Custom Configurations for the In-Memory DB (OLAP)

add-new-databases

D

Tries to add directories with OLAP database automatically and adds them to palo.csv.
On/off switch.

admin

a

<address> <port>

Http interface with server browser and online documentation. An address can be a server name, an internet address or "" for all server internet addresses.
Port is a number:
admin 192.168.1.2 7777
admin localhost 7770
admin "" 7780

audit

1

audit-blocksize

{

auto-commit

B

Commits all changes on server shutdown.
On/off switch.

auto-load

A

Loads all databases on server start into memory which are defined in the palo.csv. On/off switch.

cache-barrier

b

<max number
of cells to store
in each cube cache>

Sets the max number of cells to store in each cube cache.
cache-barrier 150000000
cache-barrier 0 (sets cache-barrier to 0).

cross-origin

g

<domain_name>

crypt

c

Turns on encrypting of the database files. Newly saved files are encrypted if this is set using the AES-256-CBC algorithm. On/off switch.

Note: If "crypt" is enabled,
- it is not possible to set the log-level of OLAP Server to "trace" or "debug". Both log levels could make the log file contain information about database contents, and since log files are always readable, this would conflict with the purpose of the "crypt" option.
- it is not possible to enable the "audit" option in palo.ini. The data storage for audit information currently cannot be encrypted, and so that storage would again contain readable data information which would conflict with the purpose of the "crypt" option.

For decryption, just remove crypt from palo.ini and on next "save" the database files will be decrypted, i.e. if a value is written to a cube, it will be decrypted (with all its files). It will not be automatically decrypted. Don't remove crypt-key otherwise it won't be possible to load encrypted files. Remove the crypt-key after you're sure that everything was decrypted.

Procedure to decrypt all databases:
- remove crypt from palo.ini
- restart OLAP service
- use Jedox example (ETL-Tools) "Database Copy"
- copy all databases
- everything will be back to decrypted status

crypt-key

k

<passphrase for crypting csv files>

Sets pass phrase used for encrypting/decrypting of the database files.
It is used also for decrypting, so it has to be set if there are any encrypted files in the database (even when encrypting is off ). AES-256-CBC algorithm supports keys of up to 256 bytes in length.

default-db-right

R

<right value>

Default value for database access rights.
Possible values: N, R, W, D.

<directory_path>

Specifies the path to the directory where some files for OLAP server are stored. The default directory (../defaults) contains a directory called subsets, which contains database script files that are used to generate default subsets for a dimension.

Note: when the OLAP API function /dimension/create is called with parameter mode=1, then not only is a dimension created, but the OLAP server will also execute all database scripts from the subsets directory, if it exists in the directory indicated by defaults-directory palo.ini key.

device

j

<bus_id0>.<device_id0>
<bus_id1>.<device_id1> ...

All available devices

dimension-file-format

Possible values:

-legacy
-binary

Legacy: dimensions are saved to database.csv

Binary: dimensions are saved to database_DIM_*.csv and database_DIM_*.bin (if available), similar to cube save/load.

Note: dimensions that have been saved as binary files are not portable between Linux and Windows.

disable-dump

Disables the Breakpad crash handler in order to "fall back" to the OS crash handler. Disabling Breakpad results in a WARNING log entry, as it removes the possibility of sending crash reports (via Sentry). (49069)

disable-request-logging

dump-upload

G

On/off switch.

dump-upload-desc

3

<description>

dump-upload-reporter

2

<email-address>

enable-drillthrough

y

On/off switch to enable cell drillthrough. This option has been deprecated as of Jedox version 2023.4. The "drillthrough-mode" (below) should be used instead. If this value is set to TRUE, the drillthrough-mode automatic will be enabled.

drillthrough-mode

1. automatic
2. drilldown
3. integrator
4. custom

1. Drills through if ETL is available, or else drills down.
2. Drills down on cube base level.
3. Drills through to reveal relational data from ETL.
4. Uses the same logic as older Jedox versions and performs a drillthrough according to the OnDrillThroughExt function, which is part of the SVS script. Note that we do not recommend this mode as it may require maintenance by the customer when upgrading the Jedox environment.

enable-gpu

P

On/off switch.

enable-password-retrieval

enable-profiling

4

On/off switch.

encryption

X

<encryption-type>
possible values:
-none
-optional
-required

Sets the encryption type.
If optional is selected, then you can use HTTPS. If required is selected, then only /server/info will function unencrypted. All other functions require an HTTPS connection. If encryption is turned on, TLS 1.2 is used for communication.

engine-configuration

N

[M][S][1][E]

M - force engine to use Marker Driven Engine for rules with markers (5.1 algorithm)
S - force engine to use statically created markers
1 - single core calculation
E - suppress rule error propagation across consolidation

extensions

E

<directory>

failed-login-threshold

<count>

Starts login delay when failed attempts count for username exceeds this value.

goalseek-limit

Z

<number_of_cells>

Goalseek algorithm can be executed on slices with maximum <number_of_cells>.

goalseek-timeout

z

<milliseconds>

Algorithm must complete within <familliseconds>.

gpu-frame-size

7

<number>

gzip

[

<level>

Level values: 0-9
0 - no compression
1 - fastest compression
9 - smallest gzip size

http

h

<address> <port>

Examples for http interface:
http "" 7777
http "" 7779
http localhost 7779
See description of admin parameter above.

https

H

<port>

Sets https connection port:
https 7778

init-file

i

<init-file>

Only for command line.

Flushing of data prevents possible data loss following unexpected events, such as a power outage. This key sets an interval of 1-300 seconds, after which journal data will be flushed to the file system.

Values:
0 = flush always
1-300 = flush at intervals of 1-300 seconds
disabled = no flushing

Examples:
journal-flush-interval 0
journal-flush-interval disabled

key-files

K

<ca> <private> <dh>

load-init-file

n

Only for command line.
On/off switch.

log

o

Example: log sink=../log/olap_server.log verbose=info

For details on log levels and parameters, see .

maximum-return-cells

l

<number>

Sets a maximum limit for cells return from an area call:
maximum-return-cells 10000

no-archives

<

no-csv-save

J

Turns off saving of CSV files for cubes whenever possible. Only BIN files are saved. Reduces time needed for saving.

no-csv-save-dim

no-checksum

Disables checksum validation of binary database files.

ntlm_auth

(

<path to ntlm_auth
with helper arguments>

olap-requests-timeout

<network_timeout>

Jedox In-Memory DB (OLAP) requests can be canceled in the event of a web services shutdown after a defined time period. Once the time period is reached, all active In-Memory DB requests from the client will be canceled. The timeout period can be modified in the palo_config.xml file.

password

p

<private-password>

On/off switch.

password-pattern

<regular expression>

Regular expression used for checking password complexity when the password is changed (or a password is assigned to a new user), to enforce password complexity.
e.g. (?=........+)(?=.*[a-z].*)(?=.*[A-Z].*)(.*[0-9@#$%].*) defines:
the password has to be at least 8 characters long and it has to contain at least one uppercase, one lowercase character and one digit or special symbol from '@#$%'

When multiple password patterns are defined, the last one has priority.

profile-interval

5

<seconds>

sink=syslog address=<address:port> facility=<facility>

saml-authentication

saml-authorization

saml-certificate

saml-encrypt-login

saml-encrypt-logout

saml-force-authn

If the key is defined in palo.ini, the identity provider must authenticate the presenter directly rather than rely on a previous security context.

saml-idp-metadata

<url>

If metadata is distributed as a file, or server is restricted from accessing the internet, use file://<filepath>.

saml-nameidpolicy

<NameID policy>

saml-privatekey

<path to private key>

saml-sign-login

saml-sign-logout

saml-signature-algorithm

<algorithm type>

saml-use-logout

session-timeout

M

<seconds>

Specifies the idle time after which the session is closed:
session-timeout 3600

splash-limit

L

<error>

<warning>

<info>

<bulk error>

<bytes>

Splashing limits in megabytes:

Generates an error if splashing requires more space than the first number.

Generates a warning entry if splashing requires more space than the second number.

Generates an info entry if splashing requires more space than the third number.

Generates an error if splashing operations in a bulk request require in total more space than the fourth number.

“Bulk” requests are those where multiple values (cells) are changed in a single request. PALO.SETDATA_BULK() function uses this, but also ETL cube loads. In previous versions, the check was executed for each single value change in the bulk request. This new value will additionally check the overall memory requirement for the whole bulk.

Without a change of the default value (empty or 0) the overall memory requirement for the whole bulk will not be checked.

The fifth number is an estimation of the memory used for one cell in bytes.The used default value is 16 (entry: empty or 16).

This value influences how the memory consumption of values is calculated, i.e. how much memory OLAP assumes for individual base cell values. The previously used value was hardcoded to 16 bytes; this value may be too low in reality. It can now be changed via this value. A higher value (e.g. 32) will increase the assumed memory for splashing operations and the value of number four will be exceeded earlier.

Example: splash-limit 2000 1000 200 8000 32

splash-threshold

Defines the number of cells that are allowed to be splashed. If a value is splashed to an empty cell and the number of affected cells exceeds the limit defined, then the following error code is returned:

ERROR_SPLASH_THRESHOLD_EXCEEDED = 5027

ssl-ciphers

<list of SSL ciphers>

system-restore

New fresh System DB is created when System database.csv file is missing.

template-directory

t

<directory>

Directory of online documentation:
template-directory Binary/Api.

trace

T

<logname>

Enables trace logging. Once enabled, a trace log file will be created in the olap/data directory for each opened port per startup (note: you can specify just the filename for the data folder - thus it will be saved in the olap/data directory - or a full path to another directory, such as /full/path/traceFolder/<logname>).

undo-file-size

u

<number of
bytes per lock>

In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in files for storing changes:
undo-file-size 100000000

undo-memory-size

m

<number of bytes per lock>

In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in memory for storing changes:
undo-memory-size 10000000

use-cube-worker

Y

Uses cube worker.
Can react on cell value changes.
On/off switch.

use-dimension-worker

W

Uses dimension worker. Can react on creation, deletion, and renaming of an element in a specified dimension.
On/off switch.

use-new-subset-def

Converts existing subsets to View XML schema upon database load.

verbose

v

<level>

Log levels:
error, warning, info, debug, trace

If no value has been set, then error is the default value.

wbinfo

)

<path to wbinfo>

windows-sso

e

Enables Windows SSO authentication.
On/off switch.

windows-sso-authentication

}

windows-sso-ignore-groups

Disables group fetching in authentication mode (i.e., when windows-sso-authentication is active). Can speed up authentication process when users are assigned to many groups.

When activated, arrays with group names are not retrieved from AD, so SVS authentication script receives empty array with group names.

worker

w

<worker-executable>
<argument1>
<argument2>
<argumentX>

worker /usr/bin/php5 /
home/palo/worker.php

Sets the initial size of the SVS worker pool for all OLAP operations.

worker-pool-init-size 5

worker-pool-max-size

Sets the maximum size of the SVS worker pool for all OLAP operations. Introduces a maximum on the number of parallel activities involving SVS, such as parallel writebacks through SVS.

worker-pool-max-size 32

workerlogin

x

<worker-login-type>

Uses a worker for login
Possible values:
-information
-authentication*
-authorization*
Example: workerlogin authorization

The workerlogin parameter has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the configuration file, then both ports A and B are used.

*Authorization and authentication modes will be deprecated in Jedox 2024.2.