app_mode = production instance_name = ${HOSTNAME} [paths] data = /var/db/grafana/ temp_data_lifetime = 24h logs = /var/log/grafana/ plugins = /var/db/grafana/plugins provisioning = /var/db/grafana/provisioning #################################### Server #################################### [server] protocol = http domain = logs.unbl.ink http_port = 3002 ;enforce_domain = false ;router_logging = false #################################### Database ############################ [database] # You can configure the database connection by specifying type, host, name, user and password # as separate properties or as on string using the url property. # Either "mysql", "postgres" or "sqlite3", your choice type = postgres host = db.unbl.ink name = grafana user = grafana password = {{ grafana_db_pass }} log_queries = #################################### Cache server ############################# [remote_cache] # Either "redis", "memcached" or "database" default is "database" type = redis connstr = addr=:{{redis_password}}@cache.unbl.ink:6379,pool_size=100,db=0,ssl=false #################################### Analytics ########################### [analytics] reporting_enabled = true check_for_updates = true #################################### Security ############################ [security] admin_user = secstate admin_password = {{ grafana_admin_pass }} #################################### Users ############################### [users] allow_sign_up = false allow_org_create = false #################################### Anonymous Auth ###################### [auth.anonymous] enabled = true org_name = GAnon org_role = Viewer #################################### Github Auth ######################### [auth.github] ;enabled = false ;allow_sign_up = true ;client_id = some_id ;client_secret = some_secret ;scopes = user:email,read:org ;auth_url = https://github.com/login/oauth/authorize ;token_url = https://github.com/login/oauth/access_token ;api_url = https://api.github.com/user ;allowed_domains = ;team_ids = ;allowed_organizations = #################################### GitLab Auth ######################### [auth.gitlab] ;enabled = false ;allow_sign_up = true ;client_id = some_id ;client_secret = some_secret ;scopes = api ;auth_url = https://gitlab.com/oauth/authorize ;token_url = https://gitlab.com/oauth/token ;api_url = https://gitlab.com/api/v4 ;allowed_domains = ;allowed_groups = #################################### Google Auth ######################### [auth.google] ;enabled = false ;allow_sign_up = true ;client_id = some_client_id ;client_secret = some_client_secret ;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email ;auth_url = https://accounts.google.com/o/oauth2/auth ;token_url = https://accounts.google.com/o/oauth2/token ;api_url = https://www.googleapis.com/oauth2/v1/userinfo ;allowed_domains = ;hosted_domain = #################################### Grafana.com Auth #################### # legacy key names (so they work in env variables) [auth.grafananet] ;enabled = false ;allow_sign_up = true ;client_id = some_id ;client_secret = some_secret ;scopes = user:email ;allowed_organizations = [auth.grafana_com] ;enabled = false ;allow_sign_up = true ;client_id = some_id ;client_secret = some_secret ;scopes = user:email ;allowed_organizations = #################################### Azure AD OAuth ####################### [auth.azuread] ;name = Azure AD ;enabled = false ;allow_sign_up = true ;client_id = some_client_id ;client_secret = some_client_secret ;scopes = openid email profile ;auth_url = https://login.microsoftonline.com//oauth2/v2.0/authorize ;token_url = https://login.microsoftonline.com//oauth2/v2.0/token ;allowed_domains = ;allowed_groups = #################################### Okta OAuth ####################### [auth.okta] ;name = Okta ;enabled = false ;allow_sign_up = true ;client_id = some_id ;client_secret = some_secret ;scopes = openid profile email groups ;auth_url = https://.okta.com/oauth2/v1/authorize ;token_url = https://.okta.com/oauth2/v1/token ;api_url = https://.okta.com/oauth2/v1/userinfo ;allowed_domains = ;allowed_groups = ;role_attribute_path = #################################### Generic OAuth ####################### [auth.generic_oauth] ;name = OAuth ;enabled = false ;allow_sign_up = true ;client_id = some_id ;client_secret = some_secret ;scopes = user:email ;email_attribute_name = email:primary ;email_attribute_path = ;role_attribute_path = ;auth_url = ;token_url = ;api_url = ;allowed_domains = ;team_ids = ;allowed_organizations = ;tls_skip_verify_insecure = false ;tls_client_cert = ;tls_client_key = ;tls_client_ca = #################################### Basic Auth ########################## [auth.basic] ;enabled = true #################################### Auth Proxy ########################## [auth.proxy] ;enabled = false ;header_name = X-WEBAUTH-USER ;header_property = username ;auto_sign_up = true # Deprecated, use sync_ttl instead ;ldap_sync_ttl = 60 ;sync_ttl = 60 ;whitelist = ;headers = ;enable_login_token = false #################################### Auth LDAP ########################### [auth.ldap] ;enabled = false ;config_file = /etc/grafana/ldap.toml ;allow_sign_up = true # LDAP backround sync (Enterprise only) # At 1 am every day ;sync_cron = "0 0 1 * * *" ;active_sync_enabled = true #################################### SMTP / Emailing ##################### [smtp] ;enabled = false ;host = localhost:25 ;user = # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" ;password = ;cert_file = ;key_file = ;skip_verify = false ;from_address = admin@grafana.localhost ;from_name = Grafana ;ehlo_identity = [emails] ;welcome_email_on_sign_up = false ;templates_pattern = emails/*.html #################################### Logging ########################## [log] # Either "console", "file", "syslog". Default is console and file # Use space to separate multiple modes, e.g. "console file" ;mode = console file # Either "debug", "info", "warn", "error", "critical", default is "info" ;level = info # optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug ;filters = # For "console" mode only [log.console] ;level = # log line format, valid options are text, console and json ;format = console # For "file" mode only [log.file] level = info format = json log_rotate = true ;max_lines = 1000000 max_days = 14 [log.syslog] ;level = # log line format, valid options are text, console and json ;format = text # Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. ;network = ;address = # Syslog facility. user, daemon and local0 through local7 are valid. ;facility = # Syslog tag. By default, the process' argv[0] is used. ;tag = #################################### Usage Quotas ######################## [quota] ;enabled = false #### set quotas to -1 to make unlimited. #### # limit number of users per Org. ;org_user = 10 # limit number of dashboards per Org. ;org_dashboard = 100 # limit number of data_sources per Org. ;org_data_source = 10 # limit number of api_keys per Org. ;org_api_key = 10 # limit number of orgs a user can create. ;user_org = 10 # Global limit of users. ;global_user = -1 # global limit of orgs. ;global_org = -1 # global limit of dashboards ;global_dashboard = -1 # global limit of api_keys ;global_api_key = -1 # global limit on number of logged in users. ;global_session = -1 #################################### Alerting ############################ [alerting] # Disable alerting engine & UI features ;enabled = true # Makes it possible to turn off alert rule execution but alerting UI is visible ;execute_alerts = true # Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state) ;error_or_timeout = alerting # Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok) ;nodata_or_nullvalues = no_data # Alert notifications can include images, but rendering many images at the same time can overload the server # This limit will protect the server from render overloading and make sure notifications are sent out quickly ;concurrent_render_limit = 5 # Default setting for alert calculation timeout. Default value is 30 ;evaluation_timeout_seconds = 30 # Default setting for alert notification timeout. Default value is 30 ;notification_timeout_seconds = 30 # Default setting for max attempts to sending alert notifications. Default value is 3 ;max_attempts = 3 # Makes it possible to enforce a minimal interval between evaluations, to reduce load on the backend ;min_interval_seconds = 1 #################################### Explore ############################# [explore] # Enable the Explore section ;enabled = true #################################### Internal Grafana Metrics ############ # Metrics available at HTTP API Url /metrics [metrics] ;enabled = true ;interval_seconds = 10 # Disable total stats (stat_totals_*) metrics to be generated ;disable_total_stats = false #If both are set, basic auth will be required for the metrics endpoint. ;basic_auth_username = ;basic_auth_password = # Send internal Grafana metrics to graphite [metrics.graphite] # Enable by setting the address setting (ex localhost:2003) ;address = ;prefix = prod.grafana.%(instance_name)s. #################################### Grafana.com integration ########################## [grafana_net] ;url = https://grafana.com [grafana_com] ;url = https://grafana.com #################################### Distributed tracing ############ [tracing.jaeger] # jaeger destination (ex localhost:6831) ;address = # tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2) ;always_included_tag = # Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote ;sampler_type = const # jaeger samplerconfig param # for "const" sampler, 0 or 1 for always false/true respectively # for "probabilistic" sampler, a probability between 0 and 1 # for "rateLimiting" sampler, the number of spans per second # for "remote" sampler, param is the same as for "probabilistic" # and indicates the initial sampling rate before the actual one # is received from the mothership ;sampler_param = 1 # Whether or not to use Zipkin span propagation (x-b3- HTTP headers). ;zipkin_propagation = false # Setting this to true disables shared RPC spans. # Not disabling is the most common setting when using Zipkin elsewhere in your infrastructure. ;disable_shared_zipkin_spans = false #################################### External Image Storage ############## [external_image_storage] # Used for uploading images to public servers so they can be included in slack/email messages. # You can choose between (s3, webdav, gcs, azure_blob, local) ;provider = [external_image_storage.s3] ;endpoint = ;path_style_access = ;bucket_url = ;bucket = ;region = ;path = ;access_key = ;secret_key = [external_image_storage.webdav] ;url = ;username = ;password = ;public_url = [external_image_storage.gcs] ;key_file = ;bucket = ;path = [external_image_storage.azure_blob] ;account_name = ;account_key = ;container_name = [external_image_storage.local] # does not require any configuration [rendering] # Options to configure a remote HTTP image rendering service, e.g. using https://github.com/grafana/grafana-image-renderer. # URL to a remote HTTP image renderer service, e.g. http://localhost:8081/render, will enable Grafana to render panels and dashboards to PNG-images using HTTP requests to an external service. ;server_url = # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/. ;callback_url = # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server, # which this setting can help protect against by only allowing a certain amount of concurrent requests. ;concurrent_render_request_limit = 30 [panels] # here for to support old env variables, can remove after a few months ;enable_alpha = false ;disable_sanitize_html = false [plugins] ;enable_alpha = false ;app_tls_skip_verify_insecure = false # Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. ;allow_loading_unsigned_plugins = #################################### Grafana Image Renderer Plugin ########################## [plugin.grafana-image-renderer] # Instruct headless browser instance to use a default timezone when not provided by Grafana, e.g. when rendering panel image of alert. # See ICU’s metaZones.txt (https://cs.chromium.org/chromium/src/third_party/icu/source/data/misc/metaZones.txt) for a list of supported # timezone IDs. Fallbacks to TZ environment variable if not set. ;rendering_timezone = # Instruct headless browser instance to use a default language when not provided by Grafana, e.g. when rendering panel image of alert. # Please refer to the HTTP header Accept-Language to understand how to format this value, e.g. 'fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5'. ;rendering_language = # Instruct headless browser instance to use a default device scale factor when not provided by Grafana, e.g. when rendering panel image of alert. # Default is 1. Using a higher value will produce more detailed images (higher DPI), but will require more disk space to store an image. ;rendering_viewport_device_scale_factor = # Instruct headless browser instance whether to ignore HTTPS errors during navigation. Per default HTTPS errors are not ignored. Due to # the security risk it's not recommended to ignore HTTPS errors. ;rendering_ignore_https_errors = # Instruct headless browser instance whether to capture and log verbose information when rendering an image. Default is false and will # only capture and log error messages. When enabled, debug messages are captured and logged as well. # For the verbose information to be included in the Grafana server log you have to adjust the rendering log level to debug, configure # [log].filter = rendering:debug. ;rendering_verbose_logging = # Instruct headless browser instance whether to output its debug and error messages into running process of remote rendering service. # Default is false. This can be useful to enable (true) when troubleshooting. ;rendering_dumpio = # Additional arguments to pass to the headless browser instance. Default is --no-sandbox. The list of Chromium flags can be found # here (https://peter.sh/experiments/chromium-command-line-switches/). Multiple arguments is separated with comma-character. ;rendering_args = # You can configure the plugin to use a different browser binary instead of the pre-packaged version of Chromium. # Please note that this is not recommended, since you may encounter problems if the installed version of Chrome/Chromium is not # compatible with the plugin. ;rendering_chrome_bin = # Instruct how headless browser instances are created. Default is 'default' and will create a new browser instance on each request. # Mode 'clustered' will make sure that only a maximum of browsers/incognito pages can execute concurrently. # Mode 'reusable' will have one browser instance and will create a new incognito page on each request. ;rendering_mode = # When rendering_mode = clustered you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser' # and will cluster using browser instances. # Mode 'context' will cluster using incognito pages. ;rendering_clustering_mode = # When rendering_mode = clustered you can define maximum number of browser instances/incognito pages that can execute concurrently.. ;rendering_clustering_max_concurrency = # Limit the maxiumum viewport width, height and device scale factor that can be requested. ;rendering_viewport_max_width = ;rendering_viewport_max_height = ;rendering_viewport_max_device_scale_factor = # Change the listening host and port of the gRPC server. Default host is 127.0.0.1 and default port is 0 and will automatically assign # a port not in use. ;grpc_host = ;grpc_port = [enterprise] ;license_path = [feature_toggles] # enable features, separated by spaces ;enable =