifications are enabled. To enable notifications for disk space monitoring, set this to SMTP must be configured for notifications to be sent. For details, see Configure SMTP Setup. storage.monitoring.warning_percentDefault value: Warning threshold of remaining disk space, in percentage of total disk space. If disk space falls below this threshold, a warning notification is sent. storage.monitoring.critical_percentDefault value: Critical threshold of remaining disk space, in percentage of total disk space. If disk space falls below this threshold, a critical notification is sent. storage.monitoring.email_interval_minDefault value: How often, in minutes, that email notifications should be sent when disk space monitoring is enabled and a threshold is crossed. storage.monitoring.record_history_enabledDefault value: Determines
whether free disk space history is saved and available to view in Administrative Views. To disable history storage for monitoring, set subscriptions.enabledDefault value: Controls whether subscriptions are configurable system-wide. See Set Up a Site for Subscriptions. subscriptions.timeoutDefault value: Length of time, in seconds, for a view in a workbook subscription task to be rendered before the task times out. If this time limit is reached while a view is being rendered, the rendering continues, but any subsequent view in the workbook is not rendered, and the job ends in error. In the case of a single-view workbook, this value will never result in the rendering being halted due to a timeout. svcmonitor.notification.smtp.enabledDefault value: Controls whether email notifications are enabled for server process events. By default notifications are sent when processes go down, fail over, or restart. To enable server process notifications, set this to SMTP must be configured for notifications to be sent. For details, see Configure SMTP Setup. svcmonitor.notification.smtp.mime_use_multipart_mixedVersion: Added in version: 2020.1.8, 2020.2.5, 2020.3.1 Default value: Controls whether subscription HTML MIME attachments are sent as multipart/related (the default) or multipart/mixed. To allow the iOS Mail application to properly open these attachments, set this to tabadmincontroller.auth.expiration.minutesDefault value: Controls how long session cookies are valid. By default this is set to 120 minutes. This value also determines how long the embedded credentials in a node bootstrap file are valid. For more information, see tsm topology nodes get-bootstrap-file. tdsservice.log.levelVersion: Added in version 2020.3.0 Default value: The logging level for the Data Source Properties service. This is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. tomcat.http.maxrequestsizeDefault value: The maximum size (bytes) of header content that is allowed to pass through the Apache gateway on HTTP requests. Headers that exceed the value set on this option will result in browser errors, such as HTTP Error 413 (Request Entity Too Large) or authentication failures. A low value for We recommend setting tomcat.http.proxyHostSpecifies forward proxy host name for OpenID requests to the IdP. See Configure Tableau Server for OpenID Connect. tomcat.http.ProxyPortSpecifies forward proxy port for OpenID requests to the IdP. See Configure Tableau Server for OpenID Connect. tomcat.https.proxyHostSpecifies forward proxy host name for OpenID requests to the IdP. See Configure Tableau Server for OpenID Connect. tomcat.https.ProxyPortSpecifies forward proxy port for OpenID requests to the IdP. See Configure Tableau Server for OpenID Connect. tomcat.https.portDefault value: SSL port for Tomcat (unused). tomcat.server.portDefault value: Port that tomcat listens on for shutdown messages. tomcat.useSystemProxiesSpecifies whether tomcat components (OpenID) require access to the forward proxy configuration on the local Windows operating system. See Configure Tableau Server for OpenID Connect. tomcatcontainer.log.levelDefault value: The logging level for microservices in the Interactive Microservice Container and Non-Interactive Microservice Container. This is dynamically configurable starting in version 2020.4, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. tsm.log.levelDefault value: Logging level for TSM services. These logs include information that can be useful if you have problems with TSM services: Administration Agent, Administration Controller, Client File Service, Cluster Controller, Service Manager, and License Service. This configuration key does not change the logging level for Coordination Service or for maintenance processes. For more information, see Change Logging Levels and Tableau Server Processes. tsm.controlapp.log.levelDefault value: Logging level for usernotifications.reap_after_daysDefault value: Number of days after which a user notification will be deleted from the server. vizportal.adsync.update_system_userDefault value: Specifies whether email addresses and display names of users are changed (even when changed in Active Directory) when an Active Directory group is synchronized in Tableau Server. To ensure that user email addresses and display names are updated during synchronization, set vizportal.alwaysUseEmbeddedShareLinksVersion: Added in version 2021.3.0 Default value: Specifies whether the Copy Link option should include the "embed=y" parameter. Starting in version 2019.4, by default it does not include this parameter. Setting this configuration key to true changes the behavior so that the "embed=y" parameter is included. For details about using the Copy Link option to share links for embedding in web pages, see Embed Views into Webpages(Link opens in a new window) in the Tableau Desktop and Web Authoring Help. Default value: When set to vizportal.csv_user_mgmt.index_site_usersDefault value: Specifies whether indexing of site users is done user by user when importing
or deleting users with a CSV file. When set to vizportal.log.levelDefault value: The logging level for vizportal Java components. Logs are written to Set to Beginning with version 2020.4.0, this is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. vizportal.oauth.connected_apps.max_expiration_period_in_minutesVersion: Added in version 2021.4. Default value: The maximum period of time, in minutes, the JSON web token (JWT) is valid. At the time the JWT is verified, Tableau Server checks that the time period specified in the JWT doesn’t exceed this default value. This setting is used when a Tableau connected app has been configured on Tableau Server using the Tableau REST API(Link opens in a new window). For example, to change maximum period to 5 minutes, run the following command: Version: Added in version 2021.4. Default value: Specifies whether the Enable OAuth Access for Embedding Content option is enabled for Tableau Server. Use this option to register an external authorization server (EAS) with Tableau Server so that you can enable single sign-on (SSO) for embedded content in a custom application. For more information, see Register EAS to Enable SSO for Embedded Content. To enable this option, run the following command: vizportal.oauth.external_authorization_server.blocklisted_jws_algorithmsVersion: Added in version 2021.4. Default value: When an external authorization server (EAS) is registered or connected app is configured, you can use this command to specify the signing algorithm used in JSON web token (JWT) header. For more information, see Register EAS to Enable SSO for Embedded Content or Configure Tableau Connected Apps to Enable SSO for Embedded Content . For example, if needed, you might run the following command to remove the algorithm: Important: The example command above allows unsafe signing algorithms and should only be used to troubleshoot errors. vizportal.oauth.external_authorization_server.issuerVersion: Added in version 2021.4. Default value: Required. Use this command to specify the issuer URL. The issuer URL is required to register the external authorization server (EAS) with Tableau Server. For more information, see Register EAS to Enable SSO for Embedded Content. For example, if your EAS is Okta, you might run a command similar to the following: vizportal.oauth.external_authorization_server.jwksVersion: Added in version 2021.4. Default value: When an external authorization server (EAS) is registered, you can use this command to specify the JSON web key set (JWKS) URL. The JWKS URL is required if the identity provider (IdP) doesn’t expose the external authorization server metadata endpoint. For example, if your IdP is Amazon Cognito, you might run a command similar to the following: vizportal.oauth.external_authorization_server.max_expiration_period_in_minutesVersion: Added in version 2021.4. Default value: The maximum period of time, in minutes, the JSON web token (JWT) is valid. At the time the JWT is verified, Tableau Server checks that the time period specified in the JWT doesn’t exceed this default value. This setting is used when an EAS has been registered with Tableau Server. For more information, see Register EAS to Enable SSO for Embedded Content. For example, to change maximum period to 5 minutes, run the following command: vizportal.openid.client_authenticationSpecifies custom client authentication method for OpenID Connect. To configure Tableau Server to use the IdPs that require the An example would be when connecting to the Salesforce IDP, which requires this. vizportal.openid.essential_acr_valuesVersion: Added in version 2020.4. Specifies a list of authentication context class reference (ACR) values to provide the OpenID Connect IdP as an essential claim request. The IdP is responsible for ensuring that authentication meets the expected criteria. If the To set this option, enter the ACR values in order of preference, enclosed by double-quotes. You must separate multiple values by a comma and space, as in this example: vizportal.openid.full_server_request_logging_enabledDefault value: Specifies whether to do full logging of OpenID activity. Set this to As with all logging-related configurations, we recommend that after you are finished troubleshooting and collecting logs, you reset this key to its default ( vizportal.openid.voluntary_acr_valuesVersion: Added in version 2020.4. Specifies a list of authentication context class reference (ACR) values to provide the OpenID Connect IdP as a voluntary claim request. The IdP is responsible for ensuring that authentication meets the expected criteria. If the To set this option, enter the ACR values in order of preference, enclosed by double-quotes. You must separate multiple values by a comma and space, as in this example: vizportal.rest_api.cors.allow_originSpecifies the origins (sites) that are allowed access to the REST API endpoints on Tableau Server when If Note: You can use an asterisk (*) as a wild card to match all sites. This is not recommended as it allows access from any origin that has access to the server and can present a security risk. Do not use an asterisk (*) unless you fully understand the implications and risks for your site. vizportal.rest_api.cors.enabledDefault value: Controls whether Tableau Server allows Cross Origin Resource Sharing (CORS). When set to vizqlserver.allow_insecure_scriptsDefault value: Allows a workbook to be published to the server from Tableau Desktop, and to be opened from the server, even if the workbook contains SQL or R expressions that are potentially
unsafe (for example, a SQL expression that could potentially allow SQL injection). When this setting is vizqlserver.browser.renderDefault value: Views under the threshold set by vizqlserver.browser.render_thresholdDefault value: The default value represents a high level of complexity for a view displayed on a PC. Complexity factors include number of marks, headers, reference lines, and annotations. Views that exceed this level of complexity are rendered by the server instead of in the PC's web browser. vizqlserver.browser.render_threshold_mobileDefault value: The default value represents a high level of complexity for a view displayed on a tablet. Complexity factors include number of marks, headers, reference lines, and annotations. Views that exceed this level of complexity are rendered by the server instead of in the tablet's web browser. vizqlserver.clear_session_on_unloadDefault value: Determines whether
or not VizQL sessions are kept in memory when a user navigates away from a view or closes their browser. The default value (false) keeps sessions in memory. To close VizQL sessions on leaving a view or closing a browser, set this to vizqlserver.force_maps_to_offlineVersion: Added in version 2020.4.0. Default value: Determines whether Tableau Server runs in offline mode for maps. This is useful in disconnected environments where access to the internet and the map server is restricted. To enable offline mode for maps, set this value to vizqlserver.geosearch_cache_sizeDefault value: Sets the maximum number of different geographic search locale/language data sets that can be loaded into server memory at the same time. When the server receives a geographic search request for locale/language data set that is not in memory, it will load the set into memory. If loading the data set will exceed the specified limit, the least recently used locale/language data set is cleared from memory so the requested one can be loaded. The minimum value is 1. Each cache takes approximately 60 MB in memory (so if you set this to 10, the memory usage would be 600 MB (60 * 10). vizqlserver.initialsql.disabledDefault value: Specify whether to ignore initial SQL statements for all data sources. Set this to true to ignore initial SQL: tsm configuration set -k vizqlserver.initialsql.disabled -v true vizqlserver.log.levelDefault value: The logging level for vizportal Java components. Logs are written to Set to Beginning with version 2020.3.0, this is dynamically configurable, so if you are only changing this you do not have to restart Tableau Server. For more information, see Change Logging Levels. vizqlserver.NumberOfWorkbookChangesBetweenAutoSavesDefault value: Auto recover configuration for web authoring. Specifies the number of changes that a user must make to trigger auto save. Take care when changing this value. Auto recover functionality may impact the performance of web authoring and other viz-related operations on Tableau Server. We recommend tuning this value by making incremental adjustments over time. vizqlserver_<n>.portThe port a VizQL server instance (specified by "<n>") is running on. vizqlserver.protect_sessionsDefault value: When set to vizqlserver.querylimitDefault value: Longest allowable time for updating a view, in seconds. 1800 seconds = 30 minutes. This configuration option impacts VizQL Server and Data Server. vizqlserver.RecoveryAttemptLimitPerSessionDefault value: Auto recover configuration for web authoring. The maximum number of attempts to recover the same session. Take care when changing this value. Auto recover functionality may impact the performance of web authoring and other viz-related operations on Tableau Server. We recommend tuning this value by making incremental adjustments over time. vizqlserver.session.expiry.minimumDefault value: Number of minutes of idle time after which a VizQL session is eligible to be discarded if the VizQL process starts to run out of memory. vizqlserver.session.expiry.timeoutDefault value: Number of minutes of idle time after which a VizQL session is discarded. vizqlserver.sheet_image_api.max_age_floorDefault value: The amount of time, in minutes, to cache images that are generated by the Query View Image method of the REST API. For more information, see the REST API Reference(Link opens in a new window) in the REST API help. vizqlserver.showdownloadDefault value: Controls the display of the Tableau Workbook option of the Download menu in views. When set to Note: This setting does not remove the option for users in Web Edit mode. vizqlserver.showshareDefault value: Controls the display of Share options in views. To hide these options, set to false. Note: Users can override the server default by setting the "showShareOptions" JavaScript or URL parameter. vizqlserver.url_scheme_whitelistSpecifies one or more URL schemes to allow (safe list) when using
URL actions(Link opens in a new window) on views and dashboards. The schemes The values you specify overwrite previous settings. Therefore, you must
include the full list of schemes in the vizqlserver.web_page_objects_enabledDefault value: Controls whether Web Page objects in dashboards can display target URLs. To prevent web pages from appearing, set to false. vizqlserver.WorkbookTooLargeToCheckpointSizeKiBDefault value: Auto recover configuration for web authoring. Size limit (KB) for a workbook that will auto save. Workbooks larger than this value will not be auto-saved. Take care when changing this value. Auto recover functionality may impact the performance of web authoring and other viz-related operations on Tableau Server. We recommend tuning this value by making incremental adjustments over time. vizqlserver.workflow_objects_enabledDefault value: Determines whether the Tableau External Actions Workflow object can be added to dashboards. webdataconnector.refresh.enabledDeprecated. Use Determines whether extract refreshes for web data connectors (WDCs) are
enabled in Tableau Server. To disable refresh for all WDCs, set the value for this key to To learn more, see Web Data Connectors in Tableau Server. webdataconnector.whitelist.fixedDeprecated. Use Specifies one or more web data connectors (WDCs) that can be used by to access data connections that are accessible over HTTP or HTTPS. This command is formatted as JSON data on a single line, with all double-quotes (") escaped using a backslash (\). For example to add a San Francisco Film Locations WDC to the safe list: To learn more, see Web Data Connectors in Tableau Server. webdataconnector.enabledDeprecated. Use Default value: When set to webdataconnector.whitelist.modeDefault value: Determines how Tableau Server can run web data connectors. Supported modes are:
Important: Use the wgserver.audit_history_expiration_daysDefault value: Specifies the number of days after which historical events records are removed from the PostgreSQL database (the Tableau Server database). wgserver.change_owner.enabledDefault value: Controls
whether the ownership of a workbook, data source or project can be changed. Other options include wgserver.clickjack_defense.enabled Default value: When set to For more information, see Clickjack Protection. wgserver.domain.accept_list Version: This was added in version
2020.4.0 and replaces Default value: null Allows connection from Tableau Server to secondary Active Directory domains. A secondary domain is one that Tableau Server connects to for user synchronization, but is a domain where Tableau Server is not installed. Tableau Server will attempt to connect to secondary domains for user and group synchronization. In some cases, Tableau Server may be unable to connect to the secondary domain, which will result in the error, "Domain not in accept list (errorCode=101015)." Setting the To set this option, enter the
secondary domain enclosed by double-quotes. Multiple domains must be separated by a comma and a space. For example, Wildcard functionality is not supported. For example, if Tableau connects to Updating the wgserver.domain.allow_insecure_connectionDefault value: This setting only applies to Windows. This option specifies whether Tableau Server will connect to Active Directory over an unencrypted channel. The default value, Your Active Directory infrastructure should manage certificates and trust with domain-joined computers. As such, the channel communication between Tableau Server and Active Directory resources should be encrypted. We do not recommend allowing unencrypted communications with Active Directory, as this configuration is vulnerable to man-in-the-middle attacks. If you
are upgrading to Tableau Server 2021.2 or later and your LDAP channel is not encrypted, upgrade will fail. You can run this command to allow an insecure connection on older versions of Tableau Server before you upgrade. If you are running this command on a version prior to 2021.2, you must include the wgserver.domain.fqdnDefault
value: value of The fully qualified domain name of the Active Directory server to use. wgserver.domain.whitelist Important: This key has been deprecated as of version 2020.4.0. Use Default value: null Allows connection from Tableau Server to secondary Active Directory domains. A secondary domain is one that Tableau Server connects to for user synchronization, but is a domain where Tableau Server is not installed. Tableau Server will attempt to connect to secondary domains for user and group synchronization. In some cases, Tableau Server may be unable to connect to the secondary domain, which will result in the error, "Domain not in whitelist (errorCode=101015)." wgserver.extended_trusted_ip_checkingDefault
value: Enforces IP client matching for trusted ticket requests. wgserver.restrict_options_methodDefault value: Controls whether Tableau Server accepts HTTP OPTIONS requests. If this option is set to wgserver.saml.blocklisted_digest_algorithmsVersion: Added in version 2021.1. Default value: Specifies the hashing algorithms that are not allowed for any relevant SAML certificate signatures or SAML assertion digest method or signature methods . When set, certificates or assertions that are signed & hashed with a blocklisted algorithm will be rejected and fail. There are multiple places where SHA-1 could be used on both the Tableau and IdP side. For example:
The default value was
changed to ( wgserver.saml.forceauthnVersion: Added in version 2019.3. Default value: When set to wgserver.saml.idpattribute.usernameSpecifies the name of the attribute in which your SAML IdP stores user names. By default, this is set to wgserver.saml.iframed_idp.enabledDefault value: Default of false means that when users select the sign-in button on an embedded view, the IdP’s sign-in form opens in a pop-up window. When you set it to true, and a server SAML user who is already signed in navigates to a web page with an embedded view, the user will not need to sign in to see the view. You can set this to true only if the IdP supports signing in within an iframe. The iframe option is less secure than using a pop-up, so not all IdPs support it. If the IdP sign-in page implements clickjack protection, as most do, the sign-in page cannot display in an iframe, and the user cannot sign in. If your IdP does support signing in via an iframe, you might need to enable it explicitly. However, even if you can use this option, it disables Tableau Server clickjack protection for SAML, so it still presents a security risk. wgserver.saml.maxassertiontimeDefault value: Specifies the maximum number of seconds, from creation, that a SAML assertion is usable. wgserver.saml.min_allowed.elliptic_curve_sizeDefault value: Version: Added in version 2021.1 but did not include a default value. In 2021.2, the default value was set to This option specifies the minimum allowed ECDSA curve size for the certificate used for SAML authentication. If you upload a certificate that has an ECDSA curve size less than 256, TSM will log an error when you apply changes. If
you are upgrading to Tableau Server 2021.2 or later and your SAML certificate uses an ECDSA curve size less than 256, Tableau Server will not start after upgrading. We recommend uploading a new certificate with 256 (or larger) ECDSA curve size before upgrading. Alternatively, you can run this command to set a lower ECDSA curve size on older versions (pre-2021.1) of Tableau Server before you upgrade. If you are running this command on a version prior to 2021.1, you must include the wgserver.saml.min_allowed.rsa_key_sizeDefault value: Version: Added in version 2021.1 but did not include a default value. In 2021.2, the default value was set to This option specifies the minimum allowed RSA key length for the certificate used for SAML authentication. If you upload a certificate that has an RSA key length less than 2048, TSM will log an error when you apply changes. To run SAML authentication with a 1024 RSA key length (not recommended), set this value to If you are upgrading to Tableau Server 2021.2 or later and your SAML certificate uses a key length less than 2048, Tableau Server will not start after upgrading. We recommend uploading a new certificate with 2048 (or larger) key length before upgrading. Alternatively, you can run this command to set a lower key strength on older versions
(pre-2021.1) of Tableau Server before you upgrade. If you are running this command on a version prior to 2021.1, you must include the wgserver.saml.responseskewDefault value: Sets the maximum number of seconds difference between Tableau Server time and the time of the assertion creation (based on the IdP server time) that still allows the message to be processed. wgserver.saml.sha256Default value: When set to wgserver.session.apply_lifetime_limitDefault value: Controls whether there is a session
lifetime for server sessions. Set this to wgserver.session.idle_limitDefault value: The number of minutes of idle time before a sign-in to the web application times out. wgserver.session.lifetime_limitDefault value: The number of minutes a server session lasts
if a session lifetime is set. The default is 1440 minutes (24 hours). If wgserver.unrestricted_ticketDefault value: Specifies whether to extend access to server resources for users authenticated by trusted tickets. Default behavior allows users to access views only. Setting this to workerX.gateway.portDefault value: External port that Apache listens on for workerX (where a “worker” is the term used for subsequent server nodes in the cluster). worker0.gateway.port is Tableau Server’s external port. In a distributed environment, worker0 is the initial Tableau Server node. workerX.vizqlserver.procsDefault value: <number> Number of VizQL servers. zookeeper.config.snapCountSpecifies the number of transactions necessary to cause the Coordination Service to create a snapshot of the logs. By default this value is 100,000 transactions. If your Coordination Service is not writing enough transactions to result in snapshots, the automatic cleanup of snapshots older than five days will not take place, and you may lose disk space to the transaction logs. By default transaction logs and snapshots are created in the Tableau data directory. Does Windows Server automatically install updates?Click Automatic Updates. This option lets you select the day and the time that updates are automatically downloaded and installed.
How do I automatically Update Windows?Select the Start screen, then select Microsoft Store. In Microsoft Store at the upper right, select the account menu (the three dots) and then select Settings. Under App updates, set Update apps automatically to On.
How do you set up automatic Windows updates 10?You'll need to be on the Windows 10 Desktop to do this. From Settings, tap or click on Update & security. Choose Windows Update from the menu on the left, assuming it's not already selected. Tap or click on the Advanced options link on the right, which will open a window headlined Choose how updates are installed.
What is change active hours in Windows 10?Change active hours. Active hours let Windows know when you're typically at your PC. We'll use that info to schedule updates and restarts when you're not using the PC.
|