Documentation

Install Telegraf Controller

Telegraf Controller is a web-based configuration management system for Telegraf agents. It provides a user-friendly interface for managing Telegraf configurations, monitoring agents, and organizing plugins.

System Requirements

  • Operating Systems: Linux, macOS, Windows
  • Architecture: x64 (Intel/AMD) or ARM64 (Apple Silicon/ARM)
  • Database: SQLite (default), PostgreSQL, or PostgreSQL-compatible
  • Ports: 8888 (web interface and API), 8000 (heartbeat service). Optionally, serve the web interface on a separate ui-port.

Review the EULA

Review the InfluxData End User Software License Agreement (EULA) for Telegraf Controller before downloading and installing.

Telegraf Controller requires that you accept the EULA before the server can start. When you first run Telegraf Controller in interactive mode (default), it prompts you to accept the EULA. Once accepted on a host machine, the EULA does not need to be accepted again unless the EULA is updated or the Telegraf Controller local data directory is removed.

Accept in interactive mode

Run the executable in a terminal and follow the prompt.

telegraf_controller

Enter v to view the full text of the Telegraf Controller EULA. Enter accept to accept the EULA and proceed.

Accept non-interactively

Use the --eula-accept command option or set the TELEGRAF_CONTROLLER_EULA environment variable to accept. This is required for non-interactive runs such as systemd, LaunchDaemons, or CI—for example:

telegraf_controller --eula-accept --no-interactive
TELEGRAF_CONTROLLER_EULA=accept telegraf_controller --no-interactive
$env:TELEGRAF_CONTROLLER_EULA="accept"
./telegraf_controller.exe --no-interactive

Download and install Telegraf Controller

  1. Download the Telegraf Controller executable.

  2. Install Telegraf Controller.

    Telegraf Controller executable name

    The downloaded Telegraf Controller executable includes platform-specific information in the file name. You can leave the information in the file name or you can rename the file to telegraf_controller. This documentation assumes the executable is named telegraf_controller.

    Linux

    You can add the telegraf_controller executable to your system path or you can run it in place. You can also run Telegraf Controller as a service.

    Add the executable to your system path

    1. Add the following to your shell profile (for example ~/.bashrc):

      export PATH="$PATH:$PWD/telegraf_controller"
    2. Reload the profile or open a new shell.

    Run the executable in place

    ./telegraf_controller

    Install the executable as a systemd service

    If this is the first run on the host, accept the EULA in a TTY or set TELEGRAF_CONTROLLER_EULA=accept in the service environment.

    1. Create a Telegraf Controller service file:

      sudo tee /etc/systemd/system/telegraf-controller.service > /dev/null <<EOF
      [Unit]
      Description=Telegraf Controller
      After=network.target
      
      [Service]
      Type=simple
      User=$USER
      WorkingDirectory=/opt/telegraf-controller
      ExecStart=/opt/telegraf-controller/telegraf_controller
      Restart=on-failure
      RestartSec=10
      
      [Install]
      WantedBy=multi-user.target
      EOF
    2. Move the executable to /opt:

      sudo mkdir -p /opt/telegraf-controller
      sudo mv telegraf_controller /opt/telegraf-controller/
      sudo chmod +x /opt/telegraf-controller/telegraf_controller
    3. Enable and start the service:

      sudo systemctl daemon-reload
      sudo systemctl enable telegraf-controller
      sudo systemctl start telegraf-controller

    macOS

    You can add the telegraf_controller executable to your system path or you can run it in place. You can also run Telegraf Controller as a LaunchDaemon service.

    Prepare the downloaded executable

    1. Give telegraf_controller executable permissions:

      chmod +x telegraf_controller
    2. Remove the macOS quarantine attribute (if downloaded via browser):

      xattr -d com.apple.quarantine telegraf_controller

    Add the executable to your system path

    sudo mv telegraf_controller /usr/local/bin/
    export PATH="/usr/local/bin:$PATH"

    Run the executable in place

    ./telegraf_controller

    Install as a LaunchDaemon

    If this is the first run on the host, accept the EULA in a TTY or set TELEGRAF_CONTROLLER_EULA=accept in the service environment.

    1. Create a plist file:

      sudo tee /Library/LaunchDaemons/com.influxdata.telegraf-controller.plist > /dev/null <<EOF
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
      <dict>
          <key>Label</key>
          <string>com.influxdata.telegraf-controller</string>
          <key>ProgramArguments</key>
          <array>
              <string>/usr/local/bin/telegraf_controller</string>
          </array>
          <key>RunAtLoad</key>
          <true/>
          <key>KeepAlive</key>
          <true/>
          <key>StandardOutPath</key>
          <string>/var/log/telegraf-controller.log</string>
          <key>StandardErrorPath</key>
          <string>/var/log/telegraf-controller.error.log</string>
      </dict>
      </plist>
      EOF
    2. Move the executable to /usr/local/bin:

      sudo mv telegraf_controller /usr/local/bin/
    3. Load the service:

      sudo launchctl load /Library/LaunchDaemons/com.influxdata.telegraf-controller.plist

    Windows

    You can run the telegraf_controller executable in place or you can run Telegraf Controller as a Windows service.

    Run the application in place

    Double-click the executable or open Command Prompt or PowerShell and run:

    ./telegraf_controller.exe

    Install as a Windows Service

    Use NSSM (Non-Sucking Service Manager) to run Telegraf Controller as a Windows service.

    If this is the first run on the host, accept the EULA in a TTY or set TELEGRAF_CONTROLLER_EULA=accept in the service environment.

    1. Download NSSM

    2. In Command Prompt or PowerShell, install the Telegraf Controller service:

      nssm install TelegrafController "C:\Program Files\TelegrafController\telegraf_controller.exe"
      nssm set TelegrafController DisplayName "Telegraf Controller"
      nssm set TelegrafController Description "Web-based Telegraf configuration manager"
      nssm set TelegrafController Start SERVICE_AUTO_START
    3. Start the service:

      nssm start TelegrafController

Set up your database

Telegraf Controller supports SQLite (default), PostgreSQL, or PostgreSQL-compatible databases as its data backend.

SQLite

With SQLite installed, no additional setup is required. Telegraf Controller creates the database file automatically on first run.

Default SQLite data locations

Telegraf Controller stores its data in platform-specific locations:

PlatformDefault Database Location
Linux~/.local/share/telegraf-controller/sqlite.db
macOS~/Library/Application Support/telegraf-controller/sqlite.db
Windows%LOCALAPPDATA%\telegraf-controller\sqlite.db

PostgreSQL

The following steps assume you have a running PostgreSQL or PostgreSQL-compatible server running.

  1. Create a database named telegraf_controller:

    CREATE DATABASE telegraf_controller;
  2. Run with PostgreSQL URL:

    ./telegraf_controller --database="postgresql://user:password@localhost:5432/telegraf_controller"

The application will automatically run migrations on first startup.

Connect to PostgreSQL over TLS

To encrypt the connection to a PostgreSQL or PostgreSQL-compatible server, add the sslmode query parameter to the database URL. To verify the server certificate, use sslmode=verify-full and provide a CA certificate with sslrootcert:

./telegraf_controller \
  --database="postgresql://user:password@db.example.com:5432/telegraf_controller?sslmode=verify-full&sslrootcert=/etc/ssl/certs/ca.pem"

For all PostgreSQL TLS options, including supported sslmode values and the DATABASE_CA_CERT and DATABASE_SSL_NO_VERIFY environment variables, see Database TLS.

Configure Telegraf Controller

Use the following command line options to configure Telegraf Controller.

Configuration options

Command FlagEnvironment VariableDescriptionDefault
--portAPP_PORTWeb interface and API port8888
--ui-portUI_PORTOptional separate web interface portServed on API port
--heartbeat-portHEARTBEAT_PORTAgent heartbeat service port8000
--databaseDATABASE_URLDatabase connection stringAuto-detected SQLite
--logs-dirLOGS_DIRAbsolute path for agent logsSystem temp dir
--ssl-certSSL_CERT_PATHPEM SSL/TLS certificate file (enables HTTPS)None
--ssl-keySSL_KEY_PATHPEM SSL/TLS private key file (enables HTTPS)None
--owner-emailOWNER_EMAILBootstrap owner email addressNone
--owner-usernameOWNER_USERNAMEBootstrap owner usernameNone
--owner-passwordOWNER_PASSWORDBootstrap owner passwordNone
--disable-auth-endpointsDISABLED_AUTH_ENDPOINTSEndpoint groups to skip authentication forNone
--no-interactiveSkip prompts and use defaultsNone
--eula-acceptTELEGRAF_CONTROLLER_EULAAccept EULA non-interactivelyNone

For a full list of options, see the Telegraf Controller configuration options reference.

Enabling HTTPS also requires agent-side trust

Setting --ssl-cert/--ssl-key enables HTTPS on the server, but agents must also trust the certificate to fetch configurations and send heartbeats. For the full server and agent setup, see Secure Telegraf Controller with TLS.

Examples

# Use custom ports
telegraf_controller --port=3000 --heartbeat-port=9000

# Use PostgreSQL database
telegraf_controller \
  --database="postgresql://user:password@localhost:5432/telegraf_db"

# Use custom SQLite database location
telegraf_controller \
  --database="/path/to/custom/database.db"

# Accept the EULA non-interactively
telegraf_controller \
  --no-interactive \
  --eula-accept
# Use custom ports
./telegraf_controller.exe --port=3000 --heartbeat-port=9000

# Use PostgreSQL database
./telegraf_controller.exe `
  --database="postgresql://user:password@localhost:5432/telegraf_db"

# Use custom SQLite database location
./telegraf_controller.exe `
  --database="C:\path\to\custom\database.db"

# Accept the EULA non-interactively
./telegraf_controller.exe `
  --no-interactive `
  --eula-accept
# Use custom ports
APP_PORT=3000
HEARTBEAT_PORT=9000

# Use PostgreSQL database
DATABASE_URL=postgresql://user:password@localhost:5432/telegraf_db

# Use custom SQLite database location
DATABASE_URL=/path/to/custom/database.db

# Enable HTTPS
SSL_CERT_PATH=/path/to/cert.pem
SSL_KEY_PATH=/path/to/key.pem

# Accept the EULA
TELEGRAF_CONTROLLER_EULA=accept

telegraf_controller
# Use custom ports
$env:APP_PORT=3000
$env:HEARTBEAT_PORT=9000

# Use PostgreSQL database
$env:DATABASE_URL=postgresql://user:password@localhost:5432/telegraf_db

# Use custom SQLite database location
$env:DATABASE_URL=C:\path\to\custom\database.db

# Enable HTTPS
$env:SSL_CERT_PATH=C:\path\to\cert.pem
$env:SSL_KEY_PATH=C:\path\to\key.pem

# Accept the EULA
$env:TELEGRAF_CONTROLLER_EULA=accept

./telegraf_controller.exe

Set up the owner account

The first time you access Telegraf Controller, you need to create an owner account. The owner has full administrative access to the application, including the ability to manage users, configurations, and agents.

You can create the owner account using one of four methods:

Interactive CLI setup

When you start Telegraf Controller in interactive mode (default) and no owner account exists, Telegraf Controller prompts you to provide owner username, email address, and password.

Environment variable setup

You can configure the owner account by setting environment variables before starting Telegraf Controller. This method is useful for automated deployments and containerized environments.

Environment variableDescription
OWNER_EMAILOwner email address
OWNER_USERNAMEOwner username
OWNER_PASSWORDOwner password

For detailed descriptions, see the Owner account section in the configuration options reference.

Set all three environment variables and then start the application:

export OWNER_EMAIL="admin@example.com"
export OWNER_USERNAME="admin"
export OWNER_PASSWORD="secure-password-here"

./telegraf-controller

If an owner account already exists, Telegraf Controller ignores these environment variables.

If an administrator account already exists with the specified username, that account is promoted to owner.

Command line flag setup

You can also pass owner account details as command line flags when starting Telegraf Controller.

FlagDescription
--owner-email=EMAILOwner email address
--owner-username=NAMEOwner username
--owner-password=PASSOwner password

Pass all three flags when starting the application:

./telegraf-controller \
  --owner-email="admin@example.com" \
  --owner-username="admin" \
  --owner-password="secure-password-here"

Command line flags take precedence over environment variables. If you set both, Telegraf Controller uses the values from the command line flags.

Web interface setup

If no owner account exists when you start Telegraf Controller in non-interactive mode, the web interface displays a setup page where you can create one.

  1. Navigate to the Telegraf Controller URL in your browser.
  2. Fill in the Username, Email, and Password fields.
  3. Click Create Account.
Owner account setup page

For more information about user roles and permissions, see Authentication and authorization.

Apply a Telegraf Enterprise license (optional)

If you have a Telegraf Enterprise license, you can apply it at startup by setting the LICENSE_FILE_PATH environment variable to the path of your license file.

export LICENSE_FILE_PATH=/etc/telegraf-controller/license.jwt

You can also apply a license through the Telegraf Controller UI after the application is running. For full details on both methods, including systemd and Docker examples, see Apply a license.

Without a license, Telegraf Controller runs in a free tier with reduced scale limits and enterprise features disabled. See Telegraf Enterprise for a comparison.

Access Telegraf Controller

Once started, access the Telegraf Controller web interface at http://localhost:8888 (or using your custom port). If you set ui-port to serve the web interface on a separate port, use that port instead.


Was this page helpful?

Thank you for your feedback!


InfluxDB OSS 2.9.0: API tokens are hashed by default

Stronger token security in InfluxDB OSS 2.9.0 — tokens are hashed on disk by default. Existing tokens are hashed on first startup and can’t be recovered afterward. Capture any plaintext tokens you still need before you upgrade.

View InfluxDB OSS 2.9.0 release notes

Hashed tokens authenticate exactly like unhashed tokens — clients and integrations keep working.

Also new in 2.9.0:

  • Configurable backup compression
  • Restore support for backups containing hashed tokens
  • Tighter Edge Data Replication queue validation
  • Flux upgrade
  • Compaction reliability improvements

Key enhancements in Explorer 1.9

Explorer 1.9 is now available with InfluxQL support, an AI-assisted Flux to SQL converter (beta), and new live sample data simulators.

View Explorer 1.9 release notes

Explorer 1.9 includes new features and improvements that make it easier to query, visualize, and manage data.

Highlights:

  • Flux to SQL converter (beta): Convert Flux queries to SQL with an AI-assisted converter.
  • InfluxQL support: Query data with InfluxQL in the Data Explorer and dashboards, and save and load InfluxQL queries.
  • InfluxQL visualizations: Render line and bar charts from InfluxQL results with per-tag series grouping.
  • Query error history: Review a history of query errors in the query tool.
  • Live sample data simulators: Generate continuous live sample data with new bird data and signal generator simulators.

For more details, see Explorer 1.9 release notes

InfluxDB 3.10 is now available

InfluxDB 3 Core 3.10 adds an automatic catalog format upgrade, a configurable query-concurrency limit, and processing engine improvements.

Key updates in InfluxDB 3 Core 3.10:

  • Catalog format upgrade: the on-disk catalog automatically upgrades from format v2 to v3 on first 3.10 startup. Migration is one-way—back up your catalog before upgrading.
  • --max-concurrent-queries: limit concurrent queries (adjustable at runtime).
  • GET /ready endpoint for readiness probes.
  • Processing engine: cross-database queries and trigger lockdown flags.

For more information, see the InfluxDB 3 Core release notes.

InfluxDB 3.10 is now available

InfluxDB 3 Enterprise 3.10 adds automated backup and restore, row-level deletions, and user management, with an automatic catalog format upgrade and performance preview improvements.

Key updates in InfluxDB 3 Enterprise 3.10:

  • Catalog format upgrade: the on-disk catalog automatically upgrades from format v2 to v3 on first 3.10 startup. Migration is one-way—back up your catalog before upgrading.
  • Automated backup and restore (beta)
  • Row-level deletions
  • User management (authentication and RBAC) — preview
  • Performance preview improvements

Backup and restore, row-level deletions, and the performance preview require the Enterprise storage engine upgrade (opt-in beta). Beta and preview features are subject to breaking changes and aren’t recommended for production use.

For more information, see the InfluxDB 3 Enterprise release notes

Telegraf Enterprise is now generally available

Telegraf Enterprise is now generally available, along with Telegraf Controller v1.0.

Telegraf Enterprise combines Telegraf Controller, a centralized management console for Telegraf, with official support from InfluxData. Manage configurations, monitor fleet health, and operate tens of thousands of Telegraf agents from a single system.

InfluxDB Docker latest tag changing to InfluxDB 3 Core

On September 15, 2026, the latest tag for InfluxDB Docker images will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments.

If using Docker to install and run InfluxDB, the latest tag will point to InfluxDB 3 Core. To avoid unexpected upgrades, use specific version tags in your Docker deployments. For example, if using Docker to run InfluxDB v2, replace the latest version tag with a specific version tag in your Docker pull command–for example:

docker pull influxdb:2