Configuration settings

The Neo4j configuration settings are set in neo4j.conf. Refer to The neo4j.conf file for details on how to use configuration settings.

For lists of deprecated and removed configuration settings in 2025.x, refer to the page Changes, deprecations, and removals in Neo4j 2025.x.

To list all available configuration settings on a Neo4j server, run the SHOW SETTINGS command.

Dynamic configuration settings

Dynamic settings can be changed at runtime, without restarting the service.

Dynamic settings are labeled Dynamic.

Changes to the configuration at runtime are not persisted. To avoid losing changes when restarting Neo4j, make sure you update neo4j.conf as well.

In a clustered environment, CALL dbms.setConfigValue affects only the server it is run against, and it is not propagated to other members. If you want to change the configuration settings on all cluster members, you have to run the procedure against each of them and update their neo4j.conf file.

Each member of the cluster has its own neo4j.conf file. It is recommended that the settings for a database are the same across all members of the cluster.

For more information on how to update dynamic configuration settings, see Update dynamic settings.

Configuration setting group

When deploying a multi-data cluster in Neo4j, you can configure the load balancing framework.

In Neo4j, the load balancing system is based on a plugin architecture. The primary built-in plugin is server_policies, which is set up by the following property:

dbms.routing.load_balancing.plugin=server_policies

server_policies plugin determines which servers are eligible to serve client requests based on predefined routing policies. If a client does not specify a routing policy, the system defaults to using all available servers.

You can define routing policies by using the following property format:

dbms.routing.load_balancing.config.server_policies.<policy-name>=<policy-definition>

Where <policy-name> is the name of the routing policy, and <policy-definition> specifies the server selection logic.

For the default policy, the default policy name is reserved. Its default value is all():

dbms.routing.load_balancing.config.server_policies.default=all()

See Clustering → Multi-data center routing for more details.

Checkpoint settings

Checkpointing is the process of flushing all pending page updates from the page cache to the store files. This is done periodically and is used to recover the database in case of a crash. The checkpoint settings control the frequency of checkpoints, and the amount of data that is written to disk in each checkpoint. See also, Transaction log settings.

`db.checkpoint`

Table 1. db.checkpoint
Description	Configures the general policy for when checkpoints should occur. Possible values are: `PERIODIC` (default)- it runs a checkpoint as per the interval specified by `db.checkpoint.interval.tx` and `db.checkpoint.interval.time`. `VOLUME` — it runs a checkpoint when the size of the transaction logs reaches the value specified by the `db.checkpoint.interval.volume` setting. By default, it is set to `250.00MiB`. `CONTINUOUS` (Enterprise Edition) — it ignores `db.checkpoint.interval.tx` and `db.checkpoint.interval.time` settings and runs the checkpoint process all the time. `VOLUMETRIC` (Enterprise Edition) — it makes the best effort to checkpoint often enough so that the database does not get too far behind on deleting old transaction logs as specified in the `db.tx_log.rotation.retention_policy` setting.
Valid values	One of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC].
Default value	`PERIODIC`

`db.checkpoint.interval.time`

Table 2. db.checkpoint.interval.time
Description	Configures the time interval between checkpoints. The database does not checkpoint more often than the specified interval (unless checkpointing is triggered by a different event) but might checkpoint less often if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs from which recovery starts. Longer checkpoint intervals typically mean that recovery takes longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`15m`

`db.checkpoint.interval.tx`

Table 3. db.checkpoint.interval.tx
Description	Configures the transaction interval between checkpoints. The database does not checkpoint more often than the specified interval (unless checkpointing is triggered by a different event) but might checkpoint less often if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs from which recovery starts. Longer checkpoint intervals typically mean that recovery takes longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files. The default is `100000` for a checkpoint every 100000 transactions.
Valid values	An integer that is minimum `1`.
Default value	`100000`

`db.checkpoint.interval.volume`

Table 4. db.checkpoint.interval.volume
Description	Configures the volume of transaction logs between checkpoints. The database does not checkpoint more often than the specified interval (unless checkpointing is triggered by a different event) but might checkpoint less often if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery takes longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `1.00KiB`.
Default value	`250.00MiB`

`db.checkpoint.iops.limit`

Enterprise Edition Dynamic

Table 5. db.checkpoint.iops.limit
Description	Limit the number of IOs the background checkpoint process consumes per second. This setting is advisory. It is ignored in Neo4j Community Edition and is followed to best effort in Enterprise Edition. An IO is, in this case, an 8 KiB (mostly sequential) write. Limiting the write IO in this way leaves more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure and, consequently, longer checkpoint times. Set this to `-1` to disable the IOPS limit and remove the limitation entirely. This lets the checkpointer flush data as fast as the hardware goes. Removing or commenting out the setting sets the default value of `600`.
Valid values	An integer.
Default value	`600`

Cloud storage integration settings

Cloud integration settings allow you to specify custom Azure blob storage endpoints and host authorities, set the project ID for Google Cloud Storage buckets, and define the desired throughput for transfer operations in Amazon S3.

`dbms.integrations.cloud_storage.azb.blob_endpoint_suffix`

Table 6. dbms.integrations.cloud_storage.azb.blob_endpoint_suffix
Description	Azure blob storage endpoint suffix. You need to change this if you are not using Azure public cloud (e.g., if you are using Azure Government).
Valid values	A string.
Default value	`blob.core.windows.net`

`dbms.integrations.cloud_storage.azb.authority_endpoint`

Table 7. dbms.integrations.cloud_storage.azb.authority_endpoint
Description	Azure authority host endpoint (only required for certain methods of authentication, it should be specified in its full form - e.g., https://login.microsoftonline.com).
Valid values	A string.
Default value

`dbms.integrations.cloud_storage.gs.project_id`

Table 8. dbms.integrations.cloud_storage.gs.project_id
Description	Project ID of the Google storage bucket(s) to connect to, falling back to the value found by their SDK.
Valid values	A string.
Default value

`dbms.integrations.cloud_storage.s3.target_throughput_gbps`

Table 9. dbms.integrations.cloud_storage.s3.target_throughput_gbps
Description	The target throughput for transfer requests. Higher value means more connections will be established with S3. It’s recommended to set it to the maximum network bandwidth on the host that the application is running on. The default is `10.0`, but when running on EC2 instances, this value can often be set much higher (being specific to the EC2 instance type).
Valid values	A double.
Default value	`10.0`

Cluster settings

The cluster settings are used to configure the behavior of a Neo4j cluster. For more information, see also Clustering settings.

`db.cluster.catchup.pull_interval`

Table 10. db.cluster.catchup.pull_interval
Description	The interval at which a secondary server fetches updates for a specific database from the primary server for that database.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`1s`

`db.cluster.raft.apply.buffer.max_bytes`

Table 11. db.cluster.raft.apply.buffer.max_bytes
Description	The maximum number of bytes in the apply buffer. This parameter limits the amount of memory that can be consumed by the apply buffer. If the bytes limit is reached, buffer size will be limited even if max_entries is not exceeded.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value	`1.00GiB`

`db.cluster.raft.apply.buffer.max_entries`

Table 12. db.cluster.raft.apply.buffer.max_entries
Description	The maximum number of entries in the raft log entry prefetch buffer.
Valid values	An integer.
Default value	`1024`

`db.cluster.raft.in_queue.batch.max_bytes`

Table 13. db.cluster.raft.in_queue.batch.max_bytes
Description	Largest batch processed by RAFT in bytes.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value	`8.00MiB`

`db.cluster.raft.so_keepalive_enabled`

Table 14. db.cluster.raft.so_keepalive_enabled
Description	Set the keepalive socket option (SO_KEEPALIVE) for all Raft TCP channels.
Valid values	A boolean.
Default value	`false`

`db.cluster.raft.in_queue.max_bytes`

Table 15. db.cluster.raft.in_queue.max_bytes
Description	Maximum number of bytes in the RAFT in-queue.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value	`2.00GiB`

`db.cluster.raft.leader_transfer.priority_tag`

Table 16. db.cluster.raft.leader_transfer.priority_tag
Description	The name of a server tag whose members should be prioritized as leaders. This does not guarantee that the leader will always be a member of this tag, but the cluster will attempt to transfer the leadership to such a member when possible. If a database is specified using `db.cluster.raft.leader_transfer.priority_tag`.<database>, the specified priority tag will apply only to that database. If no database is specified, that tag will be the default and apply to all databases with no explicitly set priority tag. Using this setting will disable leadership balancing.
Valid values	A string identifying a server tag.
Default value

`db.cluster.raft.log.prune_strategy`

Table 17. db.cluster.raft.log.prune_strategy
Description	RAFT log pruning strategy that determines which logs are to be pruned. Neo4j only prunes log entries up to the last applied index, which guarantees that logs are only marked for pruning once the transactions within are safely copied over to the local transaction logs and safely committed by a majority of cluster members. Possible values are a byte size or a number of transactions (e.g., 200K txs).
Valid values	A string.
Default value	`1g size`

`db.cluster.raft.log_shipping.buffer.max_bytes`

Table 18. db.cluster.raft.log_shipping.buffer.max_bytes
Description	The maximum number of bytes in the in-flight cache. This parameter limits the amount of memory that can be consumed by the cache. If the bytes limit is reached, cache size will be limited even if max_entries is not exceeded.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value	`1.00GiB`

`db.cluster.raft.log_shipping.buffer.max_entries`

Table 19. db.cluster.raft.log_shipping.buffer.max_entries
Description	The maximum number of entries in the in-flight cache. Increasing size requires more memory but might improve performance in high-load situations.
Valid values	An integer.
Default value	`1024`

`dbms.cluster.network.client_inactivity_timeout`

Table 20. dbms.cluster.network.client_inactivity_timeout
Description	A network request times out if the given duration elapses with no network activity. Every message received by the client from the server extends the timeout duration.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`10m`

`dbms.cluster.endpoints`

Table 21. dbms.cluster.endpoints
Description	A comma-separated list of endpoints which a server should contact in order to discover other cluster members. All cluster members hosting a `system` database primary must be specified in this list. However, it is typical that all cluster members, including the current server, are specified in this list.
Valid values	A comma-separated list where each element is a socket address in the format of `hostname:port`, `hostname`, or `:port`.
Default value

`dbms.cluster.discovery.resolver_type`

Table 22. dbms.cluster.discovery.resolver_type
Description	Configure the resolver type that the discovery service uses for determining who should be part of the cluster. Valid values are `LIST`, `SRV`, `DNS`, and `K8S`: `LIST` A static configuration where `dbms.cluster.endpoints` must contain a list of the addresses of the cluster members. `SRV` and `DNS` A dynamic configuration where `dbms.cluster.endpoints` must point to a DNS entry containing the cluster members' addresses. `K8S` At least `dbms.kubernetes.discovery.service_port_name` must be set. The addresses of the cluster members are queried dynamically from Kubernetes.
Valid values	A string.
Default value	`LIST`

`dbms.cluster.minimum_initial_system_primaries_count`

Table 23. dbms.cluster.minimum_initial_system_primaries_count
Description	Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together, and bootstrapped a highly available system database. As a result, at least this many of the cluster’s initial machines must have `server.cluster.system_database_mode` set to `PRIMARY`. NOTE: If `dbms.cluster.discovery.resolver_type` is set to `LIST` and `dbms.cluster.endpoints` is empty, then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored.
Valid values	An integer that is minimum `1`.
Default value	`3`

`dbms.cluster.network.connect_timeout`

Table 24. dbms.cluster.network.connect_timeout
Description	The maximum amount of time to wait for a network connection to be established.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`30s`

`dbms.cluster.network.handshake_timeout`

Table 25. dbms.cluster.network.handshake_timeout
Description	Time out for protocol negotiation handshake.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`20s`

`dbms.cluster.network.max_chunk_size`

Table 26. dbms.cluster.network.max_chunk_size
Description	Maximum chunk size allowable across a network by clustering machinery.
Valid values	An integer that is in the range `4096` to `10485760`.
Default value	`32768`

`dbms.cluster.network.supported_compression_algos`

Table 27. dbms.cluster.network.supported_compression_algos
Description	Network compression algorithms that this instance will allow in negotiation as a comma-separated list. For incoming connections, the algorithms are listed in descending order of preference. An empty list implies no compression. For outgoing connections, this merely specifies the allowed set of algorithms and the preference of the remote peer will be used for making the decision. Allowable values: [Snappy, Snappy_validating, LZ4, LZ4_high_compression, LZ_validating, LZ4_high_compression_validating]
Valid values	A comma-separated list where each element is a string.
Default value

`dbms.cluster.raft.async_channel_acquisition_enabled`

Table 28. dbms.cluster.raft.async_channel_acquisition_enabled
Description	Enable async acquisition of raft sender channels. If set to `false`, the leader will wait for a connection to a follower before shipping it entries. This may cause latencies in replication if one or more members are slow at establishing connections.
Valid values	A boolean.
Default value	`true`

`dbms.cluster.raft.binding_timeout`

Table 29. dbms.cluster.raft.binding_timeout
Description	The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with at least the quorum of the members available. The members are provided by `dbms.cluster.endpoints` for the system database and by the topology graph for standard databases.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`1d`

`dbms.cluster.raft.client.max_channels`

Table 30. dbms.cluster.raft.client.max_channels
Description	The maximum number of TCP channels between two nodes to operate the raft protocol. Each database gets allocated one channel, but a single channel can be used by more than one database.
Valid values	An integer.
Default value	`8`

`dbms.cluster.raft.election_failure_detection_window`

Table 31. dbms.cluster.raft.election_failure_detection_window
Description	The rate at which leader elections happen. Note that due to election conflicts, it might take several attempts to find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely.
Valid values	A duration-range <min-max> (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`3s-6s`

`dbms.cluster.raft.leader_failure_detection_window`

Table 32. dbms.cluster.raft.leader_failure_detection_window
Description	The time window within which the loss of the leader is detected and the first re-election attempt is held. The window should be significantly larger than typical communication delays to make conflicts unlikely.
Valid values	A duration-range <min-max> (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`20s-23s`

`dbms.cluster.raft.leader_transfer.balancing_strategy`

Table 33. dbms.cluster.raft.leader_transfer.balancing_strategy
Description	Which strategy to use when transferring database leaderships around a cluster. Note that if a `leader_transfer.priority_tag` is specified for a given database, the value of this setting will be ignored for that database. The following values are available: `equal_balancing` automatically ensures that each primary server holds the leader role for an equal number of databases. `no_balancing` prevents any automatic balancing of the leader role.
Valid values	One of [NO_BALANCING, EQUAL_BALANCING].
Default value	`EQUAL_BALANCING`

`dbms.cluster.raft.log.pruning_frequency`

Table 34. dbms.cluster.raft.log.pruning_frequency
Description	RAFT log pruning frequency.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`10m`

`dbms.cluster.raft.log.reader_pool_size`

Table 35. dbms.cluster.raft.log.reader_pool_size
Description	RAFT log reader pool size.
Valid values	An integer.
Default value	`8`

`dbms.cluster.raft.log.rotation_size`

Table 36. dbms.cluster.raft.log.rotation_size
Description	RAFT log rotation size. The log will be rotated when it reaches this size.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `1.00KiB`.
Default value	`250.00MiB`

`dbms.cluster.raft.membership.join_max_lag`

Table 37. dbms.cluster.raft.membership.join_max_lag
Description	Maximum amount of lag accepted for a new follower to join the Raft group.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`10s`

`dbms.cluster.raft.membership.join_timeout`

Table 38. dbms.cluster.raft.membership.join_timeout
Description	Timeout for a new member to catch up.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`10m`

`dbms.cluster.store_copy.max_retry_time_per_request`

Table 39. dbms.cluster.store_copy.max_retry_time_per_request
Description	Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`20m`

`initial.dbms.automatically_enable_free_servers`

Table 40. initial.dbms.automatically_enable_free_servers
Description	Automatically enable free servers.
Valid values	A boolean.
Default value	`false`

`initial.dbms.default_primaries_count`

Table 41. initial.dbms.default_primaries_count
Description	The initial default number of primary servers for the standard databases. If the user does not specify the number of primaries in `CREATE DATABASE`, this value will be used unless overwritten by the `dbms.setDefaultAllocationNumbers` procedure.
Valid values	An integer that is minimum `1` and is maximum `11`.
Default value	`1`

`initial.dbms.default_secondaries_count`

Table 42. initial.dbms.default_secondaries_count
Description	The initial default number of secondary servers for standard databases. If the user does not specify the number of secondaries in `CREATE DATABASE`, this value will be used unless overwritten by the `dbms.setDefaultAllocationNumbers` procedure.
Valid values	An integer that is minimum `0` and is maximum `20`.
Default value	`0`

`initial.server.allowed_databases`

Table 43. initial.server.allowed_databases
Description	Names of the databases allowed on this server; all others are denied. Empty means all are allowed. This configuration can be overridden when enabling the server or altered at runtime without changing this setting. Exclusive with `server.initial_denied_databases`.
Valid values	A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name `system`.
Default value

`initial.server.denied_databases`

Table 44. initial.server.denied_databases
Description	Names of the databases not allowed on this server. Empty means nothing is denied. This configuration can be overridden when enabling the server or altered at runtime without changing this setting. Exclusive with `server.initial_allowed_databases`.
Valid values	A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name `system`.
Default value

`initial.server.mode_constraint`

Table 45. initial.server.mode_constraint
Description	An server can restrict itself to allow databases to be hosted only as primaries or secondaries. This setting is the default input for the `ENABLE SERVER` command - the user can overwrite it when executing the command.
Valid values	One of [PRIMARY, SECONDARY, NONE].
Default value	`NONE`

`initial.server.tags`

Table 46. initial.server.tags
Description	A list of tag names for the server used by the database allocation and when configuring load balancing and replication policies. This setting is the default input for the `ENABLE SERVER` command - the user can overwrite it when executing the command.
Valid values	A comma-separated list where each element is a string identifying a server tag, which contains no duplicate items.
Default value

`server.cluster.advertised_address`

Table 47. server.cluster.advertised_address
Description	Advertised hostname/IP address and port for the transaction shipping server.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address.
Default value	`:6000`

`server.cluster.catchup.connect_randomly_to_server_tags`

Table 48. server.cluster.catchup.connect_randomly_to_server_tags
Description	Comma-separated list of tags to be used by the connect-randomly-to-server-with-tag selection strategy. The connect-randomly-to-server-with-tag strategy is used when the list of strategies (`server.cluster.catchup.upstream_strategy`) includes the value `connect-randomly-to-server-with-tag`.
Valid values	A comma-separated list where each element is a string identifying a server tag.
Default value

`server.cluster.catchup.upstream_strategy`

Table 49. server.cluster.catchup.upstream_strategy
Description	A descending-ordered list of strategies secondaries use to choose the upstream server from which to pull transactional updates. If none are valid or the list is empty, the default strategy is `typically-connect-to-random-secondary`.
Valid values	A comma-separated list where each element is a string.
Default value

`server.cluster.catchup.user_defined_upstream_strategy`

Table 50. server.cluster.catchup.user_defined_upstream_strategy
Description	Configuration of a user-defined upstream selection strategy. The user-defined strategy is used when the list of strategies (`server.cluster.catchup.upstream_strategy`) includes the value `user_defined`.
Valid values	A string.
Default value

`server.cluster.listen_address`

Table 51. server.cluster.listen_address
Description	Network interface and port for the transaction shipping server to listen on. Note that it is also possible to run the backup client against this port, so always limit access to it via the firewall and configure an SSL policy.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address.
Default value	`:6000`

`server.cluster.network.native_transport_enabled`

Table 52. server.cluster.network.native_transport_enabled
Description	Use native transport if available. Epoll for Linux or Kqueue for MacOS/BSD. If this setting is set to false, or if native transport is not available, Nio transport will be used.
Valid values	A boolean.
Default value	`true`

`server.cluster.raft.advertised_address`

Table 53. server.cluster.raft.advertised_address
Description	Advertised hostname/IP address and port for the RAFT server.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address.
Default value	`:7000`

`server.cluster.raft.listen_address`

Table 54. server.cluster.raft.listen_address
Description	Network interface and port for the RAFT server to listen on.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address.
Default value	`:7000`

`server.cluster.system_database_mode`

Table 55. server.cluster.system_database_mode
Description	Users must manually specify the mode for the system database on each server.
Valid values	One of [PRIMARY, SECONDARY].
Default value	`PRIMARY`

Connection settings

Connection settings control the communication between servers and between a server and a client. Neo4j provides support for Bolt, HTTP, and HTTPS protocols via connectors. For more information about the connectors, see Configure network connectors.

When configuring the HTTPS or Bolt, see also Security settings and SSL framework for details on how to work with SSL certificates.

`server.bolt.advertised_address`

Table 56. server.bolt.advertised_address
Description	Advertised address for this connector.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from `server.default_advertised_address`.
Default value	`:7687`

`server.bolt.connection_keep_alive`

Table 57. server.bolt.connection_keep_alive
Description	The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1ms`.
Default value	`1m`

`server.bolt.connection_keep_alive_for_requests`

Table 58. server.bolt.connection_keep_alive_for_requests
Description	The type of messages to enable keep-alive messages for `ALL`, `STREAMING`, or `OFF`.
Valid values	One of [ALL, STREAMING, OFF].
Default value	`ALL`

`server.bolt.connection_keep_alive_probes`

Table 59. server.bolt.connection_keep_alive_probes
Description	The total number of probes to be missed before a connection is considered stale. The minimum value is 1.
Valid values	An integer that is minimum `1`.
Default value	`2`

`server.bolt.connection_keep_alive_streaming_scheduling_interval`

Table 60. server.bolt.connection_keep_alive_streaming_scheduling_interval
Description	The interval between every scheduled keep-alive check on all connections with active queries. Zero duration turns off keep-alive service.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `0s`.
Default value	`1m`

`server.bolt.enabled`

Table 61. server.bolt.enabled
Description	Enable the Bolt connector.
Valid values	A boolean.
Default value	`true`

`server.bolt.listen_address`

Table 62. server.bolt.listen_address
Description	Address the connector should bind to.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address.
Default value	`:7687`

`server.bolt.additional_listen_addresses`

Table 63. server.bolt.additional_listen_addresses
Description	Additional addresses the connector should bind to.
Valid values	A comma-separated set where each element is a socket address in the format of `hostname:port`, `hostname`, or `:port`.
Default value

`server.bolt.ocsp_stapling_enabled`

Table 64. server.bolt.ocsp_stapling_enabled
Description	Enable server OCSP stapling for bolt and http connectors.
Valid values	A boolean.
Default value	`false`

`server.bolt.telemetry.enabled`

Table 65. server.bolt.telemetry.enabled
Description	Enable the collection of driver telemetry.
Valid values	A boolean.
Default value	`false`

`server.bolt.enable_network_error_accounting`

Table 66. server.bolt.enable_network_error_accounting
Description	Enables accounting-based reporting of benign errors within the Bolt stack. When enabled, benign errors are reported only when such events occur with unusual frequency. When disabled, all benign network errors are reported.
Valid values	A boolean.
Default value	`true`

`server.bolt.network_abort_clear_window_duration`

Table 67. server.bolt.network_abort_clear_window_duration
Description	The duration for which network-related connection aborts need to remain at a reasonable level before the error is cleared.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`.
Default value	`10m`

`server.bolt.network_abort_warn_threshold`

Table 68. server.bolt.network_abort_warn_threshold
Description	The maximum number of network-related connection aborts allowed within a specified time window before emitting log messages. A value of zero reverts to legacy warning behavior.
Valid values	A long that is minimum `0`.
Default value	`2`

`server.bolt.network_abort_warn_window_duration`

Table 69. server.bolt.network_abort_warn_window_duration
Description	The duration of the window in which network-related connection aborts are sampled.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`.
Default value	`10m`

`server.bolt.thread_pool_keep_alive`

Table 70. server.bolt.thread_pool_keep_alive
Description	The maximum time an idle thread in the thread pool bound to this connector waits for new tasks.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`5m`

`server.bolt.thread_pool_max_size`

Table 71. server.bolt.thread_pool_max_size
Description	The maximum number of threads allowed in the thread pool bound to this connector.
Valid values	An integer.
Default value	`400`

`server.bolt.thread_pool_min_size`

Table 72. server.bolt.thread_pool_min_size
Description	The number of threads, including idle, to keep in the thread pool bound to this connector.
Valid values	An integer.
Default value	`5`

`server.bolt.thread_starvation_clear_window_duration`

Table 73. server.bolt.thread_starvation_clear_window_duration
Description	The duration for which unscheduled requests need to remain at a reasonable level before the error is cleared.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`.
Default value	`10m`

`server.bolt.thread_starvation_warn_threshold`

Table 74. server.bolt.thread_starvation_warn_threshold
Description	The maximum number of unscheduled requests allowed during thread starvation events within a specified time window before emitting log messages.
Valid values	A long that is minimum `0`.
Default value	`2`

`server.bolt.thread_starvation_warn_window_duration`

Table 75. server.bolt.thread_starvation_warn_window_duration
Description	The duration of the window in which unscheduled requests are sampled.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1s`.
Default value	`10m`

`server.bolt.tls_level`

Table 76. server.bolt.tls_level
Description	The encryption level to be used to secure communications with this connector.
Valid values	One of [REQUIRED, OPTIONAL, DISABLED].
Default value	`DISABLED`

`server.bolt.traffic_accounting_check_period`

Table 77. server.bolt.traffic_accounting_check_period
Description	Amount of time spent between samples of current traffic usage. Lower values result in more accurate reporting while incurring a higher performance penalty. A value of zero disables traffic accounting.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is 0s or is minimum `1m`.
Default value	`5m`

`server.bolt.traffic_accounting_clear_duration`

Table 78. server.bolt.traffic_accounting_clear_duration
Description	Time to be spent below the configured traffic threshold to clear traffic warnings.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) that is minimum `1m`.
Default value	`10m`

`server.bolt.traffic_accounting_incoming_threshold_mbps`

Table 79. server.bolt.traffic_accounting_incoming_threshold_mbps
Description	Maximum permitted incoming traffic within a configured accounting check window before emitting a warning (in Mbps).
Valid values	A long that is minimum `1`.
Default value	`950`

`server.bolt.traffic_accounting_outgoing_threshold_mbps`

Table 80. server.bolt.traffic_accounting_outgoing_threshold_mbps
Description	Maximum permitted outgoing traffic within a configured accounting check window before emitting a warning (in Mbps).
Valid values	A long that is minimum `1`.
Default value	`950`

`server.http.advertised_address`

Table 81. server.http.advertised_address
Description	Advertised address for this connector.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address.
Default value	`:7474`

`server.http.enabled`

Table 82. server.http.enabled
Description	Enable the HTTP connector.
Valid values	A boolean.
Default value	`true`

`server.http.listen_address`

Table 83. server.http.listen_address
Description	Address the connector should bind to.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address.
Default value	`:7474`

`server.http_enabled_modules`

Table 84. server.http_enabled_modules
Description	Defines the set of modules loaded into the Neo4j web server. The enterprise management endpoints are only available in the Еnterprise edition.
Valid values	A comma-separated set where each element is one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS, QUERY_API_ENDPOINTS].
Default value	`TRANSACTIONAL_ENDPOINTS,UNMANAGED_EXTENSIONS,BROWSER,ENTERPRISE_MANAGEMENT_ENDPOINTS,QUERY_API_ENDPOINTS`

`server.http_enabled_transports`

Table 85. server.http_enabled_transports
Description	Defines the set of transports available on the HTTP server.
Valid values	A comma-separated set where each element is one of [HTTP1_1, HTTP2].
Default value	`HTTP1_1,HTTP2`

`server.https.advertised_address`

Table 86. server.https.advertised_address
Description	Advertised address for this connector.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from server.default_advertised_address.
Default value	`:7473`

`server.https.enabled`

Table 87. server.https.enabled
Description	Enable the HTTPS connector.
Valid values	A boolean.
Default value	`false`

`server.https.listen_address`

Table 88. server.https.listen_address
Description	Address the connector should bind to.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address.
Default value	`:7473`

`server.default_advertised_address`

Table 89. server.default_advertised_address
Description	Default hostname or IP address the server uses to advertise itself.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that has no specified port and is an accessible address.
Default value	`localhost`

`server.default_listen_address`

Table 90. server.default_listen_address
Description	Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0".
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that has no specified port.
Default value	`localhost`

`server.routing.advertised_address`

Table 91. server.routing.advertised_address
Description	The advertised address for the intra-cluster routing connector.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from `server.default_advertised_address`.
Default value	`:7688`

`server.routing.listen_address`

Table 92. server.routing.listen_address
Description	Address routing connector should bind to.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address.
Default value	`:7688`

`dbms.routing.client_side.enforce_for_domains`

Table 93. dbms.routing.client_side.enforce_for_domains
Description	Always use client-side routing (regardless of the default router) for `neo4j://` protocol connections to these domains. A comma-separated list of domains. Wildcards (`*`) are supported.
Valid values	A comma-separated set where each element is a string.
Default value

`dbms.routing.default_router`

Table 94. dbms.routing.default_router
Description	Routing strategy for `neo4j://` protocol connections. Default is `CLIENT`, using client-side routing, with server-side routing as a fallback (if enabled). When set to `SERVER`, client-side routing is short-circuited, and requests rely on server-side routing (which must be enabled for proper operation, i.e. `dbms.routing.enabled=true`). Can be overridden by `dbms.routing.client_side.enforce_for_domains`.
Valid values	One of [SERVER, CLIENT].
Default value	`CLIENT`

`dbms.routing.driver.connection.connect_timeout`

Table 95. dbms.routing.driver.connection.connect_timeout
Description	Socket connection timeout. A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the operating system level.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`5s`

`dbms.routing.driver.connection.max_lifetime`

Table 96. dbms.routing.driver.connection.max_lifetime
Description	Pooled connections older than this threshold will be closed and removed from the pool. Setting this option to a low value will cause a high connection churn and might result in a performance hit. It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network equipment (load balancer, proxy, firewall, etc. can also limit maximum connection lifetime). Zero and negative values result in lifetime not being checked.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`1h`

`dbms.routing.driver.connection.pool.acquisition_timeout`

Table 97. dbms.routing.driver.connection.pool.acquisition_timeout
Description	Maximum amount of time spent attempting to acquire a connection from the connection pool. This timeout only kicks in when all existing connections are being used, and no new connections can be created because the maximum connection pool size has been reached. An error is raised when no connection can be acquired within the configured time. Negative values are allowed, which results in an unlimited acquisition timeout. A value of 0 is allowed, resulting in no timeout and immediate failure when the connection is unavailable.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`1m`

`dbms.routing.driver.connection.pool.idle_test`

Table 98. dbms.routing.driver.connection.pool.idle_test
Description	Pooled connections that have been idle in the pool for longer than this timeout will be tested to ensure they are still alive before being used again. If the value of this option is too low, acquiring a connection will require an additional network call, which will cause a performance hit. If the value of this option is too high, live connections might no longer be used, leading to errors. Hence, this parameter balances the likelihood of experiencing connection problems and performance. Usually, this parameter should not need tuning. Value 0 means connections will always be tested for validity. No connection liveliness check is done by default.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value

`dbms.routing.driver.connection.pool.max_size`

Table 99. dbms.routing.driver.connection.pool.max_size
Description	Maximum total number of connections to be managed by a connection pool. The limit is enforced for a combination of a host and user. Negative values are allowed and result in unlimited pool. Value of 0 is not allowed. Defaults to `-1` (unlimited).
Valid values	An integer.
Default value	`-1`

`dbms.routing.driver.logging.level`

Table 100. dbms.routing.driver.logging.level
Description	Sets the level for the driver’s internal logging.
Valid values	One of [DEBUG, INFO, WARN, ERROR, NONE].
Default value	`INFO`

`dbms.routing.enabled`

Table 101. dbms.routing.enabled
Description	Enable server-side routing in clusters using an additional bolt connector. When configured, this allows requests to be forwarded from one cluster member to another, if the requests cannot be satisfied by the first member (e.g. write requests received by a non-leader).
Valid values	A boolean.
Default value	`true`

`dbms.routing.load_balancing.plugin`

Table 102. dbms.routing.load_balancing.plugin
Description	Vary the order of the entries in routing tables each time one is produced. This means that different clients should select a range of servers as their first contact, reducing the chance of all clients contacting the same server if alternatives are available. This makes the load across the servers more even.
Valid values	A string.
Default value	`server_policies`

`dbms.routing.load_balancing.shuffle_enabled`

Table 103. dbms.routing.load_balancing.shuffle_enabled
Description	Vary the order of the entries in routing tables each time one is produced. This means that different clients should select a range of servers as their first contact, reducing the chance of all clients contacting the same server if alternatives are available. This makes the load across the servers more even.
Valid values	A boolean.
Default value	`true`

`dbms.routing.reads_on_primaries_enabled`

Table 104. dbms.routing.reads_on_primaries_enabled
Description	Configure if the `dbms.routing.getRoutingTable()` procedure should include non-writer primaries as read endpoints or return only secondaries. NOTE: If there are no secondaries for the given database, primaries are returned as read endpoints, regardless the value of this setting. Defaults to `true` so that non-writer primaries are available for read-only queries in a typical heterogeneous setup.
Valid values	A boolean.
Default value	`true`

`dbms.routing.reads_on_writers_enabled`

Table 105. dbms.routing.reads_on_writers_enabled
Description	Configure if the `dbms.routing.getRoutingTable()` procedure should include the writer as read endpoint or return only non-writers (non-writer primaries and secondaries). NOTE: Writer is returned as read endpoint if no other member is present.
Valid values	A boolean.
Default value	`false`

`dbms.routing_ttl`

Table 106. dbms.routing_ttl
Description	How long callers should cache the response of the routing procedure `dbms.routing.getRoutingTable()`.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1s`.
Default value	`5m`

Cypher settings

The Cypher settings affect the behavior of Cypher queries. They can be used to tune the performance of Cypher queries or to restrict the kinds of queries that can be executed. For more information, see Statistics and execution plans.

`db.query.default_language`

Table 107. db.query.default_language
Description	The default language of a database determines which language is used to evaluate queries that do not explicitly select a language. This setting determines the default language used for new (and initial) databases where not specified as part of `CREATE` or `ALTER` database.
Valid values	One of [CYPHER_5, CYPHER_25] that the [] values acceptance depend on 'internal.dbms.cypher.enable_experimental_versions'.
Default value	`CYPHER_5`

`dbms.cypher.forbid_exhaustive_shortestpath`

Table 108. dbms.cypher.forbid_exhaustive_shortestpath
Description	This setting is associated with performance optimization. Set this to `true` in situations where it is preferable to have any queries using the 'shortestPath' function terminate as soon as possible with no answer, rather than potentially running for a long time attempting to find an answer (even if there is no path to be found). For most queries, the 'shortestPath' algorithm will return the correct answer very quickly. However there are some cases where it is possible that the fast bidirectional breadth-first search algorithm will find no results even if they exist. This can happen when the predicates in the `WHERE` clause applied to 'shortestPath' cannot be applied to each step of the traversal, and can only be applied to the entire path. When the query planner detects these special cases, it will plan to perform an exhaustive depth-first search if the fast algorithm finds no paths. However, the exhaustive search may be orders of magnitude slower than the fast algorithm. If it is critical that queries terminate as soon as possible, it is recommended that this option be set to `true`, which means that Neo4j will never consider using the exhaustive search for shortestPath queries. However, please note that if no paths are found, an error will be thrown at run time, which will need to be handled by the application.
Valid values	A boolean.
Default value	`false`

`dbms.cypher.forbid_shortestpath_common_nodes`

Table 109. dbms.cypher.forbid_shortestpath_common_nodes
Description	This setting is associated with performance optimization. The shortest path algorithm does not work when the start and end nodes are the same. With this setting set to `false` no path will be returned when that happens. The default value of `true` will instead throw an exception. This can happen if you perform a shortestPath search after a cartesian product that might have the same start and end nodes for some of the rows passed to shortestPath. If it is preferable to not experience this exception, and acceptable for results to be missing for those rows, then set this to `false`. If you cannot accept missing results, and really want the shortestPath between two common nodes, then re-write the query using a standard Cypher variable length pattern expression followed by ordering by path length and limiting to one result.
Valid values	A boolean.
Default value	`true`

`dbms.cypher.hints_error`

Table 110. dbms.cypher.hints_error
Description	Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. If true, then non-conformance will result in an error, otherwise only a warning is generated.
Valid values	A boolean.
Default value	`false`

`dbms.cypher.infer_schema_parts`

Table 111. dbms.cypher.infer_schema_parts
Description	Allow label inference during cardinality estimation. If the planner can logically deduce that a node has a label not explicitly expressed in the query, the planner will use this information during cardinality estimation. This setting controls to what extent the planner should do that: `OFF`: No predicates are inferred. `MOST_SELECTIVE_LABEL`: Relationship types are used to infer labels on the relationships' end nodes. The planner only infers at most one label per node. If more than one label can be inferred for a given node, the planner keeps the most selective one, the one corresponding to the smallest number of nodes in the graph.
Valid values	One of [MOST_SELECTIVE_LABEL, OFF].
Default value	`OFF`

For some queries, the planner can infer predicates such as labels or types from the graph structure that can improve estimating the number of rows that each operator produces. for more information, see Cypher Manual → Execution plans and query tuning → Understanding execution plans.
For details on how to configure this setting on a per-query basis,effectively overriding this setting on that particular query, see Cypher Manual → Query tuning → Cypher infer schema parts.

`dbms.cypher.lenient_create_relationship`

Table 112. dbms.cypher.lenient_create_relationship
Description	Set this to change the behavior for Cypher create relationship when the start or end node is missing. By default this fails the query and stops execution, but by setting this flag the create operation is simply not performed and execution continues.
Valid values	A boolean.
Default value	`false`

`dbms.cypher.min_replan_interval`

Table 113. dbms.cypher.min_replan_interval
Description	The minimum time between possible Cypher query replanning events. After this time, the graph statistics will be evaluated, and if they have changed by more than the value set by dbms.cypher.statistics_divergence_threshold, the query will be replanned. If the statistics have not changed sufficiently, the same interval will need to pass before the statistics will be evaluated again. Each time they are evaluated, the divergence threshold will be reduced slightly until it reaches 10% after 7h, so that even moderately changing databases will see query replanning after a sufficiently long time interval.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`10s`

`dbms.cypher.planner`

Table 114. dbms.cypher.planner
Description	Set this to specify the default planner for the default language version.
Valid values	One of [DEFAULT, COST].
Default value	`DEFAULT`

`dbms.cypher.render_plan_description`

Table 115. dbms.cypher.render_plan_description
Description	If set to `true` a textual representation of the plan description will be rendered on the server for all queries running with `EXPLAIN` or `PROFILE`. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description.
Valid values	A boolean.
Default value	`true`

`dbms.cypher.statistics_divergence_threshold`

Table 116. dbms.cypher.statistics_divergence_threshold
Description	The threshold for statistics above which a plan is considered stale. If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. Change is calculated as `abs(a-b)/max(a,b)`. This means that a value of `0.75` requires the database to quadruple in size before query replanning. A value of `0` means that the query will be replanned as soon as there is any change in statistics and the replan interval has elapsed. This interval is defined by `dbms.cypher.min_replan_interval` and defaults to 10s. After this interval, the divergence threshold will slowly start to decline, reaching 10% after about 7h. This will ensure that long running databases will still get query replanning on even modest changes, while not replanning frequently unless the changes are very large.
Valid values	A double that is in the range `0.0` to `1.0`.
Default value	`0.75`

`dbms.cypher.transactions.default_subquery_retry_timeout`

Table 117. dbms.cypher.transactions.default_subquery_retry_timeout
Description	The default maximum amount of time to attempt retries of a subquery transaction that fails with a transient error in a query with a `CALL () { … } IN TRANSACTIONS … ON ERROR RETRY …` clause. This setting is only used when no retry timeout is explicitly specified in the query. E.g. `CALL () { … } IN TRANSACTIONS … ON ERROR RETRY FOR 10 SECONDS` would override this setting with a 10 second retry timeout for that particular query.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s).
Default value	`30s`

`server.cypher.parallel.worker_limit`

Table 118. server.cypher.parallel.worker_limit
Description	Number of threads to allocate to Cypher worker threads for the parallel runtime. If set to a positive number, that number of workers will be started. If set to `0`, one worker will be started for every logical processor available to the Java Virtual Machine. If set to a negative number, the total number of logical processors available on the server will be reduced by the absolute value of that number. For example, if the server has 16 available processors and you set `server.cypher.parallel.worker_limit` to `-1`, the parallel runtime will have 15 threads available.
Valid values	An integer.
Default value	`0`

Database settings

Database settings affect the behavior of a Neo4j database, for example, the file watcher service, the database format, the database store files, and the database timezone. They can be varied between each database but must be consistent across all configuration files in a cluster/DBMS.

`db.filewatcher.enabled`

Table 119. db.filewatcher.enabled
Description	Allows the enabling or disabling of the file watcher service. This is an auxiliary service but should be left enabled in almost all cases.
Valid values	A boolean.
Default value	`true`

`db.format`

Table 120. db.format
Description	Database format. This is the format that will be used for new databases. Valid values are `standard`, `aligned`, `high_limit` or `block`. The `aligned` format is essentially the `standard` format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The `high_limit` and `block` formats are available for Enterprise Edition only. Either `high_limit` or `block` is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties.
Valid values	A string.
Default value	`block`

standard and high_limit formats are deprecated in Neo4j 5.23.

`db.relationship_grouping_threshold`

Table 121. db.relationship_grouping_threshold
Description	Relationship count threshold for considering a node to be dense.
Valid values	An integer that is minimum `1`.
Default value	`50`

`db.store.files.preallocate`

Table 122. db.store.files.preallocate
Description	Specify if Neo4j should try to preallocate store files as they grow.
Valid values	A boolean.
Default value	`true`

`db.temporal.timezone`

Table 123. db.temporal.timezone
Description	Database timezone for temporal functions. All Time and DateTime values that are created without an explicit timezone will use this configured default timezone.
Valid values	A string describing a timezone, either described by offset (e.g. `+02:00`) or by name (e.g. `Europe/Stockholm`).
Default value	`Z`

`db.track_query_cpu_time`

Table 124. db.track_query_cpu_time
Description	Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling `SHOW TRANSACTIONS` will display the time, but not in the query.log. If you want the CPU time to be logged in the query.log, set `db.track_query_cpu_time=true`.
Valid values	A boolean.
Default value	`false`

DBMS settings

The DBMS settings affect the Neo4j DBMS as a whole. You can use them to set the default database, the DBMS timezone, a list of seed providers, and the maximum number of databases. The DBMS settings must be consistent across all configuration files in a cluster/DBMS.

`initial.dbms.default_database`

Table 125. initial.dbms.default_database
Description	Name of the default database. NOTE: This setting is not the same as `dbms.default_database`, which was used to set the default database in Neo4j 4.x and earlier versions. The `initial.dbms.default_database` setting is meant to set the default database before the creation of the DBMS. Once it is created, the setting is not valid anymore. To set the default database, use the `dbms.setDefaultDatabase()` procedure instead.
Valid values	A valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name system.
Default value	`neo4j`

`dbms.db.timezone`

Table 126. dbms.db.timezone
Description	Database timezone. Among other things, this setting influences the monitoring procedures.
Valid values	One of [UTC, SYSTEM].
Default value	`UTC`

`dbms.databases.seed_from_uri_providers`

Table 127. dbms.databases.seed_from_uri_providers
Description	Databases can be created from an existing seed (a database backup or dump) stored at a specific source URI. Different implementations of `com.neo4j.dbms.seeding.SeedProvider` support various types of seed sources. The following values are available: `CloudSeedProvider`, `FileSeedProvider`, `S3SeedProvider`, and `URLConnectionSeedProvider`. `CloudSeedProvider` supports seeds addressed with `s3`, `azb`, `gs`. `FileSeedProvider` supports seeds addressed with `file`. `S3SeedProvider` supports seeds addressed with `s3` but is deprecated and only usable in Cypher 5. `URLConnectionSeedProvider` supports seeds addressed with `ftp`,`http`, and `https`. This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from URI functionality is effectively disabled. See Seed from a URI for more information.
Valid values	A comma-separated list where each element is a string.
Default value	`CloudSeedProvider Changed in 2025.01`

`dbms.max_databases`

Table 128. dbms.max_databases
Description	The maximum number of databases.
Valid values	A long that is minimum `2`.
Default value	`100`

`dbms.usage_report.enabled`

Table 129. dbms.usage_report.enabled
Description	Usage data reporting.
Valid values	A boolean.
Default value	`true`

Import settings

The import settings control the size of the internal buffer used by LOAD CSV and the escaping of quotes in CSV files.

`db.import.csv.buffer_size`

Table 130. db.import.csv.buffer_size
Description	The size of the internal buffer in bytes used by `LOAD CSV`. If the csv file contains huge fields this value may have to be increased.
Valid values	A long that is minimum `1`.
Default value	`2097152`

`db.import.csv.legacy_quote_escaping`

Table 131. db.import.csv.legacy_quote_escaping
Description	Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using `LOAD CSV`. Setting this to `false` will use the standard, interpreting repeated quotes '""' as a single in-lined quote, while `true` will use the legacy convention originally supported in Neo4j 3.0 and 3.1, allowing a backslash to include quotes in-lined in fields.
Valid values	A boolean.
Default value	`true`

Index settings

The index settings control the full-text index and the background index sampling (chunk size limit and sample size). For more information, see Index configuration.

`db.index.fulltext.default_analyzer`

Table 132. db.index.fulltext.default_analyzer
Description	The name of the analyzer that the full-text indexes should use by default.
Valid values	A string.
Default value	`standard-no-stop-words`

`db.index.fulltext.eventually_consistent`

Table 133. db.index.fulltext.eventually_consistent
Description	Whether or not full-text indexes should be eventually consistent by default or not.
Valid values	A boolean.
Default value	`false`

`db.index.fulltext.eventually_consistent_apply_parallelism`

Table 134. db.index.fulltext.eventually_consistent_apply_parallelism
Description	The number of threads processing queued index updates for eventually consistent full-text indexes.
Valid values	An integer that is minimum 1.
Default value	`1`

`db.index.fulltext.eventually_consistent_refresh_interval`

Table 135. db.index.fulltext.eventually_consistent_refresh_interval
Description	How often an eventually consistent full-text index is refreshed (changes are guaranteed to be visible). If set to `0`, refresh is done by the threads applying eventually consistent full-text index updates.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s).
Default value	`0s`

`db.index.fulltext.eventually_consistent_refresh_parallelism`

Table 136. db.index.fulltext.eventually_consistent_refresh_parallelism
Description	The number of threads that can do full-text index refresh in parallel, i.e. the number of eventually consistent full-text indexes that can be refreshed in parallel.
Valid values	An integer that is minimum 1.
Default value	`1`

`db.index.fulltext.eventually_consistent_index_update_queue_max_length`

Table 137. db.index.fulltext.eventually_consistent_index_update_queue_max_length
Description	The eventually consistent mode of the full-text indexes works by queueing up index updates to be applied later in a background thread. This newBuilder sets an upper bound on how many index updates are allowed to be in this queue at any one point in time. When it is reached, the commit process will slow down and wait for the index update applier thread to make some more room in the queue.
Valid values	An integer that is in the range `1` to `50000000`.
Default value	`10000`

`db.index_sampling.background_enabled`

Table 138. db.index_sampling.background_enabled
Description	Enable or disable background index sampling.
Valid values	A boolean.
Default value	`true`

`db.index_sampling.sample_size_limit`

Table 139. db.index_sampling.sample_size_limit
Description	Index sampling chunk size limit.
Valid values	An integer that is in the range `1048576` to `2147483647`.
Default value	`8388608`

`db.index_sampling.update_percentage`

Table 140. db.index_sampling.update_percentage
Description	Percentage of index updates of total index size required before sampling of a given index is triggered.
Valid values	An integer that is minimum `0`.
Default value	`5`

Logging settings

Neo4j has two different configuration files for logging, one for the neo4j.log, which contains general information about Neo4j, and one configuration file for all other types of logging via Log4j 2 (except gc.log which is handled by the Java Virtual Machine(JVM). For more information, see Logging.

`db.logs.query.annotation_data_format`

Table 141. db.logs.query.annotation_data_format
Description	The format to use for the JSON annotation data. `CYPHER` Formatted as a Cypher map. E.g. `{foo: 'bar', baz: {k: 1}}`. `JSON` Formatted as a JSON map. E.g. `{"foo": "bar", "baz": {"k": 1}}`. `FLAT_JSON` Formatted as a flattened JSON map. E.g. `{"foo": "bar", "baz.k": 1}`. This only have effect when the query log is in JSON format.
Valid values	One of [CYPHER, JSON, FLAT_JSON].
Default value	`JSON Changed in 2025.01`

`db.logs.query.early_raw_logging_enabled`

Table 142. db.logs.query.early_raw_logging_enabled
Description	Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts.
Valid values	A boolean.
Default value	`false`

`db.logs.query.enabled`

Table 143. db.logs.query.enabled
Description	Log executed queries. Valid values are `OFF`, `INFO`, or `VERBOSE`. `OFF` no logging. `INFO` log queries at the end of execution, that take longer than the configured threshold, `db.logs.query.threshold`. `VERBOSE` log queries at the start and end of execution, regardless of `db.logs.query.threshold`. Log entries are written to the query log. This feature is available in the Neo4j Enterprise Edition.
Valid values	One of [OFF, INFO, VERBOSE].
Default value	`VERBOSE`

`db.logs.query.max_parameter_length`

Table 144. db.logs.query.max_parameter_length
Description	Sets a maximum character length use for each parameter in the log. This only takes effect if `db.logs.query.parameter_logging_enabled = true`.
Valid values	An integer.
Default value	`2147483647`

`db.logs.query.obfuscate_literals`

Table 145. db.logs.query.obfuscate_literals
Description	Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have an immediate effect, you must also call `CALL db.clearQueryCaches()`.
Valid values	A boolean.
Default value	`false`

Keep in mind that if Neo4j receives a malformed query that cannot be parsed, it cannot obfuscate its literals (because it does not know which parts are literals) and, therefore, the query text will not be included in any logging.

`db.logs.query.parameter_logging_enabled`

Table 146. db.logs.query.parameter_logging_enabled
Description	Log parameters for the executed queries being logged.
Valid values	A boolean.
Default value	`true`

`db.logs.query.plan_description_enabled`

Table 147. db.logs.query.plan_description_enabled
Description	Log query plan description table, useful for debugging purposes.
Valid values	A boolean.
Default value	`false`

`db.logs.query.threshold`

Table 148. db.logs.query.threshold
Description	If the execution of a query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`0s`

`db.logs.query.transaction.enabled`

Table 149. db.logs.query.transaction.enabled
Description	Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. OFF: no logging. INFO: log the start and end of transactions that take longer than the configured threshold, db.logs.query.transaction.threshold. VERBOSE: log the start and end of all transactions. Log entries are written to the query log.
Valid values	One of [OFF, INFO, VERBOSE].
Default value	`OFF`

`db.logs.query.transaction.threshold`

Table 150. db.logs.query.transaction.threshold
Description	If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to `INFO`. Defaults to 0 seconds (all transactions are logged).
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`0s`

`dbms.logs.http.enabled`

Table 151. dbms.logs.http.enabled
Description	Enable HTTP request logging.
Valid values	A boolean.
Default value	`false`

`server.logs.config`

Table 152. server.logs.config
Description	Path to the logging configuration for debug, query, http and security logs.
Valid values	A path. If relative, it is resolved from server.directories.configuration.
Default value	`server-logs.xml`

`server.logs.debug.enabled`

Table 153. server.logs.debug.enabled
Description	Enable the debug log.
Valid values	A boolean.
Default value	`true`

`server.logs.gc.enabled`

Table 154. server.logs.gc.enabled
Description	Enable GC Logging.
Valid values	A boolean.
Default value	`false`

`server.logs.gc.options`

Table 155. server.logs.gc.options
Description	GC Logging Options.
Valid values	A string.
Default value	`-Xlog:gc,safepoint,age=trace`

`server.logs.gc.rotation.keep_number`

Table 156. server.logs.gc.rotation.keep_number
Description	Number of GC logs to keep.
Valid values	An integer.
Default value	`5`

`server.logs.gc.rotation.size`

Table 157. server.logs.gc.rotation.size
Description	Size of each GC log that is kept.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value	`20.00MiB`

`server.logs.user.config`

Table 158. server.logs.user.config
Description	Path to the logging configuration of user logs.
Valid values	A path. If relative, it is resolved from server.directories.configuration.
Default value	`user-logs.xml`

Memory settings

Memory settings control how much memory is allocated to Neo4j and how it is used. It is recommended to perform a certain amount of testing and tuning of these settings to figure out the optimal division of the available memory. For more information on how to tune these settings, see Memory configuration, Disks, RAM and other tips, and Tuning of the garbage collector.

`db.memory.pagecache.warmup.enable`

Table 159. db.memory.pagecache.warmup.enable
Description	Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. According to that profile pages can be reloaded on the restart, replication, etc. This setting allows disabling that behavior. This feature is available in Neo4j Enterprise Edition.
Valid values	A boolean.
Default value	`true`

`db.memory.pagecache.warmup.preload`

Table 160. db.memory.pagecache.warmup.preload
Description	Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. Files to be prefetched can be filtered by 'dbms.memory.pagecache.warmup.preload.allowlist'. Enabling this disables warmup by profile.
Valid values	A boolean.
Default value	`false`

`db.memory.pagecache.warmup.preload.allowlist`

Table 161. db.memory.pagecache.warmup.preload.allowlist
Description	Page cache warmup prefetch file allowlist regex. By default matches all files.
Valid values	A string.
Default value	`.*`

`db.memory.pagecache.warmup.profile.interval`

Table 162. db.memory.pagecache.warmup.profile.interval
Description	The profiling frequency for the page cache. Accurate profiles allow the page cache to do an active warmup after a restart, reducing the mean time to performance.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`1m`

`db.memory.transaction.max`

Table 163. db.memory.transaction.max
Description	Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm', and gigabytes with 'g'). Zero means 'largest possible value'.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `1.00MiB` or is `0B`.
Default value	`0B`

`db.memory.transaction.total.max`

Table 164. db.memory.transaction.total.max
Description	Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `10.00MiB` or is `0B`.
Default value	`0B`

`server.db.query_cache_size`

Table 165. server.db.query_cache_size
Description	The number of cached Cypher query execution plans per database. The max number of query plans that can be kept in cache is the `number of databases` * `server.db.query_cache_size`. With 10 databases and `server.db.query_cache_size`=1000, the caches can keep 10000 plans in total on the instance, assuming that each DB receives queries that fill up its cache.
Valid values	An integer that is minimum `0`.
Default value	`1000`
Replaced by	`server.memory.query_cache.per_db_cache_num_entries`

`dbms.memory.tracking.enable`

Table 166. dbms.memory.tracking.enable
Description	Enable off heap and on heap memory tracking. Should not be set to `false` for clusters.
Valid values	A boolean.
Default value	`true`

`dbms.memory.transaction.total.max`

Table 167. dbms.memory.transaction.total.max
Description	Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'. Defaults to 70% of the heap size limit.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `10.00MiB` or is `0B`.
Default value

`server.memory.heap.initial_size`

Table 168. server.memory.heap.initial_size
Description	Initial heap size. By default it is calculated based on available system resources.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value

`server.memory.heap.max_size`

Table 169. server.memory.heap.max_size
Description	Maximum heap size. By default it is calculated based on available system resources.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value

`server.memory.pagecache.directio`

Table 170. server.memory.pagecache.directio
Description	Use direct I/O for page cache. This setting is supported only on Linux and only for a subset of record formats that use platform-aligned page size.
Valid values	A boolean.
Default value	`false`

`server.memory.pagecache.flush.buffer.enabled`

Table 171. server.memory.pagecache.flush.buffer.enabled
Description	Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted.
Valid values	A boolean.
Default value	`false`

`server.memory.pagecache.flush.buffer.size_in_pages`

Table 172. server.memory.pagecache.flush.buffer.size_in_pages
Description	Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush the buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled.
Valid values	An integer that is in the range `1` to `512`.
Default value	`128`

`server.memory.pagecache.scan.prefetchers`

Table 173. server.memory.pagecache.scan.prefetchers
Description	The maximum number of worker threads to use for pre-fetching data when doing sequential scans. Set to '0' to disable pre-fetching for scans.
Valid values	An integer that is in the range `0` to `255`.
Default value	`4`

`server.memory.pagecache.size`

Table 174. server.memory.pagecache.size
Description	The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources. By default the size of page cache will be 50% of available RAM minus the max heap size. The size of the page cache will also not be larger than 70x the max heap size (due to some overhead of the page cache in the heap.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`).
Default value

`server.memory.query_cache.sharing_enabled`

Table 175. server.memory.query_cache.sharing_enabled
Description	Enable sharing cache space between different databases. With this option turned on, databases will share cache space, but not cache entries. This means that a database may store and retrieve entries from the shared cache, but it may not retrieve entries produced by another database. The database may, however, evict entries from other databases as necessary, according to the constrained cache size and cache eviction policy. In essence, databases may compete for cache space, but may not observe each other’s entries. When this option is turned on, the cache space available to all databases is configured with `server.memory.query_cache.shared_cache_num_entries`. With this option turned off, the cache space available to each individual database is configured with `server.memory.query_cache.per_db_cache_num_entries`.
Valid values	A boolean.
Default value	`false`

`server.memory.query_cache.shared_cache_num_entries`

Table 176. server.memory.query_cache.shared_cache_num_entries
Description	The number of cached queries for all databases. The maximum number of queries that can be kept in a cache is exactly `server.memory.query_cache.shared_cache_num_entries`. This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `true`.
Valid values	An integer that is minimum `0`.
Default value	`1000`

`server.memory.query_cache.per_db_cache_num_entries`

Table 177. server.memory.query_cache.per_db_cache_num_entries
Description	The number of cached queries per database. The maximum number of queries that can be kept in a cache is `number of databases` * `server.memory.query_cache.per_db_cache_num_entries`. With 10 databases and `server.memory.query_cache.per_db_cache_num_entries`=1000, the cache can keep 10000 plans in total. This setting is only deciding cache size when `server.memory.query_cache.sharing_enabled` is set to `false`.
Valid values	An integer that is minimum `0`.
Default value	`1000`

Metrics settings

The metrics settings control whether Neo4j will log metrics, what metrics to log, how to log them, and how to expose them. For better understanding of the metrics settings and how to configure them, see Metrics.

`server.metrics.csv.enabled`

Table 178. server.metrics.csv.enabled
Description	Set to `true` to enable exporting metrics to CSV files.
Valid values	A boolean.
Default value	`true`

`server.metrics.csv.interval`

Table 179. server.metrics.csv.interval
Description	The reporting interval for the CSV files. That is, how often new rows with numbers are appended to the CSV files.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1ms`.
Default value	`30s`

`server.metrics.csv.rotation.compression`

Table 180. server.metrics.csv.rotation.compression
Description	Decides what compression to use for the csv history files.
Valid values	One of [NONE, ZIP, GZ].
Default value	`ZIP Changed in 2025.01`

`server.metrics.csv.rotation.keep_number`

Table 181. server.metrics.csv.rotation.keep_number
Description	Maximum number of history files for the csv files.
Valid values	An integer that is minimum `1`.
Default value	`7`

`server.metrics.csv.rotation.size`

Table 182. server.metrics.csv.rotation.size
Description	The file size in bytes at which the csv files will auto-rotate. If set to zero then no rotation will occur. Accepts a binary suffix `k`, `m` or `g`.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is in the range `0B` to `8388608.00TiB`.
Default value	`10.00MiB`

`server.metrics.enabled`

Table 183. server.metrics.enabled
Description	Enable metrics. Setting this to `false` will to turn off all metrics.
Valid values	A boolean.
Default value	`true`

`server.metrics.filter`

Table 184. server.metrics.filter
Description	Specifies which metrics should be enabled by using a comma separated list of globbing patterns. Only the metrics matching the filter will be enabled. For example `check_point,neo4j.page_cache.evictions` will enable any checkpoint metrics and the pagecache eviction metric.
Valid values	A comma-separated list where each element is A simple globbing pattern that can use `*` and `?`..
Default value	bolt.connections,bolt.messages_received,bolt.messages_started,dbms.pool.bolt.free,dbms.pool.bolt.total_size,dbms.pool.bolt.total_used,dbms.pool.bolt.used_heap,cluster.raft.is_leader,cluster.raft.last_leader_message,cluster.raft.replication_attempt,cluster.raft.replication_fail,cluster.raft.last_applied,cluster.raft.last_appended,cluster.raft.append_index,cluster.raft.commit_index,cluster.raft.applied_index,check_point.,cypher.replan_events,cypher.cache,ids_in_use,.neo4j.count.,pool.transaction..total_used,pool.transaction..used_heap,pool.transaction..used_native,store.size,transaction.active_read,transaction.active_write,transaction.committed,transaction.last_committed_tx_id,transaction.peak_concurrent,transaction.rollbacks,page_cache.hit,page_cache.page_faults,page_cache.usage_ratio,vm.file.descriptors.count,vm.gc.time.,vm.heap.used,vm.memory.buffer.direct.used,vm.memory.pool.g1_eden_space,vm.memory.pool.g1_old_gen,vm.pause_time,vm.thread,db.query.execution,protocol Changed in 2025.03 Changed in 2025.06

The default value of the server.metrics.filter was changed in Neo4j 2025.03 and 2025.06.

For details, refer to the Changes, deprecations, and removals in Neo4j 2025.x.

`server.metrics.graphite.enabled`

Table 185. server.metrics.graphite.enabled
Description	Set to `true` to enable exporting metrics to Graphite.
Valid values	A boolean.
Default value	`false`

`server.metrics.graphite.interval`

Table 186. server.metrics.graphite.interval
Description	The reporting interval for Graphite. That is, how often to send updated metrics to Graphite.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`30s`

`server.metrics.graphite.server`

Table 187. server.metrics.graphite.server
Description	The hostname or IP address of the Graphite server.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from server.default_listen_address.
Default value	`:2003`

`server.metrics.jmx.enabled`

Table 188. server.metrics.jmx.enabled
Description	Set to `true` to enable the JMX metrics endpoint.
Valid values	A boolean.
Default value	`true`

`server.metrics.prefix`

Table 189. server.metrics.prefix
Description	A common prefix for the reported metrics field names.
Valid values	A string.
Default value	`neo4j`

`server.metrics.prometheus.enabled`

Table 190. server.metrics.prometheus.enabled
Description	Set to `true` to enable the Prometheus endpoint.
Valid values	A boolean.
Default value	`false`

`server.metrics.prometheus.endpoint`

Table 191. server.metrics.prometheus.endpoint
Description	The hostname and port to use as Prometheus endpoint.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`. If missing, it is acquired from `server.default_listen_address`.
Default value	`localhost:2004`

Neo4j Browser and client settings

Neo4j Browser and client settings apply only to Neo4j Browser and the client.

`browser.allow_outgoing_connections`

Table 192. browser.allow_outgoing_connections
Description	Configure the policy for outgoing Neo4j Browser connections.
Valid values	A boolean.
Default value	`true`

`browser.credential_timeout`

Table 193. browser.credential_timeout
Description	Configure the Neo4j Browser to time out logged in users after this idle period. Setting this to 0 indicates no limit.
Valid values	A duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s).
Default value	`0s`

`browser.post_connect_cmd`

Table 194. browser.post_connect_cmd
Description	Commands to be run when Neo4j Browser successfully connects to this server. Separate multiple commands with semi-colon.
Valid values	A string.
Default value

`browser.remote_content_hostname_whitelist`

Table 195. browser.remote_content_hostname_whitelist
Description	Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from.
Valid values	A string.
Default value	`guides.neo4j.com,localhost`

`browser.retain_connection_credentials`

Table 196. browser.retain_connection_credentials
Description	Configure the Neo4j Browser to store or not store user credentials.
Valid values	A boolean.
Default value	`true`

`browser.retain_editor_history`

Table 197. browser.retain_editor_history
Description	Configure the Neo4j Browser to store or not store user editor history.
Valid values	A boolean.
Default value	`true`

`client.allow_telemetry`

Table 198. client.allow_telemetry
Description	Configure client applications such as Browser and Bloom to send Product Analytics data.
Valid values	A boolean.
Default value	`true`

Kubernetes settings

The Kubernetes settings are used to configure a cluster running on Kubernetes, where each server is running as a Kubernetes service. The addresses of the other servers can be obtained using the List Service API, as described in the Kubernetes API documentation. For more information, see Discovery in Kubernetes.

`dbms.kubernetes.address`

Table 199. dbms.kubernetes.address
Description	Address for Kubernetes API.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`.
Default value	`kubernetes.default.svc:443`

`dbms.kubernetes.ca_crt`

Table 200. dbms.kubernetes.ca_crt
Description	File location of CA certificate for Kubernetes API.
Valid values	A path.
Default value	`/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`

`dbms.kubernetes.cluster_domain`

Table 201. dbms.kubernetes.cluster_domain
Description	Kubernetes cluster domain.
Valid values	A string.
Default value	`cluster.local`

`dbms.kubernetes.label_selector`

Table 202. dbms.kubernetes.label_selector
Description	LabelSelector for Kubernetes API.
Valid values	A string.
Default value

`dbms.kubernetes.namespace`

Table 203. dbms.kubernetes.namespace
Description	File location of namespace for Kubernetes API.
Valid values	A path.
Default value	`/var/run/secrets/kubernetes.io/serviceaccount/namespace`

`dbms.kubernetes.discovery.service_port_name`

Table 204. dbms.kubernetes.discovery.service_port_name
Description	Service port name for discovery for Kubernetes API.
Valid values	A string.
Default value	`transaction`

`dbms.kubernetes.token`

Table 205. dbms.kubernetes.token
Description	File location of token for Kubernetes API.
Valid values	A path.
Default value	`/var/run/secrets/kubernetes.io/serviceaccount/token`

Security settings

The security settings are used to configure the security of your Neo4j deployment. Refer to the Security section for thorough information on security in Neo4j.

`dbms.security.allow_csv_import_from_file_urls`

Table 206. dbms.security.allow_csv_import_from_file_urls
Description	Determines if Cypher will allow using file URLs when loading data using `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` clauses that load data from the file system.
Valid values	A boolean.
Default value	`true`

`dbms.security.auth_cache_max_capacity`

Table 207. dbms.security.auth_cache_max_capacity
Description	The maximum capacity for authentication and authorization caches (respectively).
Valid values	An integer.
Default value	`10000`

`dbms.security.auth_cache_ttl`

Table 208. dbms.security.auth_cache_ttl
Description	The time to live (TTL) for cached authentication and authorization info when using external auth providers (OIDC, LDAP or plugin). Setting the TTL to 0 will disable auth caching. Disabling caching while using the LDAP auth provider requires the use of an LDAP system account for resolving authorization information.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`10m`

`dbms.security.auth_cache_use_ttl`

Table 209. dbms.security.auth_cache_use_ttl
Description	Enable time-based eviction of the authentication and authorization info cache for external auth providers (OIDC, LDAP or plugin). Disabling this setting will make the cache live forever and only be evicted when `dbms.security.auth_cache_max_capacity` is exceeded.
Valid values	A boolean.
Default value	`true`

`dbms.security.auth_enabled`

Table 210. dbms.security.auth_enabled
Description	Enable auth requirement to access Neo4j.
Valid values	A boolean.
Default value	`true`

`dbms.security.auth_minimum_password_length`

Table 211. dbms.security.auth_minimum_password_length
Description	The minimum number of characters required in a password.
Valid values	An integer that is minimum `1`.
Default value	`8`

`dbms.security.auth_lock_time`

Table 212. dbms.security.auth_lock_time
Description	The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to a low value is not recommended because it might make it easier for an attacker to brute force the password.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `0s`.
Default value	`5s`

`dbms.security.auth_max_failed_attempts`

Table 213. dbms.security.auth_max_failed_attempts
Description	The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by `dbms.security.auth_lock_time`.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to values less than 3 is not recommended because it might make it easier for an attacker to brute force the password.
Valid values	An integer that is minimum `0`.
Default value	`3`

`dbms.security.authentication_providers`

Table 214. dbms.security.authentication_providers
Description	A list of security authentication providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-<AUTH_PROVIDER_NAME>`. They will be queried in the given order when login is attempted.
Valid values	A comma-separated list where each element is a string.
Default value	`native`

`dbms.security.authorization_providers`

Table 215. dbms.security.authorization_providers
Description	A list of security authorization providers containing the users and roles. This can be any of the built-in `native` or `ldap` providers, or it can be an externally provided plugin, with a custom name prefixed by `plugin-`, i.e. `plugin-<AUTH_PROVIDER_NAME>`. They will be queried in the given order when login is attempted.
Valid values	A comma-separated list where each element is a string.
Default value	`native`

`dbms.security.cluster_status_auth_enabled`

Table 216. dbms.security.cluster_status_auth_enabled
Description	Require authorization for access to the Causal Clustering status endpoints.
Valid values	A boolean.
Default value	`true`

`dbms.security.http_access_control_allow_origin`

Table 217. dbms.security.http_access_control_allow_origin
Description	Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. This defaults to '*', which allows broadest compatibility. Note that any URI provided here limits HTTP/HTTPS access to that URI only.
Valid values	A string.
Default value	`*`

`dbms.security.http_auth_allowlist`

Table 218. dbms.security.http_auth_allowlist
Description	Defines an allowlist of http paths where Neo4j authentication is not required.
Valid values	A comma-separated list where each element is a string.
Default value	`/,/browser.*`

`dbms.security.http_strict_transport_security`

Table 219. dbms.security.http_strict_transport_security
Description	Value of the HTTP Strict-Transport-Security (HSTS) response header. This header tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. It is attached to every HTTPS response. Setting is not set by default so 'Strict-Transport-Security' header is not sent. Value is expected to contain directives like 'max-age', 'includeSubDomains' and 'preload'.
Valid values	A string.
Default value

`dbms.security.http_static_content_security_policy_header`

Table 220. dbms.security.http_static_content_security_policy_header
Description	Defines the Content-Security-Policy header to return to content returned on static endpoints.
Valid values	A string.
Default value	`default-src 'self'; script-src 'self' cdn.segment.com canny.io; img-src 'self' guides.neo4j.com data:; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com; base-uri 'none'; object-src 'none'; frame-ancestors 'none'; connect-src 'self' api.canny.io api.segment.io ws: wss: http: https:`

`dbms.security.key.name`

Table 221. dbms.security.key.name
Description	Name of the 256 length AES encryption key, which is used for the symmetric encryption.
Valid values	A string.
Default value	`aesKey`

`dbms.security.keystore.password`

Table 222. dbms.security.keystore.password
Description	Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption.
Valid values	A secure string.
Default value

`dbms.security.keystore.path`

Table 223. dbms.security.keystore.path
Description	Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database.
Valid values	A path.
Default value

`dbms.security.ldap.authentication.attribute`

Table 224. dbms.security.ldap.authentication.attribute
Description	The attribute to use when looking up users. Using this setting requires `dbms.security.ldap.authentication.search_for_attribute` to be true and thus `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured.
Valid values	A string that matches the pattern `[A-Za-z0-9-]*` (has to be a valid LDAP attribute name, only containing letters [A-Za-z], digits [0-9] and hyphens [-].).
Default value	`samaccountname`

`dbms.security.ldap.authentication.cache_enabled`

Table 225. dbms.security.ldap.authentication.cache_enabled
Description	Determines if the result of authentication via the LDAP server should be cached or not. Caching is used to limit the number of LDAP requests that have to be made over the network for users that have already been authenticated successfully. A user can be authenticated against an existing cache entry (instead of via an LDAP server) as long as it is alive (see `dbms.security.auth_cache_ttl`). An important consequence of setting this to `true` is that Neo4j then needs to cache a hashed version of the credentials in order to perform credentials matching. This hashing is done using a cryptographic hash function together with a random salt. Preferably a conscious decision should be made if this method is considered acceptable by the security standards of the organization in that this Neo4j instance is deployed.
Valid values	A boolean.
Default value	`true`

`dbms.security.ldap.authentication.mechanism`

Table 226. dbms.security.ldap.authentication.mechanism
Description	LDAP authentication mechanism. This is one of `simple` or a SASL mechanism supported by JNDI, for example `DIGEST-MD5`. `simple` is basic username and password authentication and SASL is used for more advanced mechanisms. See RFC 2251 LDAPv3 documentation for more details.
Valid values	A string.
Default value	`simple`

`dbms.security.ldap.authentication.search_for_attribute`

Table 227. dbms.security.ldap.authentication.search_for_attribute
Description	Perform authentication by searching for an unique attribute of a user. Using this setting requires `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` to be configured.
Valid values	A boolean.
Default value	`false`

`dbms.security.ldap.authentication.user_dn_template`

Table 228. dbms.security.ldap.authentication.user_dn_template
Description	LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory’s schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string.
Valid values	A string that Must be a string containing '{0}' to understand where to insert the runtime authentication principal..
Default value	`uid={0},ou=users,dc=example,dc=com`

`dbms.security.ldap.authorization.access_permitted_group`

Table 229. dbms.security.ldap.authorization.access_permitted_group
Description	The LDAP group to which a user must belong to get any access to the system.Set this to restrict access to a subset of LDAP users belonging to a particular group. If this is not set, any user to successfully authenticate via LDAP will have access to the PUBLIC role and any other roles assigned to them via dbms.security.ldap.authorization.group_to_role_mapping.
Valid values	A string.
Default value

`dbms.security.ldap.authorization.group_membership_attributes`

Table 230. dbms.security.ldap.authorization.group_membership_attributes
Description	A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled. This setting is ignored when `dbms.ldap_authorization_nested_groups_enabled` is `true`.
Valid values	A comma-separated list where each element is a string, which Can not be empty.
Default value	`memberOf`

`dbms.security.ldap.authorization.group_to_role_mapping`

Table 231. dbms.security.ldap.authorization.group_to_role_mapping
Description	An authorization mapping from LDAP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 You could also use whitespaces and quotes around group names to make this mapping more readable, for example: `dbms.security.ldap.authorization.group_to_role_mapping`=\ "cn=Neo4j Read Only,cn=users,dc=example,dc=com" = reader; \ "cn=Neo4j Read-Write,cn=users,dc=example,dc=com" = publisher; \ "cn=Neo4j Schema Manager,cn=users,dc=example,dc=com" = architect; \ "cn=Neo4j Administrator,cn=users,dc=example,dc=com" = admin
Valid values	A string that must be a semicolon-separated list of key-value pairs or empty.
Default value

`dbms.security.ldap.authorization.nested_groups_enabled`

Table 232. dbms.security.ldap.authorization.nested_groups_enabled
Description	This setting determines whether multiple LDAP search results will be processed (as is required for the lookup of nested groups). If set to `true` then instead of using attributes on the user object to determine group membership (as specified by `dbms.security.ldap.authorization.group_membership_attributes`), the `user` object will only be used to determine the user’s Distinguished Name, which will subsequently be used with `dbms.security.ldap.authorization.user_search_filter` in order to perform a nested group search. The Distinguished Names of the resultant group search results will be used to determine roles.
Valid values	A boolean.
Default value	`false`

`dbms.security.ldap.authorization.nested_groups_search_filter`

Table 233. dbms.security.ldap.authorization.nested_groups_search_filter
Description	The search template which will be used to find the nested groups which the user is a member of. The filter should contain the placeholder token `{0}` which will be substituted with the user’s Distinguished Name (which is found for the specified user principle using `dbms.security.ldap.authorization.user_search_filter`). The default value specifies Active Directory’s LDAP_MATCHING_RULE_IN_CHAIN (aka 1.2.840.113556.1.4.1941) implementation which will walk the ancestry of group membership for the specified user.
Valid values	A string.
Default value	`(&(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))`

`dbms.security.ldap.authorization.system_password`

Table 234. dbms.security.ldap.authorization.system_password
Description	An LDAP system account password to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`.
Valid values	A secure string.
Default value

`dbms.security.ldap.authorization.system_username`

Table 235. dbms.security.ldap.authorization.system_username
Description	An LDAP system account username to use for authorization searches when `dbms.security.ldap.authorization.use_system_account` is `true`. Note that the `dbms.security.ldap.authentication.user_dn_template` will not be applied to this username, so you may have to specify a full DN.
Valid values	A string.
Default value

`dbms.security.ldap.authorization.use_system_account`

Table 236. dbms.security.ldap.authorization.use_system_account
Description	Perform LDAP search for authorization info using a system account instead of the user’s own account. If this is set to `false` (default), the search for group membership will be performed directly after authentication using the LDAP context bound with the user’s own account. The mapped roles will be cached for the duration of `dbms.security.auth_cache_ttl`, and then expire, requiring re-authentication. To avoid frequently having to re-authenticate sessions you may want to set a relatively long auth cache expiration time together with this option. NOTE: This option will only work if the users are permitted to search for their own group membership attributes in the directory. If this is set to `true`, the search will be performed using a special system account user with read access to all the users in the directory. You need to specify the username and password using the settings `dbms.security.ldap.authorization.system_username` and `dbms.security.ldap.authorization.system_password` with this option. Note that this account only needs read access to the relevant parts of the LDAP directory and does not need to have access rights to Neo4j, or any other systems.
Valid values	A boolean.
Default value	`false`

`dbms.security.ldap.authorization.user_search_base`

Table 237. dbms.security.ldap.authorization.user_search_base
Description	The name of the base object or named context to search for user objects when LDAP authorization is enabled. A common case is that this matches the last part of `dbms.security.ldap.authentication.user_dn_template`.
Valid values	A string that Can not be empty.
Default value	`ou=users,dc=example,dc=com`

`dbms.security.ldap.authorization.user_search_filter`

Table 238. dbms.security.ldap.authorization.user_search_filter
Description	The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal.
Valid values	A string.
Default value	`(&(objectClass=*)(uid={0}))`

`dbms.security.ldap.connection_timeout`

Table 239. dbms.security.ldap.connection_timeout
Description	The timeout for establishing an LDAP connection. If a connection with the LDAP server cannot be established within the given time the attempt is aborted. A value of 0 means to use the network protocol’s (i.e., TCP’s) timeout value.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`30s`

`dbms.security.ldap.host`

Table 240. dbms.security.ldap.host
Description	URL of LDAP server to use for authentication and authorization. The format of the setting is `<protocol>://<hostname>:<port>`, where hostname is the only required field. The supported values for protocol are `ldap` (default) and `ldaps`. The default port for `ldap` is 389 and for `ldaps` 636. For example: `ldaps://ldap.example.com:10389`. You may want to consider using STARTTLS (`dbms.security.ldap.use_starttls`) instead of LDAPS for secure connections, in which case the correct protocol is `ldap`.
Valid values	A string.
Default value	`localhost`

`dbms.security.ldap.read_timeout`

Table 241. dbms.security.ldap.read_timeout
Description	The timeout for an LDAP read request (i.e. search). If the LDAP server does not respond within the given time the request will be aborted. A value of 0 means wait for a response indefinitely.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`30s`

`dbms.security.ldap.referral`

Table 242. dbms.security.ldap.referral
Description	The LDAP referral behavior when creating a connection. This is one of `follow`, `ignore` or `throw`. `follow` automatically follows any referrals `ignore` ignores any referrals `throw` throws an exception, which will lead to authentication failure.
Valid values	A string.
Default value	`follow`

`dbms.security.ldap.use_starttls`

Table 243. dbms.security.ldap.use_starttls
Description	Use secure communication with the LDAP server using opportunistic TLS. First an initial insecure connection will be made with the LDAP server, and a STARTTLS command will be issued to negotiate an upgrade of the connection to TLS before initiating authentication.
Valid values	A boolean.
Default value	`false`

`dbms.security.log_successful_authentication`

Table 244. dbms.security.log_successful_authentication
Description	Set to log successful authentication events to the security log. If this is set to `false` only failed authentication events will be logged, which could be useful if you find that the successful events spam the logs too much, and you do not require full auditing capability.
Valid values	A boolean.
Default value	`true`

`dbms.security.logs.ldap.groups_at_debug_level_enabled`

Table 245. dbms.security.logs.ldap.groups_at_debug_level_enabled
Description	When set to `true`, will log the groups retrieved from the ldap server. This will only take effect when the security log level is set to `DEBUG`.WARNING: It is strongly advised that this is set to `false` when running in a production environment in order to prevent logging of sensitive information.
Valid values	A boolean.
Default value	`false`

`dbms.security.oidc.<provider>.audience`

Table 246. dbms.security.oidc.<provider>.audience
Description	Expected values of the Audience (aud) claim in the id token.
Valid values	A comma-separated list where each element is a string, which Can not be empty.

`dbms.security.oidc.<provider>.auth_endpoint`

Table 247. dbms.security.oidc.<provider>.auth_endpoint
Description	The OIDC authorization endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri.
Valid values	a URI

`dbms.security.oidc.<provider>.auth_flow`

Table 248. dbms.security.oidc.<provider>.auth_flow
Description	The OIDC flow to use. This is exposed to clients via the discovery endpoint. Supported values are `pkce` and `implicit`
Valid values	One of [PKCE, IMPLICIT].
Default value	`PKCE`

`dbms.security.oidc.<provider>.auth_params`

Table 249. dbms.security.oidc.<provider>.auth_params
Description	Optional additional parameters that the auth endpoint requires. Please use params instead. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`.
Valid values	A simple key value map pattern `k1=v1;k2=v2`.
Default value	`{}`

`dbms.security.oidc.<provider>.authorization.group_to_role_mapping`

Table 250. dbms.security.oidc.<provider>.authorization.group_to_role_mapping
Description	An authorization mapping from IdP group names to Neo4j role names. The map should be formatted as a semicolon separated list of key-value pairs, where the key is the IdP group name and the value is a comma separated list of corresponding role names. For example: group1=role1;group2=role2;group3=role3,role4,role5 You could also use whitespaces and quotes around group names to make this mapping more readable, for example: dbms.security.oidc.<provider>.authorization.group_to_role_mapping=\ "Neo4j Read Only" = reader; \ "Neo4j Read-Write" = publisher; \ "Neo4j Schema Manager" = architect; \ "Neo4j Administrator" = admin
Valid values	A string that must be semicolon-separated list of key-value pairs or empty

`dbms.security.oidc.<provider>.claims.groups`

Table 251. dbms.security.oidc.<provider>.claims.groups
Description	The claim to use as the list of groups in Neo4j. These could be Neo4J roles directly, or can be mapped using dbms.security.oidc.<provider>.authorization.group_to_role_mapping. The JWT claim may also contain a single group returned as A string. as well as a list of groups as was previously required.
Valid values	A string.

`dbms.security.oidc.<provider>.claims.username`

Table 252. dbms.security.oidc.<provider>.claims.username
Description	The claim to use as the username in Neo4j. This would typically be sub, but in some situations it may be be desirable to use something else such as email.
Valid values	A string.
Default value	`sub`

`dbms.security.oidc.<provider>.client_id`

Table 253. dbms.security.oidc.<provider>.client_id
Description	Client id. Not used. This value was previously used to validate the `azp` claim in the id_token, but this validation has been removed in line with updates to the OIDC specification.
Valid values	A string.

`dbms.security.oidc.<provider>.config`

Table 254. dbms.security.oidc.<provider>.config
Description	The accepted values (all optional) are: `principal`: in which JWT claim the user’s email address is specified, email is the default. This is the value that will be shown in browser. `code_challenge_method`: default is `S256` and it’s the only supported method at this moment. This setting applies only for pkce auth flow `token_type_principal`: the options are almost always either `access_token`, which is the default, or `id_token`. `token_type_authentication`: the options are almost always either `access_token`, which is the default, or `id_token`. `implicit_flow_requires_nonce`: true or false. Defaults to false.
Valid values	A simple key-value map pattern `k1=v1;k2=v2`. Valid key options are: `[implicit_flow_requires_nonce, token_type_authentication, token_type_principal, principal, code_challenge_method]`.
Default value	`{}`

`dbms.security.logs.oidc.jwt_claims_at_debug_level_enabled`

Description

When set to true, it logs the claims from the JWT. This will only take effect when the security log level is set to DEBUG.

It is strongly advised that this is set to false when running in a production environment in order to prevent logging of sensitive information. Also note that the contents of the JWT claims set can change over time because they are dependent entirely upon the ID provider.

Valid values

A boolean.

Default value

false

`dbms.security.oidc.<provider>.display_name`

Table 256. dbms.security.oidc.<provider>.display_name
Description	The user-facing name of the provider as provided by the discovery endpoint to clients (Bloom, Browser etc.).
Valid values	A string.

`dbms.security.oidc.<provider>.get_groups_from_user_info`

Table 257. dbms.security.oidc.<provider>.get_groups_from_user_info
Description	When turned on, Neo4j gets the groups from the provider user info endpoint.
Valid values	A boolean.
Default value	`false`

`dbms.security.oidc.<provider>.get_username_from_user_info`

Table 258. dbms.security.oidc.<provider>.get_username_from_user_info
Description	When turned on, Neo4j gets the username from the provider user info endpoint.
Valid values	A boolean.
Default value	`false`

`dbms.security.oidc.<provider>.issuer`

Table 259. dbms.security.oidc.<provider>.issuer
Description	The expected value of the iss claim in the id token. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri.
Valid values	A string.

`dbms.security.oidc.<provider>.jwks_uri`

Table 260. dbms.security.oidc.<provider>.jwks_uri
Description	The location of the JWK public key set for the identity provider. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri.
Valid values	a URI

`dbms.security.oidc.<provider>.params`

Table 261. dbms.security.oidc.<provider>.params
Description	The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`. The user should at least provide: client_id: the SSO Idp client idenfifier. response_type: code if auth_flow is pkce or token for implicit auth_flow. scope: often containing a subset of 'email profile openid groups'. For example: `client_id=my-client-id;response_type=code;scope=openid profile email`.
Valid values	A simple key-value map pattern `k1=v1;k2=v2`. Required key options are: `[scope, client_id, response_type]`.
Default value	`{}`

`dbms.security.oidc.<provider>.token_endpoint`

Table 262. dbms.security.oidc.<provider>.token_endpoint
Description	The OIDC token endpoint. If this is not supplied Neo4j will attempt to discover it from the well_known_discovery_uri.
Valid values	a URI

`dbms.security.oidc.<provider>.token_params`

Table 263. dbms.security.oidc.<provider>.token_params
Description	Optional query parameters that the token endpoint requires. The map is a semicolon separated list of key-value pairs. For example: `k1=v1;k2=v2`.If the token endpoint requires a client_secret then this parameter should contain `client_secret=super-secret`
Valid values	A simple key value map pattern `k1=v1;k2=v2`.
Default value	`{}`

`dbms.security.oidc.<provider>.user_info_uri`

Table 264. dbms.security.oidc.<provider>.user_info_uri
Description	The identity providers user info uri.
Valid values	a URI

`dbms.security.oidc.<provider>.well_known_discovery_uri`

Table 265. dbms.security.oidc.<provider>.well_known_discovery_uri
Description	OpenID Connect Discovery endpoint used to fetch identity provider settings. If not provided, `issuer`, `jwks_uri`, `auth_endpoint` should be present. If the auth_flow is pkce, `token_endpoint` should also be provided.
Valid values	a URI

`dbms.security.procedures.allowlist`

Table 266. dbms.security.procedures.allowlist
Description	A list of procedures (comma separated) that are to be loaded. The list may contain both fully-qualified procedure names, and partial names with the wildcard . The default () loads all procedures. If no value is specified, no procedures will be loaded.
Valid values	A comma-separated list where each element is a string.
Default value	`*`

`dbms.security.procedures.unrestricted`

Table 267. dbms.security.procedures.unrestricted
Description	A list of procedures and user-defined functions (comma separated) that are allowed full access to the database. The list may contain both fully-qualified procedure names, and partial names with the wildcard `*`. Note that this enables these procedures to bypass security. Use with caution.
Valid values	A comma-separated list where each element is a string.
Default value

`dbms.security.require_local_user`

Table 268. dbms.security.require_local_user
Description	This controls if a local user has to be created for external authentication. If set to the default (`false`), no user has to be created to authenticate with an external authentication provider. If set to `true`, a user representing the external user must be created before they can authenticate successfully.
Valid values	A boolean.
Default value	`false`

`dbms.security.tls_reload_enabled`

Table 269. dbms.security.tls_reload_enabled
Description	Enable the reloading to TLS configuration and certificates dynamically by calling a procedure.
Valid values	A boolean.
Default value	`false`

`dbms.netty.ssl.provider`

Table 270. dbms.netty.ssl.provider
Description	Netty SSL provider.
Valid values	One of [JDK, OPENSSL, OPENSSL_REFCNT].
Default value	`JDK`

Server directories settings

The server directories settings can be used to change the default locations of your Neo4j files. For more information, see Default file locations.

`server.directories.cluster_state`

Table 271. server.directories.cluster_state
Description	Directory to hold cluster state including Raft log.
Valid values	A path. If relative, it is resolved from server.directories.data.
Default value	`cluster-state`

`server.directories.configuration`

Table 272. server.directories.configuration
Description	Root location of the configuration directory.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`conf`

`server.directories.data`

Table 273. server.directories.data
Description	Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`data`

`server.directories.dumps.root`

Table 274. server.directories.dumps.root
Description	Root location where Neo4j will store database dumps optionally produced when dropping said databases.
Valid values	A path. If relative, it is resolved from server.directories.data.
Default value	`dumps`

`server.directories.import`

Table 275. server.directories.import
Description	Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause. This should be set to a directory relative to the Neo4j installation path, restricting access to only those files within that directory and its subdirectories. For example the value "import" will only enable access to files within the 'import' folder. Removing this setting will disable the security feature, allowing all files in the local system to be imported. Setting this to an empty field will allow access to all files within the Neo4j installation folder.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value

`server.directories.lib`

Table 276. server.directories.lib
Description	Path of the lib directory.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`lib`

`server.directories.licenses`

Table 277. server.directories.licenses
Description	Path of the licenses directory.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`licenses`

`server.directories.logs`

Table 278. server.directories.logs
Description	Path of the logs directory.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`logs`

`server.directories.metrics`

Table 279. server.directories.metrics
Description	The target location of the CSV files: a path to a directory wherein a CSV file per reported field will be written.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`metrics`

`server.directories.neo4j_home`

Table 280. server.directories.neo4j_home
Description	Root relative to which directory settings are resolved. Calculated and set by the server on startup. Defaults to the current working directory.
Valid values	A path that is absolute.
Default value

`server.directories.plugins`

Table 281. server.directories.plugins
Description	Location of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`plugins`

`server.directories.run`

Table 282. server.directories.run
Description	Path of the run directory. This directory holds Neo4j’s runtime state, such as a pidfile when it is running in the background. The pidfile is created when starting neo4j and removed when stopping it. It may be placed on an in-memory filesystem such as tmpfs.
Valid values	A path. If relative, it is resolved from server.directories.neo4j_home.
Default value	`run`

`server.directories.script.root`

Table 283. server.directories.script.root
Description	Root location where Neo4j will store scripts for configured databases.
Valid values	A path. If relative, it is resolved from server.directories.data.
Default value	`scripts`

`server.directories.transaction.logs.root`

Table 284. server.directories.transaction.logs.root
Description	Root location where Neo4j will store transaction logs for configured databases.
Valid values	A path. If relative, it is resolved from server.directories.data.
Default value	`transactions`

Server settings

Server settings apply only to the specific server and can be varied between configuration files across a cluster/DBMS.

`server.backup.enabled`

Table 285. server.backup.enabled
Description	Enable support for running online backups.
Valid values	A boolean.
Default value	`true`

`server.backup.exec_connector.command`

Table 286. server.backup.exec_connector.command
Description	Command to execute for ExecDataConnector list
Valid values	A string.
Default value

`server.backup.exec_connector.scheme`

Table 287. server.backup.exec_connector.scheme
Description	Schemes ExecDataConnector will match on
Valid values	A comma-separated list where each element is a string.
Default value

`server.backup.listen_address`

Table 288. server.backup.listen_address
Description	Network interface and port for the backup server to listen on.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port`.
Default value	`127.0.0.1:6362`

`server.backup.advertised_address`

Table 289. server.backup.advertised_address
Description	The advertised address for the backup server. Default is the default advertised address combined with port defined in the backup listen address.
Valid values	A socket address in the format of `hostname:port`, `hostname`, or `:port` that is an accessible address. If missing, it is acquired from `server.default_advertised_address`.
Default value	`:0`

`server.backup.store_copy_max_retry_time_per_request`

Table 290. server.backup.store_copy_max_retry_time_per_request
Description	Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`20m`

`server.config.strict_validation.enabled`

Table 291. server.config.strict_validation.enabled
Description	A strict configuration validation will prevent the database from starting up if unknown configuration options are specified in the neo4j settings namespace (such as dbms., cypher., etc) or if settings are declared multiple times.
Valid values	A boolean.
Default value	`true`

`server.databases.default_to_read_only`

Table 292. server.databases.default_to_read_only
Description	Whether or not any database on this instance is read_only by default. If false, individual databases may be marked as read_only using server.database.read_only. If true, individual databases may be marked as writable using server.databases.writable.
Valid values	A boolean.
Default value	`false`

`server.databases.read_only`

Table 293. server.databases.read_only
Description	List of databases for which to prevent write queries. Databases not included in this list maybe read_only anyway depending upon the value of server.databases.default_to_read_only.
Valid values	A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name system.
Default value

`server.databases.writable`

Table 294. server.databases.writable
Description	List of databases for which to allow write queries. Databases not included in this list will allow write queries anyway, unless server.databases.default_to_read_only is set to true.
Valid values	A comma-separated set where each element is a valid database name containing only alphabetic characters, numbers, dots, and dashes with a length between 3 and 63 characters, starting with an alphabetic character or number but not with the name system.
Default value

`server.dynamic.setting.allowlist`

Table 295. server.dynamic.setting.allowlist
Description	A list of setting name patterns (comma separated) that are allowed to be dynamically changed. The list may contain both full setting names, and partial names with the wildcard `*`. If this setting is left empty all dynamic settings updates will be blocked.
Valid values	A comma-separated list where each element is a string.
Default value	`*`

`server.jvm.additional`

Table 296. server.jvm.additional
Description	Additional JVM arguments. Argument order can be significant. To use a Java commercial feature, the argument to unlock commercial features must precede the argument to enable the specific feature in the config value string.
Valid values	One or more jvm arguments.
Default value

`server.panic.shutdown_on_panic`

Table 297. server.panic.shutdown_on_panic
Description	Controls whether the Neo4j process will shut down, if there is a server panic (an unrecoverable error), or continue running. Following a server panic, it is likely that a significant amount of functionality will be lost. Recovering full functionality will require restarting the Neo4j process.
Valid values	A boolean.
Default value	`true Changed in 2025.01`

`server.threads.worker_count`

Table 298. server.threads.worker_count
Description	Number of Neo4j worker threads. This setting is only valid for REST and does not influence bolt-server. It sets the number of worker threads for the Jetty server used by neo4j-server. This option can be tuned when you plan to execute multiple, concurrent REST requests, to get more throughput from the database. Your OS might enforce a lower limit than the maximum value specified here. Number of available processors, or 500 for machines that have more than 500 processors.
Valid values	An integer that is in the range `1` to `44738`.
Default value

`server.unmanaged_extension_classes`

Table 299. server.unmanaged_extension_classes
Description	Comma-separated list of <classname>=<mount point> for unmanaged extensions.
Valid values	A comma-separated list where each element is `<classname>=<mount point>` string.
Default value

`server.windows_service_name`

Table 300. server.windows_service_name
Description	Name of the Windows Service managing Neo4j when installed using `neo4j install-service`. Only applicable on Windows OS. NOTE: This must be unique for each installation.
Valid values	A string.
Default value	`neo4j`

Transaction settings

The transaction settings helps you manage the transactions in your database, for example, the transaction timeout, the lock acquisition timeout, the maximum number of concurrently running transactions, etc. For more information, see Manage transactions and Concurrent data access.

`db.lock.acquisition.timeout`

Table 301. db.lock.acquisition.timeout
Description	The maximum time interval within which lock should be acquired. Zero (default) means the timeout is disabled.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`0s`

`db.shutdown_transaction_end_timeout`

Table 302. db.shutdown_transaction_end_timeout
Description	The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`10s`

`db.transaction.bookmark_ready_timeout`

Table 303. db.transaction.bookmark_ready_timeout
Description	The maximum amount of time to wait for the database state represented by the bookmark.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`) that is minimum `1s`.
Default value	`30s`

`db.transaction.concurrent.maximum`

Table 304. db.transaction.concurrent.maximum
Description	The maximum number of concurrently running transactions. If set to 0, the limit is disabled.
Valid values	An integer.
Default value	`1000`

`db.transaction.monitor.check.interval`

Table 305. db.transaction.monitor.check.interval
Description	Configures the time interval between transaction monitor checks. Determines how often the monitor thread will check a transaction for timeout.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`2s`

`db.transaction.sampling.percentage`

Table 306. db.transaction.sampling.percentage
Description	Transaction sampling percentage.
Valid values	An integer that is in the range `1` to `100`.
Default value	`5`

`db.transaction.timeout`

Table 307. db.transaction.timeout
Description	The maximum time interval of a transaction within which it should be completed.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`0s`

`db.transaction.tracing.level`

Table 308. db.transaction.tracing.level
Description	Transaction creation tracing level.
Valid values	One of [DISABLED, SAMPLE, ALL].
Default value	`DISABLED`

`server.http.transaction_idle_timeout`

Table 309. server.http.transaction_idle_timeout
Description	Timeout for idle transactions in the HTTP Server. NOTE: This is different from 'db.transaction.timeout' which will timeout the underlying transaction.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`30s`

`server.queryapi.transaction_idle_timeout`

Table 310. server.queryapi.transaction_idle_timeout
Description	Timeout for idle transactions in the Query API. Note: this is different from 'db.transaction.timeout' which will timeout the underlying transaction.
Valid values	A duration (Valid units are: `ns`, `μs`, `ms`, `s`, `m`, `h` and `d`; default unit is `s`).
Default value	`1m`

Transaction log settings

Transaction logs keep the list of transactions that have not yet been applied to the store files. This is necessary for recovery. The following settings configure the number of transaction logs left after a pruning operation and the size of the transaction log files.

`db.recovery.fail_on_missing_files`

Table 311. db.recovery.fail_on_missing_files
Description	If `true`, Neo4j will abort recovery if transaction log files are missing. Setting this to `false` will allow Neo4j to create new empty missing files for the already existing database, but the integrity of the database might be compromised.
Valid values	A boolean.
Default value	`true`

`db.tx_log.buffer.size`

Table 312. db.tx_log.buffer.size
Description	On serialization of transaction logs, they will be temporary stored in the byte buffer that will be flushed at the end of the transaction or at any moment when the buffer will be full. By default, the size of the byte buffer is based on the number of available CPU’s with a minimal buffer size of 512KB. Every other 4 CPU’s will add another 512KB into the buffer size. The maximal buffer size in this default scheme is 4MB taking into account that you can have one transaction log writer per database in multi-database env. For example, runtime with 4 CPUs will have the buffer size of 1MB; runtime with 8 CPUs will have the buffer size of 1MB 512KB; runtime with 12 CPUs will have the buffer size of 2MB.
Valid values	A long that is minimum `131072`.
Default value

`db.tx_log.preallocate`

Table 313. db.tx_log.preallocate
Description	Specify if Neo4j should try to preallocate the logical log file in advance. It optimizes file system by ensuring there is room to accommodate newly generated files and avoid file-level fragmentation.
Valid values	A boolean.
Default value	`true`

`db.tx_log.rotation.retention_policy`

Table 314. db.tx_log.rotation.retention_policy
Description	Specify how long Neo4j should keep logical transaction logs to backup the database. For example, `10 days` prunes logical logs that only contain transactions older than 10 days. Alternatively, `100k txs` keeps the 100k latest transactions from each database and prunes any older transactions. You can optionally add a period-based restriction to the size of logs to keep. For example, `2 days 1G` prunes logical logs that only contain transactions older than 2 days or are larger than 1G.
Valid values	A string that matches the pattern `^(true\|keep_all\|false\|keep_none\|(\d+[KkMmGg]?( (files\|size\|txs\|entries\|hours( \d+[KkMmGg]?)?\|days( \d+[KkMmGg]?)?))))$` (Must be `true` or `keep_all`, `false` or `keep_none`, or of format `<number><optional unit> <type> <optional space restriction>`. Valid units are `K`, `M` and `G`. Valid types are `files`, `size`, `txs`, `entries`, `hours` and `days`. Valid optional space restriction is a logical log space restriction like 100M. For example, `100M size` will limit logical log space on disk to 100MiB per database, and `200K txs` will limit the number of transactions kept to 200 000 per database.).
Default value	`2 days 2G`

`db.tx_log.rotation.size`

Table 315. db.tx_log.rotation.size
Description	Specifies at which file size the logical log will auto-rotate. The minimum accepted value is 128 KiB.
Valid values	A byte size (valid multipliers are `B`, `KiB`, `KB`, `K`, `kB`, `kb`, `k`, `MiB`, `MB`, `M`, `mB`, `mb`, `m`, `GiB`, `GB`, `G`, `gB`, `gb`, `g`, `TiB`, `TB`, `PiB`, `PB`, `EiB`, `EB`) that is minimum `128.00KiB`.
Default value	`256.00MiB`