This is documentation for the next version of Metrics enterprise. For the latest stable release, go to the latest version.
GEM supports creating access policies that can span multiple tenants. Doing so enables viewers in Grafana Enterprise to view data coming from more than one tenant simultaneously. For example, if there were a tenant called
team-engineering and a tenant called
team-finance, an administrator might want to query metrics from both tenants simultaneously.
A configured Grafana Enterprise Metrics cluster. To create a GEM cluster, refer to Set up GEM.
This guide will assume there are two tenants:
team-finance. To create a tenant, refer to Set up a GEM tenant.
Set up an access policy with tenant federation and a token
To allow queries to span both GEM tenants, which are for demonstration purposes named
create a new access policy called
leadership. The necessary steps are:
Create a new access policy
Add the tenants
team-finance. Alternatively, you can add the special tenant name
*to create an access policy that has access to all tenants in the cluster.
Create a new token for the access-policy and store the token in your clipboard:
Set up a Grafana data source using the access policy
Create a new Prometheus data source from the Grafana configuration menu.
Enter the URL of your GEM cluster, for example
From the Auth section, enable Basic auth.
In the User field, enter:
team-engineering|team-financewhere all the names of the tenants that you want to query across are separated by the
In the Password field, paste the token created in the token creation process.
Queries that are performed using this data source in either Explore or inside of dashboards are performed across all of the tenants that you specified in the User field, and are processed as if all of the data were in a single tenant.
To submit a query across all tenants that your access policy has access to, you can either:
- Explicitly set the name of all the tenants separated by a pipe character “|” in the username. For example, to query across
tenant3you would enter
- Set the username to a wildcard character “*”. This will query all tenants that the access policy grants you access to, without requiring you to explicitly specify the their names.
When using an access policy that has a wildcard (
*) as the username, you can query all tenants for that cluster by also specifying
* as the username in your data source URL.
Conversely, if you use a wildcard username in your data source URL with an access policy with specific tenants, that data source has access to only those tenants.
Related Metrics Enterprise resources
Running Prometheus-as-a-service with Grafana Enterprise Metrics
Introducing Grafana Enterprise Metrics (GME), a simple and scalable Prometheus service that is seamless to use, simple to maintain, and supported by Grafana Labs.
How Robinhood scaled from 100M to 700M time series with Grafana Enterprise Metrics
In this GrafanaCONline session, the Robinhood team tells how GME (GameStop) led to GEM (Grafana Enterprise Metrics).
Benchmarking Grafana Enterprise Metrics for horizontally scaling Prometheus up to 500 million active series
We stress-tested GEM to show how it horizontally scaled. One takeaway: Hardware usage scales linearly up to 500 million active series.