# Query Service Indexer To query your data, the Query service uses an indexer to index your RDF resources; i.e., the the Query service returns results only from the indexed RDF resources. To index your data, the indexer requires [Read access](https://docs.inrupt.com/reference/glossary#read-access) to the resources to be indexed. You can grant Read access specifically to the indexer using its WebID. The indexer has a WebID of the following form: ```none https://fragments-indexer.{ESS DOMAIN}/id ``` In addition, like any other agent, the indexer has Read access to those resources with Read access granted to the Public. ## Indexing Data Once the indexer is given Read access to a Resource, a Resource change notification triggers the indexing of that Resource. {% hint style="warning" %} **Important**\ Because the resource indexing occurs after the [indexer](#query-service-indexer) consumes a resource change notification event, the query results may lag behind the current state of the Resource. The delay amount depends on the lag in the notification queue. {% endhint %} See also [**`INRUPT_FRAGMENTS_INGEST_IGNORE_ERRORS`**](#inrupt_fragments_ingest_ignore_errors) . ## Indexer Configuration {% hint style="info" %} **Note**\ Whitespaces are **preserved** when parsing comma-delimited lists (i.e., the parsed string values are not trimmed). For example, when parsed, **`"value1, value2,value3 "`** results in **`"value1"`** , **`" value2"`** , **`"value3 "`** . {% endhint %} #### INRUPT\_AUTHZ\_AS\_URI The URI of the [UMA Authorization Server](https://docs.inrupt.com/ess/2.5/services/service-uma) . The value must match the **`INRUPT_UMA_ISSUER`** configuration for [UMA Service](https://docs.inrupt.com/ess/2.5/services/service-uma). #### INRUPT\_FRAGMENTS\_INGEST\_IGNORE\_ERRORS Default : **`false`** A boolean that determines whether the indexer should log but continue on error or throw an exception on error: * Set to **`true`** to log the error and continue when the indexer encounters an error. * Set to **`false`** to throw an exception on error. (Default) #### INRUPT\_LOGGING\_CONFIGURATION\_PREFIX\_ALLOW Default : inrupt,smallrye.jwt.encrypt.key.id,smallrye.jwt.encrypt.key.location,smallrye.jwt.sign.key.location,quarkus.mongodb.database A comma-separated list of configuration property prefixes ( **case-sensitive** ) that determine which configurations are logged: * If the list is empty, **NO** configuration property is logged. * If a configuration property starts with a listed prefix ( **case-sensitive** ), the configuration property and its value are logged **unless** the configuration also matches a prefix in [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) (which acts as a filter on [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) list).\ As such, if the configuration matches prefix in both [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) and [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny), the [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) takes precedence and the configuration is not logged. For example, if **`inrupt.`** is an allow prefix, but **`inrupt.kafka.`** is a deny prefix, all configurations that start with **`inrupt.kafka.`** are excluded from the logs. When specifying the prefixes, you can specify the prefixes using one of two formats: * using dot notation (e.g., **`inrupt.foobar.`** ), or * using the [MicroProfile Config environmental variables conversion value](https://quarkus.io/guides/config-reference#environment-variables) (e.g., **`INRUPT_FOOBAR_`** ). {% hint style="danger" %} **Warning** Use the same format for **both** [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) and [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) . For example, if you change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow), change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) as well. {% endhint %} {% hint style="info" %} **Tip**\ To avoid allowing more than desired configurations, specify as much of the prefix as possible. If the prefix specifies the complete prefix term, include the term delineator. For example: * If using dot-notation, if you want to match configuration properties of the form **`foobar....`** , specify **`foobar.`** (including the dot **`.`** ) instead of, for example, **`foo`** or **`foobar`** . * If using converted form, if you want to match configuration properties of the form **`FOOBAR_...`** , specify **`FOOBAR_`** (including the underscore **`_`** ) instead of, for example, **`FOO`** or **`FOOBAR`** . {% endhint %} #### INRUPT\_LOGGING\_CONFIGURATION\_PREFIX\_DENY Default : inrupt.kafka A comma-separated list of configuration name prefixes ( **case-sensitive** ) that determines which configurations (that would otherwise match the [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) ) are not logged. That is, [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) acts as a filter on [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) . For example: * If **`foobar.`** is an allowed prefix, to suppress **`foobar.private.`** , you can specify **`foobar.private.`** to the deny list. * If **`foobar.`** is **not** an allowed prefix, no property starting with **`foobar.`** is logged. As such, you do not need to specify **`foobar.private`** to the deny list. When specifying the prefixes, you can specify the prefixes using one of two formats: * using dot notation (e.g., **`inrupt.foobar.`** ), or * using the [MicroProfile Config environmental variables conversion value](https://quarkus.io/guides/config-reference#environment-variables) (e.g., **`INRUPT_FOOBAR_`** ). {% hint style="danger" %} **Warning** Use the same format for **both** [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow) and [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) . For example, if you change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_ALLOW`**](#inrupt_logging_configuration_prefix_allow), change the format of [**`INRUPT_LOGGING_CONFIGURATION_PREFIX_DENY`**](#inrupt_logging_configuration_prefix_deny) as well. {% endhint %} #### INRUPT\_LOGGING\_REDACTION\_NAME\_ACTION Default : **`REPLACE`** Type of the redaction to perform. Supported values are:
ActionDescription
REPLACEDefault. Replaces the matching text with a specified replacement.
PLAINLeaves the matching field unprocessed. Only available if the redaction target is a field (i.e., INRUPT_LOGGING_REDACTION_{NAME}_FIELD).
DROPSuppresses the matching field. Only available if the redaction target is a field (i.e., INRUPT_LOGGING_REDACTION_{NAME}_FIELD).
PRIORITIZEChanges the log level of the matching message.
SHA256Replaces the matching text with its hash.
* If the action is **`REPLACE`** ( *default* ), see also **`INRUPT_LOGGING_REDACTION_{NAME}_REPLACEMENT`**. * If the action is to **`PRIORITIZE`**, see also **`INRUPT_LOGGING_REDACTION_{NAME}_LEVEL`** . For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.5/administration/logging/logging-redaction). #### INRUPT\_LOGGING\_REDACTION\_NAME\_ENABLED Default : **`true`** A boolean that determines whether the redaction configurations with the specified **`INRUPT_LOGGING_REDACTION_{NAME}_`** prefix is enabled. For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.5/administration/logging/logging-redaction). #### INRUPT\_LOGGING\_REDACTION\_NAME\_EXCEPTION Fully qualified name of the exception class to match in the log messages (includes inner exception). Configure to target an exception message class. For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.5/administration/logging/logging-redaction). #### INRUPT\_LOGGING\_REDACTION\_NAME\_FIELD Exact name of the field to match in the log messages. Configure to target a specific log message field for redaction. For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.5/administration/logging/logging-redaction). #### INRUPT\_LOGGING\_REDACTION\_NAME\_LEVEL A new log level to use for the log message if the **`INRUPT_LOGGING_REDACTION_{NAME}_ACTION`** is **`PRIORITIZE`** . #### INRUPT\_LOGGING\_REDACTION\_NAME\_PATTERN A regex (see [Java regex pattern](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/regex/Pattern.html#sum) ) to match in the log messages. Configure to target log message text that matches a specified pattern. For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.5/administration/logging/logging-redaction). #### INRUPT\_LOGGING\_REDACTION\_NAME\_REPLACEMENT Replacement text to use if the **`INRUPT_LOGGING_REDACTION_{NAME}_ACTION`** is **`REPLACE`** . If unspecified, defaults to **`[REDACTED]`** . For more information on log redaction, see [Logging Redaction](https://docs.inrupt.com/ess/2.5/administration/logging/logging-redaction). #### INRUPT\_AUDIT\_PRODUCER\_REQUEST\_METADATA\_ALLOW A comma-separated list [audit events](https://docs.inrupt.com/ess/2.5/service-auditing#event-message-instrument-app-defined-metadata) (unless specified in the corresponding [**`INRUPT_AUDIT_PRODUCER_REQUEST_METADATA_DENY`**](#inrupt_audit_producer_request_metadata_deny) ). This configuration is **case-sensitive** to the propagated properties in the baggage. {% hint style="info" %} **Tip**\ To include a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match. {% endhint %} See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information. #### INRUPT\_AUDIT\_PRODUCER\_REQUEST\_METADATA\_DENY A comma-separated list of application-defined properties to exclude from the associated audit messages. This setting takes precedence over [**`INRUPT_AUDIT_PRODUCER_REQUEST_METADATA_ALLOW`**](#inrupt_audit_producer_request_metadata_allow) . This configuration is **case-sensitive** to the propagated properties in the baggage. {% hint style="info" %} **Tip**\ To exclude a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match. {% endhint %} See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information. #### INRUPT\_LOGGING\_REQUEST\_METADATA\_ALLOW A comma-separated list of application-defined properties that can be included in the associated [log messages](https://docs.inrupt.com/ess/2.5/administration/logging) (unless specified in the corresponding [**`INRUPT_LOGGING_REQUEST_METADATA_DENY`**](#inrupt_logging_request_metadata_deny) ). This configuration is **case-sensitive** to the propagated properties in the baggage. {% hint style="info" %} **Tip**\ To include a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match. {% endhint %} See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information. #### INRUPT\_LOGGING\_REQUEST\_METADATA\_DENY A comma-separated list. This setting takes precedence over [**`INRUPT_LOGGING_REQUEST_METADATA_ALLOW`**](#inrupt_logging_request_metadata_allow). This configuration is **case-sensitive** to the propagated properties in the baggage. {% hint style="info" %} **Tip**\ To exclude a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match. {% endhint %} See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information. #### INRUPT\_REQUEST\_METADATA\_PROPAGATOR\_HEADER\_ALLOW A comma-separated list of non-baggage request headers to add to the [baggage](https://www.w3.org/TR/baggage/) (unless specified in the corresponding [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_DENY`**](#inrupt_request_metadata_propagator_header_deny) ); i.e., include these non-baggage request headers as application-defined properties. The configuration is case-insensitive; i.e., the listed headers do **not** need to match the case of the client request headers. For example, a list that includes **`x-correlation-id`** can match **`x-correlation-id`** header, **`X-CoRrElAtIoN-Id`** header, etc. See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information. #### INRUPT\_REQUEST\_METADATA\_PROPAGATOR\_HEADER\_DENY A comma-separated list of non-baggage request headers to exclude from being added to the [baggage](https://www.w3.org/TR/baggage/) ; i.e., excludes these headers as application-defined properties. This setting takes precedence over [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) . The configuration is case-insensitive; i.e., the listed headers do **not** need to match the case of the client request headers. For example, a list that includes **`x-correlation-id`** can match (and exclude) **`x-correlation-id`** header, **`X-CoRrElAtIoN-Id`** header, etc. See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information. #### INRUPT\_REQUEST\_METADATA\_PROPAGATOR\_HEADER\_OVERRIDES A flag that determines ESS behavior when metadata property is defined both as a header and as a baggage entry: * If **`true`** , ESS updates/overrides the baggage entry with the header value. * If **`false`** (the default), ESS keeps the baggage entry. For details, [Duplicate Property Definition](https://docs.inrupt.com/latest/administration/application-defined-metadata#duplicate-property-definition) . #### INRUPT\_REQUEST\_METADATA\_REFLECTOR\_HEADER\_ALLOW A comma-separated list of application-defined properties that can return as response headers (unless specified in the corresponding [**`INRUPT_REQUEST_METADATA_REFLECTOR_HEADER_DENY`**](#inrupt_request_metadata_reflector_header_deny) ). This configuration is **case-sensitive** to the propagated properties in the baggage. {% hint style="info" %} **Tip** * To return a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match. * You may need to update **`QUARKUS_HTTP_CORS_EXPOSED_HEADERS`** to extend the list of [CORS-safelisted response headers](https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header) . {% endhint %} See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information. #### INRUPT\_REQUEST\_METADATA\_REFLECTOR\_HEADER\_DENY A comma-separated list of application-defined properties to exclude from returning as response headers. This setting takes precedence over [**`INRUPT_REQUEST_METADATA_REFLECTOR_HEADER_ALLOW`**](#inrupt_request_metadata_reflector_header_allow) . This configuration is **case-sensitive** to the propagated properties in the baggage. {% hint style="info" %} **Tip**\ To exclude a propagated property that was added via the [**`INRUPT_REQUEST_METADATA_PROPAGATOR_HEADER_ALLOW`**](#inrupt_request_metadata_propagator_header_allow) configuration, ensure that the cases of these properties match. {% endhint %} See: * [Manage Application-Defined Metadata Propagation](https://docs.inrupt.com/ess/2.5/installation/customize-configurations/customization-logging/manage-app-defined-metadata) to configure. * [Application-Defined Metadata](https://docs.inrupt.com/ess/2.5/administration/application-defined-metadata) for more information.