Grafana Enterprise configuration
This page describes Grafana Enterprise-specific configuration options that you can specify in a
.ini configuration file or using environment variables. Refer to Configuration for more information about available configuration options.
Local filesystem path to Grafana Enterprise’s license file.
Note: Available in Grafana Enterprise v7.4+.
When set to the text representation (i.e. content of the license file) of the license, Grafana will evaluate and apply the given license to the instance.
Note: Available in Grafana Enterprise v7.4+.
When enabled, Grafana will send the license and usage statistics to
the license issuer. If the license has been updated on the issuer’s
side to be valid for a different number of users or a new duration,
your Grafana instance will be updated with the new terms
automatically. Defaults to
Set to your company name to override application title.
Set to complete URL to override login logo.
Set to complete CSS background expression to override login background. Example:
[white_labeling] login_background = url(http://www.bhmpics.com/wallpapers/starfield-1920x1080.jpg)
Set to complete URL to override menu logo.
Set to complete URL to override fav icon (icon shown in browser tab).
Set to complete URL to override Apple/iOS icon.
List the link IDs to use here. Grafana will look for matching link configurations, the link IDs should be space-separated and contain no whitespace.
By exporting usage logs, you can directly query them and create dashboards of the information that matters to you most, such as dashboard errors, most active organizations, or your top-10 most-used queries.
Enable the usage insights export feature.
Specify a storage type. Defaults to
Set the communication protocol to use with Loki, which is either
http. Defaults to
Set the address for writing logs to Loki (format must be host:port).
Decide whether or not to enable the TLS (Transport Layer Security) protocol when establishing the connection to Loki. Defaults to true.
Interval for writing dashboard usage stats buffer to database.
Timeout for writing dashboard usage stats buffer to database.
Interval for trying to roll up per dashboard usage summary. Only rolled up at most once per day.
Timeout for trying to rollup per dashboard usage summary.
Age for recent active users.
Timeout for each panel rendering request.
Maximum number of concurrent calls to the rendering service.
Scale factor for rendering images. Value
2 is enough for monitor resolutions,
4 would be better for printed material. Setting a higher value affects performance and memory.
Path to the directory containing font files.
Name of the TrueType font file with regular style.
Name of the TrueType font file with bold style.
Name of the TrueType font file with italic style.
Auditing allows you to track important changes to your Grafana instance. By default, audit logs are logged to file but the auditing feature also supports sending logs directly to Loki.
Enable the auditing feature. Defaults to false.
List of enabled loggers.
Keep dashboard content in the logs (request or response fields). This can significantly increase the size of your logs.
Path to logs folder.
Maximum log files to keep.
Max size in megabytes per log file.
Set the URL for writing logs to Loki.
If true, it establishes a secure connection to Loki. Defaults to true.
If true, the feature is enabled. Defaults to false.
Base64-encoded public X.509 certificate. Used to sign requests to the IdP.
Path to the public X.509 certificate. Used to sign requests to the IdP.
Base64-encoded private key. Used to decrypt assertions from the IdP.
Path to the private key. Used to decrypt assertions from the IdP.
Base64-encoded IdP SAML metadata XML. Used to verify and obtain binding locations from the IdP.
Path to the SAML metadata XML. Used to verify and obtain binding locations from the IdP.
URL to fetch SAML IdP metadata. Used to verify and obtain binding locations from the IdP.
Time since the IdP issued a response and the SP is allowed to process it. Defaults to 90 seconds.
How long the SPs metadata is valid. Defaults to 48 hours.
Friendly name or name of the attribute within the SAML assertion to use as the user name.
Friendly name or name of the attribute within the SAML assertion to use as the user login handle.
Friendly name or name of the attribute within the SAML assertion to use as the user email.
Friendly name or name of the attribute within the SAML assertion to use as the user groups.
Friendly name or name of the attribute within the SAML assertion to use as the user roles.
Friendly name or name of the attribute within the SAML assertion to use as the user organization.
List of comma- or space-separated organizations. Each user must be a member of at least one organization to log in.
List of comma- or space-separated Organization:OrgId mappings.
List of comma- or space-separated roles that will be mapped to the Editor role.
List of comma- or space-separated roles that will be mapped to the Admin role.
List of comma- or space-separated roles that will be mapped to the Grafana Admin (Super Admin) role.
Location of the Vault server.
Vault namespace if using Vault with multi-tenancy.
Method for authenticating towards Vault. Vault is inactive if this option is not set. Current possible values:
Secret token to connect to Vault when auth_method is
Time between checking if there are any secrets which needs to be renewed.
Time until expiration for tokens which are renewed. Should have a value higher than lease_renewal_interval.
New duration for renewed tokens. Vault may be configured to ignore this value and impose a stricter limit.
Note: Available in Grafana Enterprise v7.4 and later versions.
Security egress makes it possible to control outgoing traffic from the Grafana server.
A list of hostnames or IP addresses separated by spaces for which requests are blocked.
A list of hostnames or IP addresses separated by spaces for which requests are allowed. All other requests are blocked.
A list of headers that are stripped from the outgoing data source and alerting requests.
A list of cookies that are stripped from the outgoing data source and alerting requests.
Note: Available in Grafana Enterprise v7.5 and later versions. Note: The Memcached cache backend is unavailable in Grafana Enterprise v7.5.
When query caching is enabled, Grafana temporarily stores the results of data source queries and serves cached responses to similar requests.
The caching backend to use when storing cached queries. Options: memory
Setting ‘enabled’ to true enables caching datasource queries for all data sources.
The default TTL (time to live) if no other TTL is available.
When storing cache data in-memory, this setting defines how often a background process cleans up stale data from the in-memory cache. More frequent “garbage collection” can keep memory usage from climbing but will increase CPU usage.
The full Redis URL of your Redis server. Example:
A string that prefixes all Redis keys. This value must be set if using a shared database in Redis. If
prefix is empty, then one will not be used.
Related Grafana video resources
All about Grafana plugins: Visualizing disparate data sources in one place
Grafana Enterprise plugins are integrations with other commercial monitoring tools (such as Datadog, Splunk, New Relic, ServiceNow, Oracle, and Dynatrace) that are created, maintained, and supported by the Grafana Labs team.
Demo: Getting started with Grafana Enterprise and observability
Join the Grafana Labs team for a 30-minute demo of how to get started with the Grafana Stack, so you can go from zero to observability in just a few minutes.