Configuration Schema
Complete reference for Radar Collector configuration.
Top-Level Configuration
collector: # Optional - Collector settings
id: string # Required - Unique collector identifier
collection_interval: string # Optional - Collection interval (default: 30s)
output_directory: string # Optional - Output dir for offline collections
redact: boolean # Optional - Redact sensitive fields (default: true)
server: # Required - Server configuration
grpc_url: string # Required - gRPC server endpoint
api_key: string # Required - API key for authentication
timeout: string # Optional - Request timeout (default: 30s)
deployments: array # Required - List of deployments to monitor
Collector Configuration
The collector section controls agent behavior:
collector:
id: "radar-collector-001" # Unique identifier for this collector
hostname: "my-host" # Override system hostname (optional)
collection_interval: 30s # How often to collect from each deployment
health_report_interval: 60s # Health report interval
log_level: info # Optional log level override
labels: # Optional key-value labels
env: production
region: us-east-1
output_directory: /var/radar/collections # Where to write offline collection files
redact: true # Redact sensitive fields (default: true)
remote_config: # Remote-managed configuration
enabled: true # Enable remote config (default: true)
mode: managed # managed or local (default: managed)
managed_secrets: true # Include secrets from server (default: true)
poll_interval: 30s # Config polling interval (default: 30s)
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
id | string | ✅ | — | Unique collector identifier (defaults to radar-collector only when the entire collector section is omitted) |
hostname | string | — | system hostname | Hostname to report |
collection_interval | string | — | 30s | Collection frequency (e.g. 30s, 5m) |
health_report_interval | string | — | 60s | Health report interval |
log_level | string | — | — | Optional log level override |
labels | map | — | — | Key-value labels for this collector |
output_directory | string | — | /var/radar/collections | Output directory for --output-file |
redact | boolean | — | true | Redact sensitive fields before writing or submitting |
remote_config.enabled | boolean | — | true | Enable remote-managed configuration |
remote_config.mode | string | — | managed | Config mode: managed or local |
remote_config.managed_secrets | boolean | — | true | Whether remote config includes secrets |
remote_config.poll_interval | string | — | 30s | How often to poll for config changes |
Redaction behavior when enabled:
- Passwords and API keys →
***REDACTED*** - Hostnames → deterministic hash (e.g.
host-a1b2c3.example.com) - IP addresses →
192.xxx.xxx.xxx - Port numbers →
0
To disable via config:
collector:
redact: false
Server Configuration
The server section configures connection to the Radar server. Generate an API key from the Radar dashboard under Settings > Access Keys.
server:
grpc_url: "https://grpc.radar.redis.io:443" # gRPC endpoint
api_key: "your-api-key" # Authentication key
timeout: "30s" # Request timeout (optional)
Deployment Configuration
Each deployment in the deployments array must specify a type and type-specific fields.
Common Fields
| Field | Type | Required | Description |
|---|---|---|---|
id | string | ✅ | Unique deployment identifier |
name | string | ✅ | Deployment name (must be unique) |
type | string | ✅ | Deployment type (case-insensitive) |
collection | object | — | Per-deployment collection settings (see below) |
Per-Deployment Collection Settings
Each deployment can override collection behavior:
deployments:
- id: "cache-01"
name: "cache-server"
type: "standalone"
redis_url: "redis://localhost:6379"
collection:
interval: "60s" # Override collection interval
retry_on_failure: true # Retry on failure (default: true)
max_retries: 3 # Max retry attempts (default: 3)
timeout: "30s" # Collection timeout (default: 30s)
| Field | Type | Default | Description |
|---|---|---|---|
interval | string | 30s | Collection interval for this deployment |
retry_on_failure | boolean | true | Whether to retry on failure |
max_retries | integer | 3 | Maximum number of retry attempts |
timeout | string | 30s | Collection timeout |
Standalone Configuration
deployments:
- id: string # Required - Unique deployment ID
name: string # Required - Unique name
type: "standalone" # Required
redis_url: string # Optional - Redis connection URL (default: redis://localhost:6379, use rediss:// for TLS)
credentials: # Optional - Authentication
password: string # Optional - Redis password
Note: For standalone deployments,
redis_urlcontrols the host, port, and TLS scheme only. Configure authentication withcredentials.passwordorREDIS_PASSWORD. Standalone deployments do not currently support a Redis ACL username.
Example:
deployments:
- id: "cache-01"
name: "cache-server"
type: "standalone"
redis_url: "redis://redis.example.com:6379"
credentials:
password: "${REDIS_PASSWORD}"
For TLS:
deployments:
- id: "cache-tls-01"
name: "cache-server-tls"
type: "standalone"
redis_url: "rediss://redis.example.com:6380" # rediss:// for TLS
credentials:
password: "${REDIS_PASSWORD}"
Redis Software Configuration
deployments:
- id: string # Required - Unique deployment ID
name: string # Required - Unique name
type: "enterprise" # Required
rest_api: # Required - REST API configuration
host: string # Required - REST API hostname
port: integer # Required - REST API port (typically 9443)
use_tls: boolean # Required - Use HTTPS (typically true)
insecure: boolean # Optional - Skip cert verification (default: true)
enterprise_admin_url: string # Optional - Management UI redirect URL
enterprise: # Optional - Enterprise options
db_endpoint: string # Optional - Database endpoint style (external_ip, internal_ip, dns)
credentials: # Required - Authentication
rest_api:
basic_auth: string # Required - "username:password" format
Note:
enterprise_apiis also accepted as an alias forrest_apiin the credentials section for backward compatibility.
Example:
deployments:
- id: "ent-prod"
name: "production-enterprise"
type: "enterprise"
rest_api:
host: "enterprise.example.com"
port: 9443
use_tls: true
insecure: true # For self-signed certificates
enterprise_admin_url: "https://enterprise.example.com:8443" # Management UI redirect URL
enterprise:
db_endpoint: "external_ip"
credentials:
rest_api:
basic_auth: "admin@redis.local:${ENTERPRISE_PASSWORD}"
Cluster Configuration
deployments:
- id: string # Required - Unique deployment ID
name: string # Required - Unique name
type: "cluster" # Required
redis_urls: array<string> # Required - Seed nodes for discovery
credentials: # Optional - Authentication
username: string # Optional - Cluster username
password: string # Optional - Cluster password
Example:
deployments:
- id: "cluster-01"
name: "main-cluster"
type: "cluster"
redis_urls:
- "node1.example.com:7000"
- "node2.example.com:7000"
- "node3.example.com:7000"
credentials:
password: "${CLUSTER_PASSWORD}"
Sentinel Configuration
deployments:
- id: string # Required - Unique deployment ID
name: string # Required - Unique name
type: "sentinel" # Required
master_name: string # Required - Name of master in Sentinel
sentinel_urls: array<string> # Required - Sentinel endpoints
credentials: # Optional - Authentication
password: string # Optional - Redis password
Example:
deployments:
- id: "sentinel-01"
name: "ha-redis"
type: "sentinel"
master_name: "mymaster"
sentinel_urls:
- "sentinel1.example.com:26379"
- "sentinel2.example.com:26379"
- "sentinel3.example.com:26379"
credentials:
password: "${REDIS_PASSWORD}"
Complete Example
# Collector configuration
collector:
id: "radar-collector-001"
collection_interval: "60s"
redact: true # set to false to disable redaction
# Server configuration
server:
grpc_url: "https://grpc.radar.redis.io:443" # Production Radar gRPC endpoint
api_key: "${RADAR_API_KEY}"
# Deployment configurations
deployments:
# Software cluster
- id: "ent-01"
name: "enterprise-production"
type: "enterprise"
rest_api:
host: "cluster.redis.local"
port: 9443
use_tls: true
insecure: true
enterprise_admin_url: "https://cluster.redis.local:8443" # Optional
enterprise:
db_endpoint: "external_ip"
credentials:
rest_api:
basic_auth: "admin@redis.local:${ENT_PASSWORD}"
# Standalone instance
- id: "cache-01"
name: "session-cache"
type: "standalone"
redis_url: "redis://cache.redis.local:6379"
credentials:
password: "${CACHE_PASSWORD}"
# Redis Cluster
- id: "cluster-01"
name: "data-cluster"
type: "cluster"
redis_urls:
- "cluster1.redis.local:7000"
- "cluster2.redis.local:7000"
- "cluster3.redis.local:7000"
credentials:
password: "${CLUSTER_PASSWORD}"
# Sentinel HA
- id: "sentinel-01"
name: "ha-master"
type: "sentinel"
master_name: "mymaster"
sentinel_urls:
- "sentinel1.redis.local:26379"
- "sentinel2.redis.local:26379"
- "sentinel3.redis.local:26379"
credentials:
password: "${REDIS_PASSWORD}"
Environment Variables
The collector supports two mechanisms for using environment variables:
1. YAML Interpolation (Recommended)
Environment variables are expanded during configuration file loading using shell-like syntax:
${VAR}- Required variable (agent fails to start if not set)${VAR:-default}- Use default if VAR is unset or empty${VAR-default}- Use default if VAR is unset (empty string is valid)
Important: Only ${VAR} (braced) syntax is expanded. Bare $VAR is NOT expanded, allowing literal $ characters in values (e.g., passwords like my$ecret). Interpolation is applied after YAML parsing, so # and other YAML-significant characters inside interpolated secrets are treated as data, not syntax.
When to use which:
- Use
:-when empty values should fall back to default - Use
-when empty is a valid value (e.g., Redis with no password:password: ${REDIS_PASSWORD-})
Example:
server:
grpc_url: "${RADAR_SERVER:-https://grpc.radar.redis.io:443}"
api_key: "${RADAR_API_KEY}"
deployments:
- id: "redis-prod"
name: "Production Redis"
type: "standalone"
redis_url: "redis://${REDIS_HOST:-localhost}:${REDIS_PORT:-6379}"
credentials:
password: "${REDIS_PROD_PASSWORD}"
- id: "redis-dev"
name: "Dev Redis"
type: "standalone"
redis_url: "redis://${DEV_REDIS_HOST}:6379"
credentials:
password: "${REDIS_DEV_PASSWORD}"
Benefits:
- ✅ Per-deployment control (different env vars for each deployment)
- ✅ Works with any configuration field
- ✅ Clear and explicit in configuration file
- ✅ Supports default values
2. Runtime Overrides
Environment variables can override configuration values after YAML parsing. These are applied globally or per-deployment.
When to use:
- Quick testing/debugging without modifying config files
- Container/Kubernetes environments where env vars are easier to manage
- Overriding specific values in existing configurations
Precedence: Runtime overrides take precedence over YAML values (including interpolated values).
Global Overrides
Apply to all deployments or global settings:
# Server settings
export GRPC_ENDPOINT=https://grpc.radar.redis.io:443
export COLLECTION_INTERVAL=30 # seconds
# Standalone/Cluster/Sentinel (applies to ALL deployments of these types)
export REDIS_HOST=redis.example.com # All standalone deployments
export REDIS_PORT=6379 # All standalone deployments
export REDIS_PASSWORD=secret # All standalone/cluster/sentinel deployments
⚠️ Warning: REDIS_HOST, REDIS_PORT, and REDIS_PASSWORD apply to ALL deployments of the respective type. For multiple deployments with different credentials, use per-deployment overrides or YAML interpolation instead.
Per-Deployment Overrides
Override specific deployments using their id field (converted to UPPERCASE with - replaced by _):
Standalone Deployments:
# For deployment with id: "redis-prod"
export REDIS_STANDALONE_REDIS_PROD_HOST=prod.redis.example.com
export REDIS_STANDALONE_REDIS_PROD_PORT=6380
export REDIS_STANDALONE_REDIS_PROD_PASSWORD=prod-secret
Cluster Deployments:
# For deployment with id: "cluster-01"
export REDIS_CLUSTER_CLUSTER_01_PASSWORD=cluster-secret
Sentinel Deployments:
# For deployment with id: "sentinel-ha"
export REDIS_SENTINEL_SENTINEL_HA_PASSWORD=sentinel-secret
Redis Software (Enterprise) Deployments:
# For deployment with id: "ent-01"
export REDIS_ENTERPRISE_ENT_01_REST_API_URL=https://new-url:9443
export REDIS_ENTERPRISE_ENT_01_ADMIN_URL=https://admin.example.com:8443
export REDIS_ENTERPRISE_ENT_01_USERNAME=newuser
export REDIS_ENTERPRISE_ENT_01_PASSWORD=newpass
export REDIS_ENTERPRISE_ENT_01_SSL_NO_VERIFY=true
REDIS_ENTERPRISE_{ID}_REST_API_URL must use https://. REDIS_ENTERPRISE_{ID}_SSL_NO_VERIFY=true disables certificate verification while keeping HTTPS enabled.
Advanced Settings
Retry Configuration:
export RETRY_MAX_ATTEMPTS=5 # Default: 3
export RETRY_INITIAL_DELAY_SECS=2 # Default: 1
export RETRY_MAX_DELAY_SECS=60 # Default: 30
export RETRY_MULTIPLIER=3.0 # Default: 2.0
Collection Behavior:
export CONCURRENT_COLLECTION=false # Default: true (disable for debugging)
Authentication
The collector authenticates with the Radar server via an API key set in server.api_key.
Via config file (recommended):
server:
api_key: "${MY_API_KEY}"
export MY_API_KEY=your-api-key
Via environment variable:
export ACCESS_KEY=your-api-key
If both server.api_key and the ACCESS_KEY environment variable are set, ACCESS_KEY takes precedence.
Validation
Validate your configuration:
# Validate entire configuration
radar-collector --validate
# Validate specific deployment
radar-collector validate --deployment enterprise-production
# Test collection from deployment
radar-collector test --deployment session-cache
# Dry run (collect but don't submit)
radar-collector --dry-run