896b9cddbc
* [DOCS] Updates for navigation redesign * Getting started * Set up text * Discover * Dashboard, Graph, ML, Maps, APM, SIEM, Dev tools * Dev Tools, Stack Monitoring, Management * Management * Final changes * [DOCS] Updates for navigation redesign * [DOCS] Updates CCR monitoring screenshots * updates SIEM screenshot and Cases overview text * Added Brandon's APM image * [DOCS] Refines CCR shard screenshot * Removed merge conflict image file Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: Ben Skelker <ben.skelker@elastic.co>
289 lines
15 KiB
Plaintext
289 lines
15 KiB
Plaintext
[[advanced-options]]
|
|
== Advanced Settings
|
|
|
|
The *Advanced Settings* UI enables you to edit settings that control the behavior of Kibana.
|
|
For example, you can change the format used to display dates, specify the default index pattern, and set the precision
|
|
for displayed decimal values.
|
|
|
|
. Open the menu, then go to *Stack Management > {kib} > Advanced Settings*.
|
|
. Scroll or search for the setting you want to modify.
|
|
. Enter a new value for the setting.
|
|
. Click *Save changes*.
|
|
|
|
|
|
[float]
|
|
[[settings-read-only-access]]
|
|
=== [xpack]#Read only access#
|
|
When you have insufficient privileges to edit advanced settings, the following
|
|
indicator in Kibana will be displayed. The buttons to edit settings won't be visible.
|
|
For more information on granting access to Kibana see <<xpack-security-authorization>>.
|
|
|
|
[role="screenshot"]
|
|
image::images/settings-read-only-badge.png[Example of Advanced Settings Management's read only access indicator in Kibana's header]
|
|
|
|
[float]
|
|
[[kibana-settings-reference]]
|
|
=== Kibana settings reference
|
|
|
|
WARNING: Modifying a setting can affect {kib}
|
|
performance and cause problems that are
|
|
difficult to diagnose. Setting a property value to a blank field reverts
|
|
to the default behavior, which might not be
|
|
compatible with other configuration settings. Deleting a custom setting
|
|
removes it from {kib} permanently.
|
|
|
|
|
|
[float]
|
|
[[kibana-general-settings]]
|
|
==== General
|
|
|
|
[horizontal]
|
|
`csv:quoteValues`:: Set this property to `true` to quote exported values.
|
|
`csv:separator`:: A string that serves as the separator for exported values.
|
|
`dateFormat`:: The format to use for displaying https://momentjs.com/docs/#/displaying/format/[pretty formatted dates].
|
|
`dateFormat:dow`:: The day that a week should start on.
|
|
`dateFormat:scaled`:: The values that define the format to use to render ordered time-based data. Formatted timestamps must
|
|
adapt to the interval between measurements. Keys are http://en.wikipedia.org/wiki/ISO_8601#Time_intervals[ISO8601 intervals].
|
|
`dateFormat:tz`:: The timezone that Kibana uses. The default value of `Browser` uses the timezone detected by the browser.
|
|
`dateNanosFormat`:: The format to use for displaying https://momentjs.com/docs/#/displaying/format/[pretty formatted dates] of {ref}/date_nanos.html[Elasticsearch date_nanos type].
|
|
`defaultIndex`:: The index to access if no index is set. The default is `null`.
|
|
`defaultRoute`:: The default route when opening Kibana. Use this setting to route users to a specific dashboard, application, or saved object as they enter each space.
|
|
`fields:popularLimit`:: The top N most popular fields to show.
|
|
`filterEditor:suggestValues`:: Set this property to `false` to prevent the filter editor from suggesting values for fields.
|
|
`filters:pinnedByDefault`:: Set this property to `true` to make filters have a global state (be pinned) by default.
|
|
`format:bytes:defaultPattern`:: The default <<numeral, numeral pattern>> format for the "bytes" format.
|
|
`format:currency:defaultPattern`:: The default <<numeral, numeral pattern>> format for the "currency" format.
|
|
`format:defaultTypeMap`:: A map of the default format name for each field type. Field types that are not explicitly
|
|
mentioned use "\_default_".
|
|
`format:number:defaultLocale`:: The <<numeral, numeral pattern>> locale.
|
|
`format:number:defaultPattern`:: The <<numeral, numeral pattern>> for the "number" format.
|
|
`format:percent:defaultPattern`:: The <<numeral, numeral pattern>> for the "percent" format.
|
|
`histogram:barTarget`:: When date histograms use the `auto` interval, Kibana attempts to generate this number of bars.
|
|
`histogram:maxBars`:: Date histograms are not generated with more bars than the value of this property, scaling values
|
|
when necessary.
|
|
`history:limit`:: In fields that have history, such as query inputs, show this many recent values.
|
|
`indexPattern:placeholder`:: The default placeholder value to use in Management > Index Patterns > Create Index Pattern.
|
|
`metaFields`:: Fields that exist outside of `_source`. Kibana merges these fields
|
|
into the document when displaying it.
|
|
`metrics:max_buckets`:: The maximum numbers of buckets that a single
|
|
data source can return. This might arise when the user selects a
|
|
short interval (for example, 1s) for a long time period (1 year).
|
|
`pageNavigation`:: The style of navigation menu for Kibana.
|
|
Choices are Legacy, the legacy style where every plugin is represented in the nav,
|
|
and Modern, a new format that bundles related plugins together in flyaway nested navigation.
|
|
`query:allowLeadingWildcards`:: Allows a wildcard (*) as the first character
|
|
in a query clause. Only applies when experimental query features are
|
|
enabled in the query bar. To disallow leading wildcards in Lucene queries,
|
|
use `query:queryString:options`.
|
|
`query:queryString:options`:: Options for the Lucene query string parser. Only
|
|
used when "Query language" is set to Lucene.
|
|
`savedObjects:listingLimit`:: The number of objects to fetch for lists of saved objects.
|
|
The default value is 1000. Do not set above 10000.
|
|
`savedObjects:perPage`:: The number of objects to show on each page of the
|
|
list of saved objects. The default is 5.
|
|
`search:queryLanguage`:: The query language to use in the query bar.
|
|
Choices are <<kuery-query, KQL>>, a language built specifically for {kib}, and the <<lucene-query, Lucene
|
|
query syntax>>.
|
|
`shortDots:enable`:: Set this property to `true` to shorten long
|
|
field names in visualizations. For example, show `f.b.baz` instead of `foo.bar.baz`.
|
|
`sort:options`:: Options for the Elasticsearch {ref}/search-request-body.html#request-body-search-sort[sort] parameter.
|
|
`state:storeInSessionStorage`:: [experimental] Kibana tracks UI state in the
|
|
URL, which can lead to problems when there is a lot of state information,
|
|
and the URL gets very long.
|
|
Enabling this setting stores part of the URL in your browser session to keep the
|
|
URL short.
|
|
`theme:darkMode`:: Set to `true` to enable a dark mode for the {kib} UI. You must
|
|
refresh the page to apply the setting.
|
|
`timepicker:quickRanges`:: The list of ranges to show in the Quick section of
|
|
the time filter. This should be an array of objects, with each object containing
|
|
`from`, `to` (see {ref}/common-options.html#date-math[accepted formats]),
|
|
and `display` (the title to be displayed).
|
|
`timepicker:refreshIntervalDefaults`:: The default refresh interval for the time filter. Example: `{ "display": "15 seconds", "pause": true, "value": 15000 }`.
|
|
`timepicker:timeDefaults`:: The default selection in the time filter.
|
|
`truncate:maxHeight`:: The maximum height that a cell occupies in a table. Set to 0 to disable
|
|
truncation.
|
|
`xPack:defaultAdminEmail`:: Email address for X-Pack admin operations, such as
|
|
cluster alert notifications from Monitoring.
|
|
|
|
|
|
[float]
|
|
[[kibana-accessibility-settings]]
|
|
==== Accessibility
|
|
|
|
[horizontal]
|
|
`accessibility:disableAnimations`:: Turns off all unnecessary animations in the
|
|
{kib} UI. Refresh the page to apply the changes.
|
|
|
|
[float]
|
|
[[kibana-dashboard-settings]]
|
|
==== Dashboard
|
|
|
|
[horizontal]
|
|
`xpackDashboardMode:roles`:: **Deprecated. Use <<kibana-feature-privileges,feature privileges>> instead.**
|
|
The roles that belong to <<xpack-dashboard-only-mode, dashboard only mode>>.
|
|
|
|
[float]
|
|
[[kibana-discover-settings]]
|
|
==== Discover
|
|
|
|
[horizontal]
|
|
`context:defaultSize`:: The number of surrounding entries to display in the context view. The default value is 5.
|
|
`context:step`:: The number by which to increment or decrement the context size. The default value is 5.
|
|
`context:tieBreakerFields`:: A comma-separated list of fields to use
|
|
for breaking a tie between documents that have the same timestamp value. The first
|
|
field that is present and sortable in the current index pattern is used.
|
|
`defaultColumns`:: The columns that appear by default on the Discover page.
|
|
The default is `_source`.
|
|
`discover:aggs:terms:size`:: The number terms that are visualized when clicking
|
|
the Visualize button in the field drop down. The default is `20`.
|
|
`discover:sampleSize`:: The number of rows to show in the Discover table.
|
|
`discover:sort:defaultOrder`:: The default sort direction for time-based index patterns.
|
|
`discover:searchOnPageLoad`:: Controls whether a search is executed when Discover first loads.
|
|
This setting does not have an effect when loading a saved search.
|
|
`doc_table:hideTimeColumn`:: Hides the "Time" column in Discover and in all saved searches on dashboards.
|
|
`doc_table:highlight`:: Highlights results in Discover and saved searches on dashboards.
|
|
Highlighting slows requests when
|
|
working on big documents.
|
|
|
|
[float]
|
|
[[kibana-ml-settings]]
|
|
==== Machine learning
|
|
|
|
[horizontal]
|
|
`ml:fileDataVisualizerMaxFileSize`:: Sets the file size limit when importing
|
|
data in the {data-viz}. The default value is `100MB`. The highest supported
|
|
value for this setting is `1GB`.
|
|
|
|
|
|
[float]
|
|
[[kibana-notification-settings]]
|
|
==== Notifications
|
|
|
|
[horizontal]
|
|
`notifications:banner`:: A custom banner intended for temporary notices to all users.
|
|
Supports https://help.github.com/en/articles/basic-writing-and-formatting-syntax[Markdown].
|
|
`notifications:lifetime:banner`:: The duration, in milliseconds, for banner
|
|
notification displays. The default value is 3000000. Set this field to `Infinity`
|
|
to disable banner notifications.
|
|
`notifications:lifetime:error`:: The duration, in milliseconds, for error
|
|
notification displays. The default value is 300000. Set this field to `Infinity` to disable error notifications.
|
|
`notifications:lifetime:info`:: The duration, in milliseconds, for information notification displays.
|
|
The default value is 5000. Set this field to `Infinity` to disable information notifications.
|
|
`notifications:lifetime:warning`:: The duration, in milliseconds, for warning notification
|
|
displays. The default value is 10000. Set this field to `Infinity` to disable warning notifications.
|
|
|
|
|
|
|
|
[float]
|
|
[[kibana-reporting-settings]]
|
|
==== Reporting
|
|
|
|
[horizontal]
|
|
`xpackReporting:customPdfLogo`:: A custom image to use in the footer of the PDF.
|
|
|
|
|
|
[float]
|
|
[[kibana-rollups-settings]]
|
|
==== Rollup
|
|
|
|
[horizontal]
|
|
`rollups:enableIndexPatterns`:: Enables the creation of index patterns that
|
|
capture rollup indices, which in turn enables visualizations based on rollup data.
|
|
Refresh the page to apply the changes.
|
|
|
|
|
|
[float]
|
|
[[kibana-search-settings]]
|
|
==== Search
|
|
|
|
[horizontal]
|
|
`courier:batchSearches`:: **Deprecated in 7.6. Starting in 8.0, this setting will be optimized internally.**
|
|
When disabled, dashboard panels will load individually, and search requests will terminate when
|
|
users navigate away or update the query. When enabled, dashboard panels will load together when all of the data is loaded,
|
|
and searches will not terminate.
|
|
`courier:customRequestPreference`:: {ref}/search-request-body.html#request-body-search-preference[Request preference]
|
|
to use when `courier:setRequestPreference` is set to "custom".
|
|
`courier:ignoreFilterIfFieldNotInIndex`:: Skips filters that apply to fields that don't exist in the index for a visualization.
|
|
Useful when dashboards consist of visualizations from multiple index patterns.
|
|
`courier:maxConcurrentShardRequests`:: Controls the {ref}/search-multi-search.html[max_concurrent_shard_requests]
|
|
setting used for `_msearch` requests sent by {kib}. Set to 0 to disable this
|
|
config and use the {es} default.
|
|
`courier:setRequestPreference`:: Enables you to set which shards handle your search requests.
|
|
* *Session ID:* Restricts operations to execute all search requests on the same shards.
|
|
This has the benefit of reusing shard caches across requests.
|
|
* *Custom:* Allows you to define your own preference. Use `courier:customRequestPreference`
|
|
to customize your preference value.
|
|
* *None:* Do not set a preference. This might provide better performance
|
|
because requests can be spread across all shard copies. However, results might
|
|
be inconsistent because different shards might be in different refresh states.
|
|
`search:includeFrozen`:: Includes {ref}/frozen-indices.html[frozen indices] in results.
|
|
Searching through frozen indices
|
|
might increase the search time. This setting is off by default. Users must opt-in to include frozen indices.
|
|
|
|
[float]
|
|
[[kibana-siem-settings]]
|
|
==== SIEM
|
|
|
|
[horizontal]
|
|
`siem:defaultAnomalyScore`:: The threshold above which Machine Learning job anomalies are displayed in the SIEM app.
|
|
`siem:defaultIndex`:: A comma-delimited list of Elasticsearch indices from which the SIEM app collects events.
|
|
`siem:ipReputationLinks`:: A JSON array containing links for verifying the reputation of an IP address. The links are displayed on
|
|
{siem-guide}/siem-ui-overview.html#network-ui[IP detail] pages.
|
|
`siem:enableNewsFeed`:: Enables the security news feed on the SIEM *Overview*
|
|
page.
|
|
`siem:newsFeedUrl`:: The URL from which the security news feed content is
|
|
retrieved.
|
|
`siem:refreshIntervalDefaults`:: The default refresh interval for the SIEM time filter, in milliseconds.
|
|
`siem:timeDefaults`:: The default period of time in the SIEM time filter.
|
|
|
|
[float]
|
|
[[kibana-timelion-settings]]
|
|
==== Timelion
|
|
|
|
[horizontal]
|
|
`timelion:default_columns`:: The default number of columns to use on a Timelion sheet.
|
|
`timelion:default_rows`:: The default number of rows to use on a Timelion sheet.
|
|
`timelion:es.default_index`:: The default index when using the `.es()` query.
|
|
`timelion:es.timefield`:: The default field containing a timestamp when using the `.es()` query.
|
|
`timelion:graphite.url`:: [experimental] Used with graphite queries, this is the URL of your graphite host
|
|
in the form https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite. This URL can be
|
|
selected from a whitelist configured in the `kibana.yml` under `timelion.graphiteUrls`.
|
|
`timelion:max_buckets`:: The maximum number of buckets a single data source can return.
|
|
This value is used for calculating automatic intervals in visualizations.
|
|
`timelion:min_interval`:: The smallest interval to calculate when using "auto".
|
|
`timelion:quandl.key`:: [experimental] Used with quandl queries, this is your API key from https://www.quandl.com/[www.quandl.com].
|
|
`timelion:showTutorial`:: Shows the Timelion tutorial
|
|
to users when they first open the Timelion app.
|
|
`timelion:target_buckets`:: Used for calculating automatic intervals in visualizations,
|
|
this is the number of buckets to try to represent.
|
|
|
|
|
|
|
|
[float]
|
|
[[kibana-visualization-settings]]
|
|
==== Visualization
|
|
|
|
[horizontal]
|
|
`visualization:colorMapping`:: Maps values to specified colors in visualizations.
|
|
`visualization:dimmingOpacity`:: The opacity of the chart items that are dimmed
|
|
when highlighting another element of the chart. The lower this number, the more
|
|
the highlighted element stands out. This must be a number between 0 and 1.
|
|
`visualization:loadingDelay`:: The time to wait before dimming visualizations
|
|
during a query.
|
|
`visualization:regionmap:showWarnings`:: Shows
|
|
a warning in a region map when terms cannot be joined to a shape.
|
|
`visualization:tileMap:WMSdefaults`:: The default properties for the WMS map server support in the coordinate map.
|
|
`visualization:tileMap:maxPrecision`:: The maximum geoHash precision displayed on tile maps: 7 is high, 10 is very high,
|
|
and 12 is the maximum. See this
|
|
{ref}/search-aggregations-bucket-geohashgrid-aggregation.html#_cell_dimensions_at_the_equator[explanation of cell dimensions].
|
|
`visualize:enableLabs`:: Enables users to create, view, and edit experimental visualizations.
|
|
If disabled, only visualizations that are considered production-ready are available to the user.
|
|
|
|
|
|
[float]
|
|
[[kibana-telemetry-settings]]
|
|
==== Usage data
|
|
|
|
Helps improve the Elastic Stack by providing usage statistics for
|
|
basic features. This data will not be shared outside of Elastic.
|