kibana/docs/management/advanced-options.asciidoc

[[advanced-options]]
== Advanced Settings

*Advanced Settings* control the behavior of {kib}. For example, you can change the format used to display dates,
specify the default index pattern, and set the precision for displayed decimal values.

. Open the main menu, then click *Stack Management > Advanced Settings*.
. Scroll or search for the setting.
. Make your change, then click *Save changes*.

[float]
=== Required permissions

The `Advanced Settings` {kib} privilege is required to access *Advanced Settings*.

When you have insufficient privileges to edit advanced settings, the edit options are not visible, and the following
indicator is displayed:

[role="screenshot"]
image::images/settings-read-only-badge.png[Example of Advanced Settings Management's read only access indicator in Kibana's header]

To add the privilege, open the main menu, then click *Stack Management > Roles*.

For more information on granting access to {kib}, refer to <<xpack-security-authorization>>.

[float]
[[kibana-settings-reference]]
=== {kib} settings reference

WARNING: Changing a setting can affect {kib} performance and cause problems
that are difficult to diagnose. Setting a property value to a blank field
reverts to the default behavior, which might not be compatible with other
configuration settings. Deleting a custom setting permanently removes it from {kib}.

[float]
[[kibana-general-settings]]
==== General

[horizontal]
[[auto-complete-use-time-tange]]`autocomplete:useTimeRange`::
When disabled, autocompletes the suggestions from your data set instead of the time range.

[[bfetch-disable-compression]]`bfetch:disableCompression`::
When disabled, allows you to debug individual requests, but increases the response size.

[[csv-quotevalues]]`csv:quoteValues`::
Set this property to `true` to quote exported values.

[[csv-separator]]`csv:separator`::
A string that serves as the separator for exported values.

[[dateformat]]`dateFormat`::
The format to use for displaying
https://momentjs.com/docs/#/displaying/format/[pretty formatted dates].

[[dateformat-dow]]`dateFormat:dow`::
The day that a week should start on.

[[dateformat-scaled]]`dateFormat:scaled`::
The values that define the format to use to render ordered time-based data.
Formatted timestamps must adapt to the interval between measurements. Keys are
http://en.wikipedia.org/wiki/ISO_8601#Time_intervals[ISO8601 intervals].

[[dateformat-tz]]`dateFormat:tz`::
The timezone that Kibana uses. The default value of `Browser` uses the timezone
detected by the browser.

[[datenanosformat]]`dateNanosFormat`::
The format to use for displaying
https://momentjs.com/docs/#/displaying/format/[pretty formatted dates] of
{ref}/date_nanos.html[Elasticsearch date_nanos type].

[[defaultindex]]`defaultIndex`::
The index to access if no index is set. The default is `null`.

[[defaultroute]]`defaultRoute`::
The default route when opening Kibana. Use this setting to route users to a
specific dashboard, application, or saved object as they enter each space.

[[fields-popularlimit]]`fields:popularLimit`::
The top N most popular fields to show.

[[fileupload-maxfilesize]]`fileUpload:maxFileSize`::
Sets the file size limit when importing files. The default
value is `100MB`. The highest supported value for this setting is `1GB`.

[[filtereditor-suggestvalues]]`filterEditor:suggestValues`::
Set this property to `false` to prevent the filter editor and KQL autocomplete
from suggesting values for fields.

[[autocomplete-valuesuggestionmethod]]`autocomplete:valueSuggestionMethod`::
When set to `terms_enum`, autocomplete uses the terms enum API for value suggestions. Kibana returns results faster, but suggestions are approximate, sorted alphabetically, and can be outside the selected time range.
When set to `terms_agg`, Kibana uses a terms aggregation for value suggestions, which is slower, but suggestions include all values that optionally match your time range and are sorted by popularity.
<<kibana-concepts-searching-your-data, Learn more>>.

[[autocomplete-usetimerange]]`autocomplete:useTimeRange`::
Disable this property to get autocomplete suggestions from your full dataset, rather than from the current time range. <<kibana-concepts-searching-your-data, Learn more>>.

[[filters-pinnedbydefault]]`filters:pinnedByDefault`::
Set this property to `true` to make filters have a global state (be pinned) by
default.

[[format-bytes-defaultpattern]]`format:bytes:defaultPattern`::
The default <<numeral, numeral pattern>> format for the "bytes" format.

[[format-currency-defaultpattern]]`format:currency:defaultPattern`::
The default <<numeral, numeral pattern>> format for the "currency" format.

[[format-defaulttypemap]]`format:defaultTypeMap`::
A map of the default format name for each field type. Field types that are not
explicitly mentioned use "\_default_".

[[format-number-defaultlocale]]`format:number:defaultLocale`::
The <<numeral, numeral pattern>> locale.

[[format-number-defaultpattern]]`format:number:defaultPattern`::
The <<numeral, numeral pattern>> for the "number" format.

[[format-percent-defaultpattern]]`format:percent:defaultPattern`::
The <<numeral, numeral pattern>> for the "percent" format.

[[histogram-bartarget]]`histogram:barTarget`::
When date histograms use the `auto` interval, Kibana attempts to generate this
number of bars.

[[histogram-maxbars]]`histogram:maxBars`::
To improve performance, limits the density of date and number histograms across {kib}
using a test query. When the test query contains too many buckets,
the interval between buckets increases. This setting applies separately
to each histogram aggregation, and does not apply to other types of aggregations.
To find the maximum value of this setting, divide the {es} `search.max_buckets`
value by the maximum number of aggregations in each visualization.

[[history-limit]]`history:limit`::
In fields that have history, such as query inputs, show this many recent values.

[[indexpattern-placeholder]]`indexPattern:placeholder`::
The default placeholder value to use in
*Management > Index Patterns > Create Index Pattern*.

[[metafields]]`metaFields`::
Fields that exist outside of `_source`. Kibana merges these fields into the
document when displaying it.

[[metrics:allowStringIndices]]`metrics:allowStringIndices`::
Enables you to use {es} indices in *TSVB* visualizations.

[[metrics-maxbuckets]]`metrics:max_buckets`::
Affects the *TSVB* histogram density. Must be set higher than `histogram:maxBars`.

[[query-allowleadingwildcards]]`query:allowLeadingWildcards`::
Allows a wildcard (*) as the first character in a query clause. Only applies
when experimental query features are enabled in the query bar. To disallow
leading wildcards in Lucene queries, use `query:queryString:options`.

[[query-querystring-options]]`query:queryString:options`::
Options for the Lucene query string parser. Only used when "Query language" is
set to Lucene.

[[savedobjects-listinglimit]]`savedObjects:listingLimit`::
The number of objects to fetch for lists of saved objects. The default value
is 1000. Do not set above 10000.

[[savedobjects-perpage]]`savedObjects:perPage`::
The number of objects to show on each page of the list of saved objects. The
default is 5.

[[search-querylanguage]]`search:queryLanguage`::
The query language to use in the query bar. Choices are <<kuery-query, KQL>>, a
language built specifically for {kib}, and the
<<lucene-query, Lucene query syntax>>.

[[shortdots-enable]]`shortDots:enable`::
Set this property to `true` to shorten long field names in visualizations. For
example, show `f.b.baz` instead of `foo.bar.baz`.

[[sort-options]]`sort:options`:: Options for the Elasticsearch
{ref}/search-request-body.html#request-body-search-sort[sort] parameter.

[[state-storeinsessionstorage]]`state:storeInSessionStorage`::
experimental:[]
Kibana tracks UI state in the URL, which can lead to problems
when there is a lot of state information, and the URL gets very long. Enabling
this setting stores part of the URL in your browser session to keep the URL
short.

[[theme-darkmode]]`theme:darkMode`::
Set to `true` to enable a dark mode for the {kib} UI. You must refresh the page
to apply the setting.

[[theme-version]]`theme:version`::
Specifies the {kib} theme. If you change the setting, refresh the page to apply the setting.

[[timepicker-quickranges]]`timepicker:quickRanges`::
The list of ranges to show in the Quick section of the time filter. This should
be an array of objects, with each object containing `from`, `to` (see
{ref}/common-options.html#date-math[accepted formats]), and `display` (the title
to be displayed).

[[timepicker-refreshintervaldefaults]]`timepicker:refreshIntervalDefaults`::
The default refresh interval for the time filter. Example:
`{ "display": "15 seconds", "pause": true, "value": 15000 }`.

[[timepicker-timedefaults]]`timepicker:timeDefaults`::
The default selection in the time filter.

[[truncate-maxheight]]`truncate:maxHeight`::
The maximum height that a cell occupies in a table. Set to 0 to disable
truncation.

[float]
[[presentation-labs]]
==== Presentation Labs

[horizontal]
[[labs-canvas-enable-ui]]`labs:canvas:enable_ui`::
When enabled, provides access to the experimental *Labs* features for *Canvas*.

[[labs-dashboard-defer-below-fold]]`labs:dashboard:deferBelowFold`::
When enabled, the panels that appear below the fold are loaded when they become visible on the dashboard.
_Below the fold_ refers to panels that are not immediately visible when you open a dashboard, but become visible as you scroll. For additional information, refer to <<defer-loading-panels-below-the-fold,Improve dashboard loading time>>.

[[labs-dashboard-enable-ui]]`labs:dashboard:enable_ui`::
When enabled, provides access to the experimental *Labs* features for *Dashboard*.

[float]
[[kibana-accessibility-settings]]
==== Accessibility

[horizontal]
[[accessibility-disableanimations]]`accessibility:disableAnimations`::
Turns off all unnecessary animations in the {kib} UI. Refresh the page to apply
the changes.

[float]
[[kibana-banners-settings]]
==== Banners

[NOTE]
====
Banners are a https://www.elastic.co/subscriptions[subscription feature].
====

[horizontal]
[[banners-placement]]`banners:placement`::
Set to `Top` to display a banner above the Elastic header for this space. Defaults to the value of
the `xpack.banners.placement` configuration property.

[[banners-textcontent]]`banners:textContent`::
The text to display inside the banner for this space, either plain text or Markdown.
Defaults to the value of the `xpack.banners.textContent` configuration property.

[[banners-textcolor]]`banners:textColor`::
The color for the banner text for this space. Defaults to the value of
the `xpack.banners.textColor` configuration property.

[[banners-backgroundcolor]]`banners:backgroundColor`::
The color of the banner background for this space. Defaults to the value of
the `xpack.banners.backgroundColor` configuration property.

[float]
[[kibana-dashboard-settings]]
==== Dashboard

[horizontal]
[[xpackdashboardmode-roles]]`xpackDashboardMode:roles`::
**Deprecated. Use <<kibana-feature-privileges,feature privileges>> instead.**
The roles that belong to <<xpack-dashboard-only-mode, dashboard only mode>>.

[float]
[[kibana-discover-settings]]
==== Discover

[horizontal]
[[context-defaultsize]]`context:defaultSize`::
The number of surrounding entries to display in the context view. The default
value is 5.

[[context-step]]`context:step`::
The number by which to increment or decrement the context size. The default
value is 5.

[[context-tiebreakerfields]]`context:tieBreakerFields`::
A comma-separated list of fields to use for breaking a tie between documents
that have the same timestamp value. The first field that is present and sortable
in the current index pattern is used.

[[defaultcolumns]]`defaultColumns`::
The columns that appear by default on the *Discover* page. The default is
`_source`.

[[discover-samplesize]]`discover:sampleSize`::
The number of rows to show in the *Discover* table.

[[discover-max-doc-fields-displayed]]`discover:maxDocFieldsDisplayed`::
Specifies the maximum number of fields to show in the document column of the *Discover* table.

[[discover-modify-columns-on-switch]]`discover:modifyColumnsOnSwitch`::
When enabled, removes the columns that are not in the new index pattern.

[[discover-sample-size]]`discover:sampleSize`::
Specifies the number of rows to display in the *Discover* table.

[[discover-searchFieldsFromSource]]`discover:searchFieldsFromSource`::
Load fields from the original JSON {ref}/mapping-source-field.html[`_source`].
When disabled, *Discover* loads fields using the {es} search API's
{ref}/search-fields.html#search-fields-param[`fields`] parameter.

[[discover-searchonpageload]]`discover:searchOnPageLoad`::
Controls whether a search is executed when *Discover* first loads. This setting
does not have an effect when loading a saved search.

[[discover:showMultiFields]]`discover:showMultiFields`::
When enabled, displays multi-fields in the expanded document view.

[[discover-sort-defaultorder]]`discover:sort:defaultOrder`::
The default sort direction for time-based index patterns.

[[doctable-hidetimecolumn]]`doc_table:hideTimeColumn`::
Hides the "Time" column in *Discover* and in all saved searches on dashboards.

[[doctable-highlight]]`doc_table:highlight`::
Highlights results in *Discover* and saved searches on dashboards. Highlighting
slows requests when working on big documents.

[[doctable-legacy]]`doc_table:legacy`::
Controls the way the document table looks and works. Set this property to `true` to revert to the legacy implementation.

[float]
[[kibana-ml-settings]]
==== Machine Learning

[horizontal]
[[ml-anomalydetection-results-enabletimedefaults]]`ml:anomalyDetection:results:enableTimeDefaults`::
Use the default time filter in the *Single Metric Viewer* and
*Anomaly Explorer*. If this setting is disabled, the results for the full time
range are shown.

[[ml-anomalydetection-results-timedefaults]]`ml:anomalyDetection:results:timeDefaults`::
Sets the default time filter for viewing {anomaly-job} results. This setting
must contain `from` and `to` values (see
{ref}/common-options.html#date-math[accepted formats]). It is ignored unless
`ml:anomalyDetection:results:enableTimeDefaults` is enabled.

[float]
[[kibana-notification-settings]]
==== Notifications

[horizontal]
[[notifications-banner]]`notifications:banner`::
A custom banner intended for temporary notices to all users. Supports
https://help.github.com/en/articles/basic-writing-and-formatting-syntax[Markdown].

[[notifications-lifetime-banner]]`notifications:lifetime:banner`::
The duration, in milliseconds, for banner notification displays. The default
value is 3000000.

[[notificatios-lifetime-error]]`notifications:lifetime:error`::
The duration, in milliseconds, for error notification displays. The default
value is 300000.

[[notifications-lifetime-info]]`notifications:lifetime:info`::
The duration, in milliseconds, for information notification displays. The
default value is 5000.

[[notifications-lifetime-warning]]`notifications:lifetime:warning`::
The duration, in milliseconds, for warning notification displays. The default
value is 10000.

[float]
[[observability-advanced-settings]]
==== Observability

[horizontal]
[[apm-enable-service-overview]]`apm:enableServiceOverview`::
When enabled, displays the *Overview* tab for services in *APM*.

[[observability-enable-inspect-es-queries]]`observability:enableInspectEsQueries`::
When enabled, allows you to inspect {es} queries in API responses.

[float]
[[kibana-reporting-settings]]
==== Reporting

[horizontal]
[[xpackreporting-custompdflogo]]`xpackReporting:customPdfLogo`::
A custom image to use in the footer of the PDF.

[float]
[[kibana-rollups-settings]]
==== Rollup

[horizontal]
[[rollups-enableindexpatterns]]`rollups:enableIndexPatterns`::
Enables the creation of index patterns that capture rollup indices, which in
turn enables visualizations based on rollup data. Refresh the page to apply the
changes.


[float]
[[kibana-search-settings]]
==== Search

[[courier-customrequestpreference]]`courier:customRequestPreference`::
{ref}/search-request-body.html#request-body-search-preference[Request preference]
to use when `courier:setRequestPreference` is set to "custom".

[[courier-ignorefilteriffieldnotinindex]]`courier:ignoreFilterIfFieldNotInIndex`::
Skips filters that apply to fields that don't exist in the index for a
visualization. Useful when dashboards consist of visualizations from multiple
index patterns.

[[courier-maxconcurrentshardrequests]]`courier:maxConcurrentShardRequests`::
Controls the {ref}/search-multi-search.html[max_concurrent_shard_requests]
setting used for `_msearch` requests sent by {kib}. Set to 0 to disable this
config and use the {es} default.

[[courier-setrequestpreference]]`courier:setRequestPreference`::
Enables you to set which shards handle your search requests.
* *Session ID:* Restricts operations to execute all search requests on the same
shards. This has the benefit of reusing shard caches across requests.
* *Custom:* Allows you to define your own preference. Use
`courier:customRequestPreference` to customize your preference value.
* *None:* Do not set a preference. This might provide better performance
because requests can be spread across all shard copies. However, results might
be inconsistent because different shards might be in different refresh states.

[[search-includefrozen]]`search:includeFrozen`::
**This setting is deprecated and will not be supported as of 9.0.**
Includes {ref}/frozen-indices.html[frozen indices] in results. Searching through
frozen indices might increase the search time. This setting is off by default.
Users must opt-in to include frozen indices.

[[search-timeout]]`search:timeout`:: Change the maximum timeout for a search
session or set to 0 to disable the timeout and allow queries to run to
completion.

[float]
[[kibana-siem-settings]]
==== Security Solution

[horizontal]
[[securitysolution-defaultanomalyscore]]`securitySolution:defaultAnomalyScore`::
The threshold above which {ml} job anomalies are displayed in the {security-app}.

[[securitysolution-defaultindex]]`securitySolution:defaultIndex`::
A comma-delimited list of {es} indices from which the {security-app} collects
events.

[[securitysolution-threatindices]]`securitySolution:defaultThreatIndex`::
A comma-delimited list of Threat Intelligence indices from which the {security-app} collects indicators.

[[securitysolution-enablenewsfeed]]`securitySolution:enableNewsFeed`:: Enables
the security news feed on the Security *Overview* page.

[[securitysolution-ipreputationlinks]]`securitySolution:ipReputationLinks`::
A JSON array containing links for verifying the reputation of an IP address. The
links are displayed on {security-guide}/network-page-overview.html[IP detail]
pages.

[[securitysolution-newsfeedurl]]`securitySolution:newsFeedUrl`::
The URL from which the security news feed content is retrieved.

[[securitysolution-refreshintervaldefaults]]`securitySolution:refreshIntervalDefaults`::
The default refresh interval for the Security time filter, in milliseconds.

[[security-solution-rules-table-refresh]]`securitySolution:rulesTableRefresh`::
The default period of time in the Security time filter.

[[securitysolution-timedefaults]]`securitySolution:timeDefaults`::
The default period of time in the Security time filter.

[float]
[[kibana-timelion-settings]]
==== Timelion

[[timelion-esdefaultindex]]`timelion:es.default_index`::
The default index when using the `.es()` query.

[[timelion-estimefield]]`timelion:es.timefield`::
The default field containing a timestamp when using the `.es()` query.

[[timelion-graphite-url]]`timelion:graphite.url`::
experimental:[]
Used with graphite queries, this is the URL of your graphite host
in the form https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite. This URL can
be selected from an allow-list configured in the `kibana.yml` under
`timelion.graphiteUrls`.

[[timelion-maxbuckets]]`timelion:max_buckets`::
The maximum number of buckets a single data source can return. This value is
used for calculating automatic intervals in visualizations.

[[timelion-mininterval]]`timelion:min_interval`::
The smallest interval to calculate when using "auto".

[[timelion-quandlkey]]`timelion:quandl.key`::
experimental:[]
Used with quandl queries, this is your API key from
https://www.quandl.com/[www.quandl.com].

[[timelion-targetbuckets]]`timelion:target_buckets`::
Used for calculating automatic intervals in visualizations, this is the number
of buckets to try to represent.

[[timelion-legacyChartsLibrary]]`timelion:legacyChartsLibrary`::
Enables the legacy charts library for timelion charts in Visualize.


[float]
[[kibana-visualization-settings]]
==== Visualization

[horizontal]
[[visualization-colormapping]]`visualization:colorMapping`::
**This setting is deprecated and will not be supported as of 8.0.**
Maps values to specific colors in charts using the *Compatibility* palette.

[[visualization-heatmap-maxbuckets]]`visualization:heatmap:maxBuckets`::
The maximum number of buckets a datasource can return. High numbers can have a negative impact on your browser rendering performance.

[[visualization-visualize-pieChartslibrary]]`visualization:visualize:legacyPieChartsLibrary`::
The visualize editor uses new pie charts with improved performance, color palettes, label positioning, and more. Enable this option if you prefer to use to the legacy charts library.

[[visualize-enablelabs]]`visualize:enableLabs`::
Enables users to create, view, and edit experimental visualizations. When disabled,
only production-ready visualizations are available to users.

[float]
[[kibana-telemetry-settings]]
==== Usage Data

[horizontal]
[[telemetry-enabled-advanced-setting]]`telemetry:enabled`::
When enabled, helps improve the Elastic Stack by providing usage statistics for
basic features. This data will not be shared outside of Elastic.