Install and Configure Grafana with Zammad

Revision 6a0ce0bd059e9bb8cf072768ad4cc223182678de

1-install-grafana.sh · 2.0 KiB · Bash Raw

# As documented on original Grafana documentation: # https://grafana.com/docs/grafana/latest/setup-grafana/installation/debian/ # Add Debian repository mkdir -p /etc/apt/keyrings/ wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg > /dev/null echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list # Install Grafana Enterprise (as suggested) apt install grafana-enterprise # Use below sed commands to adjust your configuration file -or- copy below grafana.ini and replace it with your local one sed -i 's/;http_port = 3000/http_port = 3001/g' /etc/grafana/grafana.ini sed -i 's/;http_addr =/http_addr = 127.0.0.1/g' /etc/grafana/grafana.ini sed -i 's/;instance_name = localhost/instance_name = FQDN/g' /etc/grafana/grafana.ini sed -i 's/;domain = localhost = localhost/domain = FQDN/g' /etc/grafana/grafana.ini sed -i 's/;enforce_domain = false/enforce_domain = true/g' /etc/grafana/grafana.ini sed -i 's/;root_url = %(protocol)s:\/\/%(domain)s:%(http_port)s\//root_url = %(protocol)s:\/\/%(domain)s\//g' /etc/grafana/grafana.ini sed -i 's/;content_security_policy = false/content_security_policy = true/g' /etc/grafana/grafana.ini sed -i 's/;cookie_secure = false/cookie_secure = true/g' /etc/grafana/grafana.ini sed -i 's/;cookie_samesite = lax/cookie_samesite = strict/g' /etc/grafana/grafana.ini echo "content_security_policy_template = \"\"\"script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';frame-src: 'self'\"\"\"" >> /etc/grafana/grafana.ini sed -i 's/;allow_sign_up = true/allow_sign_up = false/g' /etc/grafana/grafana.ini sed -i 's/;hide_version = false/hide_version = true/g' /etc/grafana/grafana.ini # After you're done with your configuration, start and enable Grafana systemctl enable grafana-server --now

1	# As documented on original Grafana documentation:
2	# https://grafana.com/docs/grafana/latest/setup-grafana/installation/debian/
3
4	# Add Debian repository
5	mkdir -p /etc/apt/keyrings/
6	wget -q -O - https://apt.grafana.com/gpg.key \| gpg --dearmor \| tee /etc/apt/keyrings/grafana.gpg > /dev/null
7	echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" \| tee -a /etc/apt/sources.list.d/grafana.list
8
9	# Install Grafana Enterprise (as suggested)
10	apt install grafana-enterprise
11
12	# Use below sed commands to adjust your configuration file -or- copy below grafana.ini and replace it with your local one
13	sed -i 's/;http_port = 3000/http_port = 3001/g' /etc/grafana/grafana.ini
14	sed -i 's/;http_addr =/http_addr = 127.0.0.1/g' /etc/grafana/grafana.ini
15	sed -i 's/;instance_name = localhost/instance_name = FQDN/g' /etc/grafana/grafana.ini
16	sed -i 's/;domain = localhost = localhost/domain = FQDN/g' /etc/grafana/grafana.ini
17	sed -i 's/;enforce_domain = false/enforce_domain = true/g' /etc/grafana/grafana.ini
18	sed -i 's/;root_url = %(protocol)s:\/\/%(domain)s:%(http_port)s\//root_url = %(protocol)s:\/\/%(domain)s\//g' /etc/grafana/grafana.ini
19	sed -i 's/;content_security_policy = false/content_security_policy = true/g' /etc/grafana/grafana.ini
20	sed -i 's/;cookie_secure = false/cookie_secure = true/g' /etc/grafana/grafana.ini
21	sed -i 's/;cookie_samesite = lax/cookie_samesite = strict/g' /etc/grafana/grafana.ini
22	echo "content_security_policy_template = \"\"\"script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';frame-src: 'self'\"\"\"" >> /etc/grafana/grafana.ini
23	sed -i 's/;allow_sign_up = true/allow_sign_up = false/g' /etc/grafana/grafana.ini
24	sed -i 's/;hide_version = false/hide_version = true/g' /etc/grafana/grafana.ini
25
26	# After you're done with your configuration, start and enable Grafana
27	systemctl enable grafana-server --now

2-apache-grafana.conf · 1.4 KiB · Text Raw

1	# vHost file for Apache2
2
3	# security - prevent information disclosure about server version
4	ServerTokens Prod
5
6	<VirtualHost *:80>
7	ServerName FQDN
8	Redirect permanent / https://FQDN
9	</VirtualHost>
10
11	<VirtualHost *:443>
12	SSLEngine on
13	SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
14	SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
15	SSLHonorCipherOrder off
16	SSLSessionTickets off
17
18	SSLCertificateFile /etc/ssl/certs/FQDN.pem;
19	SSLCertificateKeyFile /etc/ssl/private/FQDN.pem;
20	# only if applicable
21	# SSLCertificateChainFile /etc/ssl/certs/cert-bundle.pem;
22	SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem
23
24	ServerName FQDN
25
26	HostnameLookups Off
27	UseCanonicalName Off
28	ServerSignature Off
29
30	ProxyRequests Off
31	ProxyPreserveHost On
32
33	<Proxy 127.0.0.1:3001>
34	Require local
35	</Proxy>
36
37	<Location /api/live/ws>
38	# Handle websocket connections
39	ProxyPreserveHost On
40	ProxyPass ws://127.0.0.1:3001/api/live/ws
41	ProxyPassReverse ws://127.0.0.1:3001/api/live/ws
42	</Location>
43
44	ProxyPass / http://127.0.0.1:3001/
45	ProxyPassReverse / http://127.0.0.1:3001/
46
47	<Directory />
48	Options FollowSymLinks
49	AllowOverride None
50	</Directory>
51	</VirtualHost>
52

2-nginx-grafana.conf · 1.7 KiB · Text Raw

1	# vHost file for nginx
2
3	map $http_upgrade $connection_upgrade_grafana_ssl {
4	default upgrade;
5	'' close;
6	}
7
8	server {
9	listen 80;
10	listen [::]:80;
11	server_name FQDN;
12	access_log /var/log/nginx/access.log;
13
14	location / {
15	return 301 https://$host$request_uri;
16	}
17	}
18
19	server {
20	listen 443 ssl http2;
21	listen [::]:443 ssl http2;
22	server_name FQDN;
23	server_tokens off;
24	access_log /var/log/nginx/access.log;
25	error_log /var/log/nginx/error.log warn;
26
27	ssl_certificate /etc/ssl/certs/FQDN.pem;
28	ssl_certificate_key /etc/ssl/private/FQDN.pem;
29	# only if applicable
30	# ssl_trusted_certificate /etc/ssl/certs/cert-bundle.pem;
31	ssl_protocols TLSv1.2 TLSv1.3;
32	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
33	ssl_prefer_server_ciphers off;
34	ssl_dhparam /etc/nginx/dhparam.pem;
35	ssl_session_cache shared:SSL:10m;
36	ssl_session_timeout 10m;
37	ssl_stapling on;
38	ssl_stapling_verify on;
39
40	add_header Strict-Transport-Security "max-age=63072000" always;
41	# Content Security, frame and Type is generated by Grafana already
42
43	location / {
44	proxy_read_timeout 300;
45	proxy_http_version 1.1;
46	proxy_set_header Host $host;
47	proxy_set_header CLIENT_IP $remote_addr;
48	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
49	proxy_set_header X-Forwarded-Proto $scheme;
50	proxy_set_header Upgrade $http_upgrade;
51	proxy_set_header Connection $connection_upgrade_grafana_ssl;
52
53	# Adjust below port to your environemnt (Grafana default is 3000)
54	proxy_pass http://127.0.0.1:3001;
55	}
56	}

3-closed-vs-created-tickets-dashboard-sample.yml · 28 KiB · YAML Raw

{ "__inputs": [ { "name": "DS_ES_- TICKETS BY CREATED_AT", "label": "ES - Tickets by created_at", "description": "", "type": "datasource", "pluginId": "elasticsearch", "pluginName": "Elasticsearch" }, { "name": "DS_ES_- TICKETS BY CLOSED_AT", "label": "ES - Tickets by closed_at", "description": "", "type": "datasource", "pluginId": "elasticsearch", "pluginName": "Elasticsearch" } ], "__elements": {}, "__requires": [ { "type": "panel", "id": "barchart", "name": "Bar chart", "version": "" }, { "type": "datasource", "id": "elasticsearch", "name": "Elasticsearch", "version": "1.0.0" }, { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "10.3.1" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "grafana", "uid": "-- Grafana --" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "description": "Sample dashboard with different panels to visualize opened and closed tickets on different time ranges.\n\nAs per\nhttps://gist.not-enough.coffee/MrGeneration/a38ae45faad5438a8e2d2ba07122f1c9\n\nvia YouTube\nhttps://www.youtube.com/@that_helpdesk_guy", "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, "id": null, "links": [], "liveNow": false, "panels": [ { "datasource": { "type": "datasource", "uid": "-- Mixed --" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "created" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "closed" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 10, "w": 24, "x": 0, "y": 0 }, "hideTimeOverride": false, "id": 2, "interval": "1d", "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "alias": "created", "bucketAggs": [ { "field": "created_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "${DS_ES_- TICKETS BY CREATED_AT}" }, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "A", "timeField": "created_at" }, { "alias": "closed", "bucketAggs": [ { "field": "close_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "${DS_ES_- TICKETS BY CLOSED_AT}" }, "hide": false, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "B", "timeField": "close_at" } ], "timeFrom": "now-14d", "title": "Created vs Closed by day", "transformations": [ { "id": "joinByField", "options": { "byField": "Time", "mode": "outer" } }, { "id": "formatTime", "options": { "outputFormat": "DD.MM.YY", "timeField": "Time", "timezone": "browser", "useTimezone": true } } ], "type": "barchart" }, { "datasource": { "type": "datasource", "uid": "-- Mixed --" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "created" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "closed" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 13, "w": 24, "x": 0, "y": 10 }, "hideTimeOverride": false, "id": 3, "interval": "1M", "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "alias": "created", "bucketAggs": [ { "field": "created_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "${DS_ES_- TICKETS BY CREATED_AT}" }, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "A", "timeField": "created_at" }, { "alias": "closed", "bucketAggs": [ { "field": "close_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "${DS_ES_- TICKETS BY CLOSED_AT}" }, "hide": false, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "B", "timeField": "close_at" } ], "timeFrom": "now-1y", "title": "Created vs Closed by month", "transformations": [ { "id": "joinByField", "options": { "byField": "Time", "mode": "outer" } }, { "id": "formatTime", "options": { "outputFormat": "MM/YYYY", "timeField": "Time", "timezone": "browser", "useTimezone": true } } ], "type": "barchart" }, { "datasource": { "type": "datasource", "uid": "-- Mixed --" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "created" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "closed" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 13, "w": 24, "x": 0, "y": 23 }, "hideTimeOverride": false, "id": 4, "interval": "1w", "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "alias": "created", "bucketAggs": [ { "field": "created_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "${DS_ES_- TICKETS BY CREATED_AT}" }, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "A", "timeField": "created_at" }, { "alias": "closed", "bucketAggs": [ { "field": "close_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "${DS_ES_- TICKETS BY CLOSED_AT}" }, "hide": false, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "B", "timeField": "close_at" } ], "timeFrom": "now-1y", "title": "Created vs Closed by week", "transformations": [ { "id": "joinByField", "options": { "byField": "Time", "mode": "outer" } }, { "id": "formatTime", "options": { "outputFormat": "ww/YY", "timeField": "Time", "timezone": "browser", "useTimezone": true } } ], "type": "barchart" } ], "refresh": "", "schemaVersion": 39, "tags": [], "templating": { "list": [] }, "time": { "from": "now-7d", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Created vs Closed Tickets", "uid": "f299f37a-5824-454a-8bca-99f44d9f1e00", "version": 5, "weekStart": "" } "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "created" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "closed" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 10, "w": 24, "x": 0, "y": 0 }, "hideTimeOverride": false, "id": 2, "interval": "1d", "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "alias": "created", "bucketAggs": [ { "field": "created_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "f1e430b6-eda8-4e2a-8c0e-95fbaa811f85" }, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "A", "timeField": "created_at" }, { "alias": "closed", "bucketAggs": [ { "field": "close_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "d6bacb05-9337-47bb-9a55-16bee9077e04" }, "hide": false, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "B", "timeField": "close_at" } ], "timeFrom": "now-14d", "title": "Created vs Closed by day", "transformations": [ { "id": "joinByField", "options": { "byField": "Time", "mode": "outer" } }, { "id": "formatTime", "options": { "outputFormat": "DD.MM.YY", "timeField": "Time", "timezone": "browser", "useTimezone": true } } ], "type": "barchart" }, { "datasource": { "type": "datasource", "uid": "-- Mixed --" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "created" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "closed" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 13, "w": 24, "x": 0, "y": 10 }, "hideTimeOverride": false, "id": 3, "interval": "1M", "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "alias": "created", "bucketAggs": [ { "field": "created_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "f1e430b6-eda8-4e2a-8c0e-95fbaa811f85" }, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "A", "timeField": "created_at" }, { "alias": "closed", "bucketAggs": [ { "field": "close_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "d6bacb05-9337-47bb-9a55-16bee9077e04" }, "hide": false, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "B", "timeField": "close_at" } ], "timeFrom": "now-1y", "title": "Created vs Closed by month", "transformations": [ { "id": "joinByField", "options": { "byField": "Time", "mode": "outer" } }, { "id": "formatTime", "options": { "outputFormat": "MM/YYYY", "timeField": "Time", "timezone": "browser", "useTimezone": true } } ], "type": "barchart" }, { "datasource": { "type": "datasource", "uid": "-- Mixed --" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "created" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "closed" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 13, "w": 24, "x": 0, "y": 23 }, "hideTimeOverride": false, "id": 4, "interval": "1w", "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "alias": "created", "bucketAggs": [ { "field": "created_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "f1e430b6-eda8-4e2a-8c0e-95fbaa811f85" }, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "A", "timeField": "created_at" }, { "alias": "closed", "bucketAggs": [ { "field": "close_at", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "d6bacb05-9337-47bb-9a55-16bee9077e04" }, "hide": false, "metrics": [ { "id": "1", "type": "count" } ], "query": "", "refId": "B", "timeField": "close_at" } ], "timeFrom": "now-1y", "title": "Created vs Closed by week", "transformations": [ { "id": "joinByField", "options": { "byField": "Time", "mode": "outer" } }, { "id": "formatTime", "options": { "outputFormat": "ww/YY", "timeField": "Time", "timezone": "browser", "useTimezone": true } } ], "type": "barchart" } ], "refresh": "", "schemaVersion": 39, "tags": [], "templating": { "list": [] }, "time": { "from": "now-7d", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Created vs Closed Tickets", "uid": "f299f37a-5824-454a-8bca-99f44d9f1e00", "version": 5, "weekStart": "" }

1	{
2	"__inputs": [
3	{
4	"name": "DS_ES_- TICKETS BY CREATED_AT",
5	"label": "ES - Tickets by created_at",
6	"description": "",
7	"type": "datasource",
8	"pluginId": "elasticsearch",
9	"pluginName": "Elasticsearch"
10	},
11	{
12	"name": "DS_ES_- TICKETS BY CLOSED_AT",
13	"label": "ES - Tickets by closed_at",
14	"description": "",
15	"type": "datasource",
16	"pluginId": "elasticsearch",
17	"pluginName": "Elasticsearch"
18	}
19	],
20	"__elements": {},
21	"__requires": [
22	{
23	"type": "panel",
24	"id": "barchart",
25	"name": "Bar chart",
26	"version": ""
27	},
28	{
29	"type": "datasource",
30	"id": "elasticsearch",
31	"name": "Elasticsearch",
32	"version": "1.0.0"
33	},
34	{
35	"type": "grafana",
36	"id": "grafana",
37	"name": "Grafana",
38	"version": "10.3.1"
39	}
40	],
41	"annotations": {
42	"list": [
43	{
44	"builtIn": 1,
45	"datasource": {
46	"type": "grafana",
47	"uid": "-- Grafana --"
48	},
49	"enable": true,
50	"hide": true,
51	"iconColor": "rgba(0, 211, 255, 1)",
52	"name": "Annotations & Alerts",
53	"type": "dashboard"
54	}
55	]
56	},
57	"description": "Sample dashboard with different panels to visualize opened and closed tickets on different time ranges.\n\nAs per\nhttps://gist.not-enough.coffee/MrGeneration/a38ae45faad5438a8e2d2ba07122f1c9\n\nvia YouTube\nhttps://www.youtube.com/@that_helpdesk_guy",
58	"editable": true,
59	"fiscalYearStartMonth": 0,
60	"graphTooltip": 0,
61	"id": null,
62	"links": [],
63	"liveNow": false,
64	"panels": [
65	{
66	"datasource": {
67	"type": "datasource",
68	"uid": "-- Mixed --"
69	},
70	"fieldConfig": {
71	"defaults": {
72	"color": {
73	"mode": "palette-classic"
74	},
75	"custom": {
76	"axisBorderShow": false,
77	"axisCenteredZero": false,
78	"axisColorMode": "text",
79	"axisLabel": "",
80	"axisPlacement": "auto",
81	"fillOpacity": 80,
82	"gradientMode": "hue",
83	"hideFrom": {
84	"legend": false,
85	"tooltip": false,
86	"viz": false
87	},
88	"lineWidth": 1,
89	"scaleDistribution": {
90	"type": "linear"
91	},
92	"thresholdsStyle": {
93	"mode": "off"
94	}
95	},
96	"mappings": [],
97	"thresholds": {
98	"mode": "absolute",
99	"steps": [
100	{
101	"color": "green",
102	"value": null
103	},
104	{
105	"color": "red",
106	"value": 80
107	}
108	]
109	},
110	"unitScale": true
111	},
112	"overrides": [
113	{
114	"matcher": {
115	"id": "byName",
116	"options": "created"
117	},
118	"properties": [
119	{
120	"id": "color",
121	"value": {
122	"fixedColor": "semi-dark-red",
123	"mode": "fixed"
124	}
125	}
126	]
127	},
128	{
129	"matcher": {
130	"id": "byName",
131	"options": "closed"
132	},
133	"properties": [
134	{
135	"id": "color",
136	"value": {
137	"fixedColor": "semi-dark-green",
138	"mode": "fixed"
139	}
140	}
141	]
142	}
143	]
144	},
145	"gridPos": {
146	"h": 10,
147	"w": 24,
148	"x": 0,
149	"y": 0
150	},
151	"hideTimeOverride": false,
152	"id": 2,
153	"interval": "1d",
154	"options": {
155	"barRadius": 0,
156	"barWidth": 0.97,
157	"fullHighlight": false,
158	"groupWidth": 0.7,
159	"legend": {
160	"calcs": [],
161	"displayMode": "list",
162	"placement": "bottom",
163	"showLegend": true
164	},
165	"orientation": "auto",
166	"showValue": "auto",
167	"stacking": "none",
168	"tooltip": {
169	"mode": "single",
170	"sort": "none"
171	},
172	"xTickLabelRotation": 0,
173	"xTickLabelSpacing": 0
174	},
175	"targets": [
176	{
177	"alias": "created",
178	"bucketAggs": [
179	{
180	"field": "created_at",
181	"id": "2",
182	"settings": {
183	"interval": "auto"
184	},
185	"type": "date_histogram"
186	}
187	],
188	"datasource": {
189	"type": "elasticsearch",
190	"uid": "${DS_ES_- TICKETS BY CREATED_AT}"
191	},
192	"metrics": [
193	{
194	"id": "1",
195	"type": "count"
196	}
197	],
198	"query": "",
199	"refId": "A",
200	"timeField": "created_at"
201	},
202	{
203	"alias": "closed",
204	"bucketAggs": [
205	{
206	"field": "close_at",
207	"id": "2",
208	"settings": {
209	"interval": "auto"
210	},
211	"type": "date_histogram"
212	}
213	],
214	"datasource": {
215	"type": "elasticsearch",
216	"uid": "${DS_ES_- TICKETS BY CLOSED_AT}"
217	},
218	"hide": false,
219	"metrics": [
220	{
221	"id": "1",
222	"type": "count"
223	}
224	],
225	"query": "",
226	"refId": "B",
227	"timeField": "close_at"
228	}
229	],
230	"timeFrom": "now-14d",
231	"title": "Created vs Closed by day",
232	"transformations": [
233	{
234	"id": "joinByField",
235	"options": {
236	"byField": "Time",
237	"mode": "outer"
238	}
239	},
240	{
241	"id": "formatTime",
242	"options": {
243	"outputFormat": "DD.MM.YY",
244	"timeField": "Time",
245	"timezone": "browser",
246	"useTimezone": true
247	}
248	}
249	],
250	"type": "barchart"
251	},
252	{
253	"datasource": {
254	"type": "datasource",
255	"uid": "-- Mixed --"
256	},
257	"fieldConfig": {
258	"defaults": {
259	"color": {
260	"mode": "palette-classic"
261	},
262	"custom": {
263	"axisBorderShow": false,
264	"axisCenteredZero": false,
265	"axisColorMode": "text",
266	"axisLabel": "",
267	"axisPlacement": "auto",
268	"fillOpacity": 80,
269	"gradientMode": "hue",
270	"hideFrom": {
271	"legend": false,
272	"tooltip": false,
273	"viz": false
274	},
275	"lineWidth": 1,
276	"scaleDistribution": {
277	"type": "linear"
278	},
279	"thresholdsStyle": {
280	"mode": "off"
281	}
282	},
283	"mappings": [],
284	"thresholds": {
285	"mode": "absolute",
286	"steps": [
287	{
288	"color": "green",
289	"value": null
290	},
291	{
292	"color": "red",
293	"value": 80
294	}
295	]
296	},
297	"unitScale": true
298	},
299	"overrides": [
300	{
301	"matcher": {
302	"id": "byName",
303	"options": "created"
304	},
305	"properties": [
306	{
307	"id": "color",
308	"value": {
309	"fixedColor": "semi-dark-red",
310	"mode": "fixed"
311	}
312	}
313	]
314	},
315	{
316	"matcher": {
317	"id": "byName",
318	"options": "closed"
319	},
320	"properties": [
321	{
322	"id": "color",
323	"value": {
324	"fixedColor": "semi-dark-green",
325	"mode": "fixed"
326	}
327	}
328	]
329	}
330	]
331	},
332	"gridPos": {
333	"h": 13,
334	"w": 24,
335	"x": 0,
336	"y": 10
337	},
338	"hideTimeOverride": false,
339	"id": 3,
340	"interval": "1M",
341	"options": {
342	"barRadius": 0,
343	"barWidth": 0.97,
344	"fullHighlight": false,
345	"groupWidth": 0.7,
346	"legend": {
347	"calcs": [],
348	"displayMode": "list",
349	"placement": "bottom",
350	"showLegend": true
351	},
352	"orientation": "auto",
353	"showValue": "auto",
354	"stacking": "none",
355	"tooltip": {
356	"mode": "single",
357	"sort": "none"
358	},
359	"xTickLabelRotation": 0,
360	"xTickLabelSpacing": 0
361	},
362	"targets": [
363	{
364	"alias": "created",
365	"bucketAggs": [
366	{
367	"field": "created_at",
368	"id": "2",
369	"settings": {
370	"interval": "auto"
371	},
372	"type": "date_histogram"
373	}
374	],
375	"datasource": {
376	"type": "elasticsearch",
377	"uid": "${DS_ES_- TICKETS BY CREATED_AT}"
378	},
379	"metrics": [
380	{
381	"id": "1",
382	"type": "count"
383	}
384	],
385	"query": "",
386	"refId": "A",
387	"timeField": "created_at"
388	},
389	{
390	"alias": "closed",
391	"bucketAggs": [
392	{
393	"field": "close_at",
394	"id": "2",
395	"settings": {
396	"interval": "auto"
397	},
398	"type": "date_histogram"
399	}
400	],
401	"datasource": {
402	"type": "elasticsearch",
403	"uid": "${DS_ES_- TICKETS BY CLOSED_AT}"
404	},
405	"hide": false,
406	"metrics": [
407	{
408	"id": "1",
409	"type": "count"
410	}
411	],
412	"query": "",
413	"refId": "B",
414	"timeField": "close_at"
415	}
416	],
417	"timeFrom": "now-1y",
418	"title": "Created vs Closed by month",
419	"transformations": [
420	{
421	"id": "joinByField",
422	"options": {
423	"byField": "Time",
424	"mode": "outer"
425	}
426	},
427	{
428	"id": "formatTime",
429	"options": {
430	"outputFormat": "MM/YYYY",
431	"timeField": "Time",
432	"timezone": "browser",
433	"useTimezone": true
434	}
435	}
436	],
437	"type": "barchart"
438	},
439	{
440	"datasource": {
441	"type": "datasource",
442	"uid": "-- Mixed --"
443	},
444	"fieldConfig": {
445	"defaults": {
446	"color": {
447	"mode": "palette-classic"
448	},
449	"custom": {
450	"axisBorderShow": false,
451	"axisCenteredZero": false,
452	"axisColorMode": "text",
453	"axisLabel": "",
454	"axisPlacement": "auto",
455	"fillOpacity": 80,
456	"gradientMode": "hue",
457	"hideFrom": {
458	"legend": false,
459	"tooltip": false,
460	"viz": false
461	},
462	"lineWidth": 1,
463	"scaleDistribution": {
464	"type": "linear"
465	},
466	"thresholdsStyle": {
467	"mode": "off"
468	}
469	},
470	"mappings": [],
471	"thresholds": {
472	"mode": "absolute",
473	"steps": [
474	{
475	"color": "green",
476	"value": null
477	},
478	{
479	"color": "red",
480	"value": 80
481	}
482	]
483	},
484	"unitScale": true
485	},
486	"overrides": [
487	{
488	"matcher": {
489	"id": "byName",
490	"options": "created"
491	},
492	"properties": [
493	{
494	"id": "color",
495	"value": {
496	"fixedColor": "semi-dark-red",
497	"mode": "fixed"
498	}
499	}
500	]
501	},
502	{
503	"matcher": {
504	"id": "byName",
505	"options": "closed"
506	},
507	"properties": [
508	{
509	"id": "color",
510	"value": {
511	"fixedColor": "semi-dark-green",
512	"mode": "fixed"
513	}
514	}
515	]
516	}
517	]
518	},
519	"gridPos": {
520	"h": 13,
521	"w": 24,
522	"x": 0,
523	"y": 23
524	},
525	"hideTimeOverride": false,
526	"id": 4,
527	"interval": "1w",
528	"options": {
529	"barRadius": 0,
530	"barWidth": 0.97,
531	"fullHighlight": false,
532	"groupWidth": 0.7,
533	"legend": {
534	"calcs": [],
535	"displayMode": "list",
536	"placement": "bottom",
537	"showLegend": true
538	},
539	"orientation": "auto",
540	"showValue": "auto",
541	"stacking": "none",
542	"tooltip": {
543	"mode": "single",
544	"sort": "none"
545	},
546	"xTickLabelRotation": 0,
547	"xTickLabelSpacing": 0
548	},
549	"targets": [
550	{
551	"alias": "created",
552	"bucketAggs": [
553	{
554	"field": "created_at",
555	"id": "2",
556	"settings": {
557	"interval": "auto"
558	},
559	"type": "date_histogram"
560	}
561	],
562	"datasource": {
563	"type": "elasticsearch",
564	"uid": "${DS_ES_- TICKETS BY CREATED_AT}"
565	},
566	"metrics": [
567	{
568	"id": "1",
569	"type": "count"
570	}
571	],
572	"query": "",
573	"refId": "A",
574	"timeField": "created_at"
575	},
576	{
577	"alias": "closed",
578	"bucketAggs": [
579	{
580	"field": "close_at",
581	"id": "2",
582	"settings": {
583	"interval": "auto"
584	},
585	"type": "date_histogram"
586	}
587	],
588	"datasource": {
589	"type": "elasticsearch",
590	"uid": "${DS_ES_- TICKETS BY CLOSED_AT}"
591	},
592	"hide": false,
593	"metrics": [
594	{
595	"id": "1",
596	"type": "count"
597	}
598	],
599	"query": "",
600	"refId": "B",
601	"timeField": "close_at"
602	}
603	],
604	"timeFrom": "now-1y",
605	"title": "Created vs Closed by week",
606	"transformations": [
607	{
608	"id": "joinByField",
609	"options": {
610	"byField": "Time",
611	"mode": "outer"
612	}
613	},
614	{
615	"id": "formatTime",
616	"options": {
617	"outputFormat": "ww/YY",
618	"timeField": "Time",
619	"timezone": "browser",
620	"useTimezone": true
621	}
622	}
623	],
624	"type": "barchart"
625	}
626	],
627	"refresh": "",
628	"schemaVersion": 39,
629	"tags": [],
630	"templating": {
631	"list": []
632	},
633	"time": {
634	"from": "now-7d",
635	"to": "now"
636	},
637	"timepicker": {},
638	"timezone": "",
639	"title": "Created vs Closed Tickets",
640	"uid": "f299f37a-5824-454a-8bca-99f44d9f1e00",
641	"version": 5,
642	"weekStart": ""
643	} "axisBorderShow": false,
644	"axisCenteredZero": false,
645	"axisColorMode": "text",
646	"axisLabel": "",
647	"axisPlacement": "auto",
648	"fillOpacity": 80,
649	"gradientMode": "hue",
650	"hideFrom": {
651	"legend": false,
652	"tooltip": false,
653	"viz": false
654	},
655	"lineWidth": 1,
656	"scaleDistribution": {
657	"type": "linear"
658	},
659	"thresholdsStyle": {
660	"mode": "off"
661	}
662	},
663	"mappings": [],
664	"thresholds": {
665	"mode": "absolute",
666	"steps": [
667	{
668	"color": "green",
669	"value": null
670	},
671	{
672	"color": "red",
673	"value": 80
674	}
675	]
676	},
677	"unitScale": true
678	},
679	"overrides": [
680	{
681	"matcher": {
682	"id": "byName",
683	"options": "created"
684	},
685	"properties": [
686	{
687	"id": "color",
688	"value": {
689	"fixedColor": "semi-dark-red",
690	"mode": "fixed"
691	}
692	}
693	]
694	},
695	{
696	"matcher": {
697	"id": "byName",
698	"options": "closed"
699	},
700	"properties": [
701	{
702	"id": "color",
703	"value": {
704	"fixedColor": "semi-dark-green",
705	"mode": "fixed"
706	}
707	}
708	]
709	}
710	]
711	},
712	"gridPos": {
713	"h": 10,
714	"w": 24,
715	"x": 0,
716	"y": 0
717	},
718	"hideTimeOverride": false,
719	"id": 2,
720	"interval": "1d",
721	"options": {
722	"barRadius": 0,
723	"barWidth": 0.97,
724	"fullHighlight": false,
725	"groupWidth": 0.7,
726	"legend": {
727	"calcs": [],
728	"displayMode": "list",
729	"placement": "bottom",
730	"showLegend": true
731	},
732	"orientation": "auto",
733	"showValue": "auto",
734	"stacking": "none",
735	"tooltip": {
736	"mode": "single",
737	"sort": "none"
738	},
739	"xTickLabelRotation": 0,
740	"xTickLabelSpacing": 0
741	},
742	"targets": [
743	{
744	"alias": "created",
745	"bucketAggs": [
746	{
747	"field": "created_at",
748	"id": "2",
749	"settings": {
750	"interval": "auto"
751	},
752	"type": "date_histogram"
753	}
754	],
755	"datasource": {
756	"type": "elasticsearch",
757	"uid": "f1e430b6-eda8-4e2a-8c0e-95fbaa811f85"
758	},
759	"metrics": [
760	{
761	"id": "1",
762	"type": "count"
763	}
764	],
765	"query": "",
766	"refId": "A",
767	"timeField": "created_at"
768	},
769	{
770	"alias": "closed",
771	"bucketAggs": [
772	{
773	"field": "close_at",
774	"id": "2",
775	"settings": {
776	"interval": "auto"
777	},
778	"type": "date_histogram"
779	}
780	],
781	"datasource": {
782	"type": "elasticsearch",
783	"uid": "d6bacb05-9337-47bb-9a55-16bee9077e04"
784	},
785	"hide": false,
786	"metrics": [
787	{
788	"id": "1",
789	"type": "count"
790	}
791	],
792	"query": "",
793	"refId": "B",
794	"timeField": "close_at"
795	}
796	],
797	"timeFrom": "now-14d",
798	"title": "Created vs Closed by day",
799	"transformations": [
800	{
801	"id": "joinByField",
802	"options": {
803	"byField": "Time",
804	"mode": "outer"
805	}
806	},
807	{
808	"id": "formatTime",
809	"options": {
810	"outputFormat": "DD.MM.YY",
811	"timeField": "Time",
812	"timezone": "browser",
813	"useTimezone": true
814	}
815	}
816	],
817	"type": "barchart"
818	},
819	{
820	"datasource": {
821	"type": "datasource",
822	"uid": "-- Mixed --"
823	},
824	"fieldConfig": {
825	"defaults": {
826	"color": {
827	"mode": "palette-classic"
828	},
829	"custom": {
830	"axisBorderShow": false,
831	"axisCenteredZero": false,
832	"axisColorMode": "text",
833	"axisLabel": "",
834	"axisPlacement": "auto",
835	"fillOpacity": 80,
836	"gradientMode": "hue",
837	"hideFrom": {
838	"legend": false,
839	"tooltip": false,
840	"viz": false
841	},
842	"lineWidth": 1,
843	"scaleDistribution": {
844	"type": "linear"
845	},
846	"thresholdsStyle": {
847	"mode": "off"
848	}
849	},
850	"mappings": [],
851	"thresholds": {
852	"mode": "absolute",
853	"steps": [
854	{
855	"color": "green",
856	"value": null
857	},
858	{
859	"color": "red",
860	"value": 80
861	}
862	]
863	},
864	"unitScale": true
865	},
866	"overrides": [
867	{
868	"matcher": {
869	"id": "byName",
870	"options": "created"
871	},
872	"properties": [
873	{
874	"id": "color",
875	"value": {
876	"fixedColor": "semi-dark-red",
877	"mode": "fixed"
878	}
879	}
880	]
881	},
882	{
883	"matcher": {
884	"id": "byName",
885	"options": "closed"
886	},
887	"properties": [
888	{
889	"id": "color",
890	"value": {
891	"fixedColor": "semi-dark-green",
892	"mode": "fixed"
893	}
894	}
895	]
896	}
897	]
898	},
899	"gridPos": {
900	"h": 13,
901	"w": 24,
902	"x": 0,
903	"y": 10
904	},
905	"hideTimeOverride": false,
906	"id": 3,
907	"interval": "1M",
908	"options": {
909	"barRadius": 0,
910	"barWidth": 0.97,
911	"fullHighlight": false,
912	"groupWidth": 0.7,
913	"legend": {
914	"calcs": [],
915	"displayMode": "list",
916	"placement": "bottom",
917	"showLegend": true
918	},
919	"orientation": "auto",
920	"showValue": "auto",
921	"stacking": "none",
922	"tooltip": {
923	"mode": "single",
924	"sort": "none"
925	},
926	"xTickLabelRotation": 0,
927	"xTickLabelSpacing": 0
928	},
929	"targets": [
930	{
931	"alias": "created",
932	"bucketAggs": [
933	{
934	"field": "created_at",
935	"id": "2",
936	"settings": {
937	"interval": "auto"
938	},
939	"type": "date_histogram"
940	}
941	],
942	"datasource": {
943	"type": "elasticsearch",
944	"uid": "f1e430b6-eda8-4e2a-8c0e-95fbaa811f85"
945	},
946	"metrics": [
947	{
948	"id": "1",
949	"type": "count"
950	}
951	],
952	"query": "",
953	"refId": "A",
954	"timeField": "created_at"
955	},
956	{
957	"alias": "closed",
958	"bucketAggs": [
959	{
960	"field": "close_at",
961	"id": "2",
962	"settings": {
963	"interval": "auto"
964	},
965	"type": "date_histogram"
966	}
967	],
968	"datasource": {
969	"type": "elasticsearch",
970	"uid": "d6bacb05-9337-47bb-9a55-16bee9077e04"
971	},
972	"hide": false,
973	"metrics": [
974	{
975	"id": "1",
976	"type": "count"
977	}
978	],
979	"query": "",
980	"refId": "B",
981	"timeField": "close_at"
982	}
983	],
984	"timeFrom": "now-1y",
985	"title": "Created vs Closed by month",
986	"transformations": [
987	{
988	"id": "joinByField",
989	"options": {
990	"byField": "Time",
991	"mode": "outer"
992	}
993	},
994	{
995	"id": "formatTime",
996	"options": {
997	"outputFormat": "MM/YYYY",
998	"timeField": "Time",
999	"timezone": "browser",
1000	"useTimezone": true
1001	}
1002	}
1003	],
1004	"type": "barchart"
1005	},
1006	{
1007	"datasource": {
1008	"type": "datasource",
1009	"uid": "-- Mixed --"
1010	},
1011	"fieldConfig": {
1012	"defaults": {
1013	"color": {
1014	"mode": "palette-classic"
1015	},
1016	"custom": {
1017	"axisBorderShow": false,
1018	"axisCenteredZero": false,
1019	"axisColorMode": "text",
1020	"axisLabel": "",
1021	"axisPlacement": "auto",
1022	"fillOpacity": 80,
1023	"gradientMode": "hue",
1024	"hideFrom": {
1025	"legend": false,
1026	"tooltip": false,
1027	"viz": false
1028	},
1029	"lineWidth": 1,
1030	"scaleDistribution": {
1031	"type": "linear"
1032	},
1033	"thresholdsStyle": {
1034	"mode": "off"
1035	}
1036	},
1037	"mappings": [],
1038	"thresholds": {
1039	"mode": "absolute",
1040	"steps": [
1041	{
1042	"color": "green",
1043	"value": null
1044	},
1045	{
1046	"color": "red",
1047	"value": 80
1048	}
1049	]
1050	},
1051	"unitScale": true
1052	},
1053	"overrides": [
1054	{
1055	"matcher": {
1056	"id": "byName",
1057	"options": "created"
1058	},
1059	"properties": [
1060	{
1061	"id": "color",
1062	"value": {
1063	"fixedColor": "semi-dark-red",
1064	"mode": "fixed"
1065	}
1066	}
1067	]
1068	},
1069	{
1070	"matcher": {
1071	"id": "byName",
1072	"options": "closed"
1073	},
1074	"properties": [
1075	{
1076	"id": "color",
1077	"value": {
1078	"fixedColor": "semi-dark-green",
1079	"mode": "fixed"
1080	}
1081	}
1082	]
1083	}
1084	]
1085	},
1086	"gridPos": {
1087	"h": 13,
1088	"w": 24,
1089	"x": 0,
1090	"y": 23
1091	},
1092	"hideTimeOverride": false,
1093	"id": 4,
1094	"interval": "1w",
1095	"options": {
1096	"barRadius": 0,
1097	"barWidth": 0.97,
1098	"fullHighlight": false,
1099	"groupWidth": 0.7,
1100	"legend": {
1101	"calcs": [],
1102	"displayMode": "list",
1103	"placement": "bottom",
1104	"showLegend": true
1105	},
1106	"orientation": "auto",
1107	"showValue": "auto",
1108	"stacking": "none",
1109	"tooltip": {
1110	"mode": "single",
1111	"sort": "none"
1112	},
1113	"xTickLabelRotation": 0,
1114	"xTickLabelSpacing": 0
1115	},
1116	"targets": [
1117	{
1118	"alias": "created",
1119	"bucketAggs": [
1120	{
1121	"field": "created_at",
1122	"id": "2",
1123	"settings": {
1124	"interval": "auto"
1125	},
1126	"type": "date_histogram"
1127	}
1128	],
1129	"datasource": {
1130	"type": "elasticsearch",
1131	"uid": "f1e430b6-eda8-4e2a-8c0e-95fbaa811f85"
1132	},
1133	"metrics": [
1134	{
1135	"id": "1",
1136	"type": "count"
1137	}
1138	],
1139	"query": "",
1140	"refId": "A",
1141	"timeField": "created_at"
1142	},
1143	{
1144	"alias": "closed",
1145	"bucketAggs": [
1146	{
1147	"field": "close_at",
1148	"id": "2",
1149	"settings": {
1150	"interval": "auto"
1151	},
1152	"type": "date_histogram"
1153	}
1154	],
1155	"datasource": {
1156	"type": "elasticsearch",
1157	"uid": "d6bacb05-9337-47bb-9a55-16bee9077e04"
1158	},
1159	"hide": false,
1160	"metrics": [
1161	{
1162	"id": "1",
1163	"type": "count"
1164	}
1165	],
1166	"query": "",
1167	"refId": "B",
1168	"timeField": "close_at"
1169	}
1170	],
1171	"timeFrom": "now-1y",
1172	"title": "Created vs Closed by week",
1173	"transformations": [
1174	{
1175	"id": "joinByField",
1176	"options": {
1177	"byField": "Time",
1178	"mode": "outer"
1179	}
1180	},
1181	{
1182	"id": "formatTime",
1183	"options": {
1184	"outputFormat": "ww/YY",
1185	"timeField": "Time",
1186	"timezone": "browser",
1187	"useTimezone": true
1188	}
1189	}
1190	],
1191	"type": "barchart"
1192	}
1193	],
1194	"refresh": "",
1195	"schemaVersion": 39,
1196	"tags": [],
1197	"templating": {
1198	"list": []
1199	},
1200	"time": {
1201	"from": "now-7d",
1202	"to": "now"
1203	},
1204	"timepicker": {},
1205	"timezone": "",
1206	"title": "Created vs Closed Tickets",
1207	"uid": "f299f37a-5824-454a-8bca-99f44d9f1e00",
1208	"version": 5,
1209	"weekStart": ""
1210	}

grafana.ini · 82 KiB · INI Raw

##################### Grafana Configuration Example ##################### # # Everything has defaults so you only need to uncomment things you want to # change # possible values : production, development ;app_mode = production # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty ;instance_name = FQDN # force migration will run migrations that might cause dataloss # Deprecated, use clean_upgrade option in [unified_alerting.upgrade] instead. ;force_migration = false #################################### Paths #################################### [paths] # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) ;data = /var/lib/grafana # Temporary files in `data` directory older than given duration will be removed ;temp_data_lifetime = 24h # Directory where grafana can store logs ;logs = /var/log/grafana # Directory where grafana will automatically scan and look for plugins ;plugins = /var/lib/grafana/plugins # folder that contains provisioning config files that grafana will apply on startup and while running. ;provisioning = conf/provisioning #################################### Server #################################### [server] # Protocol (http, https, h2, socket) ;protocol = http # This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken ;min_tls_version = "" # The ip address to bind to, empty will bind to all interfaces http_addr = 127.0.0.1 # The http port to use http_port = 3001 # The public facing domain name used to access grafana from a browser ;domain = FQDN # Redirect to correct domain if host header does not match domain # Prevents DNS rebinding attacks enforce_domain = true # The full public facing url you use in browser, used for redirects and emails # If you use reverse proxy and sub path specify full url (with sub path) root_url = %(protocol)s://%(domain)s/ # Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons. ;serve_from_sub_path = false # Log web requests ;router_logging = false # the path relative working path ;static_root_path = public # enable gzip ;enable_gzip = false # https certs & key file ;cert_file = ;cert_key = # Unix socket gid # Changing the gid of a file without privileges requires that the target group is in the group of the process and that the process is the file owner # It is recommended to set the gid as http server user gid # Not set when the value is -1 ;socket_gid = # Unix socket mode ;socket_mode = # Unix socket path ;socket = # CDN Url ;cdn_url = # Sets the maximum time using a duration format (5s/5m/5ms) before timing out read of an incoming request and closing idle connections. # `0` means there is no timeout for reading the request. ;read_timeout = 0 # This setting enables you to specify additional headers that the server adds to HTTP(S) responses. [server.custom_response_headers] #exampleHeader1 = exampleValue1 #exampleHeader2 = exampleValue2 #################################### GRPC Server ######################### ;[grpc_server] ;network = "tcp" ;address = "127.0.0.1:10000" ;use_tls = false ;cert_file = ;key_file = #################################### Database #################################### [database] # You can configure the database connection by specifying type, host, name, user and password # as separate properties or as on string using the url properties. # Either "mysql", "postgres" or "sqlite3", it's your choice ;type = sqlite3 ;host = 127.0.0.1:3306 ;name = grafana ;user = root # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" ;password = # Use either URL or the previous fields to configure the database # Example: mysql://user:secret@host:port/database ;url = # For "postgres", use either "disable", "require" or "verify-full" # For "mysql", use either "true", "false", or "skip-verify". ;ssl_mode = disable # For "postregs", use either "1" to enable or "0" to disable SNI ;ssl_sni = # Database drivers may support different transaction isolation levels. # Currently, only "mysql" driver supports isolation levels. # If the value is empty - driver's default isolation level is applied. # For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE". ;isolation_level = ;ca_cert_path = ;client_key_path = ;client_cert_path = ;server_cert_name = # For "sqlite3" only, path relative to data_path setting ;path = grafana.db # Max idle conn setting default is 2 ;max_idle_conn = 2 # Max conn setting default is 0 (mean not set) ;max_open_conn = # Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) ;conn_max_lifetime = 14400 # Set to true to log the sql calls and execution times. ;log_queries = # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared) ;cache_mode = private # For "sqlite3" only. Enable/disable Write-Ahead Logging, https://sqlite.org/wal.html. Default is false. ;wal = false # For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0. ;locking_attempt_timeout_sec = 0 # For "sqlite" only. How many times to retry query in case of database is locked failures. Default is 0 (disabled). ;query_retries = 0 # For "sqlite" only. How many times to retry transaction in case of database is locked failures. Default is 5. ;transaction_retries = 5 # Set to true to add metrics and tracing for database queries. ;instrument_queries = false ################################### Data sources ######################### [datasources] # Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API. ;datasource_limit = 5000 #################################### Cache server ############################# [remote_cache] # Either "redis", "memcached" or "database" default is "database" ;type = database # cache connectionstring options # database: will use Grafana primary database. # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'. # memcache: 127.0.0.1:11211 ;connstr = # prefix prepended to all the keys in the remote cache ; prefix = # This enables encryption of values stored in the remote cache ;encryption = #################################### Data proxy ########################### [dataproxy] # This enables data proxy logging, default is false ;logging = false # How long the data proxy waits to read the headers of the response before timing out, default is 30 seconds. # This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set. ;timeout = 30 # How long the data proxy waits to establish a TCP connection before timing out, default is 10 seconds. ;dialTimeout = 10 # How many seconds the data proxy waits before sending a keepalive probe request. ;keep_alive_seconds = 30 # How many seconds the data proxy waits for a successful TLS Handshake before timing out. ;tls_handshake_timeout_seconds = 10 # How many seconds the data proxy will wait for a server's first response headers after # fully writing the request headers if the request has an "Expect: 100-continue" # header. A value of 0 will result in the body being sent immediately, without # waiting for the server to approve. ;expect_continue_timeout_seconds = 1 # Optionally limits the total number of connections per host, including connections in the dialing, # active, and idle states. On limit violation, dials will block. # A value of zero (0) means no limit. ;max_conns_per_host = 0 # The maximum number of idle connections that Grafana will keep alive. ;max_idle_connections = 100 # How many seconds the data proxy keeps an idle connection open before timing out. ;idle_conn_timeout_seconds = 90 # If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false. ;send_user_header = false # Limit the amount of bytes that will be read/accepted from responses of outgoing HTTP requests. ;response_limit = 0 # Limits the number of rows that Grafana will process from SQL data sources. ;row_limit = 1000000 # Sets a custom value for the `User-Agent` header for outgoing data proxy requests. If empty, the default value is `Grafana/<BuildVersion>` (for example `Grafana/9.0.0`). ;user_agent = #################################### Analytics #################################### [analytics] # Server reporting, sends usage counters to stats.grafana.org every 24 hours. # No ip addresses are being tracked, only simple counters to track # running instances, dashboard and error counts. It is very helpful to us. # Change this option to false to disable reporting. ;reporting_enabled = true # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs ;reporting_distributor = grafana-labs # Set to false to disable all checks to https://grafana.com # for new versions of grafana. The check is used # in some UI views to notify that a grafana update exists. # This option does not cause any auto updates, nor send any information # only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version. ;check_for_updates = true # Set to false to disable all checks to https://grafana.com # for new versions of plugins. The check is used # in some UI views to notify that a plugin update exists. # This option does not cause any auto updates, nor send any information # only a GET request to https://grafana.com to get the latest versions. ;check_for_plugin_updates = true # Google Analytics universal tracking code, only enabled if you specify an id here ;google_analytics_ua_id = # Google Analytics 4 tracking code, only enabled if you specify an id here ;google_analytics_4_id = # When Google Analytics 4 Enhanced event measurement is enabled, we will try to avoid sending duplicate events and let Google Analytics 4 detect navigation changes, etc. ;google_analytics_4_send_manual_page_views = false # Google Tag Manager ID, only enabled if you specify an id here ;google_tag_manager_id = # Rudderstack write key, enabled only if rudderstack_data_plane_url is also set ;rudderstack_write_key = # Rudderstack data plane url, enabled only if rudderstack_write_key is also set ;rudderstack_data_plane_url = # Rudderstack SDK url, optional, only valid if rudderstack_write_key and rudderstack_data_plane_url is also set ;rudderstack_sdk_url = # Rudderstack Config url, optional, used by Rudderstack SDK to fetch source config ;rudderstack_config_url = # Rudderstack Integrations URL, optional. Only valid if you pass the SDK version 1.1 or higher ;rudderstack_integrations_url = # Intercom secret, optional, used to hash user_id before passing to Intercom via Rudderstack ;intercom_secret = # Controls if the UI contains any links to user feedback forms ;feedback_links_enabled = true #################################### Security #################################### [security] # disable creation of admin user on first start of grafana ;disable_initial_admin_creation = false # default admin user, created on startup ;admin_user = admin # default admin password, can be changed before first start of grafana, or in profile settings ;admin_password = admin # default admin email, created on startup ;admin_email = admin@localhost # used for signing ;secret_key = SW2YcwTIb9zpOOhoPsMm # current key provider used for envelope encryption, default to static value specified by secret_key ;encryption_provider = secretKey.v1 # list of configured key providers, space separated (Enterprise only): e.g., awskms.v1 azurekv.v1 ;available_encryption_providers = # disable gravatar profile images ;disable_gravatar = false # data source proxy whitelist (ip_or_domain:port separated by spaces) ;data_source_proxy_whitelist = # disable protection against brute force login attempts ;disable_brute_force_login_protection = false # set to true if you host Grafana behind HTTPS. default is false. cookie_secure = true # set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled" cookie_samesite = strict # set to true if you want to allow browsers to render Grafana in a <frame>, <iframe>, <embed> or <object>. default is false. ;allow_embedding = false # Set to true if you want to enable http strict transport security (HSTS) response header. # HSTS tells browsers that the site should only be accessed using HTTPS. ;strict_transport_security = false # Sets how long a browser should cache HSTS. Only applied if strict_transport_security is enabled. ;strict_transport_security_max_age_seconds = 86400 # Set to true if to enable HSTS preloading option. Only applied if strict_transport_security is enabled. ;strict_transport_security_preload = false # Set to true if to enable the HSTS includeSubDomains option. Only applied if strict_transport_security is enabled. ;strict_transport_security_subdomains = false # Set to true to enable the X-Content-Type-Options response header. # The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised # in the Content-Type headers should not be changed and be followed. ;x_content_type_options = true # Set to true to enable the X-XSS-Protection header, which tells browsers to stop pages from loading # when they detect reflected cross-site scripting (XSS) attacks. ;x_xss_protection = true # Enable adding the Content-Security-Policy header to your requests. # CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks. content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. ;content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" # Enable adding the Content-Security-Policy-Report-Only header to your requests. # Allows you to monitor the effects of a policy without enforcing it. ;content_security_policy_report_only = false # Set Content Security Policy Report Only template used when adding the Content-Security-Policy-Report-Only header to your requests. # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. ;content_security_policy_report_only_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" # Controls if old angular plugins are supported or not. This will be disabled by default in future release ;angular_support_enabled = true # List of additional allowed URLs to pass by the CSRF check, separated by spaces. Suggested when authentication comes from an IdP. ;csrf_trusted_origins = example.com # List of allowed headers to be set by the user, separated by spaces. Suggested to use for if authentication lives behind reverse proxies. ;csrf_additional_headers = # The CSRF check will be executed even if the request has no login cookie. ;csrf_always_check = false # Comma-separated list of plugins ids that won't be loaded inside the frontend sandbox ;disable_frontend_sandbox_for_plugins = [security.encryption] # Defines the time-to-live (TTL) for decrypted data encryption keys stored in memory (cache). # Please note that small values may cause performance issues due to a high frequency decryption operations. ;data_keys_cache_ttl = 15m # Defines the frequency of data encryption keys cache cleanup interval. # On every interval, decrypted data encryption keys that reached the TTL are removed from the cache. ;data_keys_cache_cleanup_interval = 1m #################################### Snapshots ########################### [snapshots] # set to false to remove snapshot functionality ;enabled = true # snapshot sharing options ;external_enabled = true ;external_snapshot_url = https://snapshots.raintank.io ;external_snapshot_name = Publish to snapshots.raintank.io # Set to true to enable this Grafana instance act as an external snapshot server and allow unauthenticated requests for # creating and deleting snapshots. ;public_mode = false # remove expired snapshot ;snapshot_remove_expired = true #################################### Dashboards History ################## [dashboards] # Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1 ;versions_to_keep = 20 # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;min_refresh_interval = 5s # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" ;default_home_dashboard_path = #################################### Users ############################### [users] # disable user signup / registration allow_sign_up = false # Allow non admin users to create organizations ;allow_org_create = true # Set to true to automatically assign new users to the default organization (id 1) ;auto_assign_org = true # Set this value to automatically add new users to the provided organization (if auto_assign_org above is set to true) ;auto_assign_org_id = 1 # Default role new users will be automatically assigned ;auto_assign_org_role = Viewer # Require email validation before sign up completes ;verify_email_enabled = false # Background text for the user field on the login page ;login_hint = email or username ;password_hint = password # Default UI theme ("dark" or "light") ;default_theme = dark # Default UI language (supported IETF language tag, such as en-US) ;default_language = en-US # Path to a custom home page. Users are only redirected to this if the default home dashboard is used. It should match a frontend route and contain a leading slash. ;home_page = # External user management, these options affect the organization users view ;external_manage_link_url = ;external_manage_link_name = ;external_manage_info = # Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard. ;viewers_can_edit = false # Editors can administrate dashboard, folders and teams they create ;editors_can_admin = false # The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 24h (24 hours). The minimum supported duration is 15m (15 minutes). ;user_invite_max_lifetime_duration = 24h # Enter a comma-separated list of users login to hide them in the Grafana UI. These users are shown to Grafana admins and themselves. ; hidden_users = [secretscan] # Enable secretscan feature ;enabled = false # Interval to check for token leaks ;interval = 5m # base URL of the grafana token leak check service ;base_url = https://secret-scanning.grafana.net # URL to send outgoing webhooks to in case of detection ;oncall_url = # Whether to revoke the token if a leak is detected or just send a notification ;revoke = true [service_accounts] # Service account maximum expiration date in days. # When set, Grafana will not allow the creation of tokens with expiry greater than this setting. ; token_expiration_day_limit = [auth] # Login cookie name ;login_cookie_name = grafana_session # Disable usage of Grafana build-in login solution. ;disable_login = false # The maximum lifetime (duration) an authenticated user can be inactive before being required to login at next visit. Default is 7 days (7d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). The lifetime resets at each successful token rotation. ;login_maximum_inactive_lifetime_duration = # The maximum lifetime (duration) an authenticated user can be logged in since login time before being required to login. Default is 30 days (30d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). ;login_maximum_lifetime_duration = # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes. ;token_rotation_interval_minutes = 10 # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false ;disable_login_form = false # Set to true to disable the sign out link in the side menu. Useful if you use auth.proxy or auth.jwt, defaults to false ;disable_signout_menu = false # URL to redirect the user to after sign out ;signout_redirect_url = # Set to true to attempt login with OAuth automatically, skipping the login screen. # This setting is ignored if multiple OAuth providers are configured. # Deprecated, use auto_login option for specific provider instead. ;oauth_auto_login = false # OAuth state max age cookie duration in seconds. Defaults to 600 seconds. ;oauth_state_cookie_max_age = 600 # Skip forced assignment of OrgID 1 or 'auto_assign_org_id' for social logins # Deprecated, use skip_org_role_sync option for specific provider instead. ;oauth_skip_org_role_update_sync = false # limit of api_key seconds to live before expiration ;api_key_max_seconds_to_live = -1 # Set to true to enable SigV4 authentication option for HTTP-based datasources. ;sigv4_auth_enabled = false # Set to true to enable verbose logging of SigV4 request signing ;sigv4_verbose_logging = false # Set to true to enable Azure authentication option for HTTP-based datasources. ;azure_auth_enabled = false # Set to skip the organization role from JWT login and use system's role assignment instead. ; skip_org_role_sync = false # Use email lookup in addition to the unique ID provided by the IdP ;oauth_allow_insecure_email_lookup = false # Set to true to include id of identity as a response header ;id_response_header_enabled = false # Prefix used for the id response header, X-Grafana-Identity-Id ;id_response_header_prefix = X-Grafana # List of identity namespaces to add id response headers for, separated by space. # Available namespaces are user, api-key and service-account. # The header value will encode the namespace ("user:<id>", "api-key:<id>", "service-account:<id>") ;id_response_header_namespaces = user api-key service-account #################################### Anonymous Auth ###################### [auth.anonymous] # enable anonymous access ;enabled = false # specify organization name that should be used for unauthenticated users ;org_name = Main Org. # specify role for unauthenticated users ;org_role = Viewer # mask the Grafana version number for unauthenticated users hide_version = true #################################### GitHub Auth ########################## [auth.github] ;name = GitHub ;icon = github ;enabled = false allow_sign_up = false ;auto_login = false ;client_id = some_id ;client_secret = some_secret ;scopes = user:email,read:org ;auth_url = https://github.com/login/oauth/authorize ;token_url = https://github.com/login/oauth/access_token ;api_url = https://api.github.com/user ;signout_redirect_url = ;allowed_domains = ;team_ids = ;allowed_organizations = ;role_attribute_path = ;role_attribute_strict = false ;allow_assign_grafana_admin = false ;skip_org_role_sync = false #################################### GitLab Auth ######################### [auth.gitlab] ;name = GitLab ;icon = gitlab ;enabled = false allow_sign_up = false ;auto_login = false ;client_id = some_id ;client_secret = some_secret ;scopes = openid email profile ;auth_url = https://gitlab.com/oauth/authorize ;token_url = https://gitlab.com/oauth/token ;api_url = https://gitlab.com/api/v4 ;signout_redirect_url = ;allowed_domains = ;allowed_groups = ;role_attribute_path = ;role_attribute_strict = false ;allow_assign_grafana_admin = false ;skip_org_role_sync = false ;tls_skip_verify_insecure = false ;tls_client_cert = ;tls_client_key = ;tls_client_ca = ;use_pkce = true #################################### Google Auth ########################## [auth.google] ;name = Google ;icon = google ;enabled = false allow_sign_up = false ;auto_login = false ;client_id = some_client_id ;client_secret = some_client_secret ;scopes = openid email profile ;auth_url = https://accounts.google.com/o/oauth2/v2/auth ;token_url = https://oauth2.googleapis.com/token ;api_url = https://openidconnect.googleapis.com/v1/userinfo ;signout_redirect_url = ;allowed_domains = ;validate_hd = ;hosted_domain = ;allowed_groups = ;role_attribute_path = ;role_attribute_strict = false ;allow_assign_grafana_admin = false ;skip_org_role_sync = false ;use_pkce = true #################################### Grafana.com Auth #################### [auth.grafana_com] ;name = Grafana.com ;icon = grafana ;enabled = false allow_sign_up = false ;auto_login = false ;client_id = some_id ;client_secret = some_secret ;scopes = user:email ;allowed_organizations = ;skip_org_role_sync = false #################################### Azure AD OAuth ####################### [auth.azuread] ;name = Microsoft ;icon = microsoft ;enabled = false allow_sign_up = false ;auto_login = false ;client_id = some_client_id ;client_secret = some_client_secret ;scopes = openid email profile ;auth_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize ;token_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token ;signout_redirect_url = ;allowed_domains = ;allowed_groups = ;allowed_organizations = ;role_attribute_strict = false ;allow_assign_grafana_admin = false ;use_pkce = true # prevent synchronizing users organization roles ;skip_org_role_sync = false #################################### Okta OAuth ####################### [auth.okta] ;name = Okta ;enabled = false allow_sign_up = false ;auto_login = false ;client_id = some_id ;client_secret = some_secret ;scopes = openid profile email groups ;auth_url = https://<tenant-id>.okta.com/oauth2/v1/authorize ;token_url = https://<tenant-id>.okta.com/oauth2/v1/token ;api_url = https://<tenant-id>.okta.com/oauth2/v1/userinfo ;signout_redirect_url = ;allowed_domains = ;allowed_groups = ;role_attribute_path = ;role_attribute_strict = false ;allow_assign_grafana_admin = false ;skip_org_role_sync = false ;use_pkce = true #################################### Generic OAuth ########################## [auth.generic_oauth] ;enabled = false ;name = OAuth allow_sign_up = false ;auto_login = false ;client_id = some_id ;client_secret = some_secret ;scopes = user:email,read:org ;empty_scopes = false ;email_attribute_name = email:primary ;email_attribute_path = ;login_attribute_path = ;name_attribute_path = ;id_token_attribute_name = ;auth_url = https://foo.bar/login/oauth/authorize ;token_url = https://foo.bar/login/oauth/access_token ;api_url = https://foo.bar/user ;signout_redirect_url = ;teams_url = ;allowed_domains = ;team_ids = ;allowed_organizations = ;role_attribute_path = ;role_attribute_strict = false ;groups_attribute_path = ;team_ids_attribute_path = ;tls_skip_verify_insecure = false ;tls_client_cert = ;tls_client_key = ;tls_client_ca = ;use_pkce = false ;auth_style = ;allow_assign_grafana_admin = false #################################### Basic Auth ########################## [auth.basic] ;enabled = true ;password_policy = false #################################### Auth Proxy ########################## [auth.proxy] ;enabled = false ;header_name = X-WEBAUTH-USER ;header_property = username ;auto_sign_up = true ;sync_ttl = 60 ;whitelist = 192.168.1.1, 192.168.2.1 ;headers = Email:X-User-Email, Name:X-User-Name # Non-ASCII strings in header values are encoded using quoted-printable encoding ;headers_encoded = false # Read the auth proxy docs for details on what the setting below enables ;enable_login_token = false #################################### Auth JWT ########################## [auth.jwt] ;enabled = true ;header_name = X-JWT-Assertion ;email_claim = sub ;username_claim = sub ;jwk_set_url = https://foo.bar/.well-known/jwks.json ;jwk_set_file = /path/to/jwks.json ;cache_ttl = 60m ;expect_claims = {"aud": ["foo", "bar"]} ;key_file = /path/to/key/file # Use in conjunction with key_file in case the JWT token's header specifies a key ID in "kid" field ;key_id = some-key-id ;role_attribute_path = ;groups_attribute_path = ;role_attribute_strict = false ;auto_sign_up = false ;url_login = false ;allow_assign_grafana_admin = false #################################### Auth LDAP ########################## [auth.ldap] ;enabled = false ;config_file = /etc/grafana/ldap.toml allow_sign_up = false # prevent synchronizing ldap users organization roles ;skip_org_role_sync = false # LDAP background sync (Enterprise only) # At 1 am every day ;sync_cron = "0 1 * * *" ;active_sync_enabled = true #################################### AWS ########################### [aws] # Enter a comma-separated list of allowed AWS authentication providers. # Options are: default (AWS SDK Default), keys (Access && secret key), credentials (Credentials field), ec2_iam_role (EC2 IAM Role) ; allowed_auth_providers = default,keys,credentials # Allow AWS users to assume a role using temporary security credentials. # If true, assume role will be enabled for all AWS authentication providers that are specified in aws_auth_providers ; assume_role_enabled = true # Specify max no of pages to be returned by the ListMetricPages API ; list_metrics_page_limit = 500 # Experimental, for use in Grafana Cloud only. Please do not set. ; external_id = # Sets the expiry duration of an assumed role. # This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month). ; session_duration = "15m" # Set the plugins that will receive AWS settings for each request (via plugin context) # By default this will include all Grafana Labs owned AWS plugins, or those that make use of AWS settings (ElasticSearch, Prometheus). ; forward_settings_to_plugins = cloudwatch, grafana-athena-datasource, grafana-redshift-datasource, grafana-x-ray-datasource, grafana-timestream-datasource, grafana-iot-sitewise-datasource, grafana-iot-twinmaker-app, grafana-opensearch-datasource, aws-datasource-provisioner, elasticsearch, prometheus #################################### Azure ############################### [azure] # Azure cloud environment where Grafana is hosted # Possible values are AzureCloud, AzureChinaCloud, AzureUSGovernment and AzureGermanCloud # Default value is AzureCloud (i.e. public cloud) ;cloud = AzureCloud # Specifies whether Grafana hosted in Azure service with Managed Identity configured (e.g. Azure Virtual Machines instance) # If enabled, the managed identity can be used for authentication of Grafana in Azure services # Disabled by default, needs to be explicitly enabled ;managed_identity_enabled = false # Client ID to use for user-assigned managed identity # Should be set for user-assigned identity and should be empty for system-assigned identity ;managed_identity_client_id = # Specifies whether Azure AD Workload Identity authentication should be enabled in datasources that support it # For more documentation on Azure AD Workload Identity, review this documentation: # https://azure.github.io/azure-workload-identity/docs/ # Disabled by default, needs to be explicitly enabled ;workload_identity_enabled = false # Tenant ID of the Azure AD Workload Identity # Allows to override default tenant ID of the Azure AD identity associated with the Kubernetes service account ;workload_identity_tenant_id = # Client ID of the Azure AD Workload Identity # Allows to override default client ID of the Azure AD identity associated with the Kubernetes service account ;workload_identity_client_id = # Custom path to token file for the Azure AD Workload Identity # Allows to set a custom path to the projected service account token file ;workload_identity_token_file = # Specifies whether user identity authentication (on behalf of currently signed-in user) should be enabled in datasources # that support it (requires AAD authentication) # Disabled by default, needs to be explicitly enabled ;user_identity_enabled = false # Override token URL for Azure Active Directory # By default is the same as token URL configured for AAD authentication settings ;user_identity_token_url = # Override ADD application ID which would be used to exchange users token to an access token for the datasource # By default is the same as used in AAD authentication or can be set to another application (for OBO flow) ;user_identity_client_id = # Override the AAD application client secret # By default is the same as used in AAD authentication or can be set to another application (for OBO flow) ;user_identity_client_secret = # Set the plugins that will receive Azure settings for each request (via plugin context) # By default this will include all Grafana Labs owned Azure plugins, or those that make use of Azure settings (Azure Monitor, Azure Data Explorer, Prometheus, MSSQL). ;forward_settings_to_plugins = grafana-azure-monitor-datasource, prometheus, grafana-azure-data-explorer-datasource, mssql #################################### Role-based Access Control ########### [rbac] ;permission_cache = true # Reset basic roles permissions on boot # Warning left to true, basic roles permissions will be reset on every boot #reset_basic_roles = false # Validate permissions' action and scope on role creation and update ; permission_validation_enabled = true #################################### SMTP / Emailing ########################## [smtp] ;enabled = false ;host = localhost:25 ;user = # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" ;password = ;cert_file = ;key_file = ;skip_verify = false ;from_address = admin@grafana.localhost ;from_name = Grafana # EHLO identity in SMTP dialog (defaults to instance_name) ;ehlo_identity = dashboard.example.com # SMTP startTLS policy (defaults to 'OpportunisticStartTLS') ;startTLS_policy = NoStartTLS # Enable trace propagation in e-mail headers, using the 'traceparent', 'tracestate' and (optionally) 'baggage' fields (defaults to false) ;enable_tracing = false [smtp.static_headers] # Include custom static headers in all outgoing emails ;Foo-Header = bar ;Foo = bar [emails] ;welcome_email_on_sign_up = false ;templates_pattern = emails/*.html, emails/*.txt ;content_types = text/html #################################### Logging ########################## [log] # Either "console", "file", "syslog". Default is console and file # Use space to separate multiple modes, e.g. "console file" ;mode = console file # Either "debug", "info", "warn", "error", "critical", default is "info" ;level = info # optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug ;filters = # Set the default error message shown to users. This message is displayed instead of sensitive backend errors which should be obfuscated. Default is the same as the sample value. ;user_facing_default_error = "please inspect Grafana server log for details" # For "console" mode only [log.console] ;level = # log line format, valid options are text, console and json ;format = console # For "file" mode only [log.file] ;level = # log line format, valid options are text, console and json ;format = text # This enables automated log rotate(switch of following options), default is true ;log_rotate = true # Max line number of single file, default is 1000000 ;max_lines = 1000000 # Max size shift of single file, default is 28 means 1 << 28, 256MB ;max_size_shift = 28 # Segment log daily, default is true ;daily_rotate = true # Expired days of log file(delete after max days), default is 7 ;max_days = 7 [log.syslog] ;level = # log line format, valid options are text, console and json ;format = text # Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. ;network = ;address = # Syslog facility. user, daemon and local0 through local7 are valid. ;facility = # Syslog tag. By default, the process' argv[0] is used. ;tag = [log.frontend] # Should Faro javascript agent be initialized ;enabled = false # Custom HTTP endpoint to send events to. Default will log the events to stdout. ;custom_endpoint = /log-grafana-javascript-agent # Requests per second limit enforced an extended period, for Grafana backend log ingestion endpoint (/log). ;log_endpoint_requests_per_second_limit = 3 # Max requests accepted per short interval of time for Grafana backend log ingestion endpoint (/log). ;log_endpoint_burst_limit = 15 # Should error instrumentation be enabled, only affects Grafana Javascript Agent ;instrumentations_errors_enabled = true # Should console instrumentation be enabled, only affects Grafana Javascript Agent ;instrumentations_console_enabled = false # Should webvitals instrumentation be enabled, only affects Grafana Javascript Agent ;instrumentations_webvitals_enabled = false # Api Key, only applies to Grafana Javascript Agent provider ;api_key = testApiKey #################################### Usage Quotas ######################## [quota] ; enabled = false #### set quotas to -1 to make unlimited. #### # limit number of users per Org. ; org_user = 10 # limit number of dashboards per Org. ; org_dashboard = 100 # limit number of data_sources per Org. ; org_data_source = 10 # limit number of api_keys per Org. ; org_api_key = 10 # limit number of alerts per Org. ;org_alert_rule = 100 # limit number of orgs a user can create. ; user_org = 10 # Global limit of users. ; global_user = -1 # global limit of orgs. ; global_org = -1 # global limit of dashboards ; global_dashboard = -1 # global limit of api_keys ; global_api_key = -1 # global limit on number of logged in users. ; global_session = -1 # global limit of alerts ;global_alert_rule = -1 # global limit of correlations ; global_correlations = -1 # Limit of the number of alert rules per rule group. # This is not strictly enforced yet, but will be enforced over time. ;alerting_rule_group_rules = 100 #################################### Unified Alerting #################### [unified_alerting] #Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed.``` ;enabled = true # Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled. ;disabled_orgs = # Specify the frequency of polling for admin config changes. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;admin_config_poll_interval = 60s # Specify the frequency of polling for Alertmanager config changes. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;alertmanager_config_poll_interval = 60s # The redis server address that should be connected to. ;ha_redis_address = # The username that should be used to authenticate with the redis server. ;ha_redis_username = # The password that should be used to authenticate with the redis server. ;ha_redis_password = # The redis database, by default it's 0. ;ha_redis_db = # A prefix that is used for every key or channel that is created on the redis server # as part of HA for alerting. ;ha_redis_prefix = # The name of the cluster peer that will be used as identifier. If none is # provided, a random one will be generated. ;ha_redis_peer_name = # Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port. The default value is `0.0.0.0:9094`. ;ha_listen_address = "0.0.0.0:9094" # Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port. The default value is `0.0.0.0:9094`. ;ha_advertise_address = "" # Comma-separated list of initial instances (in a format of host:port) that will form the HA cluster. Configuring this setting will enable High Availability mode for alerting. ;ha_peers = "" # Time to wait for an instance to send a notification via the Alertmanager. In HA, each Grafana instance will # be assigned a position (e.g. 0, 1). We then multiply this position with the timeout to indicate how long should # each instance wait before sending the notification to take into account replication lag. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;ha_peer_timeout = "15s" # The label is an optional string to include on each packet and stream. # It uniquely identifies the cluster and prevents cross-communication # issues when sending gossip messages in an enviromenet with multiple clusters. ;ha_label = # The interval between sending gossip messages. By lowering this value (more frequent) gossip messages are propagated # across cluster more quickly at the expense of increased bandwidth usage. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;ha_gossip_interval = "200ms" # The interval between gossip full state syncs. Setting this interval lower (more frequent) will increase convergence speeds # across larger clusters at the expense of increased bandwidth usage. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;ha_push_pull_interval = "60s" # Enable or disable alerting rule execution. The alerting UI remains visible. This option has a legacy version in the `[alerting]` section that takes precedence. ;execute_alerts = true # Alert evaluation timeout when fetching data from the datasource. This option has a legacy version in the `[alerting]` section that takes precedence. # The timeout string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;evaluation_timeout = 30s # Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. The default value is 1. ;max_attempts = 1 # Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time. This option has a legacy version in the `[alerting]` section that takes precedence. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;min_interval = 10s # This is an experimental option to add parallelization to saving alert states in the database. # It configures the maximum number of concurrent queries per rule evaluated. The default value is 1 # (concurrent queries per rule disabled). ;max_state_save_concurrency = 1 # If the feature flag 'alertingSaveStatePeriodic' is enabled, this is the interval that is used to persist the alerting instances to the database. # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. ;state_periodic_save_interval = 5m # Disables the smoothing of alert evaluations across their evaluation window. # Rules will evaluate in sync. ;disable_jitter = false [unified_alerting.reserved_labels] # Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled. # For example: `disabled_labels=grafana_folder` ;disabled_labels = [unified_alerting.state_history] # Enable the state history functionality in Unified Alerting. The previous states of alert rules will be visible in panels and in the UI. ; enabled = true # Select which pluggable state history backend to use. Either "annotations", "loki", or "multiple" # "loki" writes state history to an external Loki instance. "multiple" allows history to be written to multiple backends at once. # Defaults to "annotations". ; backend = "multiple" # For "multiple" only. # Indicates the main backend used to serve state history queries. # Either "annotations" or "loki" ; primary = "loki" # For "multiple" only. # Comma-separated list of additional backends to write state history data to. ; secondaries = "annotations" # For "loki" only. # URL of the external Loki instance. # Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend. ; loki_remote_url = "http://loki:3100" # For "loki" only. # URL of the external Loki's read path. To be used in configurations where Loki has separated read and write URLs. # Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend. ; loki_remote_read_url = "http://loki-querier:3100" # For "loki" only. # URL of the external Loki's write path. To be used in configurations where Loki has separated read and write URLs. # Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend. ; loki_remote_write_url = "http://loki-distributor:3100" # For "loki" only. # Optional tenant ID to attach to requests sent to Loki. ; loki_tenant_id = 123 # For "loki" only. # Optional username for basic authentication on requests sent to Loki. Can be left blank to disable basic auth. ; loki_basic_auth_username = "myuser" # For "loki" only. # Optional password for basic authentication on requests sent to Loki. Can be left blank. ; loki_basic_auth_password = "mypass" [unified_alerting.state_history.external_labels] # Optional extra labels to attach to outbound state history records or log streams. # Any number of label key-value-pairs can be provided. ; mylabelkey = mylabelvalue [unified_alerting.upgrade] # If set to true when upgrading from legacy alerting to Unified Alerting, grafana will first delete all existing # Unified Alerting resources, thus re-upgrading all organizations from scratch. If false or unset, organizations that # have previously upgraded will not lose their existing Unified Alerting data when switching between legacy and # Unified Alerting. Should be kept false when not needed as it may cause unintended data-loss if left enabled. ;clean_upgrade = false #################################### Alerting ############################ [alerting] # Disable legacy alerting engine & UI features ;enabled = false # Makes it possible to turn off alert execution but alerting UI is visible ;execute_alerts = true # Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state) ;error_or_timeout = alerting # Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok) ;nodata_or_nullvalues = no_data # Alert notifications can include images, but rendering many images at the same time can overload the server # This limit will protect the server from render overloading and make sure notifications are sent out quickly ;concurrent_render_limit = 5 # Default setting for alert calculation timeout. Default value is 30 ;evaluation_timeout_seconds = 30 # Default setting for alert notification timeout. Default value is 30 ;notification_timeout_seconds = 30 # Default setting for max attempts to sending alert notifications. Default value is 3 ;max_attempts = 3 # Makes it possible to enforce a minimal interval between evaluations, to reduce load on the backend ;min_interval_seconds = 1 # Configures for how long alert annotations are stored. Default is 0, which keeps them forever. # This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month). ;max_annotation_age = # Configures max number of alert annotations that Grafana stores. Default value is 0, which keeps all alert annotations. ;max_annotations_to_keep = #################################### Annotations ######################### [annotations] # Configures the batch size for the annotation clean-up job. This setting is used for dashboard, API, and alert annotations. ;cleanupjob_batchsize = 100 # Enforces the maximum allowed length of the tags for any newly introduced annotations. It can be between 500 and 4096 inclusive (which is the respective's column length). Default value is 500. # Setting it to a higher value would impact performance therefore is not recommended. ;tags_length = 500 [annotations.dashboard] # Dashboard annotations means that annotations are associated with the dashboard they are created on. # Configures how long dashboard annotations are stored. Default is 0, which keeps them forever. # This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month). ;max_age = # Configures max number of dashboard annotations that Grafana stores. Default value is 0, which keeps all dashboard annotations. ;max_annotations_to_keep = [annotations.api] # API annotations means that the annotations have been created using the API without any # association with a dashboard. # Configures how long Grafana stores API annotations. Default is 0, which keeps them forever. # This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month). ;max_age = # Configures max number of API annotations that Grafana keeps. Default value is 0, which keeps all API annotations. ;max_annotations_to_keep = #################################### Explore ############################# [explore] # Enable the Explore section ;enabled = true #################################### Help ############################# [help] # Enable the Help section ;enabled = true #################################### Profile ############################# [profile] # Enable the Profile section ;enabled = true #################################### News ############################# [news] # Enable the news feed section ; news_feed_enabled = true #################################### Query ############################# [query] # Set the number of data source queries that can be executed concurrently in mixed queries. Default is the number of CPUs. ;concurrent_query_limit = #################################### Query History ############################# [query_history] # Enable the Query history ;enabled = true #################################### Internal Grafana Metrics ########################## # Metrics available at HTTP URL /metrics and /metrics/plugins/:pluginId [metrics] # Disable / Enable internal metrics ;enabled = true # Graphite Publish interval ;interval_seconds = 10 # Disable total stats (stat_totals_*) metrics to be generated ;disable_total_stats = false # The interval at which the total stats collector will update the stats. Default is 1800 seconds. ;total_stats_collector_interval_seconds = 1800 #If both are set, basic auth will be required for the metrics endpoints. ; basic_auth_username = ; basic_auth_password = # Metrics environment info adds dimensions to the `grafana_environment_info` metric, which # can expose more information about the Grafana instance. [metrics.environment_info] #exampleLabel1 = exampleValue1 #exampleLabel2 = exampleValue2 # Send internal metrics to Graphite [metrics.graphite] # Enable by setting the address setting (ex localhost:2003) ;address = ;prefix = prod.grafana.%(instance_name)s. #################################### Grafana.com integration ########################## # Url used to import dashboards directly from Grafana.com [grafana_com] ;url = https://grafana.com ;api_url = https://grafana.com/api #################################### Distributed tracing ############ # Opentracing is deprecated use opentelemetry instead [tracing.jaeger] # Enable by setting the address sending traces to jaeger (ex localhost:6831) ;address = localhost:6831 # Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2) ;always_included_tag = tag1:value1 # Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote ;sampler_type = const # jaeger samplerconfig param # for "const" sampler, 0 or 1 for always false/true respectively # for "probabilistic" sampler, a probability between 0 and 1 # for "rateLimiting" sampler, the number of spans per second # for "remote" sampler, param is the same as for "probabilistic" # and indicates the initial sampling rate before the actual one # is received from the mothership ;sampler_param = 1 # sampling_server_url is the URL of a sampling manager providing a sampling strategy. ;sampling_server_url = # Whether or not to use Zipkin propagation (x-b3- HTTP headers). ;zipkin_propagation = false # Setting this to true disables shared RPC spans. # Not disabling is the most common setting when using Zipkin elsewhere in your infrastructure. ;disable_shared_zipkin_spans = false [tracing.opentelemetry] # attributes that will always be included in when creating new spans. ex (key1:value1,key2:value2) ;custom_attributes = key1:value1,key2:value2 # Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote ; sampler_type = remote # Sampler configuration parameter # for "const" sampler, 0 or 1 for always false/true respectively # for "probabilistic" sampler, a probability between 0.0 and 1.0 # for "rateLimiting" sampler, the number of spans per second # for "remote" sampler, param is the same as for "probabilistic" # and indicates the initial sampling rate before the actual one # is received from the sampling server (set at sampling_server_url) ; sampler_param = 0.5 # specifies the URL of the sampling server when sampler_type is remote ; sampling_server_url = http://localhost:5778/sampling [tracing.opentelemetry.jaeger] # jaeger destination (ex http://localhost:14268/api/traces) ; address = http://localhost:14268/api/traces # Propagation specifies the text map propagation format: w3c, jaeger ; propagation = jaeger # This is a configuration for OTLP exporter with GRPC protocol [tracing.opentelemetry.otlp] # otlp destination (ex localhost:4317) ; address = localhost:4317 # Propagation specifies the text map propagation format: w3c, jaeger ; propagation = w3c #################################### External image storage ########################## [external_image_storage] # Used for uploading images to public servers so they can be included in slack/email messages. # you can choose between (s3, webdav, gcs, azure_blob, local) ;provider = [external_image_storage.s3] ;endpoint = ;path_style_access = ;bucket = ;region = ;path = ;access_key = ;secret_key = [external_image_storage.webdav] ;url = ;public_url = ;username = ;password = [external_image_storage.gcs] ;key_file = ;bucket = ;path = [external_image_storage.azure_blob] ;account_name = ;account_key = ;container_name = ;sas_token_expiration_days = [external_image_storage.local] # does not require any configuration [rendering] # Options to configure a remote HTTP image rendering service, e.g. using https://github.com/grafana/grafana-image-renderer. # URL to a remote HTTP image renderer service, e.g. http://localhost:8081/render, will enable Grafana to render panels and dashboards to PNG-images using HTTP requests to an external service. ;server_url = # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/. ;callback_url = # An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side. ;renderer_token = - # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server, # which this setting can help protect against by only allowing a certain amount of concurrent requests. ;concurrent_render_request_limit = 30 # Determines the lifetime of the render key used by the image renderer to access and render Grafana. # This setting should be expressed as a duration. Examples: 10s (seconds), 5m (minutes), 2h (hours). # Default is 5m. This should be more than enough for most deployments. # Change the value only if image rendering is failing and you see `Failed to get the render key from cache` in Grafana logs. ;render_key_lifetime = 5m [panels] # If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities. ;disable_sanitize_html = false [plugins] ;enable_alpha = false ;app_tls_skip_verify_insecure = false # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded. ;allow_loading_unsigned_plugins = # Enable or disable installing / uninstalling / updating plugins directly from within Grafana. ;plugin_admin_enabled = false ;plugin_admin_external_manage_enabled = false ;plugin_catalog_url = https://grafana.com/grafana/plugins/ # Enter a comma-separated list of plugin identifiers to hide in the plugin catalog. ;plugin_catalog_hidden_plugins = # Log all backend requests for core and external plugins. ;log_backend_requests = false # Disable download of the public key for verifying plugin signature. ; public_key_retrieval_disabled = false # Force download of the public key for verifying plugin signature on startup. If disabled, the public key will be retrieved every 10 days. # Requires public_key_retrieval_disabled to be false to have any effect. ; public_key_retrieval_on_startup = false # Enter a comma-separated list of plugin identifiers to avoid loading (including core plugins). These plugins will be hidden in the catalog. ; disable_plugins = #################################### Grafana Live ########################################## [live] # max_connections to Grafana Live WebSocket endpoint per Grafana server instance. See Grafana Live docs # if you are planning to make it higher than default 100 since this can require some OS and infrastructure # tuning. 0 disables Live, -1 means unlimited connections. ;max_connections = 100 # allowed_origins is a comma-separated list of origins that can establish connection with Grafana Live. # If not set then origin will be matched over root_url. Supports wildcard symbol "*". ;allowed_origins = # engine defines an HA (high availability) engine to use for Grafana Live. By default no engine used - in # this case Live features work only on a single Grafana server. Available options: "redis". # Setting ha_engine is an EXPERIMENTAL feature. ;ha_engine = # ha_engine_address sets a connection address for Live HA engine. Depending on engine type address format can differ. # For now we only support Redis connection address in "host:port" format. # This option is EXPERIMENTAL. ;ha_engine_address = "127.0.0.1:6379" # ha_engine_password allows setting an optional password to authenticate with the engine ;ha_engine_password = "" #################################### Grafana Image Renderer Plugin ########################## [plugin.grafana-image-renderer] # Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert. # See ICU’s metaZones.txt (https://cs.chromium.org/chromium/src/third_party/icu/source/data/misc/metaZones.txt) for a list of supported # timezone IDs. Fallbacks to TZ environment variable if not set. ;rendering_timezone = # Instruct headless browser instance to use a default language when not provided by Grafana, e.g. when rendering panel image of alert. # Please refer to the HTTP header Accept-Language to understand how to format this value, e.g. 'fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5'. ;rendering_language = # Instruct headless browser instance to use a default device scale factor when not provided by Grafana, e.g. when rendering panel image of alert. # Default is 1. Using a higher value will produce more detailed images (higher DPI), but will require more disk space to store an image. ;rendering_viewport_device_scale_factor = # Instruct headless browser instance whether to ignore HTTPS errors during navigation. Per default HTTPS errors are not ignored. Due to # the security risk it's not recommended to ignore HTTPS errors. ;rendering_ignore_https_errors = # Instruct headless browser instance whether to capture and log verbose information when rendering an image. Default is false and will # only capture and log error messages. When enabled, debug messages are captured and logged as well. # For the verbose information to be included in the Grafana server log you have to adjust the rendering log level to debug, configure # [log].filter = rendering:debug. ;rendering_verbose_logging = # Instruct headless browser instance whether to output its debug and error messages into running process of remote rendering service. # Default is false. This can be useful to enable (true) when troubleshooting. ;rendering_dumpio = # Additional arguments to pass to the headless browser instance. Default is --no-sandbox. The list of Chromium flags can be found # here (https://peter.sh/experiments/chromium-command-line-switches/). Multiple arguments is separated with comma-character. ;rendering_args = # You can configure the plugin to use a different browser binary instead of the pre-packaged version of Chromium. # Please note that this is not recommended, since you may encounter problems if the installed version of Chrome/Chromium is not # compatible with the plugin. ;rendering_chrome_bin = # Instruct how headless browser instances are created. Default is 'default' and will create a new browser instance on each request. # Mode 'clustered' will make sure that only a maximum of browsers/incognito pages can execute concurrently. # Mode 'reusable' will have one browser instance and will create a new incognito page on each request. ;rendering_mode = # When rendering_mode = clustered, you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser' # and will cluster using browser instances. # Mode 'context' will cluster using incognito pages. ;rendering_clustering_mode = # When rendering_mode = clustered, you can define the maximum number of browser instances/incognito pages that can execute concurrently. Default is '5'. ;rendering_clustering_max_concurrency = # When rendering_mode = clustered, you can specify the duration a rendering request can take before it will time out. Default is `30` seconds. ;rendering_clustering_timeout = # Limit the maximum viewport width, height and device scale factor that can be requested. ;rendering_viewport_max_width = ;rendering_viewport_max_height = ;rendering_viewport_max_device_scale_factor = # Change the listening host and port of the gRPC server. Default host is 127.0.0.1 and default port is 0 and will automatically assign # a port not in use. ;grpc_host = ;grpc_port = [support_bundles] # Enable support bundle creation (default: true) #enabled = true # Only server admins can generate and view support bundles (default: true) #server_admin_only = true # If set, bundles will be encrypted with the provided public keys separated by whitespace #public_keys = "" [enterprise] # Path to a valid Grafana Enterprise license.jwt file ;license_path = [feature_toggles] # there are currently two ways to enable feature toggles in the `grafana.ini`. # you can either pass an array of feature you want to enable to the `enable` field or # configure each toggle by setting the name of the toggle to true/false. Toggles set to true/false # will take presidence over toggles in the `enable` list. ;enable = feature1,feature2 ;feature1 = true ;feature2 = false [date_formats] # For information on what formatting patterns that are supported https://momentjs.com/docs/#/displaying/ # Default system date format used in time range picker and other places where full time is displayed ;full_date = YYYY-MM-DD HH:mm:ss # Used by graph and other places where we only show small intervals ;interval_second = HH:mm:ss ;interval_minute = HH:mm ;interval_hour = MM/DD HH:mm ;interval_day = MM/DD ;interval_month = YYYY-MM ;interval_year = YYYY # Experimental feature ;use_browser_locale = false # Default timezone for user preferences. Options are 'browser' for the browser local timezone or a timezone name from IANA Time Zone database, e.g. 'UTC' or 'Europe/Amsterdam' etc. ;default_timezone = browser [expressions] # Enable or disable the expressions functionality. ;enabled = true [geomap] # Set the JSON configuration for the default basemap ;default_baselayer_config = `{ ; "type": "xyz", ; "config": { ; "attribution": "Open street map", ; "url": "https://tile.openstreetmap.org/{z}/{x}/{y}.png" ; } ;}` # Enable or disable loading other base map layers ;enable_custom_baselayers = true # Move an app plugin referenced by its id (including all its pages) to a specific navigation section [navigation.app_sections] # The following will move an app plugin with the id of `my-app-id` under the `cfg` section # my-app-id = cfg # Move a specific app plugin page (referenced by its `path` field) to a specific navigation section [navigation.app_standalone_pages] # The following will move the page with the path "/a/my-app-id/my-page" from `my-app-id` to the `cfg` section # /a/my-app-id/my-page = cfg #################################### Secure Socks5 Datasource Proxy ##################################### [secure_socks_datasource_proxy] ; enabled = false ; root_ca_cert = ; client_key = ; client_cert = ; server_name = # The address of the socks5 proxy datasources should connect to ; proxy_address = ; show_ui = true ; allow_insecure = false ################################## Feature Management ############################################## [feature_management] # Options to configure the experimental Feature Toggle Admin Page feature, which is behind the `featureToggleAdminPage` feature toggle. Use at your own risk. # Allow editing of feature toggles in the feature management page ;allow_editing = false # Allow customization of URL for the controller that manages feature toggles ;update_webhook = # Allow configuring an auth token for feature management update requests ;update_webhook_token = # Hide specific feature toggles from the feature management page ;hidden_toggles = # Disable updating specific feature toggles in the feature management page ;read_only_toggles = #################################### Public Dashboards ##################################### [public_dashboards] # Set to false to disable public dashboards ;enabled = true # Enterprise only [white_labeling] # Set to your company name to override application title ;app_title = # Set to main title on the login page ;login_title = # Set to login subtitle ;login_subtitle = # Set to complete url to override login logo ;login_logo = # Set to complete css background expression to override login background # example: login_background = url(http://www.bhmpics.com/wallpapers/starfield-1920x1080.jpg) ;login_background = # Set to complete css background expression to override login box background ;login_box_background = # Set to complete url to override menu logo ;menu_logo = # Set to complete url to override fav icon (icon shown in browser tab) ;fav_icon = # Set to complete url to override apple/ios icon ;apple_touch_icon = # Set to complete url to override loading logo ;loading_logo = # Set to `true` to remove the Grafana edition from appearing in the footer ;hide_edition = # Below is an example for how to replace the default footer & help links with 2 custom links ;footer_links = support guides ;footer_links_support_text = Support ;footer_links_support_url = http://your.support.site ;footer_links_guides_text = Guides ;footer_links_guides_url = http://your.guides.site [white_labeling.public_dashboards] # Hides the footer for the public dashboards if set to `true` # example: footer_hide = true ;footer_hide = # Set to text shown in the footer ;footer_text = # Set to complete url to override public dashboard footer logo ;footer_logo = # Set to link for the footer ;footer_link = # Set to `true` to hide the Grafana logo next to the title ;header_logo_hide = [usage_insights.export] # Enable the usage insights export feature ; enabled = false # Storage type ; storage = loki [usage_insights.export.storage.loki] # Set the communication protocol to use with Loki (can be grpc or http) ; type = grpc # Set the address for writing logs to Loki (format must be host:port) ; url = localhost:9095 # Defaults to true. If true, it establishes a secure connection to Loki ; tls = true # Set the tenant id for Loki communications. Disabled by default. # Mandatory to interact with Loki running in multi-tenant mode. tenant_id = [reporting] # Enable/disable the reporting feature. If disabled, no reports will be generated ;enabled = true # Set timeout for each panel rendering request ;rendering_timeout = 10s # Set maximum number of concurrent calls to the rendering service ;concurrent_render_limit = 4 # Set the scale factor for rendering images. 2 is enough for monitor resolutions # 4 would be better for printed material. Setting a higher value affects performance and memory ;image_scale_factor = 2 # Set the maximum file size in megabytes for the CSV attachments ; max_attachment_size_mb = 10 # Path to the directory containing fonts ;fonts_path = # Name of the TrueType font file with Regular style ;font_regular = DejaVuSansCondensed.ttf # Name of the TrueType font file with Bold style ;font_bold = DejaVuSansCondensed-Bold.ttf # Name of the TrueType font file with Italic style ;font_italic = DejaVuSansCondensed-Oblique.ttf # Maximum number of rendering request retries before returning an error. 0 means disabling the retry feature. # This is available in public preview, this requires the 'reportingRetries' feature toggle. ;max_retries_per_panel = 2 [analytics] # Enable the analytics (also known as _usage analytics_) feature. When `false`, this option disables the writers that write to the Grafana database # and the associated features, such as dashboard and data source insights, presence indicators, and advanced dashboard search. ;enabled = true [analytics.summaries] # Set interval for writing dashboard usage stats buffer to database ;buffer_write_interval = 30s # Set timeout for writing dashboard usage stats buffer to database ;buffer_write_timeout = 3s # Set interval for trying to rollup per dashboard usage summary # only rolled up at most once per day ;rollup_interval = 4h # Set timeout for trying to rollup per dashboard usage summary ;rollup_timeout = 60s [analytics.views] # Set age for recent active users ;recent_users_age = 10m [auditing] # Enable the auditing feature ; enabled = false # List of enabled loggers ;loggers = file # Keep dashboard content in the logs (request or response fields); this can significantly increase the size of your logs. ;log_dashboard_content = false # Keep requests and responses body; this can significantly increase the size of your logs. ;verbose = false # Write an audit log for every status code. # By default it only logs the following ones: 2XX, 3XX, 401, 403 and 500. ;log_all_status_codes = false # Maximum response body (in bytes) to be audited; 500KiB by default. # May help reducing the memory footprint caused by auditing. ;max_response_size_bytes = 512000 [auditing.logs.file] # Path to logs folder ;path = data/log # Maximum log files to keep ;max_files = 5 # Max size in megabytes per log file ;max_file_size_mb = 256 [auditing.logs.loki] # Set the communication protocol to use with Loki (can be grpc or http) ;type = grpc # Set the address for writing logs to Loki (format must be host:port) ;url = localhost:9095 # Defaults to true. If true, it establishes a secure connection to Loki ;tls = true # Set the tenant id for Loki communications. Disabled by default. # Mandatory to interact with Loki running in multi-tenant mode. ;tenant_id = #################################### SAML Auth ########################### [auth.saml] # Defaults to false. If true, the feature is enabled. ;enabled = false # Enable SAML single logout ;single_logout = false # Defaults to true. Allow new Grafana users to be created through SAML login. allow_sign_up = false # Set to true to attempt login with SAML automatically, skipping the login screen. # This setting is ignored if multiple auth providers are configured to use auto login. ;auto_login = false # Base64-encoded public X.509 certificate. Used to sign requests to the IdP ;certificate = # Path to the public X.509 certificate. Used to sign requests to the IdP ;certificate_path = # Base64-encoded private key. Used to decrypt assertions from the IdP ;private_key = ;# Path to the private key. Used to decrypt assertions from the IdP ;private_key_path = # Signature algorithm using for signing requests to the IdP. Supported values are rsa-sha1, rsa-sha256, rsa-sha512. # If non-empty, authentication requests will be signed. Default is empty (requests not signed). ;signature_algorithm = # Base64-encoded IdP SAML metadata XML. Used to verify and obtain binding locations from the IdP ;idp_metadata = # Path to the SAML metadata XML. Used to verify and obtain binding locations from the IdP ;idp_metadata_path = # URL to fetch SAML IdP metadata. Used to verify and obtain binding locations from the IdP ;idp_metadata_url = # Duration, since the IdP issued a response and the SP is allowed to process it. Defaults to 90 seconds. ;max_issue_delay = 90s # Duration, for how long the SP's metadata should be valid. Defaults to 48 hours. ;metadata_valid_duration = 48h # Allow IdP-initiated SSO ;allow_idp_initiated = false # Relay state for IdP-initiated SSO. Should match relay state configured in IdP ;relay_state = # Friendly name or name of the attribute within the SAML assertion to use as the user's name ;assertion_attribute_name = displayName # Friendly name or name of the attribute within the SAML assertion to use as the user's login handle ;assertion_attribute_login = mail # Friendly name or name of the attribute within the SAML assertion to use as the user's email ;assertion_attribute_email = mail # Friendly name or name of the attribute within the SAML assertion to use as the user's groups ;assertion_attribute_groups = group # Friendly name or name of the attribute within the SAML assertion to use as the user's roles ;assertion_attribute_role = role # Friendly name or name of the attribute within the SAML assertion to use as the user's organization Id ;assertion_attribute_org = organizatio # List of comma- or space-separated organizations. User should be a member of at least one organization to log in. ;allowed_organizations = Engineering, Sales # List of comma- or space-separated Organization:OrgId:Role mappings. Organization can be `*` meaning "All users". Role is optional and can have the following values: `Viewer`, `Editor` or `Admin`. ;org_mapping = Engineering:2, Sales:3 # List of comma- or space-separated roles which will be mapped into the Editor role ;role_values_editor = editor, developer # List of comma- or space-separated roles which will be mapped into the Admin role ;role_values_admin = admin # List of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role ;role_values_grafana_admin = superadmin # Name identifier format to use with the IdP ;name_id_format = urn:oasis:names:tc:SAML:2.0:nameid-format:transient [keystore.vault] # Location of the Vault server ;url = # Vault's namespace if using Vault with multi-tenancy ;namespace = # Method for authenticating towards Vault. Vault is inactive if this option is not set # Possible values: token ;auth_method = # Secret token to connect to Vault when auth_method is token ;token = # Time between checking if there are any secrets which needs to be renewed. ;lease_renewal_interval = 5m # Time until expiration for tokens which are renewed. Should have a value higher the lease_renewal_interval ;lease_renewal_expires_within = 15m # New duration for renewed tokens. Vault may be configured to ignore this value and impose a stricter limit. ;lease_renewal_increment = 1h [auth.security] # Protected roles defines a set of user roles for which Grafana will not try to map users that have previously logged in # with one solution with another. Configuration values are separated by space, # possible values are = all editors viewers org_admins server_admins ;protected_roles = [security.egress] # Allow and deny lists can be used to control what hosts can be accessed based on what a user can configure through the ui. # This includes: # - datasource requests # - alerting channels # a list of hostnames or IP adresses separated by spaces for which outgoing requests will be blocked ;host_deny_list = # a list of hostnames or IP adresses separated by spaces for which requests will be allowed, all other requests will be blocked ;host_allow_list = # a list of headers that will be stripped from outgoing datasource and alerting requests ;header_drop_list = # a list of cookies that will be stripped from outgoing datasource requests ;cookie_drop_list = [security.encryption] # Encryption algorithm used to encrypt secrets stored into the database and cookies, # possible values are aes-cfb and aes-gcm. ;algorithm = aes-cfb # Example of AWS Key Management Service provider setup [security.encryption.awskms.v1] # Reference to KMS key - either key ID, key ARN, alias name or ARN. # Alias needs to be prefixed with "alias". # To specify a KMS key in a different AWS account, use the ARN or alias. # Examples of each type: # Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab # Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab # Alias name: alias/ExampleAlias # Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias ;key_id = # AWS access key ID ;access_key_id = # AWS secret access key ;secret_access_key = # AWS region (e.g., eu-north-1) ;region = # Example of Azure Key Vault provider setup [security.encryption.azurekv.v1] # Azure Application directory ID (tenant) ;tenant_id = # Azure Application application ID (client) ;client_id = # Azure Application client secret ;client_secret = # Azure Key Vault key name ;key_id = # Azure Key Vault uri ;vault_uri = # Example of Google Cloud KMS provider setup [security.encryption.googlekms.v1] # Google Cloud KMS key ID, see details https://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version ;key_id = # Path to service credentials JSON file, see details https://cloud.google.com/docs/authentication/getting-started ;credentials_file = # Example of Hashicorp Vault provider setup [security.encryption.hashicorpvault.v1] # Token used to authenticate within Vault. We suggest to use periodic tokens: more on token types https://www.vaultproject.io/docs/concepts/tokens#service-tokens ;token = # Location of the Vault server ;url = # Mount point of the transit secret engine ;transit_engine_path = # Key ring name ;key_ring = # Specifies how often to check if a token needs to be renewed, should be less than a token's TTL or period value ;token_renewal_interval = 5m # Caching is disabled on all data source by default # Visit the data source settings to enable caching [caching] # Setting 'enabled' to true enables query caching for data sources with configured caching. # To disable caching for a specific data source, refer to the data source’s configuration page. ; enabled = true # The caching backend to use when storing cached queries. Options: redis, memory ; backend = "memory" # The default TTL (time to live) if no other TTL is available. ; ttl = 5m # This value limits the size of a single cache value. If a cache value (or query result) is submitted that exceeds this size, then it will be rejected. # To disable this limit, set this value to zero. ; max_value_mb = 10 # Method to use when filtering headers for caches that supports caching headers. # Permitted options: allowlist, denylist. ; header_filtering = "allowlist" [caching.encryption] # Setting 'enabled' to true enables encryption of the values in the cache. ;enabled = true # The key used for the encryption of the values in the cache. If it is not specified and encryption is enabled, the key will be randomly # generated on startup. This must be specified to allow the encrypted cache to persist between Grafana restarts. If not specified, the cache # will be cleared upon restarts. ;encryption_key = "oH0aaomqRDyd7gkvZTKwsxVwlvFpyhko" [caching.memory] # When storing cache data, how often a background process will clean up stale data from the in-memory cache ; gc_interval = 1m # The maximum size of the in-memory cache in megabytes. Once this size is reached, new cache items will be rejected. For more flexible control over cache eviction policies and size, please use the Redis or Memcached backend # To disable the maximum, set this value to 0. WARNING: Disabling the maximum is not recommended in production environments. ; max_size_mb = 25 [caching.redis] # url should be a redis URL ; url = "redis://localhost:6379" # prefix redis keys with this string. Example: 'grafana:<key>'. This value can be left empty and no prefix will be set. ; prefix = "grafana" # a comma-separated list of Redis cluster members in host:port format # if cluster is specified, the value for url is ignored ; cluster = [caching.memcached] # A space-separated list of memcached servers ; servers = "localhost:11211" [feature_highlights] # Setting 'enabled' to true enables highlighting Enterprise features in UI. enabled = false # This sections is used to change default grants for rbac fixed roles. # To change the default grant for a role the key under this section # is the name of the role and the value is a list of grants for that role. # Keys with ":" is not supported so we need to substitue it with "_". [rbac.grants] # fixed_roles_reader = Viewer # To grant a role to Grafana admin we need to use json syntax # fixed_roles_writer = ["Grafana Admin"] content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' ;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws:// wss://;manifest-src 'self';media-src 'none';form-action 'self';frame-src: 'self'"""

1	##################### Grafana Configuration Example #####################
2	#
3	# Everything has defaults so you only need to uncomment things you want to
4	# change
5
6	# possible values : production, development
7	;app_mode = production
8
9	# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
10	;instance_name = FQDN
11
12	# force migration will run migrations that might cause dataloss
13	# Deprecated, use clean_upgrade option in [unified_alerting.upgrade] instead.
14	;force_migration = false
15
16	#################################### Paths ####################################
17	[paths]
18	# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
19	;data = /var/lib/grafana
20
21	# Temporary files in `data` directory older than given duration will be removed
22	;temp_data_lifetime = 24h
23
24	# Directory where grafana can store logs
25	;logs = /var/log/grafana
26
27	# Directory where grafana will automatically scan and look for plugins
28	;plugins = /var/lib/grafana/plugins
29
30	# folder that contains provisioning config files that grafana will apply on startup and while running.
31	;provisioning = conf/provisioning
32
33	#################################### Server ####################################
34	[server]
35	# Protocol (http, https, h2, socket)
36	;protocol = http
37
38	# This is the minimum TLS version allowed. By default, this value is empty. Accepted values are: TLS1.2, TLS1.3. If nothing is set TLS1.2 would be taken
39	;min_tls_version = ""
40
41	# The ip address to bind to, empty will bind to all interfaces
42	http_addr = 127.0.0.1
43
44	# The http port to use
45	http_port = 3001
46
47	# The public facing domain name used to access grafana from a browser
48	;domain = FQDN
49
50	# Redirect to correct domain if host header does not match domain
51	# Prevents DNS rebinding attacks
52	enforce_domain = true
53
54	# The full public facing url you use in browser, used for redirects and emails
55	# If you use reverse proxy and sub path specify full url (with sub path)
56	root_url = %(protocol)s://%(domain)s/
57
58	# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons.
59	;serve_from_sub_path = false
60
61	# Log web requests
62	;router_logging = false
63
64	# the path relative working path
65	;static_root_path = public
66
67	# enable gzip
68	;enable_gzip = false
69
70	# https certs & key file
71	;cert_file =
72	;cert_key =
73
74	# Unix socket gid
75	# Changing the gid of a file without privileges requires that the target group is in the group of the process and that the process is the file owner
76	# It is recommended to set the gid as http server user gid
77	# Not set when the value is -1
78	;socket_gid =
79
80	# Unix socket mode
81	;socket_mode =
82
83	# Unix socket path
84	;socket =
85
86	# CDN Url
87	;cdn_url =
88
89	# Sets the maximum time using a duration format (5s/5m/5ms) before timing out read of an incoming request and closing idle connections.
90	# `0` means there is no timeout for reading the request.
91	;read_timeout = 0
92
93	# This setting enables you to specify additional headers that the server adds to HTTP(S) responses.
94	[server.custom_response_headers]
95	#exampleHeader1 = exampleValue1
96	#exampleHeader2 = exampleValue2
97
98	#################################### GRPC Server #########################
99	;[grpc_server]
100	;network = "tcp"
101	;address = "127.0.0.1:10000"
102	;use_tls = false
103	;cert_file =
104	;key_file =
105
106	#################################### Database ####################################
107	[database]
108	# You can configure the database connection by specifying type, host, name, user and password
109	# as separate properties or as on string using the url properties.
110
111	# Either "mysql", "postgres" or "sqlite3", it's your choice
112	;type = sqlite3
113	;host = 127.0.0.1:3306
114	;name = grafana
115	;user = root
116	# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
117	;password =
118
119	# Use either URL or the previous fields to configure the database
120	# Example: mysql://user:secret@host:port/database
121	;url =
122
123	# For "postgres", use either "disable", "require" or "verify-full"
124	# For "mysql", use either "true", "false", or "skip-verify".
125	;ssl_mode = disable
126
127	# For "postregs", use either "1" to enable or "0" to disable SNI
128	;ssl_sni =
129
130	# Database drivers may support different transaction isolation levels.
131	# Currently, only "mysql" driver supports isolation levels.
132	# If the value is empty - driver's default isolation level is applied.
133	# For "mysql" use "READ-UNCOMMITTED", "READ-COMMITTED", "REPEATABLE-READ" or "SERIALIZABLE".
134	;isolation_level =
135
136	;ca_cert_path =
137	;client_key_path =
138	;client_cert_path =
139	;server_cert_name =
140
141	# For "sqlite3" only, path relative to data_path setting
142	;path = grafana.db
143
144	# Max idle conn setting default is 2
145	;max_idle_conn = 2
146
147	# Max conn setting default is 0 (mean not set)
148	;max_open_conn =
149
150	# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
151	;conn_max_lifetime = 14400
152
153	# Set to true to log the sql calls and execution times.
154	;log_queries =
155
156	# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
157	;cache_mode = private
158
159	# For "sqlite3" only. Enable/disable Write-Ahead Logging, https://sqlite.org/wal.html. Default is false.
160	;wal = false
161
162	# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
163	;locking_attempt_timeout_sec = 0
164
165	# For "sqlite" only. How many times to retry query in case of database is locked failures. Default is 0 (disabled).
166	;query_retries = 0
167
168	# For "sqlite" only. How many times to retry transaction in case of database is locked failures. Default is 5.
169	;transaction_retries = 5
170
171	# Set to true to add metrics and tracing for database queries.
172	;instrument_queries = false
173
174	################################### Data sources #########################
175	[datasources]
176	# Upper limit of data sources that Grafana will return. This limit is a temporary configuration and it will be deprecated when pagination will be introduced on the list data sources API.
177	;datasource_limit = 5000
178
179	#################################### Cache server #############################
180	[remote_cache]
181	# Either "redis", "memcached" or "database" default is "database"
182	;type = database
183
184	# cache connectionstring options
185	# database: will use Grafana primary database.
186	# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'.
187	# memcache: 127.0.0.1:11211
188	;connstr =
189
190	# prefix prepended to all the keys in the remote cache
191	; prefix =
192
193	# This enables encryption of values stored in the remote cache
194	;encryption =
195
196	#################################### Data proxy ###########################
197	[dataproxy]
198
199	# This enables data proxy logging, default is false
200	;logging = false
201
202	# How long the data proxy waits to read the headers of the response before timing out, default is 30 seconds.
203	# This setting also applies to core backend HTTP data sources where query requests use an HTTP client with timeout set.
204	;timeout = 30
205
206	# How long the data proxy waits to establish a TCP connection before timing out, default is 10 seconds.
207	;dialTimeout = 10
208
209	# How many seconds the data proxy waits before sending a keepalive probe request.
210	;keep_alive_seconds = 30
211
212	# How many seconds the data proxy waits for a successful TLS Handshake before timing out.
213	;tls_handshake_timeout_seconds = 10
214
215	# How many seconds the data proxy will wait for a server's first response headers after
216	# fully writing the request headers if the request has an "Expect: 100-continue"
217	# header. A value of 0 will result in the body being sent immediately, without
218	# waiting for the server to approve.
219	;expect_continue_timeout_seconds = 1
220
221	# Optionally limits the total number of connections per host, including connections in the dialing,
222	# active, and idle states. On limit violation, dials will block.
223	# A value of zero (0) means no limit.
224	;max_conns_per_host = 0
225
226	# The maximum number of idle connections that Grafana will keep alive.
227	;max_idle_connections = 100
228
229	# How many seconds the data proxy keeps an idle connection open before timing out.
230	;idle_conn_timeout_seconds = 90
231
232	# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
233	;send_user_header = false
234
235	# Limit the amount of bytes that will be read/accepted from responses of outgoing HTTP requests.
236	;response_limit = 0
237
238	# Limits the number of rows that Grafana will process from SQL data sources.
239	;row_limit = 1000000
240
241	# Sets a custom value for the `User-Agent` header for outgoing data proxy requests. If empty, the default value is `Grafana/<BuildVersion>` (for example `Grafana/9.0.0`).
242	;user_agent =
243
244	#################################### Analytics ####################################
245	[analytics]
246	# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
247	# No ip addresses are being tracked, only simple counters to track
248	# running instances, dashboard and error counts. It is very helpful to us.
249	# Change this option to false to disable reporting.
250	;reporting_enabled = true
251
252	# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
253	;reporting_distributor = grafana-labs
254
255	# Set to false to disable all checks to https://grafana.com
256	# for new versions of grafana. The check is used
257	# in some UI views to notify that a grafana update exists.
258	# This option does not cause any auto updates, nor send any information
259	# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version.
260	;check_for_updates = true
261
262	# Set to false to disable all checks to https://grafana.com
263	# for new versions of plugins. The check is used
264	# in some UI views to notify that a plugin update exists.
265	# This option does not cause any auto updates, nor send any information
266	# only a GET request to https://grafana.com to get the latest versions.
267	;check_for_plugin_updates = true
268
269	# Google Analytics universal tracking code, only enabled if you specify an id here
270	;google_analytics_ua_id =
271
272	# Google Analytics 4 tracking code, only enabled if you specify an id here
273	;google_analytics_4_id =
274
275	# When Google Analytics 4 Enhanced event measurement is enabled, we will try to avoid sending duplicate events and let Google Analytics 4 detect navigation changes, etc.
276	;google_analytics_4_send_manual_page_views = false
277
278	# Google Tag Manager ID, only enabled if you specify an id here
279	;google_tag_manager_id =
280
281	# Rudderstack write key, enabled only if rudderstack_data_plane_url is also set
282	;rudderstack_write_key =
283
284	# Rudderstack data plane url, enabled only if rudderstack_write_key is also set
285	;rudderstack_data_plane_url =
286
287	# Rudderstack SDK url, optional, only valid if rudderstack_write_key and rudderstack_data_plane_url is also set
288	;rudderstack_sdk_url =
289
290	# Rudderstack Config url, optional, used by Rudderstack SDK to fetch source config
291	;rudderstack_config_url =
292
293	# Rudderstack Integrations URL, optional. Only valid if you pass the SDK version 1.1 or higher
294	;rudderstack_integrations_url =
295
296	# Intercom secret, optional, used to hash user_id before passing to Intercom via Rudderstack
297	;intercom_secret =
298
299	# Controls if the UI contains any links to user feedback forms
300	;feedback_links_enabled = true
301
302	#################################### Security ####################################
303	[security]
304	# disable creation of admin user on first start of grafana
305	;disable_initial_admin_creation = false
306
307	# default admin user, created on startup
308	;admin_user = admin
309
310	# default admin password, can be changed before first start of grafana, or in profile settings
311	;admin_password = admin
312
313	# default admin email, created on startup
314	;admin_email = admin@localhost
315
316	# used for signing
317	;secret_key = SW2YcwTIb9zpOOhoPsMm
318
319	# current key provider used for envelope encryption, default to static value specified by secret_key
320	;encryption_provider = secretKey.v1
321
322	# list of configured key providers, space separated (Enterprise only): e.g., awskms.v1 azurekv.v1
323	;available_encryption_providers =
324
325	# disable gravatar profile images
326	;disable_gravatar = false
327
328	# data source proxy whitelist (ip_or_domain:port separated by spaces)
329	;data_source_proxy_whitelist =
330
331	# disable protection against brute force login attempts
332	;disable_brute_force_login_protection = false
333
334	# set to true if you host Grafana behind HTTPS. default is false.
335	cookie_secure = true
336
337	# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled"
338	cookie_samesite = strict
339
340	# set to true if you want to allow browsers to render Grafana in a <frame>, <iframe>, <embed> or <object>. default is false.
341	;allow_embedding = false
342
343	# Set to true if you want to enable http strict transport security (HSTS) response header.
344	# HSTS tells browsers that the site should only be accessed using HTTPS.
345	;strict_transport_security = false
346
347	# Sets how long a browser should cache HSTS. Only applied if strict_transport_security is enabled.
348	;strict_transport_security_max_age_seconds = 86400
349
350	# Set to true if to enable HSTS preloading option. Only applied if strict_transport_security is enabled.
351	;strict_transport_security_preload = false
352
353	# Set to true if to enable the HSTS includeSubDomains option. Only applied if strict_transport_security is enabled.
354	;strict_transport_security_subdomains = false
355
356	# Set to true to enable the X-Content-Type-Options response header.
357	# The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised
358	# in the Content-Type headers should not be changed and be followed.
359	;x_content_type_options = true
360
361	# Set to true to enable the X-XSS-Protection header, which tells browsers to stop pages from loading
362	# when they detect reflected cross-site scripting (XSS) attacks.
363	;x_xss_protection = true
364
365	# Enable adding the Content-Security-Policy header to your requests.
366	# CSP allows to control resources the user agent is allowed to load and helps prevent XSS attacks.
367	content_security_policy = true
368
369	# Set Content Security Policy template used when adding the Content-Security-Policy header to your requests.
370	# $NONCE in the template includes a random nonce.
371	# $ROOT_PATH is server.root_url without the protocol.
372	;content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
373
374	# Enable adding the Content-Security-Policy-Report-Only header to your requests.
375	# Allows you to monitor the effects of a policy without enforcing it.
376	;content_security_policy_report_only = false
377
378	# Set Content Security Policy Report Only template used when adding the Content-Security-Policy-Report-Only header to your requests.
379	# $NONCE in the template includes a random nonce.
380	# $ROOT_PATH is server.root_url without the protocol.
381	;content_security_policy_report_only_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
382	# Controls if old angular plugins are supported or not. This will be disabled by default in future release
383	;angular_support_enabled = true
384
385	# List of additional allowed URLs to pass by the CSRF check, separated by spaces. Suggested when authentication comes from an IdP.
386	;csrf_trusted_origins = example.com
387
388	# List of allowed headers to be set by the user, separated by spaces. Suggested to use for if authentication lives behind reverse proxies.
389	;csrf_additional_headers =
390
391	# The CSRF check will be executed even if the request has no login cookie.
392	;csrf_always_check = false
393
394	# Comma-separated list of plugins ids that won't be loaded inside the frontend sandbox
395	;disable_frontend_sandbox_for_plugins =
396
397	[security.encryption]
398	# Defines the time-to-live (TTL) for decrypted data encryption keys stored in memory (cache).
399	# Please note that small values may cause performance issues due to a high frequency decryption operations.
400	;data_keys_cache_ttl = 15m
401
402	# Defines the frequency of data encryption keys cache cleanup interval.
403	# On every interval, decrypted data encryption keys that reached the TTL are removed from the cache.
404	;data_keys_cache_cleanup_interval = 1m
405
406	#################################### Snapshots ###########################
407	[snapshots]
408	# set to false to remove snapshot functionality
409	;enabled = true
410
411	# snapshot sharing options
412	;external_enabled = true
413	;external_snapshot_url = https://snapshots.raintank.io
414	;external_snapshot_name = Publish to snapshots.raintank.io
415
416	# Set to true to enable this Grafana instance act as an external snapshot server and allow unauthenticated requests for
417	# creating and deleting snapshots.
418	;public_mode = false
419
420	# remove expired snapshot
421	;snapshot_remove_expired = true
422
423	#################################### Dashboards History ##################
424	[dashboards]
425	# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
426	;versions_to_keep = 20
427
428	# Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
429	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
430	;min_refresh_interval = 5s
431
432	# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
433	;default_home_dashboard_path =
434
435	#################################### Users ###############################
436	[users]
437	# disable user signup / registration
438	allow_sign_up = false
439
440	# Allow non admin users to create organizations
441	;allow_org_create = true
442
443	# Set to true to automatically assign new users to the default organization (id 1)
444	;auto_assign_org = true
445
446	# Set this value to automatically add new users to the provided organization (if auto_assign_org above is set to true)
447	;auto_assign_org_id = 1
448
449	# Default role new users will be automatically assigned
450	;auto_assign_org_role = Viewer
451
452	# Require email validation before sign up completes
453	;verify_email_enabled = false
454
455	# Background text for the user field on the login page
456	;login_hint = email or username
457	;password_hint = password
458
459	# Default UI theme ("dark" or "light")
460	;default_theme = dark
461
462	# Default UI language (supported IETF language tag, such as en-US)
463	;default_language = en-US
464
465	# Path to a custom home page. Users are only redirected to this if the default home dashboard is used. It should match a frontend route and contain a leading slash.
466	;home_page =
467
468	# External user management, these options affect the organization users view
469	;external_manage_link_url =
470	;external_manage_link_name =
471	;external_manage_info =
472
473	# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard.
474	;viewers_can_edit = false
475
476	# Editors can administrate dashboard, folders and teams they create
477	;editors_can_admin = false
478
479	# The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 24h (24 hours). The minimum supported duration is 15m (15 minutes).
480	;user_invite_max_lifetime_duration = 24h
481
482	# Enter a comma-separated list of users login to hide them in the Grafana UI. These users are shown to Grafana admins and themselves.
483	; hidden_users =
484
485	[secretscan]
486	# Enable secretscan feature
487	;enabled = false
488
489	# Interval to check for token leaks
490	;interval = 5m
491
492	# base URL of the grafana token leak check service
493	;base_url = https://secret-scanning.grafana.net
494
495	# URL to send outgoing webhooks to in case of detection
496	;oncall_url =
497
498	# Whether to revoke the token if a leak is detected or just send a notification
499	;revoke = true
500
501	[service_accounts]
502	# Service account maximum expiration date in days.
503	# When set, Grafana will not allow the creation of tokens with expiry greater than this setting.
504	; token_expiration_day_limit =
505
506	[auth]
507	# Login cookie name
508	;login_cookie_name = grafana_session
509
510	# Disable usage of Grafana build-in login solution.
511	;disable_login = false
512
513	# The maximum lifetime (duration) an authenticated user can be inactive before being required to login at next visit. Default is 7 days (7d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). The lifetime resets at each successful token rotation.
514	;login_maximum_inactive_lifetime_duration =
515
516	# The maximum lifetime (duration) an authenticated user can be logged in since login time before being required to login. Default is 30 days (30d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month).
517	;login_maximum_lifetime_duration =
518
519	# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
520	;token_rotation_interval_minutes = 10
521
522	# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
523	;disable_login_form = false
524
525	# Set to true to disable the sign out link in the side menu. Useful if you use auth.proxy or auth.jwt, defaults to false
526	;disable_signout_menu = false
527
528	# URL to redirect the user to after sign out
529	;signout_redirect_url =
530
531	# Set to true to attempt login with OAuth automatically, skipping the login screen.
532	# This setting is ignored if multiple OAuth providers are configured.
533	# Deprecated, use auto_login option for specific provider instead.
534	;oauth_auto_login = false
535
536	# OAuth state max age cookie duration in seconds. Defaults to 600 seconds.
537	;oauth_state_cookie_max_age = 600
538
539	# Skip forced assignment of OrgID 1 or 'auto_assign_org_id' for social logins
540	# Deprecated, use skip_org_role_sync option for specific provider instead.
541	;oauth_skip_org_role_update_sync = false
542
543	# limit of api_key seconds to live before expiration
544	;api_key_max_seconds_to_live = -1
545
546	# Set to true to enable SigV4 authentication option for HTTP-based datasources.
547	;sigv4_auth_enabled = false
548
549	# Set to true to enable verbose logging of SigV4 request signing
550	;sigv4_verbose_logging = false
551
552	# Set to true to enable Azure authentication option for HTTP-based datasources.
553	;azure_auth_enabled = false
554
555	# Set to skip the organization role from JWT login and use system's role assignment instead.
556	; skip_org_role_sync = false
557
558	# Use email lookup in addition to the unique ID provided by the IdP
559	;oauth_allow_insecure_email_lookup = false
560
561	# Set to true to include id of identity as a response header
562	;id_response_header_enabled = false
563
564	# Prefix used for the id response header, X-Grafana-Identity-Id
565	;id_response_header_prefix = X-Grafana
566
567	# List of identity namespaces to add id response headers for, separated by space.
568	# Available namespaces are user, api-key and service-account.
569	# The header value will encode the namespace ("user:<id>", "api-key:<id>", "service-account:<id>")
570	;id_response_header_namespaces = user api-key service-account
571
572	#################################### Anonymous Auth ######################
573	[auth.anonymous]
574	# enable anonymous access
575	;enabled = false
576
577	# specify organization name that should be used for unauthenticated users
578	;org_name = Main Org.
579
580	# specify role for unauthenticated users
581	;org_role = Viewer
582
583	# mask the Grafana version number for unauthenticated users
584	hide_version = true
585
586	#################################### GitHub Auth ##########################
587	[auth.github]
588	;name = GitHub
589	;icon = github
590	;enabled = false
591	allow_sign_up = false
592	;auto_login = false
593	;client_id = some_id
594	;client_secret = some_secret
595	;scopes = user:email,read:org
596	;auth_url = https://github.com/login/oauth/authorize
597	;token_url = https://github.com/login/oauth/access_token
598	;api_url = https://api.github.com/user
599	;signout_redirect_url =
600	;allowed_domains =
601	;team_ids =
602	;allowed_organizations =
603	;role_attribute_path =
604	;role_attribute_strict = false
605	;allow_assign_grafana_admin = false
606	;skip_org_role_sync = false
607
608	#################################### GitLab Auth #########################
609	[auth.gitlab]
610	;name = GitLab
611	;icon = gitlab
612	;enabled = false
613	allow_sign_up = false
614	;auto_login = false
615	;client_id = some_id
616	;client_secret = some_secret
617	;scopes = openid email profile
618	;auth_url = https://gitlab.com/oauth/authorize
619	;token_url = https://gitlab.com/oauth/token
620	;api_url = https://gitlab.com/api/v4
621	;signout_redirect_url =
622	;allowed_domains =
623	;allowed_groups =
624	;role_attribute_path =
625	;role_attribute_strict = false
626	;allow_assign_grafana_admin = false
627	;skip_org_role_sync = false
628	;tls_skip_verify_insecure = false
629	;tls_client_cert =
630	;tls_client_key =
631	;tls_client_ca =
632	;use_pkce = true
633
634	#################################### Google Auth ##########################
635	[auth.google]
636	;name = Google
637	;icon = google
638	;enabled = false
639	allow_sign_up = false
640	;auto_login = false
641	;client_id = some_client_id
642	;client_secret = some_client_secret
643	;scopes = openid email profile
644	;auth_url = https://accounts.google.com/o/oauth2/v2/auth
645	;token_url = https://oauth2.googleapis.com/token
646	;api_url = https://openidconnect.googleapis.com/v1/userinfo
647	;signout_redirect_url =
648	;allowed_domains =
649	;validate_hd =
650	;hosted_domain =
651	;allowed_groups =
652	;role_attribute_path =
653	;role_attribute_strict = false
654	;allow_assign_grafana_admin = false
655	;skip_org_role_sync = false
656	;use_pkce = true
657
658	#################################### Grafana.com Auth ####################
659	[auth.grafana_com]
660	;name = Grafana.com
661	;icon = grafana
662	;enabled = false
663	allow_sign_up = false
664	;auto_login = false
665	;client_id = some_id
666	;client_secret = some_secret
667	;scopes = user:email
668	;allowed_organizations =
669	;skip_org_role_sync = false
670
671	#################################### Azure AD OAuth #######################
672	[auth.azuread]
673	;name = Microsoft
674	;icon = microsoft
675	;enabled = false
676	allow_sign_up = false
677	;auto_login = false
678	;client_id = some_client_id
679	;client_secret = some_client_secret
680	;scopes = openid email profile
681	;auth_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
682	;token_url = https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
683	;signout_redirect_url =
684	;allowed_domains =
685	;allowed_groups =
686	;allowed_organizations =
687	;role_attribute_strict = false
688	;allow_assign_grafana_admin = false
689	;use_pkce = true
690	# prevent synchronizing users organization roles
691	;skip_org_role_sync = false
692
693	#################################### Okta OAuth #######################
694	[auth.okta]
695	;name = Okta
696	;enabled = false
697	allow_sign_up = false
698	;auto_login = false
699	;client_id = some_id
700	;client_secret = some_secret
701	;scopes = openid profile email groups
702	;auth_url = https://<tenant-id>.okta.com/oauth2/v1/authorize
703	;token_url = https://<tenant-id>.okta.com/oauth2/v1/token
704	;api_url = https://<tenant-id>.okta.com/oauth2/v1/userinfo
705	;signout_redirect_url =
706	;allowed_domains =
707	;allowed_groups =
708	;role_attribute_path =
709	;role_attribute_strict = false
710	;allow_assign_grafana_admin = false
711	;skip_org_role_sync = false
712	;use_pkce = true
713
714	#################################### Generic OAuth ##########################
715	[auth.generic_oauth]
716	;enabled = false
717	;name = OAuth
718	allow_sign_up = false
719	;auto_login = false
720	;client_id = some_id
721	;client_secret = some_secret
722	;scopes = user:email,read:org
723	;empty_scopes = false
724	;email_attribute_name = email:primary
725	;email_attribute_path =
726	;login_attribute_path =
727	;name_attribute_path =
728	;id_token_attribute_name =
729	;auth_url = https://foo.bar/login/oauth/authorize
730	;token_url = https://foo.bar/login/oauth/access_token
731	;api_url = https://foo.bar/user
732	;signout_redirect_url =
733	;teams_url =
734	;allowed_domains =
735	;team_ids =
736	;allowed_organizations =
737	;role_attribute_path =
738	;role_attribute_strict = false
739	;groups_attribute_path =
740	;team_ids_attribute_path =
741	;tls_skip_verify_insecure = false
742	;tls_client_cert =
743	;tls_client_key =
744	;tls_client_ca =
745	;use_pkce = false
746	;auth_style =
747	;allow_assign_grafana_admin = false
748
749	#################################### Basic Auth ##########################
750	[auth.basic]
751	;enabled = true
752	;password_policy = false
753
754	#################################### Auth Proxy ##########################
755	[auth.proxy]
756	;enabled = false
757	;header_name = X-WEBAUTH-USER
758	;header_property = username
759	;auto_sign_up = true
760	;sync_ttl = 60
761	;whitelist = 192.168.1.1, 192.168.2.1
762	;headers = Email:X-User-Email, Name:X-User-Name
763	# Non-ASCII strings in header values are encoded using quoted-printable encoding
764	;headers_encoded = false
765	# Read the auth proxy docs for details on what the setting below enables
766	;enable_login_token = false
767
768	#################################### Auth JWT ##########################
769	[auth.jwt]
770	;enabled = true
771	;header_name = X-JWT-Assertion
772	;email_claim = sub
773	;username_claim = sub
774	;jwk_set_url = https://foo.bar/.well-known/jwks.json
775	;jwk_set_file = /path/to/jwks.json
776	;cache_ttl = 60m
777	;expect_claims = {"aud": ["foo", "bar"]}
778	;key_file = /path/to/key/file
779	# Use in conjunction with key_file in case the JWT token's header specifies a key ID in "kid" field
780	;key_id = some-key-id
781	;role_attribute_path =
782	;groups_attribute_path =
783	;role_attribute_strict = false
784	;auto_sign_up = false
785	;url_login = false
786	;allow_assign_grafana_admin = false
787
788	#################################### Auth LDAP ##########################
789	[auth.ldap]
790	;enabled = false
791	;config_file = /etc/grafana/ldap.toml
792	allow_sign_up = false
793	# prevent synchronizing ldap users organization roles
794	;skip_org_role_sync = false
795
796	# LDAP background sync (Enterprise only)
797	# At 1 am every day
798	;sync_cron = "0 1 * * *"
799	;active_sync_enabled = true
800
801	#################################### AWS ###########################
802	[aws]
803	# Enter a comma-separated list of allowed AWS authentication providers.
804	# Options are: default (AWS SDK Default), keys (Access && secret key), credentials (Credentials field), ec2_iam_role (EC2 IAM Role)
805	; allowed_auth_providers = default,keys,credentials
806
807	# Allow AWS users to assume a role using temporary security credentials.
808	# If true, assume role will be enabled for all AWS authentication providers that are specified in aws_auth_providers
809	; assume_role_enabled = true
810
811	# Specify max no of pages to be returned by the ListMetricPages API
812	; list_metrics_page_limit = 500
813
814	# Experimental, for use in Grafana Cloud only. Please do not set.
815	; external_id =
816
817	# Sets the expiry duration of an assumed role.
818	# This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month).
819	; session_duration = "15m"
820
821	# Set the plugins that will receive AWS settings for each request (via plugin context)
822	# By default this will include all Grafana Labs owned AWS plugins, or those that make use of AWS settings (ElasticSearch, Prometheus).
823	; forward_settings_to_plugins = cloudwatch, grafana-athena-datasource, grafana-redshift-datasource, grafana-x-ray-datasource, grafana-timestream-datasource, grafana-iot-sitewise-datasource, grafana-iot-twinmaker-app, grafana-opensearch-datasource, aws-datasource-provisioner, elasticsearch, prometheus
824
825	#################################### Azure ###############################
826	[azure]
827	# Azure cloud environment where Grafana is hosted
828	# Possible values are AzureCloud, AzureChinaCloud, AzureUSGovernment and AzureGermanCloud
829	# Default value is AzureCloud (i.e. public cloud)
830	;cloud = AzureCloud
831
832	# Specifies whether Grafana hosted in Azure service with Managed Identity configured (e.g. Azure Virtual Machines instance)
833	# If enabled, the managed identity can be used for authentication of Grafana in Azure services
834	# Disabled by default, needs to be explicitly enabled
835	;managed_identity_enabled = false
836
837	# Client ID to use for user-assigned managed identity
838	# Should be set for user-assigned identity and should be empty for system-assigned identity
839	;managed_identity_client_id =
840
841	# Specifies whether Azure AD Workload Identity authentication should be enabled in datasources that support it
842	# For more documentation on Azure AD Workload Identity, review this documentation:
843	# https://azure.github.io/azure-workload-identity/docs/
844	# Disabled by default, needs to be explicitly enabled
845	;workload_identity_enabled = false
846
847	# Tenant ID of the Azure AD Workload Identity
848	# Allows to override default tenant ID of the Azure AD identity associated with the Kubernetes service account
849	;workload_identity_tenant_id =
850
851	# Client ID of the Azure AD Workload Identity
852	# Allows to override default client ID of the Azure AD identity associated with the Kubernetes service account
853	;workload_identity_client_id =
854
855	# Custom path to token file for the Azure AD Workload Identity
856	# Allows to set a custom path to the projected service account token file
857	;workload_identity_token_file =
858
859	# Specifies whether user identity authentication (on behalf of currently signed-in user) should be enabled in datasources
860	# that support it (requires AAD authentication)
861	# Disabled by default, needs to be explicitly enabled
862	;user_identity_enabled = false
863
864	# Override token URL for Azure Active Directory
865	# By default is the same as token URL configured for AAD authentication settings
866	;user_identity_token_url =
867
868	# Override ADD application ID which would be used to exchange users token to an access token for the datasource
869	# By default is the same as used in AAD authentication or can be set to another application (for OBO flow)
870	;user_identity_client_id =
871
872	# Override the AAD application client secret
873	# By default is the same as used in AAD authentication or can be set to another application (for OBO flow)
874	;user_identity_client_secret =
875
876	# Set the plugins that will receive Azure settings for each request (via plugin context)
877	# By default this will include all Grafana Labs owned Azure plugins, or those that make use of Azure settings (Azure Monitor, Azure Data Explorer, Prometheus, MSSQL).
878	;forward_settings_to_plugins = grafana-azure-monitor-datasource, prometheus, grafana-azure-data-explorer-datasource, mssql
879
880	#################################### Role-based Access Control ###########
881	[rbac]
882	;permission_cache = true
883
884	# Reset basic roles permissions on boot
885	# Warning left to true, basic roles permissions will be reset on every boot
886	#reset_basic_roles = false
887
888	# Validate permissions' action and scope on role creation and update
889	; permission_validation_enabled = true
890
891	#################################### SMTP / Emailing ##########################
892	[smtp]
893	;enabled = false
894	;host = localhost:25
895	;user =
896	# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
897	;password =
898	;cert_file =
899	;key_file =
900	;skip_verify = false
901	;from_address = admin@grafana.localhost
902	;from_name = Grafana
903	# EHLO identity in SMTP dialog (defaults to instance_name)
904	;ehlo_identity = dashboard.example.com
905	# SMTP startTLS policy (defaults to 'OpportunisticStartTLS')
906	;startTLS_policy = NoStartTLS
907	# Enable trace propagation in e-mail headers, using the 'traceparent', 'tracestate' and (optionally) 'baggage' fields (defaults to false)
908	;enable_tracing = false
909
910	[smtp.static_headers]
911	# Include custom static headers in all outgoing emails
912	;Foo-Header = bar
913	;Foo = bar
914
915	[emails]
916	;welcome_email_on_sign_up = false
917	;templates_pattern = emails/.html, emails/.txt
918	;content_types = text/html
919
920	#################################### Logging ##########################
921	[log]
922	# Either "console", "file", "syslog". Default is console and file
923	# Use space to separate multiple modes, e.g. "console file"
924	;mode = console file
925
926	# Either "debug", "info", "warn", "error", "critical", default is "info"
927	;level = info
928
929	# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
930	;filters =
931
932	# Set the default error message shown to users. This message is displayed instead of sensitive backend errors which should be obfuscated. Default is the same as the sample value.
933	;user_facing_default_error = "please inspect Grafana server log for details"
934
935	# For "console" mode only
936	[log.console]
937	;level =
938
939	# log line format, valid options are text, console and json
940	;format = console
941
942	# For "file" mode only
943	[log.file]
944	;level =
945
946	# log line format, valid options are text, console and json
947	;format = text
948
949	# This enables automated log rotate(switch of following options), default is true
950	;log_rotate = true
951
952	# Max line number of single file, default is 1000000
953	;max_lines = 1000000
954
955	# Max size shift of single file, default is 28 means 1 << 28, 256MB
956	;max_size_shift = 28
957
958	# Segment log daily, default is true
959	;daily_rotate = true
960
961	# Expired days of log file(delete after max days), default is 7
962	;max_days = 7
963
964	[log.syslog]
965	;level =
966
967	# log line format, valid options are text, console and json
968	;format = text
969
970	# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
971	;network =
972	;address =
973
974	# Syslog facility. user, daemon and local0 through local7 are valid.
975	;facility =
976
977	# Syslog tag. By default, the process' argv[0] is used.
978	;tag =
979
980	[log.frontend]
981	# Should Faro javascript agent be initialized
982	;enabled = false
983
984	# Custom HTTP endpoint to send events to. Default will log the events to stdout.
985	;custom_endpoint = /log-grafana-javascript-agent
986
987	# Requests per second limit enforced an extended period, for Grafana backend log ingestion endpoint (/log).
988	;log_endpoint_requests_per_second_limit = 3
989
990	# Max requests accepted per short interval of time for Grafana backend log ingestion endpoint (/log).
991	;log_endpoint_burst_limit = 15
992
993	# Should error instrumentation be enabled, only affects Grafana Javascript Agent
994	;instrumentations_errors_enabled = true
995
996	# Should console instrumentation be enabled, only affects Grafana Javascript Agent
997	;instrumentations_console_enabled = false
998
999	# Should webvitals instrumentation be enabled, only affects Grafana Javascript Agent
1000	;instrumentations_webvitals_enabled = false
1001
1002	# Api Key, only applies to Grafana Javascript Agent provider
1003	;api_key = testApiKey
1004
1005	#################################### Usage Quotas ########################
1006	[quota]
1007	; enabled = false
1008
1009	#### set quotas to -1 to make unlimited. ####
1010	# limit number of users per Org.
1011	; org_user = 10
1012
1013	# limit number of dashboards per Org.
1014	; org_dashboard = 100
1015
1016	# limit number of data_sources per Org.
1017	; org_data_source = 10
1018
1019	# limit number of api_keys per Org.
1020	; org_api_key = 10
1021
1022	# limit number of alerts per Org.
1023	;org_alert_rule = 100
1024
1025	# limit number of orgs a user can create.
1026	; user_org = 10
1027
1028	# Global limit of users.
1029	; global_user = -1
1030
1031	# global limit of orgs.
1032	; global_org = -1
1033
1034	# global limit of dashboards
1035	; global_dashboard = -1
1036
1037	# global limit of api_keys
1038	; global_api_key = -1
1039
1040	# global limit on number of logged in users.
1041	; global_session = -1
1042
1043	# global limit of alerts
1044	;global_alert_rule = -1
1045
1046	# global limit of correlations
1047	; global_correlations = -1
1048
1049	# Limit of the number of alert rules per rule group.
1050	# This is not strictly enforced yet, but will be enforced over time.
1051	;alerting_rule_group_rules = 100
1052
1053	#################################### Unified Alerting ####################
1054	[unified_alerting]
1055	#Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed.```
1056	;enabled = true
1057
1058	# Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled.
1059	;disabled_orgs =
1060
1061	# Specify the frequency of polling for admin config changes.
1062	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1063	;admin_config_poll_interval = 60s
1064
1065	# Specify the frequency of polling for Alertmanager config changes.
1066	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1067	;alertmanager_config_poll_interval = 60s
1068
1069	# The redis server address that should be connected to.
1070	;ha_redis_address =
1071
1072	# The username that should be used to authenticate with the redis server.
1073	;ha_redis_username =
1074
1075	# The password that should be used to authenticate with the redis server.
1076	;ha_redis_password =
1077
1078	# The redis database, by default it's 0.
1079	;ha_redis_db =
1080
1081	# A prefix that is used for every key or channel that is created on the redis server
1082	# as part of HA for alerting.
1083	;ha_redis_prefix =
1084
1085	# The name of the cluster peer that will be used as identifier. If none is
1086	# provided, a random one will be generated.
1087	;ha_redis_peer_name =
1088
1089	# Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port. The default value is `0.0.0.0:9094`.
1090	;ha_listen_address = "0.0.0.0:9094"
1091
1092	# Listen address/hostname and port to receive unified alerting messages for other Grafana instances. The port is used for both TCP and UDP. It is assumed other Grafana instances are also running on the same port. The default value is `0.0.0.0:9094`.
1093	;ha_advertise_address = ""
1094
1095	# Comma-separated list of initial instances (in a format of host:port) that will form the HA cluster. Configuring this setting will enable High Availability mode for alerting.
1096	;ha_peers = ""
1097
1098	# Time to wait for an instance to send a notification via the Alertmanager. In HA, each Grafana instance will
1099	# be assigned a position (e.g. 0, 1). We then multiply this position with the timeout to indicate how long should
1100	# each instance wait before sending the notification to take into account replication lag.
1101	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1102	;ha_peer_timeout = "15s"
1103
1104	# The label is an optional string to include on each packet and stream.
1105	# It uniquely identifies the cluster and prevents cross-communication
1106	# issues when sending gossip messages in an enviromenet with multiple clusters.
1107	;ha_label =
1108
1109	# The interval between sending gossip messages. By lowering this value (more frequent) gossip messages are propagated
1110	# across cluster more quickly at the expense of increased bandwidth usage.
1111	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1112	;ha_gossip_interval = "200ms"
1113
1114	# The interval between gossip full state syncs. Setting this interval lower (more frequent) will increase convergence speeds
1115	# across larger clusters at the expense of increased bandwidth usage.
1116	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1117	;ha_push_pull_interval = "60s"
1118
1119	# Enable or disable alerting rule execution. The alerting UI remains visible. This option has a legacy version in the `[alerting]` section that takes precedence.
1120	;execute_alerts = true
1121
1122	# Alert evaluation timeout when fetching data from the datasource. This option has a legacy version in the `[alerting]` section that takes precedence.
1123	# The timeout string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1124	;evaluation_timeout = 30s
1125
1126	# Number of times we'll attempt to evaluate an alert rule before giving up on that evaluation. The default value is 1.
1127	;max_attempts = 1
1128
1129	# Minimum interval to enforce between rule evaluations. Rules will be adjusted if they are less than this value or if they are not multiple of the scheduler interval (10s). Higher values can help with resource management as we'll schedule fewer evaluations over time. This option has a legacy version in the `[alerting]` section that takes precedence.
1130	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1131	;min_interval = 10s
1132
1133	# This is an experimental option to add parallelization to saving alert states in the database.
1134	# It configures the maximum number of concurrent queries per rule evaluated. The default value is 1
1135	# (concurrent queries per rule disabled).
1136	;max_state_save_concurrency = 1
1137
1138	# If the feature flag 'alertingSaveStatePeriodic' is enabled, this is the interval that is used to persist the alerting instances to the database.
1139	# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
1140	;state_periodic_save_interval = 5m
1141
1142	# Disables the smoothing of alert evaluations across their evaluation window.
1143	# Rules will evaluate in sync.
1144	;disable_jitter = false
1145
1146	[unified_alerting.reserved_labels]
1147	# Comma-separated list of reserved labels added by the Grafana Alerting engine that should be disabled.
1148	# For example: `disabled_labels=grafana_folder`
1149	;disabled_labels =
1150
1151	[unified_alerting.state_history]
1152	# Enable the state history functionality in Unified Alerting. The previous states of alert rules will be visible in panels and in the UI.
1153	; enabled = true
1154
1155	# Select which pluggable state history backend to use. Either "annotations", "loki", or "multiple"
1156	# "loki" writes state history to an external Loki instance. "multiple" allows history to be written to multiple backends at once.
1157	# Defaults to "annotations".
1158	; backend = "multiple"
1159
1160	# For "multiple" only.
1161	# Indicates the main backend used to serve state history queries.
1162	# Either "annotations" or "loki"
1163	; primary = "loki"
1164
1165	# For "multiple" only.
1166	# Comma-separated list of additional backends to write state history data to.
1167	; secondaries = "annotations"
1168
1169	# For "loki" only.
1170	# URL of the external Loki instance.
1171	# Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend.
1172	; loki_remote_url = "http://loki:3100"
1173
1174	# For "loki" only.
1175	# URL of the external Loki's read path. To be used in configurations where Loki has separated read and write URLs.
1176	# Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend.
1177	; loki_remote_read_url = "http://loki-querier:3100"
1178
1179	# For "loki" only.
1180	# URL of the external Loki's write path. To be used in configurations where Loki has separated read and write URLs.
1181	# Either "loki_remote_url", or both of "loki_remote_read_url" and "loki_remote_write_url" is required for the "loki" backend.
1182	; loki_remote_write_url = "http://loki-distributor:3100"
1183
1184	# For "loki" only.
1185	# Optional tenant ID to attach to requests sent to Loki.
1186	; loki_tenant_id = 123
1187
1188	# For "loki" only.
1189	# Optional username for basic authentication on requests sent to Loki. Can be left blank to disable basic auth.
1190	; loki_basic_auth_username = "myuser"
1191
1192	# For "loki" only.
1193	# Optional password for basic authentication on requests sent to Loki. Can be left blank.
1194	; loki_basic_auth_password = "mypass"
1195
1196	[unified_alerting.state_history.external_labels]
1197	# Optional extra labels to attach to outbound state history records or log streams.
1198	# Any number of label key-value-pairs can be provided.
1199	; mylabelkey = mylabelvalue
1200
1201	[unified_alerting.upgrade]
1202	# If set to true when upgrading from legacy alerting to Unified Alerting, grafana will first delete all existing
1203	# Unified Alerting resources, thus re-upgrading all organizations from scratch. If false or unset, organizations that
1204	# have previously upgraded will not lose their existing Unified Alerting data when switching between legacy and
1205	# Unified Alerting. Should be kept false when not needed as it may cause unintended data-loss if left enabled.
1206	;clean_upgrade = false
1207
1208	#################################### Alerting ############################
1209	[alerting]
1210	# Disable legacy alerting engine & UI features
1211	;enabled = false
1212
1213	# Makes it possible to turn off alert execution but alerting UI is visible
1214	;execute_alerts = true
1215
1216	# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
1217	;error_or_timeout = alerting
1218
1219	# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
1220	;nodata_or_nullvalues = no_data
1221
1222	# Alert notifications can include images, but rendering many images at the same time can overload the server
1223	# This limit will protect the server from render overloading and make sure notifications are sent out quickly
1224	;concurrent_render_limit = 5
1225
1226	# Default setting for alert calculation timeout. Default value is 30
1227	;evaluation_timeout_seconds = 30
1228
1229	# Default setting for alert notification timeout. Default value is 30
1230	;notification_timeout_seconds = 30
1231
1232	# Default setting for max attempts to sending alert notifications. Default value is 3
1233	;max_attempts = 3
1234
1235	# Makes it possible to enforce a minimal interval between evaluations, to reduce load on the backend
1236	;min_interval_seconds = 1
1237
1238	# Configures for how long alert annotations are stored. Default is 0, which keeps them forever.
1239	# This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month).
1240	;max_annotation_age =
1241
1242	# Configures max number of alert annotations that Grafana stores. Default value is 0, which keeps all alert annotations.
1243	;max_annotations_to_keep =
1244
1245	#################################### Annotations #########################
1246	[annotations]
1247	# Configures the batch size for the annotation clean-up job. This setting is used for dashboard, API, and alert annotations.
1248	;cleanupjob_batchsize = 100
1249
1250	# Enforces the maximum allowed length of the tags for any newly introduced annotations. It can be between 500 and 4096 inclusive (which is the respective's column length). Default value is 500.
1251	# Setting it to a higher value would impact performance therefore is not recommended.
1252	;tags_length = 500
1253
1254	[annotations.dashboard]
1255	# Dashboard annotations means that annotations are associated with the dashboard they are created on.
1256
1257	# Configures how long dashboard annotations are stored. Default is 0, which keeps them forever.
1258	# This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month).
1259	;max_age =
1260
1261	# Configures max number of dashboard annotations that Grafana stores. Default value is 0, which keeps all dashboard annotations.
1262	;max_annotations_to_keep =
1263
1264	[annotations.api]
1265	# API annotations means that the annotations have been created using the API without any
1266	# association with a dashboard.
1267
1268	# Configures how long Grafana stores API annotations. Default is 0, which keeps them forever.
1269	# This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month).
1270	;max_age =
1271
1272	# Configures max number of API annotations that Grafana keeps. Default value is 0, which keeps all API annotations.
1273	;max_annotations_to_keep =
1274
1275	#################################### Explore #############################
1276	[explore]
1277	# Enable the Explore section
1278	;enabled = true
1279
1280	#################################### Help #############################
1281	[help]
1282	# Enable the Help section
1283	;enabled = true
1284
1285	#################################### Profile #############################
1286	[profile]
1287	# Enable the Profile section
1288	;enabled = true
1289
1290	#################################### News #############################
1291	[news]
1292	# Enable the news feed section
1293	; news_feed_enabled = true
1294
1295	#################################### Query #############################
1296	[query]
1297	# Set the number of data source queries that can be executed concurrently in mixed queries. Default is the number of CPUs.
1298	;concurrent_query_limit =
1299
1300	#################################### Query History #############################
1301	[query_history]
1302	# Enable the Query history
1303	;enabled = true
1304
1305	#################################### Internal Grafana Metrics ##########################
1306	# Metrics available at HTTP URL /metrics and /metrics/plugins/:pluginId
1307	[metrics]
1308	# Disable / Enable internal metrics
1309	;enabled = true
1310	# Graphite Publish interval
1311	;interval_seconds = 10
1312	# Disable total stats (stat_totals_*) metrics to be generated
1313	;disable_total_stats = false
1314	# The interval at which the total stats collector will update the stats. Default is 1800 seconds.
1315	;total_stats_collector_interval_seconds = 1800
1316
1317	#If both are set, basic auth will be required for the metrics endpoints.
1318	; basic_auth_username =
1319	; basic_auth_password =
1320
1321	# Metrics environment info adds dimensions to the `grafana_environment_info` metric, which
1322	# can expose more information about the Grafana instance.
1323	[metrics.environment_info]
1324	#exampleLabel1 = exampleValue1
1325	#exampleLabel2 = exampleValue2
1326
1327	# Send internal metrics to Graphite
1328	[metrics.graphite]
1329	# Enable by setting the address setting (ex localhost:2003)
1330	;address =
1331	;prefix = prod.grafana.%(instance_name)s.
1332
1333	#################################### Grafana.com integration ##########################
1334	# Url used to import dashboards directly from Grafana.com
1335	[grafana_com]
1336	;url = https://grafana.com
1337	;api_url = https://grafana.com/api
1338
1339	#################################### Distributed tracing ############
1340	# Opentracing is deprecated use opentelemetry instead
1341	[tracing.jaeger]
1342	# Enable by setting the address sending traces to jaeger (ex localhost:6831)
1343	;address = localhost:6831
1344	# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
1345	;always_included_tag = tag1:value1
1346	# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
1347	;sampler_type = const
1348	# jaeger samplerconfig param
1349	# for "const" sampler, 0 or 1 for always false/true respectively
1350	# for "probabilistic" sampler, a probability between 0 and 1
1351	# for "rateLimiting" sampler, the number of spans per second
1352	# for "remote" sampler, param is the same as for "probabilistic"
1353	# and indicates the initial sampling rate before the actual one
1354	# is received from the mothership
1355	;sampler_param = 1
1356	# sampling_server_url is the URL of a sampling manager providing a sampling strategy.
1357	;sampling_server_url =
1358	# Whether or not to use Zipkin propagation (x-b3- HTTP headers).
1359	;zipkin_propagation = false
1360	# Setting this to true disables shared RPC spans.
1361	# Not disabling is the most common setting when using Zipkin elsewhere in your infrastructure.
1362	;disable_shared_zipkin_spans = false
1363
1364	[tracing.opentelemetry]
1365	# attributes that will always be included in when creating new spans. ex (key1:value1,key2:value2)
1366	;custom_attributes = key1:value1,key2:value2
1367	# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
1368	; sampler_type = remote
1369	# Sampler configuration parameter
1370	# for "const" sampler, 0 or 1 for always false/true respectively
1371	# for "probabilistic" sampler, a probability between 0.0 and 1.0
1372	# for "rateLimiting" sampler, the number of spans per second
1373	# for "remote" sampler, param is the same as for "probabilistic"
1374	# and indicates the initial sampling rate before the actual one
1375	# is received from the sampling server (set at sampling_server_url)
1376	; sampler_param = 0.5
1377	# specifies the URL of the sampling server when sampler_type is remote
1378	; sampling_server_url = http://localhost:5778/sampling
1379
1380	[tracing.opentelemetry.jaeger]
1381	# jaeger destination (ex http://localhost:14268/api/traces)
1382	; address = http://localhost:14268/api/traces
1383	# Propagation specifies the text map propagation format: w3c, jaeger
1384	; propagation = jaeger
1385
1386	# This is a configuration for OTLP exporter with GRPC protocol
1387	[tracing.opentelemetry.otlp]
1388	# otlp destination (ex localhost:4317)
1389	; address = localhost:4317
1390	# Propagation specifies the text map propagation format: w3c, jaeger
1391	; propagation = w3c
1392
1393	#################################### External image storage ##########################
1394	[external_image_storage]
1395	# Used for uploading images to public servers so they can be included in slack/email messages.
1396	# you can choose between (s3, webdav, gcs, azure_blob, local)
1397	;provider =
1398
1399	[external_image_storage.s3]
1400	;endpoint =
1401	;path_style_access =
1402	;bucket =
1403	;region =
1404	;path =
1405	;access_key =
1406	;secret_key =
1407
1408	[external_image_storage.webdav]
1409	;url =
1410	;public_url =
1411	;username =
1412	;password =
1413
1414	[external_image_storage.gcs]
1415	;key_file =
1416	;bucket =
1417	;path =
1418
1419	[external_image_storage.azure_blob]
1420	;account_name =
1421	;account_key =
1422	;container_name =
1423	;sas_token_expiration_days =
1424
1425	[external_image_storage.local]
1426	# does not require any configuration
1427
1428	[rendering]
1429	# Options to configure a remote HTTP image rendering service, e.g. using https://github.com/grafana/grafana-image-renderer.
1430	# URL to a remote HTTP image renderer service, e.g. http://localhost:8081/render, will enable Grafana to render panels and dashboards to PNG-images using HTTP requests to an external service.
1431	;server_url =
1432	# If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
1433	;callback_url =
1434	# An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side.
1435	;renderer_token = -
1436	# Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
1437	# which this setting can help protect against by only allowing a certain amount of concurrent requests.
1438	;concurrent_render_request_limit = 30
1439	# Determines the lifetime of the render key used by the image renderer to access and render Grafana.
1440	# This setting should be expressed as a duration. Examples: 10s (seconds), 5m (minutes), 2h (hours).
1441	# Default is 5m. This should be more than enough for most deployments.
1442	# Change the value only if image rendering is failing and you see `Failed to get the render key from cache` in Grafana logs.
1443	;render_key_lifetime = 5m
1444
1445	[panels]
1446	# If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
1447	;disable_sanitize_html = false
1448
1449	[plugins]
1450	;enable_alpha = false
1451	;app_tls_skip_verify_insecure = false
1452	# Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
1453	;allow_loading_unsigned_plugins =
1454	# Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
1455	;plugin_admin_enabled = false
1456	;plugin_admin_external_manage_enabled = false
1457	;plugin_catalog_url = https://grafana.com/grafana/plugins/
1458	# Enter a comma-separated list of plugin identifiers to hide in the plugin catalog.
1459	;plugin_catalog_hidden_plugins =
1460	# Log all backend requests for core and external plugins.
1461	;log_backend_requests = false
1462	# Disable download of the public key for verifying plugin signature.
1463	; public_key_retrieval_disabled = false
1464	# Force download of the public key for verifying plugin signature on startup. If disabled, the public key will be retrieved every 10 days.
1465	# Requires public_key_retrieval_disabled to be false to have any effect.
1466	; public_key_retrieval_on_startup = false
1467	# Enter a comma-separated list of plugin identifiers to avoid loading (including core plugins). These plugins will be hidden in the catalog.
1468	; disable_plugins =
1469
1470	#################################### Grafana Live ##########################################
1471	[live]
1472	# max_connections to Grafana Live WebSocket endpoint per Grafana server instance. See Grafana Live docs
1473	# if you are planning to make it higher than default 100 since this can require some OS and infrastructure
1474	# tuning. 0 disables Live, -1 means unlimited connections.
1475	;max_connections = 100
1476
1477	# allowed_origins is a comma-separated list of origins that can establish connection with Grafana Live.
1478	# If not set then origin will be matched over root_url. Supports wildcard symbol "*".
1479	;allowed_origins =
1480
1481	# engine defines an HA (high availability) engine to use for Grafana Live. By default no engine used - in
1482	# this case Live features work only on a single Grafana server. Available options: "redis".
1483	# Setting ha_engine is an EXPERIMENTAL feature.
1484	;ha_engine =
1485
1486	# ha_engine_address sets a connection address for Live HA engine. Depending on engine type address format can differ.
1487	# For now we only support Redis connection address in "host:port" format.
1488	# This option is EXPERIMENTAL.
1489	;ha_engine_address = "127.0.0.1:6379"
1490
1491	# ha_engine_password allows setting an optional password to authenticate with the engine
1492	;ha_engine_password = ""
1493
1494	#################################### Grafana Image Renderer Plugin ##########################
1495	[plugin.grafana-image-renderer]
1496	# Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert.
1497	# See ICU’s metaZones.txt (https://cs.chromium.org/chromium/src/third_party/icu/source/data/misc/metaZones.txt) for a list of supported
1498	# timezone IDs. Fallbacks to TZ environment variable if not set.
1499	;rendering_timezone =
1500
1501	# Instruct headless browser instance to use a default language when not provided by Grafana, e.g. when rendering panel image of alert.
1502	# Please refer to the HTTP header Accept-Language to understand how to format this value, e.g. 'fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5'.
1503	;rendering_language =
1504
1505	# Instruct headless browser instance to use a default device scale factor when not provided by Grafana, e.g. when rendering panel image of alert.
1506	# Default is 1. Using a higher value will produce more detailed images (higher DPI), but will require more disk space to store an image.
1507	;rendering_viewport_device_scale_factor =
1508
1509	# Instruct headless browser instance whether to ignore HTTPS errors during navigation. Per default HTTPS errors are not ignored. Due to
1510	# the security risk it's not recommended to ignore HTTPS errors.
1511	;rendering_ignore_https_errors =
1512
1513	# Instruct headless browser instance whether to capture and log verbose information when rendering an image. Default is false and will
1514	# only capture and log error messages. When enabled, debug messages are captured and logged as well.
1515	# For the verbose information to be included in the Grafana server log you have to adjust the rendering log level to debug, configure
1516	# [log].filter = rendering:debug.
1517	;rendering_verbose_logging =
1518
1519	# Instruct headless browser instance whether to output its debug and error messages into running process of remote rendering service.
1520	# Default is false. This can be useful to enable (true) when troubleshooting.
1521	;rendering_dumpio =
1522
1523	# Additional arguments to pass to the headless browser instance. Default is --no-sandbox. The list of Chromium flags can be found
1524	# here (https://peter.sh/experiments/chromium-command-line-switches/). Multiple arguments is separated with comma-character.
1525	;rendering_args =
1526
1527	# You can configure the plugin to use a different browser binary instead of the pre-packaged version of Chromium.
1528	# Please note that this is not recommended, since you may encounter problems if the installed version of Chrome/Chromium is not
1529	# compatible with the plugin.
1530	;rendering_chrome_bin =
1531
1532	# Instruct how headless browser instances are created. Default is 'default' and will create a new browser instance on each request.
1533	# Mode 'clustered' will make sure that only a maximum of browsers/incognito pages can execute concurrently.
1534	# Mode 'reusable' will have one browser instance and will create a new incognito page on each request.
1535	;rendering_mode =
1536
1537	# When rendering_mode = clustered, you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
1538	# and will cluster using browser instances.
1539	# Mode 'context' will cluster using incognito pages.
1540	;rendering_clustering_mode =
1541	# When rendering_mode = clustered, you can define the maximum number of browser instances/incognito pages that can execute concurrently. Default is '5'.
1542	;rendering_clustering_max_concurrency =
1543	# When rendering_mode = clustered, you can specify the duration a rendering request can take before it will time out. Default is `30` seconds.
1544	;rendering_clustering_timeout =
1545
1546	# Limit the maximum viewport width, height and device scale factor that can be requested.
1547	;rendering_viewport_max_width =
1548	;rendering_viewport_max_height =
1549	;rendering_viewport_max_device_scale_factor =
1550
1551	# Change the listening host and port of the gRPC server. Default host is 127.0.0.1 and default port is 0 and will automatically assign
1552	# a port not in use.
1553	;grpc_host =
1554	;grpc_port =
1555
1556	[support_bundles]
1557	# Enable support bundle creation (default: true)
1558	#enabled = true
1559	# Only server admins can generate and view support bundles (default: true)
1560	#server_admin_only = true
1561	# If set, bundles will be encrypted with the provided public keys separated by whitespace
1562	#public_keys = ""
1563
1564	[enterprise]
1565	# Path to a valid Grafana Enterprise license.jwt file
1566	;license_path =
1567
1568	[feature_toggles]
1569	# there are currently two ways to enable feature toggles in the `grafana.ini`.
1570	# you can either pass an array of feature you want to enable to the `enable` field or
1571	# configure each toggle by setting the name of the toggle to true/false. Toggles set to true/false
1572	# will take presidence over toggles in the `enable` list.
1573
1574	;enable = feature1,feature2
1575
1576	;feature1 = true
1577	;feature2 = false
1578
1579	[date_formats]
1580	# For information on what formatting patterns that are supported https://momentjs.com/docs/#/displaying/
1581
1582	# Default system date format used in time range picker and other places where full time is displayed
1583	;full_date = YYYY-MM-DD HH:mm:ss
1584
1585	# Used by graph and other places where we only show small intervals
1586	;interval_second = HH:mm:ss
1587	;interval_minute = HH:mm
1588	;interval_hour = MM/DD HH:mm
1589	;interval_day = MM/DD
1590	;interval_month = YYYY-MM
1591	;interval_year = YYYY
1592
1593	# Experimental feature
1594	;use_browser_locale = false
1595
1596	# Default timezone for user preferences. Options are 'browser' for the browser local timezone or a timezone name from IANA Time Zone database, e.g. 'UTC' or 'Europe/Amsterdam' etc.
1597	;default_timezone = browser
1598
1599	[expressions]
1600	# Enable or disable the expressions functionality.
1601	;enabled = true
1602
1603	[geomap]
1604	# Set the JSON configuration for the default basemap
1605	;default_baselayer_config = `{
1606	; "type": "xyz",
1607	; "config": {
1608	; "attribution": "Open street map",
1609	; "url": "https://tile.openstreetmap.org/{z}/{x}/{y}.png"
1610	; }
1611	;}`
1612
1613	# Enable or disable loading other base map layers
1614	;enable_custom_baselayers = true
1615
1616	# Move an app plugin referenced by its id (including all its pages) to a specific navigation section
1617	[navigation.app_sections]
1618	# The following will move an app plugin with the id of `my-app-id` under the `cfg` section
1619	# my-app-id = cfg
1620
1621	# Move a specific app plugin page (referenced by its `path` field) to a specific navigation section
1622	[navigation.app_standalone_pages]
1623	# The following will move the page with the path "/a/my-app-id/my-page" from `my-app-id` to the `cfg` section
1624	# /a/my-app-id/my-page = cfg
1625
1626	#################################### Secure Socks5 Datasource Proxy #####################################
1627	[secure_socks_datasource_proxy]
1628	; enabled = false
1629	; root_ca_cert =
1630	; client_key =
1631	; client_cert =
1632	; server_name =
1633	# The address of the socks5 proxy datasources should connect to
1634	; proxy_address =
1635	; show_ui = true
1636	; allow_insecure = false
1637
1638	################################## Feature Management ##############################################
1639	[feature_management]
1640	# Options to configure the experimental Feature Toggle Admin Page feature, which is behind the `featureToggleAdminPage` feature toggle. Use at your own risk.
1641	# Allow editing of feature toggles in the feature management page
1642	;allow_editing = false
1643	# Allow customization of URL for the controller that manages feature toggles
1644	;update_webhook =
1645	# Allow configuring an auth token for feature management update requests
1646	;update_webhook_token =
1647	# Hide specific feature toggles from the feature management page
1648	;hidden_toggles =
1649	# Disable updating specific feature toggles in the feature management page
1650	;read_only_toggles =
1651
1652	#################################### Public Dashboards #####################################
1653	[public_dashboards]
1654	# Set to false to disable public dashboards
1655	;enabled = true
1656
1657	# Enterprise only
1658	[white_labeling]
1659	# Set to your company name to override application title
1660	;app_title =
1661
1662	# Set to main title on the login page
1663	;login_title =
1664
1665	# Set to login subtitle
1666	;login_subtitle =
1667
1668	# Set to complete url to override login logo
1669	;login_logo =
1670
1671	# Set to complete css background expression to override login background
1672	# example: login_background = url(http://www.bhmpics.com/wallpapers/starfield-1920x1080.jpg)
1673	;login_background =
1674
1675	# Set to complete css background expression to override login box background
1676	;login_box_background =
1677
1678	# Set to complete url to override menu logo
1679	;menu_logo =
1680
1681	# Set to complete url to override fav icon (icon shown in browser tab)
1682	;fav_icon =
1683
1684	# Set to complete url to override apple/ios icon
1685	;apple_touch_icon =
1686
1687	# Set to complete url to override loading logo
1688	;loading_logo =
1689
1690	# Set to `true` to remove the Grafana edition from appearing in the footer
1691	;hide_edition =
1692
1693	# Below is an example for how to replace the default footer & help links with 2 custom links
1694	;footer_links = support guides
1695	;footer_links_support_text = Support
1696	;footer_links_support_url = http://your.support.site
1697	;footer_links_guides_text = Guides
1698	;footer_links_guides_url = http://your.guides.site
1699
1700	[white_labeling.public_dashboards]
1701	# Hides the footer for the public dashboards if set to `true`
1702	# example: footer_hide = true
1703	;footer_hide =
1704	# Set to text shown in the footer
1705	;footer_text =
1706	# Set to complete url to override public dashboard footer logo
1707	;footer_logo =
1708	# Set to link for the footer
1709	;footer_link =
1710	# Set to `true` to hide the Grafana logo next to the title
1711	;header_logo_hide =
1712
1713	[usage_insights.export]
1714	# Enable the usage insights export feature
1715	; enabled = false
1716	# Storage type
1717	; storage = loki
1718
1719	[usage_insights.export.storage.loki]
1720	# Set the communication protocol to use with Loki (can be grpc or http)
1721	; type = grpc
1722	# Set the address for writing logs to Loki (format must be host:port)
1723	; url = localhost:9095
1724	# Defaults to true. If true, it establishes a secure connection to Loki
1725	; tls = true
1726	# Set the tenant id for Loki communications. Disabled by default.
1727	# Mandatory to interact with Loki running in multi-tenant mode.
1728	tenant_id =
1729
1730	[reporting]
1731	# Enable/disable the reporting feature. If disabled, no reports will be generated
1732	;enabled = true
1733	# Set timeout for each panel rendering request
1734	;rendering_timeout = 10s
1735	# Set maximum number of concurrent calls to the rendering service
1736	;concurrent_render_limit = 4
1737	# Set the scale factor for rendering images. 2 is enough for monitor resolutions
1738	# 4 would be better for printed material. Setting a higher value affects performance and memory
1739	;image_scale_factor = 2
1740	# Set the maximum file size in megabytes for the CSV attachments
1741	; max_attachment_size_mb = 10
1742	# Path to the directory containing fonts
1743	;fonts_path =
1744	# Name of the TrueType font file with Regular style
1745	;font_regular = DejaVuSansCondensed.ttf
1746	# Name of the TrueType font file with Bold style
1747	;font_bold = DejaVuSansCondensed-Bold.ttf
1748	# Name of the TrueType font file with Italic style
1749	;font_italic = DejaVuSansCondensed-Oblique.ttf
1750	# Maximum number of rendering request retries before returning an error. 0 means disabling the retry feature.
1751	# This is available in public preview, this requires the 'reportingRetries' feature toggle.
1752	;max_retries_per_panel = 2
1753
1754	[analytics]
1755	# Enable the analytics (also known as _usage analytics_) feature. When `false`, this option disables the writers that write to the Grafana database
1756	# and the associated features, such as dashboard and data source insights, presence indicators, and advanced dashboard search.
1757	;enabled = true
1758
1759	[analytics.summaries]
1760	# Set interval for writing dashboard usage stats buffer to database
1761	;buffer_write_interval = 30s
1762	# Set timeout for writing dashboard usage stats buffer to database
1763	;buffer_write_timeout = 3s
1764	# Set interval for trying to rollup per dashboard usage summary
1765	# only rolled up at most once per day
1766	;rollup_interval = 4h
1767	# Set timeout for trying to rollup per dashboard usage summary
1768	;rollup_timeout = 60s
1769
1770	[analytics.views]
1771	# Set age for recent active users
1772	;recent_users_age = 10m
1773
1774	[auditing]
1775	# Enable the auditing feature
1776	; enabled = false
1777	# List of enabled loggers
1778	;loggers = file
1779	# Keep dashboard content in the logs (request or response fields); this can significantly increase the size of your logs.
1780	;log_dashboard_content = false
1781	# Keep requests and responses body; this can significantly increase the size of your logs.
1782	;verbose = false
1783	# Write an audit log for every status code.
1784	# By default it only logs the following ones: 2XX, 3XX, 401, 403 and 500.
1785	;log_all_status_codes = false
1786	# Maximum response body (in bytes) to be audited; 500KiB by default.
1787	# May help reducing the memory footprint caused by auditing.
1788	;max_response_size_bytes = 512000
1789
1790	[auditing.logs.file]
1791	# Path to logs folder
1792	;path = data/log
1793	# Maximum log files to keep
1794	;max_files = 5
1795	# Max size in megabytes per log file
1796	;max_file_size_mb = 256
1797
1798	[auditing.logs.loki]
1799	# Set the communication protocol to use with Loki (can be grpc or http)
1800	;type = grpc
1801	# Set the address for writing logs to Loki (format must be host:port)
1802	;url = localhost:9095
1803	# Defaults to true. If true, it establishes a secure connection to Loki
1804	;tls = true
1805	# Set the tenant id for Loki communications. Disabled by default.
1806	# Mandatory to interact with Loki running in multi-tenant mode.
1807	;tenant_id =
1808
1809	#################################### SAML Auth ###########################
1810	[auth.saml]
1811	# Defaults to false. If true, the feature is enabled.
1812	;enabled = false
1813	# Enable SAML single logout
1814	;single_logout = false
1815	# Defaults to true. Allow new Grafana users to be created through SAML login.
1816	allow_sign_up = false
1817	# Set to true to attempt login with SAML automatically, skipping the login screen.
1818	# This setting is ignored if multiple auth providers are configured to use auto login.
1819	;auto_login = false
1820	# Base64-encoded public X.509 certificate. Used to sign requests to the IdP
1821	;certificate =
1822	# Path to the public X.509 certificate. Used to sign requests to the IdP
1823	;certificate_path =
1824	# Base64-encoded private key. Used to decrypt assertions from the IdP
1825	;private_key =
1826	;# Path to the private key. Used to decrypt assertions from the IdP
1827	;private_key_path =
1828	# Signature algorithm using for signing requests to the IdP. Supported values are rsa-sha1, rsa-sha256, rsa-sha512.
1829	# If non-empty, authentication requests will be signed. Default is empty (requests not signed).
1830	;signature_algorithm =
1831	# Base64-encoded IdP SAML metadata XML. Used to verify and obtain binding locations from the IdP
1832	;idp_metadata =
1833	# Path to the SAML metadata XML. Used to verify and obtain binding locations from the IdP
1834	;idp_metadata_path =
1835	# URL to fetch SAML IdP metadata. Used to verify and obtain binding locations from the IdP
1836	;idp_metadata_url =
1837	# Duration, since the IdP issued a response and the SP is allowed to process it. Defaults to 90 seconds.
1838	;max_issue_delay = 90s
1839	# Duration, for how long the SP's metadata should be valid. Defaults to 48 hours.
1840	;metadata_valid_duration = 48h
1841	# Allow IdP-initiated SSO
1842	;allow_idp_initiated = false
1843	# Relay state for IdP-initiated SSO. Should match relay state configured in IdP
1844	;relay_state =
1845	# Friendly name or name of the attribute within the SAML assertion to use as the user's name
1846	;assertion_attribute_name = displayName
1847	# Friendly name or name of the attribute within the SAML assertion to use as the user's login handle
1848	;assertion_attribute_login = mail
1849	# Friendly name or name of the attribute within the SAML assertion to use as the user's email
1850	;assertion_attribute_email = mail
1851	# Friendly name or name of the attribute within the SAML assertion to use as the user's groups
1852	;assertion_attribute_groups = group
1853	# Friendly name or name of the attribute within the SAML assertion to use as the user's roles
1854	;assertion_attribute_role = role
1855	# Friendly name or name of the attribute within the SAML assertion to use as the user's organization Id
1856	;assertion_attribute_org = organizatio
1857	# List of comma- or space-separated organizations. User should be a member of at least one organization to log in.
1858	;allowed_organizations = Engineering, Sales
1859	# List of comma- or space-separated Organization:OrgId:Role mappings. Organization can be `*` meaning "All users". Role is optional and can have the following values: `Viewer`, `Editor` or `Admin`.
1860	;org_mapping = Engineering:2, Sales:3
1861	# List of comma- or space-separated roles which will be mapped into the Editor role
1862	;role_values_editor = editor, developer
1863	# List of comma- or space-separated roles which will be mapped into the Admin role
1864	;role_values_admin = admin
1865	# List of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role
1866	;role_values_grafana_admin = superadmin
1867	# Name identifier format to use with the IdP
1868	;name_id_format = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
1869
1870	[keystore.vault]
1871	# Location of the Vault server
1872	;url =
1873	# Vault's namespace if using Vault with multi-tenancy
1874	;namespace =
1875	# Method for authenticating towards Vault. Vault is inactive if this option is not set
1876	# Possible values: token
1877	;auth_method =
1878	# Secret token to connect to Vault when auth_method is token
1879	;token =
1880	# Time between checking if there are any secrets which needs to be renewed.
1881	;lease_renewal_interval = 5m
1882	# Time until expiration for tokens which are renewed. Should have a value higher the lease_renewal_interval
1883	;lease_renewal_expires_within = 15m
1884	# New duration for renewed tokens. Vault may be configured to ignore this value and impose a stricter limit.
1885	;lease_renewal_increment = 1h
1886
1887	[auth.security]
1888	# Protected roles defines a set of user roles for which Grafana will not try to map users that have previously logged in
1889	# with one solution with another. Configuration values are separated by space,
1890	# possible values are = all editors viewers org_admins server_admins
1891	;protected_roles =
1892
1893	[security.egress]
1894	# Allow and deny lists can be used to control what hosts can be accessed based on what a user can configure through the ui.
1895	# This includes:
1896	# - datasource requests
1897	# - alerting channels
1898	# a list of hostnames or IP adresses separated by spaces for which outgoing requests will be blocked
1899	;host_deny_list =
1900	# a list of hostnames or IP adresses separated by spaces for which requests will be allowed, all other requests will be blocked
1901	;host_allow_list =
1902
1903	# a list of headers that will be stripped from outgoing datasource and alerting requests
1904	;header_drop_list =
1905	# a list of cookies that will be stripped from outgoing datasource requests
1906	;cookie_drop_list =
1907
1908	[security.encryption]
1909	# Encryption algorithm used to encrypt secrets stored into the database and cookies,
1910	# possible values are aes-cfb and aes-gcm.
1911	;algorithm = aes-cfb
1912
1913	# Example of AWS Key Management Service provider setup
1914	[security.encryption.awskms.v1]
1915	# Reference to KMS key - either key ID, key ARN, alias name or ARN.
1916	# Alias needs to be prefixed with "alias".
1917	# To specify a KMS key in a different AWS account, use the ARN or alias.
1918	# Examples of each type:
1919	# Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
1920	# Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
1921	# Alias name: alias/ExampleAlias
1922	# Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias
1923	;key_id =
1924	# AWS access key ID
1925	;access_key_id =
1926	# AWS secret access key
1927	;secret_access_key =
1928	# AWS region (e.g., eu-north-1)
1929	;region =
1930
1931	# Example of Azure Key Vault provider setup
1932	[security.encryption.azurekv.v1]
1933	# Azure Application directory ID (tenant)
1934	;tenant_id =
1935	# Azure Application application ID (client)
1936	;client_id =
1937	# Azure Application client secret
1938	;client_secret =
1939	# Azure Key Vault key name
1940	;key_id =
1941	# Azure Key Vault uri
1942	;vault_uri =
1943
1944	# Example of Google Cloud KMS provider setup
1945	[security.encryption.googlekms.v1]
1946	# Google Cloud KMS key ID, see details https://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version
1947	;key_id =
1948	# Path to service credentials JSON file, see details https://cloud.google.com/docs/authentication/getting-started
1949	;credentials_file =
1950
1951	# Example of Hashicorp Vault provider setup
1952	[security.encryption.hashicorpvault.v1]
1953	# Token used to authenticate within Vault. We suggest to use periodic tokens: more on token types https://www.vaultproject.io/docs/concepts/tokens#service-tokens
1954	;token =
1955	# Location of the Vault server
1956	;url =
1957	# Mount point of the transit secret engine
1958	;transit_engine_path =
1959	# Key ring name
1960	;key_ring =
1961	# Specifies how often to check if a token needs to be renewed, should be less than a token's TTL or period value
1962	;token_renewal_interval = 5m
1963
1964
1965	# Caching is disabled on all data source by default
1966	# Visit the data source settings to enable caching
1967	[caching]
1968	# Setting 'enabled' to true enables query caching for data sources with configured caching.
1969	# To disable caching for a specific data source, refer to the data source’s configuration page.
1970	; enabled = true
1971	# The caching backend to use when storing cached queries. Options: redis, memory
1972	; backend = "memory"
1973	# The default TTL (time to live) if no other TTL is available.
1974	; ttl = 5m
1975	# This value limits the size of a single cache value. If a cache value (or query result) is submitted that exceeds this size, then it will be rejected.
1976	# To disable this limit, set this value to zero.
1977	; max_value_mb = 10
1978	# Method to use when filtering headers for caches that supports caching headers.
1979	# Permitted options: allowlist, denylist.
1980	; header_filtering = "allowlist"
1981
1982	[caching.encryption]
1983	# Setting 'enabled' to true enables encryption of the values in the cache.
1984	;enabled = true
1985	# The key used for the encryption of the values in the cache. If it is not specified and encryption is enabled, the key will be randomly
1986	# generated on startup. This must be specified to allow the encrypted cache to persist between Grafana restarts. If not specified, the cache
1987	# will be cleared upon restarts.
1988	;encryption_key = "oH0aaomqRDyd7gkvZTKwsxVwlvFpyhko"
1989
1990	[caching.memory]
1991	# When storing cache data, how often a background process will clean up stale data from the in-memory cache
1992	; gc_interval = 1m
1993	# The maximum size of the in-memory cache in megabytes. Once this size is reached, new cache items will be rejected. For more flexible control over cache eviction policies and size, please use the Redis or Memcached backend
1994	# To disable the maximum, set this value to 0. WARNING: Disabling the maximum is not recommended in production environments.
1995	; max_size_mb = 25
1996
1997	[caching.redis]
1998	# url should be a redis URL
1999	; url = "redis://localhost:6379"
2000	# prefix redis keys with this string. Example: 'grafana:<key>'. This value can be left empty and no prefix will be set.
2001	; prefix = "grafana"
2002	# a comma-separated list of Redis cluster members in host:port format
2003	# if cluster is specified, the value for url is ignored
2004	; cluster =
2005
2006	[caching.memcached]
2007	# A space-separated list of memcached servers
2008	; servers = "localhost:11211"
2009
2010	[feature_highlights]
2011	# Setting 'enabled' to true enables highlighting Enterprise features in UI.
2012	enabled = false
2013
2014	# This sections is used to change default grants for rbac fixed roles.
2015	# To change the default grant for a role the key under this section
2016	# is the name of the role and the value is a list of grants for that role.
2017	# Keys with ":" is not supported so we need to substitue it with "_".
2018	[rbac.grants]
2019	# fixed_roles_reader = Viewer
2020	# To grant a role to Grafana admin we need to use json syntax
2021	# fixed_roles_writer = ["Grafana Admin"]
2022
2023	content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' ;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws:// wss://;manifest-src 'self';media-src 'none';form-action 'self';frame-src: 'self'"""