Merge pull request #267 from grafana/bump-version-8.3.7

Release: Bump version to 8.3.7

.circleci/config.yml

@@ -1,11 +0,0 @@
-version: 2.1
-jobs:
-  build:
-    docker:
-      - image: alpine:3.7
-    steps:
-      - run:
-          name: The First Step
-          command: |
-            echo 'Fake step!'
-

.drone.star

@@ -6,12 +6,16 @@
 
 load('scripts/drone/pipelines/pr.star', 'pr_pipelines')
 load('scripts/drone/pipelines/main.star', 'main_pipelines')
-load('scripts/drone/pipelines/release.star', 'release_pipelines', 'test_release_pipelines')
+load('scripts/drone/pipelines/docs.star', 'docs_pipelines')
+load('scripts/drone/pipelines/release.star', 'release_pipelines', 'publish_image_pipelines', 'publish_artifacts_pipelines', 'publish_npm_pipelines', 'publish_packages_pipeline')
 load('scripts/drone/version.star', 'version_branch_pipelines')
 load('scripts/drone/pipelines/cron.star', 'cronjobs')
 load('scripts/drone/vault.star', 'secrets')
 
 def main(ctx):
     edition = 'oss'
-    return pr_pipelines(edition=edition) + main_pipelines(edition=edition) + release_pipelines() + \
-        test_release_pipelines() + version_branch_pipelines() + cronjobs(edition=edition) + secrets()
+    return pr_pipelines(edition=edition) + docs_pipelines(edition=edition) + main_pipelines(edition=edition) + release_pipelines() + \
+        publish_image_pipelines('public') + publish_image_pipelines('security') + \
+        publish_artifacts_pipelines('security') + publish_artifacts_pipelines('public') + \
+        publish_npm_pipelines('public') + publish_packages_pipeline() + \
+        version_branch_pipelines() + cronjobs(edition=edition) + secrets()

.eslintignore

@@ -6,4 +6,6 @@ devenv
 data
 dist
 e2e/tmp
+scripts/grafana-server/tmp
 public/lib/monaco
+deployment_tools_config.json

.github/CODEOWNERS

@@ -83,7 +83,7 @@ go.sum @grafana/backend-platform
 /packages/grafana-ui/src/utils/storybook @grafana/plugins-platform-frontend
 /packages/jaeger-ui-components/ @grafana/observability-squad
 /plugins-bundled @grafana/plugins-platform-frontend
-/public @grafana/user-essentials
+# public folder
 /public/app/core/components/TimePicker @grafana/grafana-bi-squad
 /public/app/features/canvas/ @grafana/grafana-edge-squad
 /public/app/features/dimensions/ @grafana/grafana-edge-squad

.github/workflows/publish.yml

@@ -1,49 +0,0 @@
-name: publish_docs
-
-on:
-  push:
-    branches:
-    - main
-    paths:
-    - 'docs/sources/**'
-    - 'packages/grafana-*/**'
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v1
-    - run: git clone --single-branch --no-tags --depth 1 -b master https://grafanabot:${{ secrets.GH_BOT_ACCESS_TOKEN }}@github.com/grafana/website-sync ./.github/actions/website-sync
-    - name: generate-packages-docs
-      uses: actions/setup-node@v2.4.1
-      id: generate-docs
-      with:
-        node-version: '14'
-    - name: Get yarn cache directory path
-      id: yarn-cache-dir-path
-      run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
-    - uses: actions/cache@v2.1.6
-      with:
-        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-        key: yarn-${{ hashFiles('**/yarn.lock') }}
-        restore-keys: |
-            yarn-
-    - run: yarn install --immutable
-    - run: ./scripts/ci-reference-docs-build.sh
-    - name: publish-to-git
-      uses: ./.github/actions/website-sync
-      id: publish
-      with:
-        repository: grafana/website
-        branch: master
-        host: github.com
-        github_pat: '${{ secrets.GH_BOT_ACCESS_TOKEN }}'
-        source_folder: docs/sources
-        target_folder: content/docs/grafana/next
-        allow_no_changes: 'true'
-    - shell: bash
-      run: |
-        test -n "${{ steps.publish.outputs.commit_hash }}"
-        test -n "${{ steps.publish.outputs.working_directory }}"

.gitignore

@@ -13,6 +13,7 @@ public/dist/tsconfig.tsbuildinfo
 /emails/dist
 /reports
 /e2e/tmp
+/scripts/grafana-server/tmp
 vendor/
 /docs/menu.yaml
 /requests
@@ -137,6 +138,9 @@ compilation-stats.json
 !/e2e/**/screenshots/expected/*
 /e2e/**/videos/*
 
+# grafana server
+/scripts/grafana-server/server.log
+
 # a11y tests
 /pa11y-ci-results.json
 /pa11y-ci-report
@@ -149,3 +153,5 @@ compilation-stats.json
 
 # auto generated Go files
 *_gen.go
+
+deployment_tools_config.json

.pa11yci-pr.conf.js

@@ -6,6 +6,7 @@ var config = {
     chromeLaunchConfig: {
       args: ['--no-sandbox'],
     },
+    hideElements: '#updateVersion',
   },
 
   urls: [

.pa11yci.conf.js

@@ -6,6 +6,7 @@ var config = {
     chromeLaunchConfig: {
       args: ['--no-sandbox'],
     },
+    hideElements: '#updateVersion',
   },
 
   urls: [

.prettierignore

@@ -7,6 +7,7 @@ public/vendor/
 vendor/
 /data/
 e2e/tmp
+scripts/grafana-server/tmp
 public/build/
 public/sass/*.generated.scss
 devenv/

CHANGELOG.md

@@ -1,3 +1,288 @@
+<!-- 8.3.5 START -->
+
+# 8.3.5 (2022-02-08)
+
+- **Security**: Fixes CVE-2022-21702. For more information, see our [blog](https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/)
+- **Security**: Fixes CVE-2022-21703. For more information, see our [blog](https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/)
+- **Security**: Fixes CVE-2022-21713. For more information, see our [blog](https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/)
+
+<!-- 8.3.5 END -->
+<!-- 8.3.4 START -->
+
+# 8.3.4 (2022-01-17)
+
+### Features and enhancements
+
+- **Alerting:** Allow configuration of non-ready alertmanagers. [#43063](https://github.com/grafana/grafana/pull/43063), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Allow customization of Google chat message. [#43568](https://github.com/grafana/grafana/pull/43568), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Allow customization of Google chat message (#43568). [#43723](https://github.com/grafana/grafana/pull/43723), [@alexweav](https://github.com/alexweav)
+- **AppPlugins:** Support app plugins with only default nav. [#43016](https://github.com/grafana/grafana/pull/43016), [@torkelo](https://github.com/torkelo)
+- **InfluxDB:** InfluxQL: query editor: skip fields in metadata queries. [#42543](https://github.com/grafana/grafana/pull/42543), [@gabor](https://github.com/gabor)
+- **Postgres/MySQL/MSSQL:** Cancel in-flight SQL query if user cancels query in grafana. [#43890](https://github.com/grafana/grafana/pull/43890), [@mdvictor](https://github.com/mdvictor)
+- **Prometheus:** Forward oauth tokens after prometheus datasource migration. [#43686](https://github.com/grafana/grafana/pull/43686), [@MasslessParticle](https://github.com/MasslessParticle)
+
+### Bug fixes
+
+- **Azure Monitor:** Bug fix for variable interpolations in metrics dropdowns. [#43251](https://github.com/grafana/grafana/pull/43251), [@sarahzinger](https://github.com/sarahzinger)
+- **Azure Monitor:** Improved error messages for variable queries. [#43213](https://github.com/grafana/grafana/pull/43213), [@sunker](https://github.com/sunker)
+- **CloudMonitoring:** Fixes broken variable queries that use group bys. [#43914](https://github.com/grafana/grafana/pull/43914), [@sunker](https://github.com/sunker)
+- **Configuration:** You can now see your expired API keys if you have no active ones. [#42452](https://github.com/grafana/grafana/pull/42452), [@ashharrison90](https://github.com/ashharrison90)
+- **Elasticsearch:** Fix handling multiple datalinks for a single field. [#44029](https://github.com/grafana/grafana/pull/44029), [@Elfo404](https://github.com/Elfo404)
+- **Export:** Fix error being thrown when exporting dashboards using query variables that reference the default datasource. [#44034](https://github.com/grafana/grafana/pull/44034), [@ashharrison90](https://github.com/ashharrison90)
+- **ImportDashboard:** Fixes issue with importing dashboard and name ending up in uid. [#43451](https://github.com/grafana/grafana/pull/43451), [@torkelo](https://github.com/torkelo)
+- **Login:** Page no longer overflows on mobile. [#43739](https://github.com/grafana/grafana/pull/43739), [@ashharrison90](https://github.com/ashharrison90)
+- **Plugins:** Set backend metadata property for core plugins. [#43349](https://github.com/grafana/grafana/pull/43349), [@marefr](https://github.com/marefr)
+- **Prometheus:** Fill missing steps with null values. [#43622](https://github.com/grafana/grafana/pull/43622), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** Fix interpolation of $\_\_rate_interval variable. [#44035](https://github.com/grafana/grafana/pull/44035), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** Interpolate variables with curly brackets syntax. [#42927](https://github.com/grafana/grafana/pull/42927), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** Respect the http-method data source setting. [#42753](https://github.com/grafana/grafana/pull/42753), [@gabor](https://github.com/gabor)
+- **Table:** Fixes issue with field config applied to wrong fields when hiding columns. [#43376](https://github.com/grafana/grafana/pull/43376), [@torkelo](https://github.com/torkelo)
+- **Toolkit:** Fix bug with rootUrls not being properly parsed when signing a private plugin. [#43014](https://github.com/grafana/grafana/pull/43014), [@dessen-xu](https://github.com/dessen-xu)
+- **Variables:** Fix so data source variables are added to adhoc configuration. [#43881](https://github.com/grafana/grafana/pull/43881), [@hugohaggmark](https://github.com/hugohaggmark)
+
+### Plugin development fixes & changes
+
+- **Toolkit:** Revert build config so tslib is bundled with plugins to prevent plugins from crashing. [#43556](https://github.com/grafana/grafana/pull/43556), [@mckn](https://github.com/mckn)
+
+<!-- 8.3.4 END -->
+<!-- 8.3.3 START -->
+
+# 8.3.3 (2021-12-10)
+
+### Features and enhancements
+
+- **BarChart:** Use new data error view component to show actions in panel edit. [#42474](https://github.com/grafana/grafana/pull/42474), [@torkelo](https://github.com/torkelo)
+- **CloudMonitor:** Iterate over pageToken for resources. [#42546](https://github.com/grafana/grafana/pull/42546), [@iwysiu](https://github.com/iwysiu)
+- **Macaron:** Prevent WriteHeader invalid HTTP status code panic. [#42973](https://github.com/grafana/grafana/pull/42973), [@bergquist](https://github.com/bergquist)
+
+### Bug fixes
+
+- **AnnoListPanel:** Fix interpolation of variables in tags. [#42318](https://github.com/grafana/grafana/pull/42318), [@francoisdtm](https://github.com/francoisdtm)
+- **CloudWatch:** Allow queries to have no dimensions specified. [#42800](https://github.com/grafana/grafana/pull/42800), [@sunker](https://github.com/sunker)
+- **CloudWatch:** Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. [#42611](https://github.com/grafana/grafana/pull/42611), [@sunker](https://github.com/sunker)
+- **CloudWatch:** Make sure MatchExact flag gets the right value. [#42621](https://github.com/grafana/grafana/pull/42621), [@sunker](https://github.com/sunker)
+- **Dashboards:** Fix so that empty folders can be deleted from the manage dashboards/folders page. [#42527](https://github.com/grafana/grafana/pull/42527), [@ashharrison90](https://github.com/ashharrison90)
+- **InfluxDB:** Improve handling of metadata query errors in InfluxQL. [#42500](https://github.com/grafana/grafana/pull/42500), [@gabor](https://github.com/gabor)
+- **Loki:** Fix adding of ad hoc filters for queries with parser and line_format expressions. [#42590](https://github.com/grafana/grafana/pull/42590), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** Fix running of exemplar queries for non-histogram metrics. [#42749](https://github.com/grafana/grafana/pull/42749), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** Interpolate template variables in interval. [#42637](https://github.com/grafana/grafana/pull/42637), [@ivanahuckova](https://github.com/ivanahuckova)
+- **StateTimeline:** Fix toolitp not showing when for frames with multiple fields. [#42741](https://github.com/grafana/grafana/pull/42741), [@dprokop](https://github.com/dprokop)
+- **TraceView:** Fix virtualized scrolling when trace view is opened in right pane in Explore. [#42480](https://github.com/grafana/grafana/pull/42480), [@autoric](https://github.com/autoric)
+- **Variables:** Fix repeating panels for on time range changed variables. [#42828](https://github.com/grafana/grafana/pull/42828), [@hugohaggmark](https://github.com/hugohaggmark)
+- **Variables:** Fix so queryparam option works for scoped variables. [#42742](https://github.com/grafana/grafana/pull/42742), [@hugohaggmark](https://github.com/hugohaggmark)
+
+<!-- 8.3.3 END -->
+<!-- 8.3.2 START -->
+
+# 8.3.2 (2021-12-10)
+
+- **Security**: Fixes CVE-2021-43813 and CVE-2021-43815. For more information, see our [blog](https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/
+
+<!-- 8.3.2 END -->
+
+<!-- 8.3.1 START -->
+
+# 8.3.1 (2021-12-07)
+
+- **Security**: Fixes CVE-2021-43798. For more information, see our [blog](https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/)
+
+<!-- 8.3.1 END -->
+
+<!-- 8.3.0 START -->
+
+# 8.3.0 (2021-11-30)
+
+### Features and enhancements
+
+- **Alerting:** Prevent folders from being deleted when they contain alerts. [#42307](https://github.com/grafana/grafana/pull/42307), [@peterholmberg](https://github.com/peterholmberg)
+- **Alerting:** Show full preview value in tooltip. [#42445](https://github.com/grafana/grafana/pull/42445), [@peterholmberg](https://github.com/peterholmberg)
+- **BarGauge:** Limit title width when name is really long. [#42346](https://github.com/grafana/grafana/pull/42346), [@torkelo](https://github.com/torkelo)
+- **CloudMonitoring:** Avoid to escape regexps in filters. [#41961](https://github.com/grafana/grafana/pull/41961), [@andresmgot](https://github.com/andresmgot)
+- **CloudWatch:** Add support for AWS Metric Insights. [#42487](https://github.com/grafana/grafana/pull/42487), [@sunker](https://github.com/sunker)
+- **TooltipPlugin:** Remove other panels' shared tooltip in edit panel. [#42187](https://github.com/grafana/grafana/pull/42187), [@mdvictor](https://github.com/mdvictor)
+- **Visualizations:** Limit y label width to 40% of visualization width. [#42350](https://github.com/grafana/grafana/pull/42350), [@torkelo](https://github.com/torkelo)
+
+### Bug fixes
+
+- **Alerting:** Clear alerting rule evaluation errors after intermittent failures. [#42386](https://github.com/grafana/grafana/pull/42386), [@gotjosh](https://github.com/gotjosh)
+- **Alerting:** Fix refresh on legacy Alert List panel. [#42322](https://github.com/grafana/grafana/pull/42322), [@peterholmberg](https://github.com/peterholmberg)
+- **Dashboard:** Fix queries for panels with non-integer widths. [#42420](https://github.com/grafana/grafana/pull/42420), [@gabor](https://github.com/gabor)
+- **Explore:** Fix url update inconsistency. [#42288](https://github.com/grafana/grafana/pull/42288), [@gabor](https://github.com/gabor)
+- **Prometheus:** Fix range variables interpolation for time ranges smaller than 1 second. [#42242](https://github.com/grafana/grafana/pull/42242), [@ivanahuckova](https://github.com/ivanahuckova)
+- **ValueMappings:** Fixes issue with regex value mapping that only sets color. [#42311](https://github.com/grafana/grafana/pull/42311), [@torkelo](https://github.com/torkelo)
+
+<!-- 8.3.0 END -->
+<!-- 8.3.0-beta2 START -->
+
+# 8.3.0-beta2 (2021-11-25)
+
+### Features and enhancements
+
+- **Alerting:** Create DatasourceError alert if evaluation returns error. [#41869](https://github.com/grafana/grafana/pull/41869), [@gerobinson](https://github.com/gerobinson)
+- **Alerting:** Make Unified Alerting enabled by default for those who do not use legacy alerting. [#42200](https://github.com/grafana/grafana/pull/42200), [@armandgrillet](https://github.com/armandgrillet)
+- **Alerting:** Support mute timings configuration through the api for the embedded alert manager. [#41533](https://github.com/grafana/grafana/pull/41533), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **CloudWatch:** Add missing AWS/Events metrics. [#42164](https://github.com/grafana/grafana/pull/42164), [@n2N8Z](https://github.com/n2N8Z)
+- **Docs:** Add easier to find deprecation notices to certain data sources and to the changelog. [#41938](https://github.com/grafana/grafana/pull/41938), [@gabor](https://github.com/gabor)
+- **Plugins Catalog:** Enable install controls based on the pluginAdminEnabled flag. [#41686](https://github.com/grafana/grafana/pull/41686), [@leventebalogh](https://github.com/leventebalogh)
+- **Query caching:** Increase max_value_mb default to 10. (Enterprise)
+- **Table:** Add space between values for the DefaultCell. [#42246](https://github.com/grafana/grafana/pull/42246), [@kirederik](https://github.com/kirederik)
+- **Table:** Add space between values on JSONViewCell. [#42156](https://github.com/grafana/grafana/pull/42156), [@kirederik](https://github.com/kirederik)
+- **Tracing:** Make query editors available in dashboard for Tempo and Zipkin. [#41974](https://github.com/grafana/grafana/pull/41974), [@ivanahuckova](https://github.com/ivanahuckova)
+
+### Bug fixes
+
+- **AccessControl:** Renamed `orgs` roles, removed `fixed:orgs:reader` introduced in beta1. [#42049](https://github.com/grafana/grafana/pull/42049), [@gamab](https://github.com/gamab)
+- **Azure Monitor:** Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. [#41449](https://github.com/grafana/grafana/pull/41449), [@sarahzinger](https://github.com/sarahzinger)
+- **CodeEditor:** Prevent suggestions from being clipped. [#42120](https://github.com/grafana/grafana/pull/42120), [@kaydelaney](https://github.com/kaydelaney)
+- **Dashboard:** Fix cache timeout persistence. [#42204](https://github.com/grafana/grafana/pull/42204), [@hugohaggmark](https://github.com/hugohaggmark)
+- **Datasource:** Fix stable sort order of query responses. [#41868](https://github.com/grafana/grafana/pull/41868), [@marefr](https://github.com/marefr)
+- **Explore:** Fix error in query history when removing last item. [#42179](https://github.com/grafana/grafana/pull/42179), [@gabor](https://github.com/gabor)
+- **Logs:** Fix requesting of older logs when flipped order. [#41966](https://github.com/grafana/grafana/pull/41966), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Prometheus:** Fix running of health check query based on access mode. [#42189](https://github.com/grafana/grafana/pull/42189), [@ivanahuckova](https://github.com/ivanahuckova)
+- **TextPanel:** Fix suggestions for existing panels. [#42195](https://github.com/grafana/grafana/pull/42195), [@hugohaggmark](https://github.com/hugohaggmark)
+- **Tracing:** Fix incorrect indentations due to reoccurring spanIDs. [#41919](https://github.com/grafana/grafana/pull/41919), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Tracing:** Show start time of trace with milliseconds precision. [#42132](https://github.com/grafana/grafana/pull/42132), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Variables:** Make renamed or missing variable section expandable. [#41964](https://github.com/grafana/grafana/pull/41964), [@hugohaggmark](https://github.com/hugohaggmark)
+
+### Breaking changes
+
+### Grafana 8 Alerting enabled by default for installations that do not use legacy alerting
+
+Starting with Grafana v8.3.0, if you have **not** explicitly disabled unified alerting and **do not** have legacy alerts set up you are automatically "migrated" to Grafana 8 Alerting.
+
+A migration **from legacy to Grafana 8 Alerting** will never incur a data loss, as the previous data is kept around for rollback purposes. However, going from **Grafana 8 Alerting to legacy alerting** will delete all the data created for Grafana 8 Alerting. It is recommended that you **backup your database** before attempting a migration between systems.
+
+If unclear, please verify the table below:
+
+| `[alerting][enabled]` | `[unified_alerting][enabled]` | With Existing Legacy Alerts | Result             |
+| --------------------- | ----------------------------- | --------------------------- | ------------------ |
+| `true`                | `true`                        | N/A                         | Error              |
+| `true`                | `false`                       | N/A                         | Legacy Alerting    |
+| `true`                | not set                       | Yes                         | Legacy Alerting    |
+| `true`                | not set                       | No                          | Grafana 8 Alerting |
+| not set               | `true`                        | N/A                         | Grafana 8 Alerting |
+| not set               | `false`                       | N/A                         | Legacy Alerting    |
+| not set               | not set                       | Yes                         | Legacy Alerting    |
+| not set               | not set                       | No                          | Grafana 8 Alerting |
+| `false`               | `true`                        | N/A                         | Grafana 8 Alerting |
+| `false`               | `false`                       | N/A                         | Alerting disabled  |
+| `false`               | not set                       | N/A                         | Grafana 8 Alerting |
+
+N/A in the "With Existing Legacy Alerts" column means that it does not matter if you have legacy alerts or not.
+Issue [#42200](https://github.com/grafana/grafana/issues/42200)
+
+### Keep Last State for "If execution error or timeout" when upgrading to Grafana 8 alerting
+
+In Grafana 8.3.0-beta2 we changed how alert rules that use `Keep Last State` for `If execution error or timeout` are upgraded from Legacy Alerting to Grafana 8 alerting. In 8.3.0-beta1 and earlier, alert rules with `Keep Last State` for `If execution error or timeout` were changed to `Alerting` when upgrading from Legacy Alerting to Grafana 8 alerting. However, in 8.3.0-beta2 these alert rules are now upgraded to a new option called `Error`. With this option, on encountering an error evaluating an alert rule, Grafana creates a special alert called `DatasourceError` with the `rule_uid` and `ref_id` as labels and an annotation called `Error` with the error message. Issue [#41869](https://github.com/grafana/grafana/issues/41869)
+
+### Deprecations
+
+The access mode "browser" is deprecated in the following data sources and will be removed in a later release:
+
+- Prometheus
+- InfluxDB
+- Elasticsearch Issue [#41938](https://github.com/grafana/grafana/issues/41938)
+
+### Plugin development fixes & changes
+
+- **Select:** Select menus now properly scroll during keyboard navigation. [#41917](https://github.com/grafana/grafana/pull/41917), [@ashharrison90](https://github.com/ashharrison90)
+
+<!-- 8.3.0-beta2 END -->
+<!-- 8.3.0-beta1 START -->
+
+# 8.3.0-beta1 (2021-11-18)
+
+### Features and enhancements
+
+- **AccessControl:** Apply fine-grained access control to licensing. (Enterprise)
+- **Alerting:** Add UI for contact point testing with custom annotations and labels. [#40491](https://github.com/grafana/grafana/pull/40491), [@nathanrodman](https://github.com/nathanrodman)
+- **Alerting:** Make alert state indicator in panel header work with Grafana 8 alerts. [#38713](https://github.com/grafana/grafana/pull/38713), [@domasx2](https://github.com/domasx2)
+- **Alerting:** Option for Discord notifier to use webhook name. [#40463](https://github.com/grafana/grafana/pull/40463), [@Skyebold](https://github.com/Skyebold)
+- **Annotations:** Deprecate AnnotationsSrv. [#39631](https://github.com/grafana/grafana/pull/39631), [@hugohaggmark](https://github.com/hugohaggmark)
+- **Auditing:** Add audit logs for unified alerting endpoints. (Enterprise)
+- **Auditing:** Add endpoints (plugins, datasources, library elements). (Enterprise)
+- **Auth:** Omit all base64 paddings in JWT tokens for the JWT auth. [#35602](https://github.com/grafana/grafana/pull/35602), [@gillg](https://github.com/gillg)
+- **Azure Monitor:** Clean up fields when editing Metrics. [#41762](https://github.com/grafana/grafana/pull/41762), [@andresmgot](https://github.com/andresmgot)
+- **AzureMonitor:** Add new starter dashboards. [#39876](https://github.com/grafana/grafana/pull/39876), [@jcolladokuri](https://github.com/jcolladokuri)
+- **AzureMonitor:** Add starter dashboard for app monitoring with Application Insights. [#40725](https://github.com/grafana/grafana/pull/40725), [@jcolladokuri](https://github.com/jcolladokuri)
+- **Barchart/Time series:** Allow x axis label. [#41142](https://github.com/grafana/grafana/pull/41142), [@oscarkilhed](https://github.com/oscarkilhed)
+- **CLI:** Improve error handling for installing plugins. [#41257](https://github.com/grafana/grafana/pull/41257), [@marefr](https://github.com/marefr)
+- **CloudMonitoring:** Migrate to use backend plugin SDK contracts. [#38650](https://github.com/grafana/grafana/pull/38650), [@idafurjes](https://github.com/idafurjes)
+- **CloudWatch Logs:** Add retry strategy for hitting max concurrent queries. [#39290](https://github.com/grafana/grafana/pull/39290), [@aocenas](https://github.com/aocenas)
+- **CloudWatch:** Add AWS RoboMaker metrics and dimension. [#41450](https://github.com/grafana/grafana/pull/41450), [@ilyastoli](https://github.com/ilyastoli)
+- **CloudWatch:** Add AWS Transfer metrics and dimension. [#41168](https://github.com/grafana/grafana/pull/41168), [@ilyastoli](https://github.com/ilyastoli)
+- **Dashboard:** replace datasource name with a reference object. [#33817](https://github.com/grafana/grafana/pull/33817), [@ryantxu](https://github.com/ryantxu)
+- **Dashboards:** Show logs on time series when hovering. [#40110](https://github.com/grafana/grafana/pull/40110), [@ryantxu](https://github.com/ryantxu)
+- **Elasticsearch:** Add support for Elasticsearch 8.0 (Beta). [#41729](https://github.com/grafana/grafana/pull/41729), [@Elfo404](https://github.com/Elfo404)
+- **Elasticsearch:** Add time zone setting to Date Histogram aggregation. [#40882](https://github.com/grafana/grafana/pull/40882), [@Elfo404](https://github.com/Elfo404)
+- **Elasticsearch:** Enable full range log volume histogram. [#41202](https://github.com/grafana/grafana/pull/41202), [@ifrost](https://github.com/ifrost)
+- **Elasticsearch:** Full range logs volume. [#40700](https://github.com/grafana/grafana/pull/40700), [@ifrost](https://github.com/ifrost)
+- **Explore:** Allow changing the graph type. [#40522](https://github.com/grafana/grafana/pull/40522), [@gabor](https://github.com/gabor)
+- **Explore:** Show ANSI colors when highlighting matched words in the logs panel. [#40971](https://github.com/grafana/grafana/pull/40971), [@oliverfrye](https://github.com/oliverfrye)
+- **Graph(old) panel:** Listen to events from Time series panel. [#41033](https://github.com/grafana/grafana/pull/41033), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Import:** Load gcom dashboards from URL. [#41799](https://github.com/grafana/grafana/pull/41799), [@ashharrison90](https://github.com/ashharrison90)
+- **LibraryPanels:** Improves export and import of library panels between orgs. [#39214](https://github.com/grafana/grafana/pull/39214), [@hugohaggmark](https://github.com/hugohaggmark)
+- **OAuth:** Support PKCE. [#39948](https://github.com/grafana/grafana/pull/39948), [@sakjur](https://github.com/sakjur)
+- **Panel edit:** Overrides now highlight correctly when searching. [#41684](https://github.com/grafana/grafana/pull/41684), [@ashharrison90](https://github.com/ashharrison90)
+- **PanelEdit:** Display drag indicators on draggable sections. [#41711](https://github.com/grafana/grafana/pull/41711), [@ashharrison90](https://github.com/ashharrison90)
+- **Plugins:** Refactor Plugin Management. [#40477](https://github.com/grafana/grafana/pull/40477), [@wbrowne](https://github.com/wbrowne)
+- **Prometheus:** Add custom query parameters when creating PromLink url. [#41213](https://github.com/grafana/grafana/pull/41213), [@Ian-Yy](https://github.com/Ian-Yy)
+- **Prometheus:** Remove limits on metrics, labels, and values in Metrics Browser. [#40660](https://github.com/grafana/grafana/pull/40660), [@autoric](https://github.com/autoric)
+- **StateTimeline:** Share cursor with rest of the panels. [#41038](https://github.com/grafana/grafana/pull/41038), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Tempo:** Add error details when json upload fails. [#41803](https://github.com/grafana/grafana/pull/41803), [@aocenas](https://github.com/aocenas)
+- **Tempo:** Add filtering for service graph query. [#41162](https://github.com/grafana/grafana/pull/41162), [@aocenas](https://github.com/aocenas)
+- **Tempo:** Add links to nodes in Service Graph pointing to Prometheus metrics. [#41135](https://github.com/grafana/grafana/pull/41135), [@aocenas](https://github.com/aocenas)
+- **Time series/Bar chart panel:** Add ability to sort series via legend. [#40226](https://github.com/grafana/grafana/pull/40226), [@zoltanbedi](https://github.com/zoltanbedi)
+- **TimeSeries:** Allow multiple axes for the same unit. [#41635](https://github.com/grafana/grafana/pull/41635), [@dprokop](https://github.com/dprokop)
+- **TraceView:** Allow span links defined on dataFrame. [#40563](https://github.com/grafana/grafana/pull/40563), [@aocenas](https://github.com/aocenas)
+- **Transformations:** Support a rows mode in labels to fields. [#41020](https://github.com/grafana/grafana/pull/41020), [@ryantxu](https://github.com/ryantxu)
+- **ValueMappings:** Don't apply field config defaults to time fields. [#41132](https://github.com/grafana/grafana/pull/41132), [@torkelo](https://github.com/torkelo)
+- **Variables:** Only update panels that are impacted by variable change. [#39420](https://github.com/grafana/grafana/pull/39420), [@hugohaggmark](https://github.com/hugohaggmark)
+
+### Bug fixes
+
+- **API:** Fix dashboard quota limit for imports. [#41495](https://github.com/grafana/grafana/pull/41495), [@yangkb09](https://github.com/yangkb09)
+- **Alerting:** Fix rule editor issues with Azure Monitor data source. [#41317](https://github.com/grafana/grafana/pull/41317), [@domasx2](https://github.com/domasx2)
+- **Azure monitor:** Make sure alert rule editor is not enabled when template variables are being used. [#41335](https://github.com/grafana/grafana/pull/41335), [@sunker](https://github.com/sunker)
+- **CloudMonitoring:** Fix annotation queries. [#41529](https://github.com/grafana/grafana/pull/41529), [@sunker](https://github.com/sunker)
+- **CodeEditor:** Trigger the latest getSuggestions() passed to CodeEditor. [#40544](https://github.com/grafana/grafana/pull/40544), [@DukeManh](https://github.com/DukeManh)
+- **Dashboard:** Remove the current panel from the list of options in the Dashboard datasource. [#41826](https://github.com/grafana/grafana/pull/41826), [@ashharrison90](https://github.com/ashharrison90)
+- **Encryption:** Fix decrypting secrets in alerting migration. [#41061](https://github.com/grafana/grafana/pull/41061), [@undef1nd](https://github.com/undef1nd)
+- **InfluxDB:** Fix corner case where index is too large in ALIAS field. [#41562](https://github.com/grafana/grafana/pull/41562), [@gabor](https://github.com/gabor)
+- **NavBar:** Order App plugins alphabetically. [#40078](https://github.com/grafana/grafana/pull/40078), [@ashharrison90](https://github.com/ashharrison90)
+- **NodeGraph:** Fix zooming sensitivity on touchpads. [#40718](https://github.com/grafana/grafana/pull/40718), [@aocenas](https://github.com/aocenas)
+- **Plugins:** Add OAuth pass-through logic to api/ds/query endpoint. [#41352](https://github.com/grafana/grafana/pull/41352), [@wbrowne](https://github.com/wbrowne)
+- **Snapshots:** Fix panel inspector for snapshot data. [#41530](https://github.com/grafana/grafana/pull/41530), [@joshhunt](https://github.com/joshhunt)
+- **Tempo:** Fix basic auth password reset on adding tag. [#41808](https://github.com/grafana/grafana/pull/41808), [@aocenas](https://github.com/aocenas)
+- **ValueMapping:** Fixes issue with regex mappings. [#41515](https://github.com/grafana/grafana/pull/41515), [@mcdee](https://github.com/mcdee)
+
+### Plugin development fixes & changes
+
+- **grafana/ui:** Enable slider marks display. [#41275](https://github.com/grafana/grafana/pull/41275), [@dprokop](https://github.com/dprokop)
+
+<!-- 8.2.7 START -->
+
+# 8.2.7 (2021-12-07)
+
+- **Security**: Fixes CVE-2021-43798. For more information, see our [blog](https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/)
+
+<!-- 8.2.7 END -->
+
+<!-- 8.2.6 START -->
+
+# 8.2.6 (2021-12-02)
+
+### Features and enhancements
+
+- **Security:** Upgrade Docker base image to Alpine 3.14.3. [#42061](https://github.com/grafana/grafana/pull/42061), [@dsotirakis](https://github.com/dsotirakis)
+- **Security:** Upgrade Go to 1.17.2. [#42427](https://github.com/grafana/grafana/pull/42427), [@idafurjes](https://github.com/idafurjes)
+
+### Bug fixes
+
+- **TimeSeries:** Fix fillBelowTo wrongly affecting fills of unrelated series. [#41998](https://github.com/grafana/grafana/pull/41998), [@leeoniya](https://github.com/leeoniya)
+
+<!-- 8.2.6 END -->
+<!-- 8.3.0-beta1 END -->
 <!-- 8.2.5 START -->
 
 # 8.2.5 (2021-11-18)
@@ -5,6 +290,7 @@
 ### Bug fixes
 
 - **Alerting:** Fix a bug where the metric in the evaluation string was not correctly populated. [#41731](https://github.com/grafana/grafana/pull/41731), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. [#41305](https://github.com/grafana/grafana/pull/41305), [@gerobinson](https://github.com/gerobinson)
 - **CloudMonitoring:** Ignore min and max aggregation in MQL queries. [#41302](https://github.com/grafana/grafana/pull/41302), [@sunker](https://github.com/sunker)
 - **Dashboards:** 'Copy' is no longer added to new dashboard titles. [#41344](https://github.com/grafana/grafana/pull/41344), [@joshhunt](https://github.com/joshhunt)
 - **DataProxy:** Fix overriding response body when response is a WebSocket upgrade. [#41364](https://github.com/grafana/grafana/pull/41364), [@marefr](https://github.com/marefr)
@@ -15,6 +301,14 @@
 - **Tempo:** Fix validation of float durations. [#41400](https://github.com/grafana/grafana/pull/41400), [@ivanahuckova](https://github.com/ivanahuckova)
 - **Tracing:** Correct tags for each span are shown. [#41473](https://github.com/grafana/grafana/pull/41473), [@ivanahuckova](https://github.com/ivanahuckova)
 
+### Breaking changes
+
+### Fix No Data behaviour in Legacy Alerting
+
+In Grafana 8.2.5 and later, this change fixes a bug in the evaluation of alert rules when using the AND operator to compare two or more conditions. In Grafana 8.2.4 and earlier such alert rules would evaluate to `OK` if at least one, but not all, conditions returned no data. This change fixes that bug such that in Grafana 8.2.5 these alert rules now evaluate to `No Data`.
+
+If an alert should evaluate to `OK` when one or all conditions return `No Data` then this can be done via changing `If no data or all values are null` to `OK`. However, this will not preserve the old behaviour in 8.2.4 where an alert will be `OK` if at least one, but not all, conditions return no data and then `No Data` if all conditions return `No Data`. Issue [#41305](https://github.com/grafana/grafana/issues/41305)
+
 <!-- 8.2.5 END -->
 <!-- 8.2.4 START -->
 
@@ -253,6 +547,14 @@ Panel queries and/or annotation queries that used more than one statistic will b
 
 <!-- 8.2.0-beta1 END -->
 
+<!-- 8.1.8 START -->
+
+# 8.1.8 (2021-12-07)
+
+- **Security**: Fixes CVE-2021-43798. For more information, see our [blog](https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/)
+
+<!-- 8.1.8 END -->
+
 <!-- 8.1.7 START -->
 
 # 8.1.7 (2021-10-06)
@@ -527,6 +829,14 @@ Issue [#33879](https://github.com/grafana/grafana/issues/33879)
 
 <!-- 8.1.0-beta1 END -->
 
+<!-- 8.0.7 START -->
+
+# 8.0.7 (2021-12-07)
+
+- **Security**: Fixes CVE-2021-43798. For more information, see our [blog](https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/)
+
+<!-- 8.0.7 END -->
+
 <!-- 8.0.6 START -->
 
 # 8.0.6 (2021-07-14)
@@ -958,6 +1268,24 @@ Issue [#33352](https://github.com/grafana/grafana/issues/33352)
 - **AGPL License:** Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). [#33184](https://github.com/grafana/grafana/pull/33184)
 
 <!-- 8.0.0-beta1 END -->
+<!-- 7.5.15 START -->
+
+# 7.5.15 (2022-02-08)
+
+- **Security**: Fixes CVE-2022-21702. For more information, see our [blog](https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/)
+- **Security**: Fixes CVE-2022-21703. For more information, see our [blog](https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/)
+- **Security**: Fixes CVE-2022-21713. For more information, see our [blog](https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/)
+
+<!-- 7.5.15 END -->
+<!-- 7.5.13 START -->
+
+# 7.5.13 (2022-01-18)
+
+### Bug fixes
+
+- **[v7.5.x] Alerting:** Fix NoDataFound for alert rules using AND operator (#41305). [#44066](https://github.com/grafana/grafana/pull/44066), [@armandgrillet](https://github.com/armandgrillet)
+
+<!-- 7.5.13 END -->
 
 <!-- 7.5.11 START -->
 

CONTRIBUTING.md

@@ -76,6 +76,6 @@ Before we can accept your pull request, you need to [sign our CLA](https://grafa
 ## Where do I go from here?
 
 - Set up your [development environment](contribute/developer-guide.md).
-- Learn how to [contribute documentation](contribute/documentation.md).
+- Learn how to [contribute documentation](contribute/README.md).
 - Get started [developing plugins](https://grafana.com/docs/grafana/latest/developers/plugins/) for Grafana.
-- Look through the resources in the [contribute](https://github.com/grafana/grafana/tree/main/contribute) folder.
+- Look through the resources in the [contribute](contribute) folder.

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:16-alpine3.14 as js-builder
+FROM node:16-alpine3.15 as js-builder
 
 ENV NODE_OPTIONS=--max_old_space_size=8000
 
@@ -20,14 +20,13 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.0-alpine3.14 as go-builder
+FROM golang:1.17.7-alpine3.15 as go-builder
 
 RUN apk add --no-cache gcc g++ make
 
 WORKDIR /grafana
 
 COPY go.mod go.sum embed.go Makefile build.go package.json ./
-COPY ./local/* ./local/
 COPY cue cue
 COPY packages/grafana-schema packages/grafana-schema
 COPY public/app/plugins public/app/plugins
@@ -40,7 +39,7 @@ RUN go mod verify
 RUN make build-go
 
 # Final stage
-FROM alpine:3.14.2
+FROM alpine:3.15
 
 LABEL maintainer="Grafana team <hello@grafana.com>"
 

Dockerfile.ubuntu

@@ -1,4 +1,4 @@
-FROM node:16-alpine3.14 as js-builder
+FROM node:16-alpine3.15 as js-builder
 
 ENV NODE_OPTIONS=--max_old_space_size=8000
 
@@ -21,7 +21,7 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.0 AS go-builder
+FROM golang:1.17.7 AS go-builder
 
 WORKDIR /src/grafana
 

Makefile

@@ -158,7 +158,7 @@ gen-ts:
 # you modify starlark files.
 drone: $(DRONE)
 	$(DRONE) starlark --format
-	$(DRONE) lint .drone.yml
+	$(DRONE) lint .drone.yml --trusted
 	$(DRONE) --server https://drone.grafana.net sign --save grafana/grafana
 
 help: ## Display this help.

conf/defaults.ini

@@ -228,9 +228,12 @@ admin_password = admin
 # used for signing
 secret_key = SW2YcwTIb9zpOOhoPsMm
 
-# key provider used for envelope encryption, default to static value specified by secret_key
+# current key provider used for envelope encryption, default to static value specified by secret_key
 encryption_provider = secretKey
 
+# list of configured key providers, space separated (Enterprise only): e.g., awskms.v1 azurekv.v1
+available_encryption_providers =
+
 # disable gravatar profile images
 disable_gravatar = false
 
@@ -285,8 +288,8 @@ content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-in
 [snapshots]
 # snapshot sharing options
 external_enabled = true
-external_snapshot_url = https://snapshots-origin.raintank.io
-external_snapshot_name = Publish to snapshot.raintank.io
+external_snapshot_url = https://snapshots.raintank.io
+external_snapshot_name = Publish to snapshots.raintank.io
 
 # Set to true to enable this Grafana instance act as an external snapshot server and allow unauthenticated requests for
 # creating and deleting snapshots.
@@ -735,8 +738,8 @@ global_alert_rule = -1
 
 #################################### Unified Alerting ####################
 [unified_alerting]
-# Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed.
-enabled = false
+# Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed when switching. When this configuration section and flag are not defined, the state is defined at runtime. See the documentation for more details.
+enabled =
 
 # Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled.
 disabled_orgs =
@@ -790,8 +793,8 @@ min_interval = 10s
 
 #################################### Alerting ############################
 [alerting]
-# Disable legacy alerting engine & UI features
-enabled = true
+# Enable the legacy alerting sub-system and interface. If Unified Alerting is already enabled and you try to go back to legacy alerting, all data that is part of Unified Alerting will be deleted. When this configuration section and flag are not defined, the state is defined at runtime. See the documentation for more details.
+enabled =
 
 # Makes it possible to turn off alert execution but alerting UI is visible
 execute_alerts = true
@@ -968,7 +971,7 @@ enable_alpha = false
 app_tls_skip_verify_insecure = false
 # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
 allow_loading_unsigned_plugins =
-# Enable or disable installing plugins directly from within Grafana.
+# Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
 plugin_admin_enabled = true
 plugin_admin_external_manage_enabled = false
 plugin_catalog_url = https://grafana.com/grafana/plugins/
@@ -1040,12 +1043,14 @@ rendering_chrome_bin =
 # Mode 'reusable' will have one browser instance and will create a new incognito page on each request.
 rendering_mode =
 
-# When rendering_mode = clustered you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
+# When rendering_mode = clustered, you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
 # and will cluster using browser instances.
 # Mode 'context' will cluster using incognito pages.
 rendering_clustering_mode =
-# When rendering_mode = clustered you can define maximum number of browser instances/incognito pages that can execute concurrently..
+# When rendering_mode = clustered, you can define the maximum number of browser instances/incognito pages that can execute concurrently. Default is '5'.
 rendering_clustering_max_concurrency =
+# When rendering_mode = clustered, you can specify the duration a rendering request can take before it will time out. Default is `30` seconds.
+rendering_clustering_timeout =
 
 # Limit the maximum viewport width, height and device scale factor that can be requested.
 rendering_viewport_max_width =

conf/sample.ini

@@ -222,9 +222,12 @@
 # used for signing
 ;secret_key = SW2YcwTIb9zpOOhoPsMm
 
-# key provider used for envelope encryption, default to static value specified by secret_key
+# current key provider used for envelope encryption, default to static value specified by secret_key
 ;encryption_provider = secretKey
 
+# list of configured key providers, space separated (Enterprise only): e.g., awskms.v1 azurekv.v1
+;available_encryption_providers =
+
 # disable gravatar profile images
 ;disable_gravatar = false
 
@@ -279,8 +282,8 @@
 [snapshots]
 # snapshot sharing options
 ;external_enabled = true
-;external_snapshot_url = https://snapshots-origin.raintank.io
-;external_snapshot_name = Publish to snapshot.raintank.io
+;external_snapshot_url = https://snapshots.raintank.io
+;external_snapshot_name = Publish to snapshots.raintank.io
 
 # Set to true to enable this Grafana instance act as an external snapshot server and allow unauthenticated requests for
 # creating and deleting snapshots.
@@ -713,7 +716,7 @@
 #################################### Unified Alerting ####################
 [unified_alerting]
 #Enable the Unified Alerting sub-system and interface. When enabled we'll migrate all of your alert rules and notification channels to the new system. New alert rules will be created and your notification channels will be converted into an Alertmanager configuration. Previous data is preserved to enable backwards compatibility but new data is removed.```
-;enabled = false
+;enabled = true
 
 # Comma-separated list of organization IDs for which to disable unified alerting. Only supported if unified alerting is enabled.
 ;disabled_orgs =
@@ -768,7 +771,7 @@
 #################################### Alerting ############################
 [alerting]
 # Disable legacy alerting engine & UI features
-;enabled = true
+;enabled = false
 
 # Makes it possible to turn off alert execution but alerting UI is visible
 ;execute_alerts = true
@@ -941,7 +944,7 @@
 ;app_tls_skip_verify_insecure = false
 # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
 ;allow_loading_unsigned_plugins =
-# Enable or disable installing plugins directly from within Grafana.
+# Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
 ;plugin_admin_enabled = false
 ;plugin_admin_external_manage_enabled = false
 ;plugin_catalog_url = https://grafana.com/grafana/plugins/
@@ -1012,12 +1015,14 @@
 # Mode 'reusable' will have one browser instance and will create a new incognito page on each request.
 ;rendering_mode =
 
-# When rendering_mode = clustered you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
+# When rendering_mode = clustered, you can instruct how many browsers or incognito pages can execute concurrently. Default is 'browser'
 # and will cluster using browser instances.
 # Mode 'context' will cluster using incognito pages.
 ;rendering_clustering_mode =
-# When rendering_mode = clustered you can define maximum number of browser instances/incognito pages that can execute concurrently..
+# When rendering_mode = clustered, you can define the maximum number of browser instances/incognito pages that can execute concurrently. Default is '5'.
 ;rendering_clustering_max_concurrency =
+# When rendering_mode = clustered, you can specify the duration a rendering request can take before it will time out. Default is `30` seconds.
+;rendering_clustering_timeout =
 
 # Limit the maximum viewport width, height and device scale factor that can be requested.
 ;rendering_viewport_max_width =

contribute/developer-guide.md

@@ -81,7 +81,23 @@ When you log in for the first time, Grafana asks you to change your password.
 
 The Grafana backend includes SQLite which requires GCC to compile. So in order to compile Grafana on Windows you need to install GCC. We recommend [TDM-GCC](http://tdm-gcc.tdragon.net/download). Eventually, if you use [Scoop](https://scoop.sh), you can install GCC through that.
 
-You can simply build the back-end as follows: `go run build.go build`. The Grafana binaries will be in bin\\windows-amd64.
+You can build the back-end as follows:
+
+1. Follow the [instructions](https://github.com/google/wire#installing) to install the Wire tool.
+2. Generate code using Wire:
+
+```
+# Normally Wire tool installed at $GOPATH/bin/wire.exe
+<Wire tool install path> gen -tags oss ./pkg/server ./pkg/cmd/grafana-cli/runner
+```
+
+3. Build the Grafana binaries:
+
+```
+go run build.go build
+```
+
+The Grafana binaries will be in bin\\windows-amd64.
 Alternately, if you wish to use the `make` command, install [Make for Windows](http://gnuwin32.sourceforge.net/packages/make.htm) and use it in a Unix shell (f.ex. Git Bash).
 
 ## Test Grafana

contribute/style-guides/e2e-core.md

@@ -16,8 +16,8 @@ BASE_URL=http://172.0.10.2:3333 yarn e2e
 
 The above commands use some utils scripts under [_\<repo-root>/e2e_](../../e2e) that can also be used for more control.
 
-- `./e2e/start-server` This creates a fresh new grafana server working dir, setup's config and starts the server. It will also kill any previously started server that is still running using pid file at _\<repo-root>/e2e/tmp/pid_.
-- `./e2e/wait-for-grafana` waits for `$HOST` and `$PORT` to be available. Per default localhost and 3001.
+- `./scripts/grafana-server/start-server` This creates a fresh new grafana server working dir, setup's config and starts the server. It will also kill any previously started server that is still running using pid file at _\<repo-root>/scripts/grafana-server/tmp/pid_.
+- `./scripts/grafana-server/wait-for-grafana` waits for `$HOST` and `$PORT` to be available. Per default localhost and 3001.
 - `./e2e/run-suite <debug|dev|noarg>` Starts cypress in different modes.
 
 ## Test suites

devenv/dev-dashboards/datasource-testdata/new_features_in_v74.json

@@ -1991,7 +1991,7 @@
             "axisLabel": "",
             "axisPlacement": "auto",
             "drawStyle": "line",
-            "fillOpacity": 29,
+            "fillOpacity": 0,
             "gradientMode": {
               "label": "None",
               "value": "none"
@@ -2054,6 +2054,18 @@
                 "value": 0
               }
             ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "value"
+            },
+            "properties": [
+              {
+                "id": "custom.fillOpacity",
+                "value": 0
+              }
+            ]
           }
         ]
       },

devenv/dev-dashboards/panel-candlestick/candlestick.json

@@ -1,522 +1,481 @@
 {
-    "annotations": {
-      "list": [
-        {
-          "builtIn": 1,
-          "datasource": "-- Grafana --",
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations & Alerts",
-          "target": {
-            "limit": 100,
-            "matchAny": false,
-            "tags": [],
-            "type": "dashboard"
-          },
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": "-- Grafana --",
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
           "type": "dashboard"
-        }
-      ]
-    },
-    "editable": true,
-    "fiscalYearStartMonth": 0,
-    "graphTooltip": 2,
-    "id": 319,
-    "links": [],
-    "liveNow": false,
-    "panels": [
-      {
-        "fieldConfig": {
-          "defaults": {
-            "color": {
-              "mode": "palette-classic"
-            },
-            "custom": {
-              "axisLabel": "",
-              "axisPlacement": "auto",
-              "barAlignment": 0,
-              "drawStyle": "line",
-              "fillOpacity": 0,
-              "gradientMode": "none",
-              "hideFrom": {
-                "legend": false,
-                "tooltip": false,
-                "viz": false
-              },
-              "lineInterpolation": "linear",
-              "lineStyle": {
-                "dash": [
-                  10,
-                  10
-                ],
-                "fill": "dash"
-              },
-              "lineWidth": 1,
-              "pointSize": 5,
-              "scaleDistribution": {
-                "type": "linear"
-              },
-              "showPoints": "never",
-              "spanNulls": false,
-              "stacking": {
-                "group": "A",
-                "mode": "none"
-              },
-              "thresholdsStyle": {
-                "mode": "off"
-              }
-            },
-            "mappings": [],
-            "thresholds": {
-              "mode": "absolute",
-              "steps": [
-                {
-                  "color": "green"
-                },
-                {
-                  "color": "red",
-                  "value": 80
-                }
-              ]
-            },
-            "unit": "currencyUSD"
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "sma"
-              },
-              "properties": [
-                {
-                  "id": "color",
-                  "value": {
-                    "fixedColor": "orange",
-                    "mode": "fixed"
-                  }
-                },
-                {
-                  "id": "custom.lineWidth",
-                  "value": 5
-                },
-                {
-                  "id": "custom.lineStyle",
-                  "value": {
-                    "dash": [
-                      0,
-                      20
-                    ],
-                    "fill": "dot"
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "bolup"
-              },
-              "properties": [
-                {
-                  "id": "custom.fillBelowTo",
-                  "value": "boldn"
-                },
-                {
-                  "id": "custom.fillOpacity",
-                  "value": 8
-                },
-                {
-                  "id": "color",
-                  "value": {
-                    "fixedColor": "blue",
-                    "mode": "fixed"
-                  }
-                }
-              ]
-            }
-          ]
         },
-        "gridPos": {
-          "h": 16,
-          "w": 12,
-          "x": 0,
-          "y": 0
-        },
-        "id": 2,
-        "options": {
-          "colorStrategy": "open-close",
-          "colors": {
-            "down": "red",
-            "up": "green"
-          },
-          "fields": {},
-          "legend": {
-            "calcs": [],
-            "displayMode": "list",
-            "placement": "bottom"
-          },
-          "mode": "candles+volume",
-          "candleStyle": "candles"
-        },
-        "targets": [
-          {
-            "csvFileName": "ohlc_dogecoin.csv",
-            "refId": "A",
-            "scenarioId": "csv_file"
-          }
-        ],
-        "title": "Price & Volume",
-        "type": "candlestick"
-      },
-      {
-        "fieldConfig": {
-          "defaults": {
-            "color": {
-              "mode": "palette-classic"
-            },
-            "custom": {
-              "axisLabel": "",
-              "axisPlacement": "auto",
-              "barAlignment": 0,
-              "drawStyle": "line",
-              "fillOpacity": 0,
-              "gradientMode": "none",
-              "hideFrom": {
-                "legend": false,
-                "tooltip": false,
-                "viz": false
-              },
-              "lineInterpolation": "linear",
-              "lineWidth": 1,
-              "pointSize": 5,
-              "scaleDistribution": {
-                "type": "linear"
-              },
-              "showPoints": "auto",
-              "spanNulls": false,
-              "stacking": {
-                "group": "A",
-                "mode": "none"
-              },
-              "thresholdsStyle": {
-                "mode": "off"
-              }
-            },
-            "mappings": [],
-            "thresholds": {
-              "mode": "absolute",
-              "steps": [
-                {
-                  "color": "green"
-                },
-                {
-                  "color": "red",
-                  "value": 80
-                }
-              ]
-            },
-            "unit": "currencyUSD"
-          },
-          "overrides": []
-        },
-        "gridPos": {
-          "h": 20,
-          "w": 12,
-          "x": 12,
-          "y": 0
-        },
-        "id": 7,
-        "options": {
-          "colorStrategy": "close-close",
-          "colors": {
-            "down": "red",
-            "up": "green"
-          },
-          "fields": {},
-          "legend": {
-            "calcs": [],
-            "displayMode": "list",
-            "placement": "bottom"
-          },
-          "mode": "candles",
-          "candleStyle": "candles"
-        },
-        "targets": [
-          {
-            "csvFileName": "ohlc_dogecoin.csv",
-            "refId": "A",
-            "scenarioId": "csv_file"
-          }
-        ],
-        "title": "Price Only, Hollow Candles",
-        "transformations": [
-          {
-            "id": "filterFieldsByName",
-            "options": {
-              "include": {
-                "names": [
-                  "time",
-                  "open",
-                  "high",
-                  "low",
-                  "close"
-                ]
-              }
-            }
-          }
-        ],
-        "type": "candlestick"
-      },
-      {
-        "fieldConfig": {
-          "defaults": {
-            "color": {
-              "mode": "palette-classic"
-            },
-            "custom": {
-              "axisLabel": "",
-              "axisPlacement": "auto",
-              "barAlignment": 0,
-              "drawStyle": "line",
-              "fillOpacity": 0,
-              "gradientMode": "none",
-              "hideFrom": {
-                "legend": false,
-                "tooltip": false,
-                "viz": false
-              },
-              "lineInterpolation": "linear",
-              "lineWidth": 1,
-              "pointSize": 5,
-              "scaleDistribution": {
-                "type": "linear"
-              },
-              "showPoints": "auto",
-              "spanNulls": false,
-              "stacking": {
-                "group": "A",
-                "mode": "none"
-              },
-              "thresholdsStyle": {
-                "mode": "off"
-              }
-            },
-            "mappings": [],
-            "thresholds": {
-              "mode": "absolute",
-              "steps": [
-                {
-                  "color": "green"
-                },
-                {
-                  "color": "red",
-                  "value": 80
-                }
-              ]
-            },
-            "unit": "currencyUSD"
-          },
-          "overrides": []
-        },
-        "gridPos": {
-          "h": 10,
-          "w": 12,
-          "x": 0,
-          "y": 16
-        },
-        "id": 6,
-        "options": {
-          "colorStrategy": "open-close",
-          "colors": {
-            "down": "red",
-            "up": "blue"
-          },
-          "fields": { },
-          "legend": {
-            "calcs": [],
-            "displayMode": "list",
-            "placement": "bottom"
-          },
-          "mode": "candles",
-          "candleStyle": "ohlcbars"
-        },
-        "targets": [
-          {
-            "csvFileName": "ohlc_dogecoin.csv",
-            "refId": "A",
-            "scenarioId": "csv_file"
-          }
-        ],
-        "title": "Price Only, OHLC Bars",
-        "transformations": [
-          {
-            "id": "filterFieldsByName",
-            "options": {
-              "include": {
-                "names": [
-                  "time",
-                  "open",
-                  "high",
-                  "low",
-                  "close"
-                ]
-              }
-            }
-          }
-        ],
-        "type": "candlestick"
-      },
-      {
-        "fieldConfig": {
-          "defaults": {
-            "color": {
-              "mode": "palette-classic"
-            },
-            "custom": {
-              "axisLabel": "",
-              "axisPlacement": "auto",
-              "barAlignment": 0,
-              "drawStyle": "line",
-              "fillOpacity": 100,
-              "gradientMode": "none",
-              "hideFrom": {
-                "legend": false,
-                "tooltip": false,
-                "viz": false
-              },
-              "lineInterpolation": "linear",
-              "lineWidth": 1,
-              "pointSize": 5,
-              "scaleDistribution": {
-                "type": "linear"
-              },
-              "showPoints": "auto",
-              "spanNulls": false,
-              "stacking": {
-                "group": "A",
-                "mode": "none"
-              },
-              "thresholdsStyle": {
-                "mode": "off"
-              }
-            },
-            "mappings": [],
-            "thresholds": {
-              "mode": "absolute",
-              "steps": [
-                {
-                  "color": "green"
-                },
-                {
-                  "color": "red",
-                  "value": 80
-                }
-              ]
-            },
-            "unit": "currencyUSD"
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "open"
-              },
-              "properties": [
-                {
-                  "id": "custom.hideFrom",
-                  "value": {
-                    "legend": true,
-                    "tooltip": true,
-                    "viz": true
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "close"
-              },
-              "properties": [
-                {
-                  "id": "custom.hideFrom",
-                  "value": {
-                    "legend": true,
-                    "tooltip": true,
-                    "viz": true
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 6,
-          "w": 12,
-          "x": 12,
-          "y": 20
-        },
-        "id": 4,
-        "options": {
-          "colorStrategy": "open-close",
-          "colors": {
-            "down": "red",
-            "up": "yellow"
-          },
-          "fields": {},
-          "legend": {
-            "calcs": [],
-            "displayMode": "list",
-            "placement": "bottom"
-          },
-          "mode": "volume",
-          "candleStyle": "candles"
-        },
-        "targets": [
-          {
-            "csvFileName": "ohlc_dogecoin.csv",
-            "refId": "A",
-            "scenarioId": "csv_file"
-          }
-        ],
-        "title": "Volume Only,  Alt Colors, 100% Opacity",
-        "transformations": [
-          {
-            "id": "filterFieldsByName",
-            "options": {
-              "include": {
-                "names": [
-                  "time",
-                  "volume",
-                  "open",
-                  "close"
-                ]
-              }
-            }
-          }
-        ],
-        "type": "candlestick"
+        "type": "dashboard"
       }
-    ],
-    "refresh": false,
-    "schemaVersion": 33,
-    "style": "dark",
-    "tags": [
-      "gdev",
-      "panel-tests",
-      "graph-ng"
-    ],
-    "templating": {
-      "list": []
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 2,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineStyle": {
+              "dash": [
+                10,
+                10
+              ],
+              "fill": "dash"
+            },
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "currencyUSD"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "sma"
+            },
+            "properties": [
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "orange",
+                  "mode": "fixed"
+                }
+              },
+              {
+                "id": "custom.lineWidth",
+                "value": 5
+              },
+              {
+                "id": "custom.lineStyle",
+                "value": {
+                  "dash": [
+                    0,
+                    20
+                  ],
+                  "fill": "dot"
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "bolup"
+            },
+            "properties": [
+              {
+                "id": "custom.fillBelowTo",
+                "value": "boldn"
+              },
+              {
+                "id": "custom.fillOpacity",
+                "value": 8
+              },
+              {
+                "id": "color",
+                "value": {
+                  "fixedColor": "blue",
+                  "mode": "fixed"
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 16,
+        "w": 12,
+        "x": 0,
+        "y": 0
+      },
+      "id": 2,
+      "options": {
+        "candleStyle": "candles",
+        "colorStrategy": "open-close",
+        "colors": {
+          "down": "red",
+          "up": "green"
+        },
+        "fields": {},
+        "includeAllFields": true,
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom"
+        },
+        "mode": "candles+volume"
+      },
+      "targets": [
+        {
+          "csvFileName": "ohlc_dogecoin.csv",
+          "refId": "A",
+          "scenarioId": "csv_file"
+        }
+      ],
+      "title": "Price & Volume",
+      "type": "candlestick"
     },
-    "time": {
-      "from": "2021-07-13T22:13:30.740Z",
-      "to": "2021-07-13T22:46:18.921Z"
+    {
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "currencyUSD"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 20,
+        "w": 12,
+        "x": 12,
+        "y": 0
+      },
+      "id": 7,
+      "options": {
+        "candleStyle": "candles",
+        "colorStrategy": "close-close",
+        "colors": {
+          "down": "red",
+          "up": "green"
+        },
+        "fields": {},
+        "includeAllFields": false,
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom"
+        },
+        "mode": "candles"
+      },
+      "targets": [
+        {
+          "csvFileName": "ohlc_dogecoin.csv",
+          "refId": "A",
+          "scenarioId": "csv_file"
+        }
+      ],
+      "title": "Price Only, Hollow Candles",
+      "transformations": [],
+      "type": "candlestick"
     },
-    "timepicker": {},
-    "timezone": "",
-    "title": "Candlestick",
-    "uid": "MP-Di9F7k",
-    "version": 7,
-    "weekStart": ""
-  }
+    {
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "currencyUSD"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 10,
+        "w": 12,
+        "x": 0,
+        "y": 16
+      },
+      "id": 6,
+      "options": {
+        "candleStyle": "ohlcbars",
+        "colorStrategy": "open-close",
+        "colors": {
+          "down": "red",
+          "up": "blue"
+        },
+        "fields": {},
+        "includeAllFields": false,
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom"
+        },
+        "mode": "candles"
+      },
+      "targets": [
+        {
+          "csvFileName": "ohlc_dogecoin.csv",
+          "refId": "A",
+          "scenarioId": "csv_file"
+        }
+      ],
+      "title": "Price Only, OHLC Bars",
+      "transformations": [],
+      "type": "candlestick"
+    },
+    {
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 100,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "currencyUSD"
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "open"
+            },
+            "properties": [
+              {
+                "id": "custom.hideFrom",
+                "value": {
+                  "legend": true,
+                  "tooltip": true,
+                  "viz": true
+                }
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "close"
+            },
+            "properties": [
+              {
+                "id": "custom.hideFrom",
+                "value": {
+                  "legend": true,
+                  "tooltip": true,
+                  "viz": true
+                }
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 12,
+        "x": 12,
+        "y": 20
+      },
+      "id": 4,
+      "options": {
+        "candleStyle": "candles",
+        "colorStrategy": "open-close",
+        "colors": {
+          "down": "red",
+          "up": "yellow"
+        },
+        "fields": {},
+        "includeAllFields": false,
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom"
+        },
+        "mode": "volume"
+      },
+      "targets": [
+        {
+          "csvFileName": "ohlc_dogecoin.csv",
+          "refId": "A",
+          "scenarioId": "csv_file"
+        }
+      ],
+      "title": "Volume Only,  Alt Colors, 100% Opacity",
+      "transformations": [],
+      "type": "candlestick"
+    }
+  ],
+  "refresh": false,
+  "schemaVersion": 33,
+  "style": "dark",
+  "tags": [
+    "gdev",
+    "panel-tests",
+    "graph-ng"
+  ],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "2021-07-13T22:13:30.740Z",
+    "to": "2021-07-13T22:46:18.921Z"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "Candlestick",
+  "uid": "MP-Di9F7k",
+  "version": 2,
+  "weekStart": ""
+}

devenv/dev-dashboards/panel-geomap/geomap_multi-layers.json

@@ -0,0 +1,436 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": "-- Grafana --",
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "id": 157,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 20
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 22,
+        "w": 12,
+        "x": 0,
+        "y": 0
+      },
+      "id": 2,
+      "options": {
+        "basemap": {
+          "config": {},
+          "name": "Layer 0",
+          "type": "default"
+        },
+        "controls": {
+          "mouseWheelZoom": true,
+          "showAttribution": true,
+          "showDebug": false,
+          "showScale": false,
+          "showZoom": true
+        },
+        "layers": [
+          {
+            "config": {
+              "rules": [
+                {
+                  "check": {
+                    "operation": "eq",
+                    "property": "name",
+                    "value": "Greenland"
+                  },
+                  "style": {
+                    "color": {
+                      "fixed": "light-blue"
+                    },
+                    "opacity": 0.4,
+                    "rotation": {
+                      "fixed": 0,
+                      "max": 360,
+                      "min": -360,
+                      "mode": "mod"
+                    },
+                    "size": {
+                      "fixed": 5,
+                      "max": 15,
+                      "min": 2
+                    },
+                    "symbol": {
+                      "fixed": "img/icons/marker/circle.svg",
+                      "mode": "fixed"
+                    },
+                    "textConfig": {
+                      "fontSize": 12,
+                      "offsetX": 0,
+                      "offsetY": 0,
+                      "textAlign": "center",
+                      "textBaseline": "middle"
+                    }
+                  }
+                },
+                {
+                  "check": {
+                    "operation": "eq",
+                    "property": "name",
+                    "value": "Antarctica"
+                  },
+                  "style": {
+                    "color": {
+                      "fixed": "#FCE2DE"
+                    },
+                    "opacity": 0.4,
+                    "rotation": {
+                      "fixed": 0,
+                      "max": 360,
+                      "min": -360,
+                      "mode": "mod"
+                    },
+                    "size": {
+                      "fixed": 5,
+                      "max": 15,
+                      "min": 2
+                    },
+                    "symbol": {
+                      "fixed": "img/icons/marker/circle.svg",
+                      "mode": "fixed"
+                    },
+                    "textConfig": {
+                      "fontSize": 12,
+                      "offsetX": 0,
+                      "offsetY": 0,
+                      "textAlign": "center",
+                      "textBaseline": "middle"
+                    }
+                  }
+                },
+                {
+                  "check": {
+                    "operation": "eq",
+                    "property": "name",
+                    "value": "Canada"
+                  },
+                  "style": {
+                    "color": {
+                      "fixed": "#37872D"
+                    },
+                    "opacity": 0.4,
+                    "rotation": {
+                      "fixed": 0,
+                      "max": 360,
+                      "min": -360,
+                      "mode": "mod"
+                    },
+                    "size": {
+                      "fixed": 5,
+                      "max": 15,
+                      "min": 2
+                    },
+                    "symbol": {
+                      "fixed": "img/icons/marker/circle.svg",
+                      "mode": "fixed"
+                    },
+                    "textConfig": {
+                      "fontSize": 12,
+                      "offsetX": 0,
+                      "offsetY": 0,
+                      "textAlign": "center",
+                      "textBaseline": "middle"
+                    }
+                  }
+                },
+                {
+                  "check": {
+                    "operation": "eq",
+                    "property": "name",
+                    "value": "Mexico"
+                  },
+                  "style": {
+                    "color": {
+                      "fixed": "#1F60C4"
+                    },
+                    "opacity": 0.4,
+                    "rotation": {
+                      "fixed": 0,
+                      "max": 360,
+                      "min": -360,
+                      "mode": "mod"
+                    },
+                    "size": {
+                      "fixed": 5,
+                      "max": 15,
+                      "min": 2
+                    },
+                    "symbol": {
+                      "fixed": "img/icons/marker/circle.svg",
+                      "mode": "fixed"
+                    },
+                    "textConfig": {
+                      "fontSize": 12,
+                      "offsetX": 0,
+                      "offsetY": 0,
+                      "textAlign": "center",
+                      "textBaseline": "middle"
+                    }
+                  }
+                }
+              ],
+              "src": "public/maps/countries.geojson",
+              "style": {
+                "color": {
+                  "fixed": "dark-green"
+                },
+                "opacity": 0.1,
+                "rotation": {
+                  "fixed": 0,
+                  "max": 360,
+                  "min": -360,
+                  "mode": "mod"
+                },
+                "size": {
+                  "fixed": 5,
+                  "max": 15,
+                  "min": 2
+                },
+                "symbol": {
+                  "fixed": "img/icons/marker/circle.svg",
+                  "mode": "fixed"
+                },
+                "textConfig": {
+                  "fontSize": 12,
+                  "offsetX": 0,
+                  "offsetY": 0,
+                  "textAlign": "center",
+                  "textBaseline": "middle"
+                }
+              }
+            },
+            "name": "Countries",
+            "type": "geojson"
+          },
+          {
+            "config": {
+              "showLegend": true,
+              "style": {
+                "color": {
+                  "fixed": "dark-blue"
+                },
+                "opacity": 0.4,
+                "rotation": {
+                  "fixed": 0,
+                  "max": 360,
+                  "min": -360,
+                  "mode": "mod"
+                },
+                "size": {
+                  "fixed": 5,
+                  "max": 15,
+                  "min": 2
+                },
+                "symbol": {
+                  "fixed": "img/icons/marker/square.svg",
+                  "mode": "fixed"
+                },
+                "text": {
+                  "field": "Count",
+                  "fixed": "",
+                  "mode": "field"
+                },
+                "textConfig": {
+                  "fontSize": 16,
+                  "offsetX": 10,
+                  "offsetY": 10,
+                  "textAlign": "center",
+                  "textBaseline": "middle"
+                }
+              }
+            },
+            "location": {
+              "mode": "auto"
+            },
+            "name": "Flights",
+            "type": "markers"
+          }
+        ],
+        "view": {
+          "id": "coords",
+          "lat": 42.826559,
+          "lon": -96.868893,
+          "zoom": 3.58
+        }
+      },
+      "pluginVersion": "8.3.0-pre",
+      "targets": [
+        {
+          "csvFileName": "flight_info_by_state.csv",
+          "refId": "A",
+          "scenarioId": "csv_file"
+        }
+      ],
+      "title": "Multi layers",
+      "type": "geomap"
+    },
+    {
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": 20
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 22,
+        "w": 12,
+        "x": 12,
+        "y": 0
+      },
+      "id": 3,
+      "options": {
+        "basemap": {
+          "config": {},
+          "name": "Layer 0",
+          "type": "default"
+        },
+        "controls": {
+          "mouseWheelZoom": true,
+          "showAttribution": true,
+          "showDebug": false,
+          "showScale": false,
+          "showZoom": true
+        },
+        "layers": [
+          {
+            "config": {
+              "showLegend": true,
+              "style": {
+                "color": {
+                  "fixed": "dark-green"
+                },
+                "opacity": 0.7,
+                "rotation": {
+                  "field": "Lng",
+                  "fixed": 0,
+                  "max": 360,
+                  "min": -360,
+                  "mode": "mod"
+                },
+                "size": {
+                  "fixed": 10,
+                  "max": 15,
+                  "min": 2
+                },
+                "symbol": {
+                  "fixed": "img/icons/marker/plane.svg",
+                  "mode": "fixed"
+                },
+                "text": {
+                  "field": "Lng",
+                  "fixed": "",
+                  "mode": "field"
+                },
+                "textConfig": {
+                  "fontSize": 12,
+                  "offsetX": 0,
+                  "offsetY": 18,
+                  "textAlign": "center",
+                  "textBaseline": "middle"
+                }
+              }
+            },
+            "name": "Layer 2",
+            "type": "markers"
+          }
+        ],
+        "view": {
+          "id": "coords",
+          "lat": 42.826559,
+          "lon": -96.868893,
+          "zoom": 3.58
+        }
+      },
+      "pluginVersion": "8.3.0-pre",
+      "targets": [
+        {
+          "csvFileName": "flight_info_by_state.csv",
+          "refId": "A",
+          "scenarioId": "csv_file"
+        }
+      ],
+      "title": "Markers",
+      "type": "geomap"
+    }
+  ],
+  "schemaVersion": 33,
+  "style": "dark",
+  "tags": [
+    "gdev",
+    "geomap",
+    "panel-tests"
+  ],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-6h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "Panel Tests - Geomap Multi Layers",
+  "uid": "2jFpEvp7z",
+  "version": 8,
+  "weekStart": ""
+}

devenv/dev-dashboards/panel-graph/graph-ng.json

@@ -1346,7 +1346,7 @@
             "axisPlacement": "auto",
             "drawStyle": "line",
             "fillGradient": "hue",
-            "fillOpacity": 25,
+            "fillOpacity": 0,
             "hideFrom": {
               "graph": false,
               "legend": false,
@@ -1426,6 +1426,10 @@
                   "fixedColor": "blue",
                   "mode": "fixed"
                 }
+              },
+              {
+                "id": "custom.fillOpacity",
+                "value": 0
               }
             ]
           }

docs/sources/administration/configuration.md

@@ -565,11 +565,11 @@ Set to `false` to disable external snapshot publish endpoint (default `true`).
 
 ### external_snapshot_url
 
-Set root URL to a Grafana instance where you want to publish external snapshots (defaults to https://snapshots-origin.raintank.io).
+Set root URL to a Grafana instance where you want to publish external snapshots (defaults to https://snapshots.raintank.io).
 
 ### external_snapshot_name
 
-Set name for external snapshot button. Defaults to `Publish to snapshot.raintank.io`.
+Set name for external snapshot button. Defaults to `Publish to snapshots.raintank.io`.
 
 ### public_mode
 
@@ -610,7 +610,7 @@ Path to the default home dashboard. If this value is empty, then Grafana uses St
 
 Set to `false` to prohibit users from being able to sign up / create
 user accounts. Default is `false`. The admin user can still create
-users from the [Grafana Admin Pages](/reference/admin).
+users from the [Grafana Admin Pages]({{< relref "../manage-users/server-admin/server-admin-manage-users.md" >}}).
 
 ### allow_org_create
 
@@ -869,8 +869,6 @@ Email server settings.
 
 Enable this to allow Grafana to send email. Default is `false`.
 
-If the password contains `#` or `;`, then you have to wrap it with triple quotes. Example: """#password;"""
-
 ### host
 
 Default is `localhost:25`.
@@ -881,7 +879,7 @@ In case of SMTP auth, default is `empty`.
 
 ### password
 
-In case of SMTP auth, default is `empty`.
+In case of SMTP auth, default is `empty`. If the password contains `#` or `;`, then you have to wrap it with triple quotes. Example: """#password;"""
 
 ### cert_file
 
@@ -1113,7 +1111,7 @@ Sets a global limit on number of alert rules that can be created. Default is -1
 
 ## [unified_alerting]
 
-For more information about the Grafana 8 alerts, refer to [Unified Alerting]({{< relref "../alerting/unified-alerting/_index.md" >}}).
+For more information about the Grafana alerts, refer to [Unified Alerting]({{< relref "../alerting/unified-alerting/_index.md" >}}).
 
 ### enabled
 
@@ -1197,15 +1195,15 @@ The interval string is a possibly signed sequence of decimal numbers, followed b
 
 ## [alerting]
 
-For more information about the Alerting feature in Grafana, refer to [Alerts overview]({{< relref "../alerting/_index.md" >}}).
+For more information about the legacy dashboard alerting feature in Grafana, refer to [Alerts overview]({{< relref "../alerting/_index.md" >}}).
 
 ### enabled
 
-Set to `false` to [enable Grafana 8 alerting]({{<relref "#unified_alerting">}}) and to disable legacy alerting engine. Default is `true`.
+Set to `false` to [enable Grafana alerting]({{<relref "#unified_alerting">}}) and to disable legacy alerting engine. to disable Grafana alerting, set to `true`.
 
 ### execute_alerts
 
-Turns off alert rule execution, but Alerting is still visible in the Grafana UI.
+Turns off alert rule execution, but alerting is still visible in the Grafana UI.
 
 ### error_or_timeout
 
@@ -1582,7 +1580,7 @@ We do _not_ recommend using this option. For more information, refer to [Plugin
 
 ### plugin_admin_enabled
 
-Available to Grafana administrators only, the plugin admin app is set to `true` by default. Set it to `false` to disable the app.
+Available to Grafana administrators only, enables installing / uninstalling / updating plugins directly from the Grafana UI. Set to `true` by default. Setting it to `false` will hide the install / uninstall / update controls.
 
 For more information, refer to [Plugin catalog]({{< relref "../plugins/catalog.md" >}}).
 
@@ -1711,13 +1709,19 @@ Mode `reusable` will have one browser instance and will create a new incognito p
 
 ### rendering_clustering_mode
 
-When rendering_mode = clustered you can instruct how many browsers or incognito pages can execute concurrently. Default is `browser` and will cluster using browser instances.
+When rendering_mode = clustered, you can instruct how many browsers or incognito pages can execute concurrently. Default is `browser` and will cluster using browser instances.
 
 Mode `context` will cluster using incognito pages.
 
 ### rendering_clustering_max_concurrency
 
-When rendering_mode = clustered you can define the maximum number of browser instances/incognito pages that can execute concurrently.
+When rendering_mode = clustered, you can define the maximum number of browser instances/incognito pages that can execute concurrently. Default is `5`.
+
+### rendering_clustering_timeout
+
+> **Note**: Available in grafana-image-renderer v3.3.0 and later versions.
+
+When rendering_mode = clustered, you can specify the duration a rendering request can take before it will time out. Default is `30` seconds.
 
 ### rendering_viewport_max_width
 

docs/sources/administration/database-encryption-enterprise.md

@@ -0,0 +1,22 @@
++++
+title = "Database encryption (Enterprise)"
+description = "Grafana Enterprise database encryption"
+keywords = ["grafana", "enterprise", "database", "encryption", "documentation"]
+aliases = [""]
+weight = 440
++++
+
+# Grafana Enterprise database encryption
+
+If you are using Grafana Enterprise, you can change Grafana’s cryptographic mode of operation from AES-CFB to AES-GCM, and integrate with a key management system (KMS) provider.
+
+## Changing your encryption mode to AES-GCM
+
+Grafana encrypts secrets using Advanced Encryption Standard in Cipher
+FeedBack mode (AES-CFB). You might prefer to use AES in Galois/Counter
+Mode (AES-GCM) instead, to meet your company’s security requirements or
+in order to maintain consistency with other services.
+
+To change your encryption mode, update the `algorithm` value in the
+`[security.encryption]` section of your Grafana configuration file.
+For details, refer to Enterprise configuration.

docs/sources/administration/database-encryption.md

@@ -0,0 +1,17 @@
++++
+title = "Database encryption"
+description = "Grafana database encryption"
+keywords = ["grafana", "database", "encryption", "documentation"]
+aliases = [""]
+weight = 450
++++
+
+# Grafana database encryption
+
+Grafana’s database contains secrets, which are used to query data sources, send alert notifications and perform other functions within Grafana.
+
+Grafana encrypts these secrets before they are written to the database, by using a symmetric-key encryption algorithm called Advanced Encryption Standard (AES), and using a [secret key]({{< relref "../administration/configuration/#secret_key" >}}) that you can change when you configure a new Grafana instance.
+
+You can choose to use [envelope encryption]({{< relref "./envelope-encryption.md" >}}), which complements a [KMS integration]({{< relref "../enterprise/kms-integration/_index.md" >}}) in Grafana Enterprise by adding a layer of indirection to the encryption process.
+
+In Grafana Enterprise, you can also choose to [encrypt secrets in AES-GCM mode]({{< relref "../administration/database-encryption-enterprise.md" >}}) instead of AES-CFB.

docs/sources/administration/envelope-encryption.md

@@ -0,0 +1,21 @@
++++
+title = "Envelope encryption"
+description = "Envelope encryption"
+keywords = ["grafana", "envelope encryption", "documentation"]
+aliases = [""]
+weight = 430
++++
+
+# Envelope encryption
+
+In Grafana, you can choose to use envelope encryption. Instead of
+encrypting all secrets with a single key, Grafana uses a set of keys
+called data encryption keys (DEKs) to encrypt them. These data
+encryption keys are themselves encrypted with a single key encryption
+key (KEK).
+
+To turn on envelope encryption, add the term `envelopeEncryption` to the list of feature toggles in your [Grafana configuration]({{< relref "../administration/configuration/#feature_toggles" >}}).
+
+> **Note:** Avoid turning off envelope encryption once you have turned it on, and back up your database before turning it on for the first time. If you turn envelope encryption on, create new secrets or update your existing secrets (for example, by creating a new data source or alert notification channel), and then turn envelope encryption off, then those data sources, alert notification channels, and other resources using envelope encryption will stop working and you will experience errors. This is because the secrets encrypted with envelope encryption cannot be decrypted or used by Grafana when envelope encryption is turned off.
+
+Refer to [Database encryption]({{< relref "../administration/database-encryption.md" >}}) to learn more about how Grafana encrypts secrets in the database.

docs/sources/alerting/_index.md

@@ -7,21 +7,28 @@ weight = 110
 
 Alerts allow you to learn about problems in your systems moments after they occur. Robust and actionable alerts help you identify and resolve issues quickly, minimizing disruption to your services.
 
-Grafana 8.0 has new and improved alerting that centralizes alerting information in a single, searchable view. It allows you to:
+Grafana 8.0 introduced new and improved alerting that centralizes alerting information in a single, searchable view. It allows you to:
 
 - Create and manage Grafana alerts
 - Create and manage Cortex and Loki managed alerts
 - View alerting information from Prometheus and Alertmanager compatible data sources
 
-Grafana 8 alerting has four key components:
+Grafana alerting is enabled by default for new OSS installations. For older installations, it is still an [opt-in]({{< relref "./unified-alerting/opt-in.md" >}}) feature.
+
+| Release     | Cloud         | Enterprise | OSS                              |
+| ----------- | ------------- | ---------- | -------------------------------- |
+| Grafana 8.2 | On by default | Opt-in     | Opt-in                           |
+| Grafana 8.3 | On by default | Opt-in     | On by default for new installs\* |
+
+> **Note:** New installs include existing installs which do not have any alerts configured.
+
+Grafana alerting has four key components:
 
 - Alerting rule - Evaluation criteria that determine whether an alert will fire. It consists of one or more queries and expressions, a condition, the frequency of evaluation, and optionally, the duration over which the condition is met.
 - Contact point - Channel for sending notifications when the conditions of an alerting rule are met.
 - Notification policy - Set of matching and grouping criteria used to determine where and how frequently to send notifications.
 - Silences - Date and matching criteria used to silence notifications.
 
-To learn more, see [What's New with Grafana 8 alerting]({{< relref "../alerting/unified-alerting/difference-old-new.md" >}}).
+To learn more, see [What's New with Grafana alerting]({{< relref "../alerting/unified-alerting/difference-old-new.md" >}}).
 
-For information on how to create and manage Grafana 8 alerts and notifications, refer to [Overview of Grafana 8.0 alerts]({{< relref "../alerting/unified-alerting/_index.md" >}}) and [Create and manage Grafana 8 alerting rules]({{< relref "./unified-alerting/alerting-rules/_index.md" >}}).
-
-> **Note:** Grafana 8 alerting is an [opt-in]({{< relref "./unified-alerting/opt-in.md" >}}) feature. Out of the box, Grafana still supports old [legacy dashboard alerts]({{< relref "./old-alerting/_index.md" >}}). We encourage you to create issues in the Grafana GitHub repository for bugs found while testing Grafana 8 alerts.
+For information on how to create and manage Grafana alerts and notifications, refer to [Overview of Grafana alerts]({{< relref "../alerting/unified-alerting/_index.md" >}}) and [Create and manage Grafana alerting rules]({{< relref "./unified-alerting/alerting-rules/_index.md" >}}).

docs/sources/alerting/old-alerting/_index.md

@@ -5,9 +5,11 @@ weight = 114
 
 # Legacy Grafana alerts
 
-Out of the box, Grafana still supports legacy dashboard alerts. If you are using version 8.0 or later, you can [opt-in]({{< relref "../unified-alerting/opt-in.md" >}}) to use Grafana 8 alerts. See [What's New with Grafana 8 alerting]({{< relref "../unified-alerting/difference-old-new.md" >}}) for more information.
+Grafana alerting is enabled by default for new OSS installations. For older installations, it is still an [opt-in]({{< relref "../unified-alerting/opt-in.md" >}}) feature.
 
-Legacy alerts have two main components:
+> **Note**: Legacy dashboard alerts is deprecated and will be removed in a future release. We encourage you to migrate to [Grafana alerting]({{< relref "../unified-alerting/_index.md" >}}) for all existing installations.
+
+Legacy dashboard alerts have two main components:
 
 - Alert rule - When the alert is triggered. Alert rules are defined by one or more conditions that are regularly evaluated by Grafana.
 - Notification channel - How the alert is delivered. When the conditions of an alert rule are met, the Grafana notifies the channels configured for that alert.

docs/sources/alerting/unified-alerting/_index.md

@@ -1,25 +1,26 @@
 +++
-title = "Grafana 8 Alerts"
+title = "Grafana alerts"
 aliases = ["/docs/grafana/latest/alerting/metrics/"]
 weight = 113
 +++
 
-# Overview of Grafana 8 alerting
+# Overview of Grafana alerting
 
-Grafana 8.0 has new and improved alerting that centralizes alerting information in a single, searchable view. It is an [opt-in]({{< relref "./opt-in.md" >}}) feature. We encourage you to create issues in the Grafana GitHub repository for bugs found while testing Grafana 8 alerting. See also, [What's New with Grafana 8 alerting]({{< relref "./difference-old-new.md" >}}).
+Grafana 8.0 has new and improved alerting that centralizes alerting information in a single, searchable view. It is enabled by default for all new OSS instances, and is an [opt-in]({{< relref "./opt-in.md" >}}) feature for older installations that still use legacy dashboard alerting. We encourage you to create issues in the Grafana GitHub repository for bugs found while testing Grafana alerting. See also, [What's New with Grafana alerting]({{< relref "./difference-old-new.md" >}}).
 
-When Grafana 8 alerting is enabled, you can:
+When Grafana alerting is enabled, you can:
 
-- [Create a Grafana managed alerting rules]({{< relref "alerting-rules/create-grafana-managed-rule.md" >}})
-- [Create a Cortex or Loki managed alerting rules]({{< relref "alerting-rules/create-cortex-loki-managed-rule.md" >}})
+- [Create Grafana managed alerting rules]({{< relref "alerting-rules/create-grafana-managed-rule.md" >}})
+- [Create Cortex or Loki managed alerting rules]({{< relref "alerting-rules/create-cortex-loki-managed-rule.md" >}})
 - [View existing alerting rules and manage their current state]({{< relref "alerting-rules/rule-list.md" >}})
 - [View the state and health of alerting rules]({{< relref "./fundamentals/state-and-health.md" >}})
 - [Add or edit an alert contact point]({{< relref "./contact-points.md" >}})
 - [Add or edit notification policies]({{< relref "./notification-policies.md" >}})
 - [Add or edit silences]({{< relref "./silences.md" >}})
 
-Before you begin using Grafana 8 alerting, we recommend that you familiarize yourself with some [basic concepts]({{< relref "./fundamentals/_index.md" >}}) of Grafana 8 alerting.
+Before you begin using Grafana alerting, we recommend that you familiarize yourself with some [basic concepts]({{< relref "./fundamentals/_index.md" >}}) of Grafana alerting.
 
 ## Limitations
 
-- The Grafana 8 alerting system can retrieve rules from all available Prometheus, Loki, and Alertmanager data sources. It might not be able to fetch rules from other supported data sources.
+- The Grafana alerting system can retrieve rules from all available Prometheus, Loki, and Alertmanager data sources. It might not be able to fetch rules from other supported data sources.
+- We aim to support the latest two minor versions of both Prometheus and Alertmanager. We cannot guarantee that older versions will work. As an example, if the current Prometheus version is `2.31.1`, we support >= `2.29.0`.

docs/sources/alerting/unified-alerting/alerting-rules/_index.md

@@ -4,17 +4,17 @@ aliases = ["/docs/grafana/latest/alerting/rules/"]
 weight = 130
 +++
 
-# Create and manage Grafana 8 alerting rules
+# Create and manage Grafana alerting rules
 
 An alerting rule is a set of evaluation criteria that determines whether an alert will fire. The rule consists of one or more queries and expressions, a condition, the frequency of evaluation, and optionally, the duration over which the condition is met.
 
 While queries and expressions select the data set to evaluate, a condition sets the threshold that an alert must meet or exceed to create an alert. An interval specifies how frequently an alerting rule is evaluated. Duration, when configured, indicates how long a condition must be met. The rules can also define alerting behavior in the absence of data.
 
-In Grafana 8 alerting, you can:
+You can:
 
 - [Create Cortex or Loki managed alert rule]({{< relref "./create-cortex-loki-managed-rule.md" >}})
 - [Create Cortex or Loki managed recording rule]({{< relref "./create-cortex-loki-managed-recording-rule.md" >}})
 - [Edit Cortex or Loki rule groups and namespaces]({{< relref "./edit-cortex-loki-namespace-group.md" >}})
 - [Create Grafana managed alert rule]({{< relref "./create-grafana-managed-rule.md" >}})
-- [State and hfundamentalsealth of alerting rules]({{< relref "../fundamentals/state-and-health.md" >}})
+- [State and health of alerting rules]({{< relref "../fundamentals/state-and-health.md" >}})
 - [Manage alerting rules]({{< relref "./rule-list.md" >}})

docs/sources/alerting/unified-alerting/alerting-rules/alert-annotation-label.md

@@ -7,54 +7,32 @@ weight = 401
 
 # Annotations and labels for alerting rules
 
-Annotations and labels help customize alert messages so that you can quickly identify the service or application that needs attention.
+Annotations and labels are key value pairs associated with alerts originating from the alerting rule, datasource response, and as a result of alerting rule evaluation. They can be used in alert notifications directly or in [templates]({{< relref "../message-templating/" >}}) and [template functions]({{< relref "../message-templating/template-functions" >}}) to create notification contact dynamically.
 
 ## Annotations
 
-Annotations are key-value pairs that provide additional meta-information about an alert. For example: a description, a summary, and runbook URL. These are displayed in rule and alert details in the UI and can be used in contact type message templates. Annotations can also be templated, for example `Instance {{ $labels.instance }} down` will have the evaluated `instance` label value added for every alert this rule produces.
+Annotations are key-value pairs that provide additional meta-information about an alert. For example: a description, a summary, and runbook URL. These are displayed in rule and alert details in the UI and can be used in contact point message templates.
 
 ## Labels
 
-Labels are key-value pairs that categorize or identify an alert. Labels are used to match alerts in silences or match and groups alerts in notification policies. Labels are also shown in rule or alert details in the UI and can be used in contact type message templates. For example, you can add a `severity` label, then configure a separate notification policy for each severity. You can also add, for example, a `team` label and configure notification policies specific to the team or silence all alerts for a particular team. Labels can also be templated like annotations, for example, `{{ $labels.namespace }}/{{ $labels.job }}` will produce a new rule label that will have the evaluated `namespace` and `job` label value added for every alert this rule produces. The rule labels take precedence over the labels produced by the query/condition.
+Labels are key-value pairs that contain information about, and are used to uniquely identify an alert. The label set for an alert is generated and added to throughout the alerting evaluation and notification process.
+
+### How are labels used?
+
+- The complete set of labels for an alert is what uniquely identifies an alert within Grafana Alerts.
+- The Alertmanager uses labels to match alerts for [silences]({{< relref "../silences/" >}}) and [alert groups]({{< relref "../alert-groups/" >}}) in [notification policies]({{< relref "../notification-policies/" >}}).
+- The alerting UI displays labels for every alert instance generated by the evaluation of that rule.
+- Contact points can access labels to dynamically generate notifications that contain information specific to the alert that is resulting in a notification.
+- Labels can be added to an [alerting rule]({{< relref "../alerting-rules/" >}}). These manually configured labels are able to use template functions and reference other labels. Labels added to an alerting rule here take precedence in the event of a collision between labels.
 
 {{< figure src="/static/img/docs/alerting/unified/rule-edit-details-8-0.png" max-width="550px" caption="Alert details" >}}
 
-#### Template variables
+#### Variables available to alerting rule labels and annotations
 
 The following template variables are available when expanding annotations and labels.
 
-| Name    | Description                                                                                                                                                                                                                                                                                                                                                             |
-| ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| $labels | The labels from the query or condition. For example, `{{ $labels.instance }}` and `{{ $labels.job }}`. This is unavailable when the rule uses a classic condition.                                                                                                                                                                                                      |
-| $values | The values of all reduce and math expressions that were evaluated for this alert rule. For example, `{{ $values.A }}`, `{{ $values.A.Labels }}` and `{{ $values.A.Value }}` where `A` is the `refID` of the expression. This is unavailable when the rule uses a [classic condition]({{< relref "./create-grafana-managed-rule/#single-and-multi-dimensional-rule" >}}) |
-| $value  | The value string of the alert instance. For example, `[ var='A' labels={instance=foo} value=10 ]`.                                                                                                                                                                                                                                                                      |
-
-#### Template functions
-
-The following template functions are available when expanding annotations and labels.
-
-| Name               | Argument                                                     | Return                 | Description                                                                                                                                 |
-| ------------------ | ------------------------------------------------------------ | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
-| humanize           | number or string                                             | string                 | Converts a number to a more readable format, using metric prefixes.                                                                         |
-| humanize1024       | number or string                                             | string                 | Like humanize, but uses 1024 as the base rather than 1000.                                                                                  |
-| humanizeDuration   | number or string                                             | string                 | Converts a duration in seconds to a more readable format.                                                                                   |
-| humanizePercentage | number or string                                             | string                 | Converts a ratio value to a fraction of 100.                                                                                                |
-| humanizeTimestamp  | number or string                                             | string                 | Converts a Unix timestamp in seconds to a more readable format.                                                                             |
-| title              | string                                                       | string                 | strings.Title, capitalises first character of each word.                                                                                    |
-| toUpper            | string                                                       | string                 | strings.ToUpper, converts all characters to upper case.                                                                                     |
-| toLower            | string                                                       | string                 | strings.ToLower, converts all characters to lower case.                                                                                     |
-| match              | pattern, text                                                | boolean                | regexp.MatchString Tests for a unanchored regexp match.                                                                                     |
-| reReplaceAll       | pattern, replacement, text                                   | string                 | Regexp.ReplaceAllString Regexp substitution, unanchored.                                                                                    |
-| graphLink          | string - JSON Object with `"expr"` and `"datasource"` fields | string                 | Returns the path to graphical view in [Explore](https://grafana.com/docs/grafana/latest/explore/) for the given expression and data source. |
-| tableLink          | string- JSON Object with `"expr"` and `"datasource"` fields  | string                 | Returns the path to tabular view in [Explore](https://grafana.com/docs/grafana/latest/explore/) for the given expression and data source.   |
-| args               | []interface{}                                                | map[string]interface{} | Converts a list of objects to a map with keys, for example, arg0, arg1. Use this function to pass multiple arguments to templates.          |
-| externalURL        | nothing                                                      | string                 | Returns a string representing the external URL.                                                                                             |
-| pathPrefix         | nothing                                                      | string                 | Returns the path of the external URL.                                                                                                       |
-| tmpl               | string, []interface{}                                        | nothing                | Not supported                                                                                                                               |
-| safeHtml           | string                                                       | string                 | Not supported                                                                                                                               |
-| query              | query string                                                 | []sample               | Not supported                                                                                                                               |
-| first              | []sample                                                     | sample                 | Not supported                                                                                                                               |
-| label              | label, sample                                                | string                 | Not supported                                                                                                                               |
-| strvalue           | []sample                                                     | string                 | Not supported                                                                                                                               |
-| value              | sample                                                       | float64                | Not supported                                                                                                                               |
-| sortByLabel        | label, []samples                                             | []sample               | Not supported                                                                                                                               |
+| Name    | Description                                                                                                                                                                                                                                                                        |
+| ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| $labels | The labels from the query or condition. For example, `{{ $labels.instance }}` and `{{ $labels.job }}`. This is unavailable when the rule uses a [classic condition]({{< relref "./create-grafana-managed-rule/#single-and-multi-dimensional-rule" >}}).                            |
+| $values | The values of all reduce and math expressions that were evaluated for this alert rule. For example, `{{ $values.A }}`, `{{ $values.A.Labels }}` and `{{ $values.A.Value }}` where `A` is the `refID` of the expression. This is unavailable when the rule uses a classic condition |
+| $value  | The value string of the alert instance. For example, `[ var='A' labels={instance=foo} value=10 ]`.                                                                                                                                                                                 |

docs/sources/alerting/unified-alerting/alerting-rules/create-cortex-loki-managed-rule.md

@@ -11,11 +11,13 @@ Grafana allows you to create alerting rules for an external Cortex or Loki insta
 
 ## Before you begin
 
-For Cortex and Loki data sources to work with Grafana 8.0 alerting, enable the ruler API by configuring their respective services.
+- Verify that you have write permission to the Prometheus data source. Otherwise, you will not be able to create or update Cortex managed alerting rules.
 
-**Loki** - The `local` rule storage type, default for the Loki data source, supports only viewing of rules. To edit rules, configure one of the other rule storage types.
+- For Cortex and Loki data sources, enable the ruler API by configuring their respective services.
 
-**Cortex** - When configuring a Grafana Prometheus data source to point to Cortex, use the [legacy `/api/prom` prefix](https://cortexmetrics.io/docs/api/#path-prefixes), not `/prometheus`. The Prometheus data source supports both Cortex and Prometheus, and Grafana expects that both the [Query API](https://cortexmetrics.io/docs/api/#querier--query-frontend) and [Ruler API](https://cortexmetrics.io/docs/api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
+  - **Loki** - The `local` rule storage type, default for the Loki data source, supports only viewing of rules. To edit rules, configure one of the other rule storage types.
+
+  - **Cortex** - use the [legacy `/api/prom` prefix](https://cortexmetrics.io/docs/api/#path-prefixes), not `/prometheus`. The Prometheus data source supports both Cortex and Prometheus, and Grafana expects that both the [Query API](https://cortexmetrics.io/docs/api/#querier--query-frontend) and [Ruler API](https://cortexmetrics.io/docs/api/#ruler) are under the same URL. You cannot provide a separate URL for the Ruler API.
 
 > **Note:** If you do not want to manage alerting rules for a particular Loki or Prometheus data source, go to its settings and clear the **Manage alerts via Alerting UI** checkbox.
 

docs/sources/alerting/unified-alerting/alerting-rules/create-grafana-managed-rule.md

@@ -48,7 +48,7 @@ Use the classic condition expression to create a rule that triggers a single ale
 
 To generate a separate alert for each series, create a multi-dimensional rule. Use `Math`, `Reduce`, or `Resample` expressions to create a multi-dimensional rule. For example:
 
-- Add a `Reduce` expression for each query to aggregate values in the selected time range into a single value. (Not needed for [rules using numeric data]({{< relref "../fundamentals/grafana-managed-numeric-rule.md" >}})).
+- Add a `Reduce` expression for each query to aggregate values in the selected time range into a single value. (Not needed for [rules using numeric data]({{< relref "../fundamentals/evaluate-grafana-alerts.md#alerting-on-numeric-data-1" >}})).
 - Add a `Math` expression with the condition for the rule. Not needed in case a query or a reduce expression already returns 0 if rule should not fire, or a positive number if it should fire. Some examples: `$B > 70` if it should fire in case value of B query/expression is more than 70. `$B < $C * 100` in case it should fire if value of B is less than value of C multiplied by 100. If queries being compared have multiple series in their results, series from different queries are matched if they have the same labels or one is a subset of the other.
 
 ![Query section multi dimensional](/static/img/docs/alerting/unified/rule-edit-multi-8-0.png 'Query section multi dimensional screenshot')
@@ -63,13 +63,14 @@ For more information, see [expressions documentation]({{< relref "../../../panel
 
 Configure alerting behavior in the absence of data using information in the following tables.
 
-| No Data Option | Description                                                                                           |
-| -------------- | ----------------------------------------------------------------------------------------------------- |
-| No Data        | Set alert state to `NoData` and rule state to `Normal` (notifications are not sent on NoData states). |
-| Alerting       | Set alert rule state to `Alerting`.                                                                   |
-| Ok             | Set alert rule state to `Normal`.                                                                     |
+| No Data Option | Description                                                                                                                               |
+| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| No Data        | Create a new alert `DatasourceNoData` with the name and UID of the alert rule, and UID of the datasource that returned no data as labels. |
+| Alerting       | Set alert rule state to `Alerting`.                                                                                                       |
+| Ok             | Set alert rule state to `Normal`.                                                                                                         |
 
-| Error or timeout option | Description                        |
-| ----------------------- | ---------------------------------- |
-| Alerting                | Set alert rule state to `Alerting` |
-| OK                      | Set alert rule state to `Normal`   |
+| Error or timeout option | Description                                                                                                                              |
+| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
+| Alerting                | Set alert rule state to `Alerting`                                                                                                       |
+| OK                      | Set alert rule state to `Normal`                                                                                                         |
+| Error                   | Create a new alert `DatasourceError` with the name and UID of the alert rule, and UID of the datasource that returned no data as labels. |

docs/sources/alerting/unified-alerting/contact-points.md

@@ -7,7 +7,7 @@ weight = 430
 
 # Contact points
 
-Use contact points to define how your contacts are notified when an alert fires. A contact point can have one or more contact point types, for example, email, slack, webhook, and so on. When an alert fires, a notification is sent to all contact point types listed for a contact point. Optionally, use [mesasge templates]({{< relref "./message-templating/_index.md" >}}) to customize notification messages for the contact point types.
+Use contact points to define how your contacts are notified when an alert fires. A contact point can have one or more contact point types, for example, email, slack, webhook, and so on. When an alert fires, a notification is sent to all contact point types listed for a contact point. Optionally, use [message templates]({{< relref "./message-templating/_index.md" >}}) to customize notification messages for the contact point types.
 
 You can configure Grafana managed contact points as well as contact points for an [external Alertmanager data source]({{< relref "../../datasources/alertmanager.md" >}}). For more information, see [Alertmanager]({{< relref "./fundamentals/alertmanager.md" >}}).
 
@@ -64,27 +64,27 @@ To edit global configuration options for an external Alertmanager, like SMTP ser
 
 ## List of notifiers supported by Grafana
 
-| Name                                          | Type                      |
-| --------------------------------------------- | ------------------------- |
-| [DingDing](#dingdingdingtalk)                 | `dingding`                |
-| [Discord](#discord)                           | `discord`                 |
-| [Email](#email)                               | `email`                   |
-| [Google Hangouts Chat](#google-hangouts-chat) | `googlechat`              |
-| [Kafka](#kafka)                               | `kafka`                   |
-| Line                                          | `line`                    |
-| Microsoft Teams                               | `teams`                   |
-| [Opsgenie](#opsgenie)                         | `opsgenie`                |
-| [Pagerduty](#pagerduty)                       | `pagerduty`               |
-| Prometheus Alertmanager                       | `prometheus-alertmanager` |
-| [Pushover](#pushover)                         | `pushover`                |
-| Sensu                                         | `sensu`                   |
-| [Sensu Go](#sensu-go)                         | `sensugo`                 |
-| [Slack](#slack)                               | `slack`                   |
-| Telegram                                      | `telegram`                |
-| Threema                                       | `threema`                 |
-| VictorOps                                     | `victorops`               |
-| [Webhook](#webhook)                           | `webhook`                 |
-| [Zenduty](#zenduty)                           | `webhook`                 |
+| Name                                          | Type                      | Grafana Alertmanager | Other Alertmanagers                                                                                      |
+| --------------------------------------------- | ------------------------- | -------------------- | -------------------------------------------------------------------------------------------------------- |
+| [DingDing](#dingdingdingtalk)                 | `dingding`                | Supported            | N/A                                                                                                      |
+| [Discord](#discord)                           | `discord`                 | Supported            | N/A                                                                                                      |
+| [Email](#email)                               | `email`                   | Supported            | Supported                                                                                                |
+| [Google Hangouts Chat](#google-hangouts-chat) | `googlechat`              | Supported            | N/A                                                                                                      |
+| [Kafka](#kafka)                               | `kafka`                   | Supported            | N/A                                                                                                      |
+| Line                                          | `line`                    | Supported            | N/A                                                                                                      |
+| Microsoft Teams                               | `teams`                   | Supported            | N/A                                                                                                      |
+| [Opsgenie](#opsgenie)                         | `opsgenie`                | Supported            | Supported                                                                                                |
+| [Pagerduty](#pagerduty)                       | `pagerduty`               | Supported            | Supported                                                                                                |
+| Prometheus Alertmanager                       | `prometheus-alertmanager` | Supported            | N/A                                                                                                      |
+| [Pushover](#pushover)                         | `pushover`                | Supported            | Supported                                                                                                |
+| Sensu                                         | `sensu`                   | Supported            | N/A                                                                                                      |
+| [Sensu Go](#sensu-go)                         | `sensugo`                 | Supported            | N/A                                                                                                      |
+| [Slack](#slack)                               | `slack`                   | Supported            | Supported                                                                                                |
+| Telegram                                      | `telegram`                | Supported            | N/A                                                                                                      |
+| Threema                                       | `threema`                 | Supported            | N/A                                                                                                      |
+| VictorOps                                     | `victorops`               | Supported            | Supported                                                                                                |
+| [Webhook](#webhook)                           | `webhook`                 | Supported            | Supported ([different format](https://prometheus.io/docs/alerting/latest/configuration/#webhook_config)) |
+| [Zenduty](#zenduty)                           | `webhook`                 | Supported            | N/A                                                                                                      |
 
 ### Webhook
 

docs/sources/alerting/unified-alerting/difference-old-new.md

@@ -1,13 +1,13 @@
 +++
-title = "What's new in Grafana 8 alerting"
-description = "What's New with Grafana 8 Alerts"
+title = "What's new in Grafana alerting"
+description = "What's New with Grafana alerts"
 keywords = ["grafana", "alerting", "guide"]
 weight = 114
 +++
 
-# What's new in Grafana 8 alerting
+# What's new in Grafana alerting
 
-Grafana 8.0 alerting has several enhancements over legacy dashboard alerting.
+Grafana alerting has several enhancements over legacy dashboard alerting.
 
 ## Multi-dimensional alerting
 
@@ -15,12 +15,27 @@ You can now create alerts that give you system-wide visibility with a single ale
 
 ## Create alerts outside of Dashboards
 
-Unlike legacy dashboard alerts, Grafana 8 alerts allow you to create queries and expressions that combine data from multiple sources in unique ways. You can still link dashboards and panels to alerting rules using their ID and quickly troubleshoot the system under observation.
+Unlike legacy dashboard alerts, Grafana alerts allow you to create queries and expressions that combine data from multiple sources in unique ways. You can still link dashboards and panels to alerting rules using their ID and quickly troubleshoot the system under observation.
+
+Since unified alerts are no longer directly tied to panel queries, they do not include images or query values in the notification email. You can use customized notification templates to view query values.
 
 ## Create Loki and Cortex alerting rules
 
-In Grafana 8 alerting, you can manage Loki and Cortex alerting rules using the same UI and API as your Grafana managed alerts.
+In Grafana alerting, you can manage Loki and Cortex alerting rules using the same UI and API as your Grafana managed alerts.
 
 ## View and search for alerts from Prometheus compatible data sources
 
 Alerts for Prometheus compatible data sources are now listed under the Grafana alerts section. You can search for labels across multiple data sources to quickly find relevant alerts.
+
+## Special alerts for alert state NoData and Error
+
+Grafana alerting introduced a new concept of the alert states. When evaluation of an alerting rule produces state NoData or Error, Grafana alerting will generate special alerts that will have the following labels:
+
+- `alertname` with value DatasourceNoData or DatasourceError depending on the state.
+- `rulename` name of the alert rule the special alert belongs to.
+- `datasource_uid` will have the UID of the data source that caused the state.
+- all labels and annotations of the original alert rule
+
+You can handle these alerts the same way as regular alerts by adding a silence, route to a contact point, and so on.
+
+> **Note:** If the rule uses many data sources and one or many returns no data, the special alert will be created for each data source that caused the alert state.

docs/sources/alerting/unified-alerting/fundamentals/alertmanager.md

@@ -10,9 +10,9 @@ The Alertmanager helps both group and manage alert rules, adding a layer of orch
 
 Grafana includes built-in support for Prometheus Alertmanager. By default, notifications for Grafana managed alerts are handled by the embedded Alertmanager that is part of core Grafana. You can configure the Alertmanager's contact points, notification policies, silences, and templates from the alerting UI by selecting the `Grafana` option from the Alertmanager drop-down.
 
-> **Note:** Before v8.2, the configuration of the embedded Alertmanager was shared across organizations. If you are on an older Grafana version, we recommend that you use Grafana 8 Alerts only if you have one organization. Otherwise, your contact points are visible to all organizations.
+> **Note:** Before v8.2, the configuration of the embedded Alertmanager was shared across organizations. If you are on an older Grafana version, we recommend that you use Grafana alerts only if you have one organization. Otherwise, your contact points are visible to all organizations.
 
-Grafana 8 alerting added support for external Alertmanager configuration. When you add an [Alertmanager data source]({{< relref "../../../datasources/alertmanager.md" >}}), the Alertmanager drop-down shows a list of available external Alertmanager data sources. Select a data source to create and manage alerting for standalone Cortex or Loki data sources.
+Grafana alerting added support for external Alertmanager configuration. When you add an [Alertmanager data source]({{< relref "../../../datasources/alertmanager.md" >}}), the Alertmanager drop-down shows a list of available external Alertmanager data sources. Select a data source to create and manage alerting for standalone Cortex or Loki data sources.
 
 {{< figure max-width="40%" src="/static/img/docs/alerting/unified/contact-points-select-am-8-0.gif" max-width="250px" caption="Select Alertmanager" >}}
 

docs/sources/alerting/unified-alerting/message-templating/_index.md

@@ -14,7 +14,7 @@ Since most of the contact point fields can be templated, you can create reusable
 
 ### Using templates
 
-The following example shows the use of default templates to render an alert message in slack. The message title contains a count of firing or resolved alerts and the message body has a list of alerts with status.
+The following example shows how to use default templates to render an alert message in Slack. The message title contains a count of alerts that are firing or were resolved. The message body lists the alerts and their status.
 
 <img  src="/static/img/docs/alerting/unified/contact-points-template-fields-8-0.png" width="450px">
 
@@ -52,12 +52,41 @@ The `define` tag in the Content section assigns the template name. This tag is o
 
 Use caution when deleting a template since Grafana does not prevent you from deleting templates that are in use.
 
+### Nested templates
+
+You can embed templates within other templates.
+
+For example, you can define a template fragment using the `define` keyword:
+
+```
+{{ define "mytemplate" }}
+  {{ len .Alerts.Firing }} firing. {{ len .Alerts.Resolved }} resolved.
+{{ end }}
+```
+
+You can then embed custom templates within this fragment using the `template` keyword. For example:
+
+```
+Alert summary:
+{{ template "mytemplate" . }}
+```
+
+You can use any of the following built-in template options to embed custom templates.
+
+| Name                    | Notes                                                         |
+| ----------------------- | ------------------------------------------------------------- |
+| `default.title`         | Displays high-level status information.                       |
+| `default.message`       | Provides a formatted summary of firing and resolved alerts.   |
+| `teams.default.message` | Similar to `default.messsage`, formatted for Microsoft Teams. |
+
 ### Custom template examples
 
+Here are a few examples of how to use custom templates.
+
 Template to render a single alert:
 
 ```
-{{ define "alert" }}
+{{ define "myalert" }}
   [{{.Status}}] {{ .Labels.alertname }}
 
   Labels:
@@ -84,14 +113,20 @@ Template to render a single alert:
 Template to render entire notification message:
 
 ```
-{{ define "message" }}
+{{ define "mymessage" }}
   {{ if gt (len .Alerts.Firing) 0 }}
     {{ len .Alerts.Firing }} firing:
-    {{ range .Alerts.Firing }} {{ template "alert" .}} {{ end }}
+    {{ range .Alerts.Firing }} {{ template "myalert" .}} {{ end }}
   {{ end }}
   {{ if gt (len .Alerts.Resolved) 0 }}
     {{ len .Alerts.Resolved }} resolved:
-    {{ range .Alerts.Resolved }} {{ template "alert" .}} {{ end }}
+    {{ range .Alerts.Resolved }} {{ template "myalert" .}} {{ end }}
   {{ end }}
 {{ end }}
 ```
+
+### HTML in Message Templates
+
+HTML in alerting message templates is escaped. We do not support rendering of HTML in the resulting notification.
+
+Some notifiers support alternative methods of changing the look and feel of the resulting notification. For example, Grafana installs the base template for alerting emails to `<grafana-install-dir>/public/emails/ng_alert_notification.html`. You can edit this file to change the appearance of all alerting emails.

docs/sources/alerting/unified-alerting/message-templating/template-data.md

@@ -59,17 +59,3 @@ In addition to direct access of data (labels and annotations) stored as KeyValue
 | Remove      | []string  | KeyValue                                | Returns a copy of the Key/Value map without the given keys. |
 | Names       |           | []string                                | List of label names                                         |
 | Values      |           | []string                                | List of label values                                        |
-
-## Functions
-
-Some functions to transform values are also available, along with [default functions provided by Go templating](https://golang.org/pkg/text/template/#hdr-Functions).
-
-| Name         | Arguments                    | Returns                                                                                                      |
-| ------------ | ---------------------------- | ------------------------------------------------------------------------------------------------------------ |
-| title        | string                       | Capitalizes first character of each word.                                                                    |
-| toUpper      | string                       | Converts all characters to upper case.                                                                       |
-| match        | pattern, string              | Match a string using RegExp.                                                                                 |
-| reReplaceAll | pattern, replacement, string | RegExp substitution, unanchored.                                                                             |
-| join         | string, []string             | Concatenates the elements of the second argument to create a single string. First argument is the separator. |
-| safeHtml     | string                       | Marks string as HTML, not requiring auto-escaping.                                                           |
-| stringSlice  | ...string                    | Returns passed strings as slice of strings.                                                                  |

docs/sources/alerting/unified-alerting/message-templating/template-functions.md

@@ -0,0 +1,138 @@
++++
+title = "Template functions"
+keywords = ["grafana", "alerting", "guide", "contact point", "templating"]
++++
+
+# Template Functions
+
+Template functions allow you to process labels and annotations to generate dynamic notifications.
+
+| Name                                      | Argument type                                                | Return type            | Description                                                                                                                                 |
+| ----------------------------------------- | ------------------------------------------------------------ | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
+| [humanize](#humanize)                     | number or string                                             | string                 | Converts a number to a more readable format, using metric prefixes.                                                                         |
+| [humanize1024](#humanize1024)             | number or string                                             | string                 | Like humanize, but uses 1024 as the base rather than 1000.                                                                                  |
+| [humanizeDuration](#humanizeduration)     | number or string                                             | string                 | Converts a duration in seconds to a more readable format.                                                                                   |
+| [humanizePercentage](#humanizepercentage) | number or string                                             | string                 | Converts a ratio value to a fraction of 100.                                                                                                |
+| [humanizeTimestamp](#humanizetimestamp)   | number or string                                             | string                 | Converts a Unix timestamp in seconds to a more readable format.                                                                             |
+| [title](#title)                           | string                                                       | string                 | strings.Title, capitalises first character of each word.                                                                                    |
+| [toUpper](#toupper)                       | string                                                       | string                 | strings.ToUpper, converts all characters to upper case.                                                                                     |
+| [toLower](#tolower)                       | string                                                       | string                 | strings.ToLower, converts all characters to lower case.                                                                                     |
+| [match](#match)                           | pattern, text                                                | boolean                | regexp.MatchString Tests for a unanchored regexp match.                                                                                     |
+| [reReplaceAll](#rereplaceall)             | pattern, replacement, text                                   | string                 | Regexp.ReplaceAllString Regexp substitution, unanchored.                                                                                    |
+| [graphLink](#graphlink)                   | string - JSON Object with `"expr"` and `"datasource"` fields | string                 | Returns the path to graphical view in [Explore](https://grafana.com/docs/grafana/latest/explore/) for the given expression and data source. |
+| [tableLink](#tablelink)                   | string- JSON Object with `"expr"` and `"datasource"` fields  | string                 | Returns the path to tabular view in [Explore](https://grafana.com/docs/grafana/latest/explore/) for the given expression and data source.   |
+| [args](#args)                             | []interface{}                                                | map[string]interface{} | Converts a list of objects to a map with keys, for example, arg0, arg1. Use this function to pass multiple arguments to templates.          |
+| [externalURL](#externalurl)               | nothing                                                      | string                 | Returns a string representing the external URL.                                                                                             |
+| [pathPrefix](#pathprefix)                 | nothing                                                      | string                 | Returns the path of the external URL.                                                                                                       |
+
+## Examples
+
+### humanize
+
+**Template string** `{ humanize $value }`
+
+**Input** `1234567.0`
+
+**Expected** `1.235M`
+
+### humanize1024
+
+**TemplateString** `{ humanize1024 $value } `
+
+**Input** `1048576.0`
+
+**Expected** `1Mi`
+
+### humanizeDuration
+
+**TemplateString** `{ humanizeDuration $value }`
+
+**Input** `899.99`
+
+**Expected** `14m 59s`
+
+### humanizePercentage
+
+**TemplateString** `{ humanizePercentage $value }`
+
+**Input** `0.1234567`
+
+**Expected** `12.35%`
+
+### humanizeTimestamp
+
+**TemplateString** `{ $value | humanizeTimestamp }`
+
+**Input** `1435065584.128`
+
+**Expected** `2015-06-23 13:19:44.128 +0000 UTC`
+
+### title
+
+**TemplateString** `{ $value | title }`
+
+**Input** `aa bb CC`
+
+**Expected** `Aa Bb Cc`
+
+### toUpper
+
+**TemplateString** `{ $value | toUpper }`
+
+**Input** `aa bb CC`
+
+**Expected** `AA BB CC`
+
+### toLower
+
+**TemplateString** `{ $value | toLower }`
+
+**Input** `aA bB CC`
+
+**Expected** `aa bb cc`
+
+### match
+
+**TemplateString** `{ match "a+" $labels.instance }`
+
+**Input** `aa`
+
+**Expected** `true`
+
+### reReplaceAll
+
+**TemplateString** `{{ reReplaceAll "localhost:(.*)" "my.domain:$1" $labels.instance }}`
+
+**Input** `localhost:3000`
+
+**Expected** `my.domain:3000`
+
+### graphLink
+
+**TemplateString** `{{ graphLink "{\"expr\": \"up\", \"datasource\": \"gdev-prometheus\"}" }}`
+
+**Expected** `/explore?left=["now-1h","now","gdev-prometheus",{"datasource":"gdev-prometheus","expr":"up","instant":false,"range":true}]`
+
+### tableLink
+
+**TemplateString** `{{ tableLink "{\"expr\": \"up\", \"datasource\": \"gdev-prometheus\"}" }}`
+
+**Expected** `/explore?left=["now-1h","now","gdev-prometheus",{"datasource":"gdev-prometheus","expr":"up","instant":true,"range":false}]`
+
+### args
+
+**TemplateString** `{{define "x"}}{{.arg0}} {{.arg1}}{{end}}{{template "x" (args 1 "2")}}`
+
+**Expected** `1 2`
+
+### externalURL
+
+**TemplateString** `{ externalURL }`
+
+**Expected** `http://localhost/path/prefix`
+
+### pathPrefix
+
+**TemplateString** `{ pathPrefix }`
+
+**Expected** `/path/prefix`

docs/sources/alerting/unified-alerting/notification-policies.md

@@ -11,6 +11,20 @@ Notification policies determine how alerts are routed to contact points. Policie
 
 You can configure Grafana managed notification policies as well as notification policies for an [external Alertmanager data source]({{< relref "../../datasources/alertmanager.md" >}}). For more information, see [Alertmanager]({{< relref "./fundamentals/alertmanager.md" >}}).
 
+## Grouping
+
+{{< figure max-width="40%" src="/static/img/docs/alerting/unified/notification-policies-grouping.png" max-width="650px" caption="Notification policies grouping" >}}
+
+Grouping is a new and key concept of Grafana alerting that categorizes alert notifications of similar nature into a single funnel. This allows you to properly route alert notifications during larger outages when many parts of a system fail at once causing a high number of alerts to fire simultaneously.
+
+For example, suppose you have 100 services connected to a database in different environments. These services are differentiated by the label `env=environmentname`. An alert rule is in place to monitor whether your services can reach the database named `alertname=DatabaseUnreachable`.
+
+When a network partition occurs, half of your services can no longer reach the database. As a result, 50 different alerts (assuming half of your services) are fired. For this situation, you want to receive a single-page notification (as opposed to 50) with a list of the environments that are affected.
+
+You can configure grouping to be `group_by: [alertname]` (take note that the `env` label is omitted). With this configuration in place, Grafana sends a single compact notification that has all the affected environments for this alert rule.
+
+> **Note:** Grafana also has a special label named `...` that you can use to group all alerts by all labels (effectively disabling grouping), therefore each alert will go into its own group. It is different from the default of `group_by: null` where **all** alerts go into a single group.
+
 ## Edit root notification policy
 
 > **Note:** Before Grafana v8.2, the configuration of the embedded Alertmanager was shared across organisations. Users of Grafana 8.0 and 8.1 are advised to use the new Grafana 8 Alerts only if they have one organisation. Otherwise, silences for the Grafana managed alerts will be visible by all organizations.

docs/sources/alerting/unified-alerting/opt-in.md

@@ -1,56 +1,60 @@
 +++
-title = "Opt-in to Grafana 8 alerting"
-description = "Enable Grafana 8 Alerts"
+title = "Opt-in to Grafana alerting"
+description = "Enable Grafana alerts"
 weight = 115
 +++
 
-# Opt-in to Grafana 8 alerting
+# Opt-in to Grafana alerting
 
-This topic describes how to opt-in to Grafana 8 alerting and the rules and restrictions that govern the migration of existing dashboard alerts to the new alerting system. You can [disable Grafana 8 alerts]({{< relref "./opt-in.md#disable-grafana-8-alerts" >}}) and use the legacy dashboard alerting if needed.
+Grafana alerting is enabled by default for new Cloud and OSS installations.
+
+**Note:** If you are an existing Grafana Cloud user and want to explore unified alerting, contact Grafana Support. They will enable unified alerting for your Cloud stack.
+
+For older OSS installations that use legacy dashboard alerts, unified alerting is still an opt-in feature. This topic describes how to opt-in to Grafana alerting if you have an existing Grafana installation and the rules and restrictions that govern the migration of existing dashboard alerts to the new alerting system. You can [disable Grafana alerts]({{< relref "./opt-in.md#disable-grafana-alerts" >}}) and use the legacy dashboard alerting if needed.
 
 Before you begin, we recommend that you backup Grafana's database. If you are using PostgreSQL as the backend database, then the minimum required version is 9.5.
 
-## Enable Grafana 8 alerting
+## Enable Grafana alerting
 
-To enable Grafana 8 alerts:
+To enable Grafana alerts:
 
 1. In your custom configuration file ($WORKING_DIR/conf/custom.ini), go to the [unified alerts]({{< relref "../../administration/configuration.md#unified_alerting" >}}) section.
 1. Set the `enabled` property to `true`.
 1. Next, for [legacy dashboard alerting]({{< relref "../../administration/configuration.md#alerting" >}}), set the `enabled` flag to `false`.
 1. Restart Grafana for the configuration changes to take effect.
 
-> **Note:** The `ngalert` toggle previously used to enable or disable Grafana 8 alerting is no longer available.
+> **Note:** The `ngalert` toggle previously used to enable or disable Grafana alerting is no longer available.
 
 Before v8.2, notification logs and silences were stored on a disk. If you did not use persistent disks, you would have lost any configured silences and logs on a restart, resulting in unwanted or duplicate notifications. We no longer require the use of a persistent disk. Instead, the notification logs and silences are stored regularly (every 15 minutes). If you used the file-based approach, Grafana reads the existing file and persists it eventually.
 
-## Migrating legacy alerts to Grafana 8 alerting system
+## Migrating legacy alerts to Grafana alerting system
 
-When Grafana 8 alerting is enabled, existing legacy dashboard alerts migrate in a format compatible with the Grafana 8 alerting. In the Alerting page of your Grafana instance, you can view the migrated alerts alongside new alerts.
+When Grafana alerting is enabled or Grafana is upgraded to version 8.3, existing legacy dashboard alerts migrate in a format compatible with the Grafana alerting. In the Alerting page of your Grafana instance, you can view the migrated alerts alongside new alerts.
 
-Read and write access to legacy dashboard alerts and Grafana 8 alerts are governed by the permissions of the folders storing them. During migration, legacy dashboard alert permissions are matched to the new rules permissions as follows:
+Read and write access to legacy dashboard alerts and Grafana alerts are governed by the permissions of the folders storing them. During migration, legacy dashboard alert permissions are matched to the new rules permissions as follows:
 
 - If alert's dashboard has permissions, it will create a folder named like `Migrated {"dashboardUid": "UID", "panelId": 1, "alertId": 1}` to match permissions of the dashboard (including the inherited permissions from the folder).
 - If there are no dashboard permissions and the dashboard is under a folder, then the rule is linked to this folder and inherits its permissions.
 - If there are no dashboard permissions and the dashboard is under the General folder, then the rule is linked to the `General Alerting` folder, and the rule inherits the default permissions.
 
-> **Note:** Since there is no `Keep Last State` option for [`No Data` and `Error handling`]({{< relref "./alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) in Grafana 8 alerting, this option becomes `Alerting` during the legacy rules migration.
+> **Note:** Since there is no `Keep Last State` option for [`No Data`]({{< relref "./alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) in Grafana alerting, this option becomes `NoData` during the legacy rules migration. Option "Keep Last State" for [`Error handling`]({{< relref "./alerting-rules/create-grafana-managed-rule/#no-data--error-handling" >}}) is migrated to a new option `Error`. To match the behavior of the `Keep Last State`, in both cases, during the migration Grafana automatically creates a [silence]({{< relref "./silences.md" >}}) for each alert rule with a duration of 1 year.
 
 Notification channels are migrated to an Alertmanager configuration with the appropriate routes and receivers. Default notification channels are added as contact points to the default route. Notification channels not associated with any Dashboard alert go to the `autogen-unlinked-channel-recv` route.
 
-Since `Hipchat` and `Sensu` notification channels are no longer supported, legacy alerts associated with these channels are not automatically migrated to Grafana 8 alerting. Assign the legacy alerts to a supported notification channel so that you continue to receive notifications for those alerts.
+Since `Hipchat` and `Sensu` notification channels are no longer supported, legacy alerts associated with these channels are not automatically migrated to Grafana alerting. Assign the legacy alerts to a supported notification channel so that you continue to receive notifications for those alerts.
 Silences (expiring after one year) are created for all paused dashboard alerts.
 
 ### Limitation
 
-Grafana 8 alerting system can retrieve rules from all available Prometheus, Loki, and Alertmanager data sources. It might not be able to fetch alerting rules from all other supported data sources at this time.
+Grafana alerting system can retrieve rules from all available Prometheus, Loki, and Alertmanager data sources. It might not be able to fetch alerting rules from all other supported data sources at this time.
 
-## Disable Grafana 8 alerts
+## Disable Grafana alerts
 
-To disable Grafana 8 alerts and enable legacy dashboard alerts:
+To disable Grafana alerts and enable legacy dashboard alerts:
 
-1. In your custom configuration file ($WORKING_DIR/conf/custom.ini), go to the [Grafana 8 alerting]({{< relref "../../administration/configuration.md#unified_alerting" >}}) section.
+1. In your custom configuration file ($WORKING_DIR/conf/custom.ini), go to the [Grafana alerting]({{< relref "../../administration/configuration.md#unified_alerting" >}}) section.
 1. Set the `enabled` property to `false`.
 1. For [legacy dashboard alerting]({{< relref "../../administration/configuration.md#alerting" >}}), set the `enabled` flag to `true`.
 1. Restart Grafana for the configuration changes to take effect.
 
-> **Note:** If you choose to migrate from Grafana 8 alerting to legacy dashboard alerting, you will lose any new alerts created in the Grafana 8 alerting system.
+> **Note:** Switching from one flavor of alerting to another can result in data loss. This is applicable to the fresh installation as well as upgraded setups.

docs/sources/auth/github.md

@@ -16,7 +16,7 @@ settings page). When you create the application you will need to specify
 a callback URL. Specify this as callback:
 
 ```bash
-http://<my_grafana_server_name_or_ip>:<grafana_server_port>/login/github
+http://<my_grafana_server_name_or_ip>:<grafana_server_port>/grafana/login/github
 ```
 
 This callback URL must match the full HTTP address that you use in your

docs/sources/dashboards/time-range-controls.md

@@ -7,7 +7,7 @@ weight = 7
 
 # Time range controls
 
-Grafana provides several ways to manage the time ranges of the data being visualized, both at the dashboard level and the panel level.
+Grafana provides several ways to manage the time ranges of the data being visualized, for dashboard, panels and also for alerting.
 
 This page describes supported time units and relative ranges, the common time controls, dashboard-wide time settings, and panel-specific time settings.
 
@@ -34,11 +34,18 @@ Here are some examples:
 | This Year              | `now/Y`     | `now/Y`     |
 | Previous fiscal year   | `now-1y/fy` | `now-1y/fy` |
 
+### Note about Grafana alerting
+
+For Grafana alerting, we do not support are the following syntaxes at this time.
+
+- now+n for future timestamps.
+- now-1n/n for "start of n until end of n" since this is an absolute timestamp.
+
 ## Common time range controls
 
 The dashboard and panel time controls have a common user interface (UI).
 
-<img class="no-shadow" src="/static/img/docs/time-range-controls/common-time-controls-8-2.png" max-width="700px">
+<img class="no-shadow" src="/static/img/docs/time-range-controls/common-time-controls-7-0.png" max-width="700px">
 
 The options are defined below.
 
@@ -112,6 +119,8 @@ For more advanced time settings, click the **Dashboard settings** (gear) icon at
 
 In [Query options]({{< relref "../panels/queries.md#query-options" >}}), you can override the relative time range for individual panels, causing them to be different than what is selected in the dashboard time picker in the upper right. This allows you to show metrics from different time periods or days at the same time.
 
+> **Note:** Panel time overrides have no effect when the time range for the dashboard is absolute.
+
 ## Control the time range using a URL
 
 Time range of a dashboard can be controlled by providing following query parameters in the dashboard URL:

docs/sources/datasources/aws-cloudwatch/_index.md

@@ -8,48 +8,23 @@ weight = 200
 
 # AWS CloudWatch data source
 
-Grafana ships with built-in support for CloudWatch. Add it as a data source, then you are ready to build dashboards or use Explore with CloudWatch metrics and CloudWatch Logs.
+Grafana ships with built-in support for CloudWatch. This topic describes queries, templates, variables, and other configuration specific to the CloudWatch data source. For instructions on how to add a data source to Grafana, refer to [Add a data source]({{< relref "../add-a-data-source.md" >}}). Only users with the organization admin role can add data sources.
 
-This topic describes queries, templates, variables, and other configuration specific to the CloudWatch data source. For instructions on how to add a data source to Grafana, refer to [Add a data source]({{< relref "../add-a-data-source.md" >}}). Only users with the organization admin role can add data sources.
+Once you have added the Cloudwatch data source, you can build dashboards or use Explore with CloudWatch metrics and CloudWatch Logs.
 
-> **Note:** If you are having issues setting up the data source and Grafana is returning undescriptive errors, then check the log file located in /var/log/grafana/grafana.log).
+> **Note:** For troubleshooting issues when setting up the Cloudwatch data source, check the `/var/log/grafana/grafana.log` file.
 
-## Cloudwatch settings
+## Configure the CloudWatch data source
 
 To access data source settings, hover your mouse over the **Configuration** (gear) icon, then click **Data Sources**, and then click the AWS Cloudwatch data source.
 
-| Name                       | Description                                                                                                             |
-| -------------------------- | ----------------------------------------------------------------------------------------------------------------------- |
-| `Name`                     | The data source name. This is how you refer to the data source in panels and queries.                                   |
-| `Default`                  | Default data source means that it will be pre-selected for new panels.                                                  |
-| `Default Region`           | Used in query editor to set region (can be changed on per query basis)                                                  |
-| `Custom Metrics namespace` | Specify the CloudWatch namespace of Custom metrics                                                                      |
-| `Auth Provider`            | Specify the provider to get credentials.                                                                                |
-| `Credentials` profile name | Specify the name of the profile to use (if you use `~/.aws/credentials` file), leave blank for default.                 |
-| `Assume Role Arn`          | Specify the ARN of the role to assume                                                                                   |
-| `External ID`              | If you are assuming a role in another account, that has been created with an external ID, specify the external ID here. |
-
-### X-Ray trace links
-
-Link an X-Ray data source in the "X-Ray trace link" section of the configuration page to automatically add links in your logs when the log contains `@xrayTraceId` field.
-
-![Trace link configuration](/static/img/docs/cloudwatch/xray-trace-link-configuration-8-2.png 'Trace link configuration')
-
-The data source select will contain only existing data source instances of type X-Ray so in order to use this feature you need to have existing X-Ray data source already configured, see [X-Ray docs](https://grafana.com/grafana/plugins/grafana-x-ray-datasource/) for details.
-
-The X-Ray link will then appear in the log details section which is accessible by clicking on the log row either in Explore or in dashboard [Logs panel]({{< relref "../../visualizations/logs-panel.md" >}}). To log the `@xrayTraceId` in your logs see the [AWS X-Ray documentation](https://docs.amazonaws.cn/en_us/xray/latest/devguide/xray-services.html). To provide the field to Grafana your log queries also have to contain the `@xrayTraceId` field, for example using query `fields @message, @xrayTraceId`.
-
-![Trace link in log details](/static/img/docs/cloudwatch/xray-link-log-details-8-2.png 'Trace link in log details')
-
-## Authentication
-
 For authentication options and configuration details, see [AWS authentication]({{< relref "aws-authentication.md" >}}) topic.
 
-## IAM policies
+### CloudWatch specific data source configuration
 
-Grafana needs permissions granted via IAM to be able to read CloudWatch metrics
-and EC2 tags/instances/regions. You can attach these permissions to IAM roles and
-utilize Grafana's built-in support for assuming roles.
+#### IAM policies
+
+Grafana needs permissions granted via IAM to be able to read CloudWatch metrics and EC2 tags/instances/regions/alarms. You can attach these permissions to the IAM role or IAM user configured in the previous step.
 
 Here is a minimal policy example:
 
@@ -100,30 +75,57 @@ Here is a minimal policy example:
 }
 ```
 
-## Using the Query Editor
+#### Namespaces of Custom Metrics
+
+Grafana is not able to load custom namespaces through the GetMetricData API. If you still want your custom metrics to show up in the fields in the query editor, you can specify the names of the namespaces containing the custom metrics in the _Namespaces of Custom Metrics_ field. The field accepts a multiple namespaces, separated by a comma.
+
+#### Timeout
+
+Timeout specifically, for CloudWatch Logs queries. Log queries don't recognize standard Grafana query timeout as they don't keep a single request open and instead periodically poll for results. Because of limits on concurrently running queries in CloudWatch they can also take a longer time to finish.
+
+#### X-Ray trace links
+
+Link an X-Ray data source in the "X-Ray trace link" section of the configuration page to automatically add links in your logs when the log contains `@xrayTraceId` field.
+
+![Trace link configuration](/static/img/docs/cloudwatch/xray-trace-link-configuration-8-2.png 'Trace link configuration')
+
+The data source select will contain only existing data source instances of type X-Ray so in order to use this feature you need to have existing X-Ray data source already configured, see [X-Ray docs](https://grafana.com/grafana/plugins/grafana-x-ray-datasource/) for details.
+
+The X-Ray link will then appear in the log details section which is accessible by clicking on the log row either in Explore or in dashboard [Logs panel]({{< relref "../../visualizations/logs-panel.md" >}}). To log the `@xrayTraceId` in your logs see the [AWS X-Ray documentation](https://docs.amazonaws.cn/en_us/xray/latest/devguide/xray-services.html). To provide the field to Grafana your log queries also have to contain the `@xrayTraceId` field, for example using query `fields @message, @xrayTraceId`.
+
+![Trace link in log details](/static/img/docs/cloudwatch/xray-link-log-details-8-2.png 'Trace link in log details')
+
+## CloudWatch query editor
 
 The CloudWatch data source can query data from both CloudWatch metrics and CloudWatch Logs APIs, each with its own specialized query editor. You select which API you want to query with using the query mode switch on top of the editor.
 
-{{< figure src="/static/img/docs/v70/cloudwatch-metrics-query-field.png" max-width="800px" class="docs-image--left" caption="CloudWatch metrics query field" >}}
-{{< figure src="/static/img/docs/v70/cloudwatch-logs-query-field.png" max-width="800px" class="docs-image--right" caption="CloudWatch Logs query field" >}}
+![CloudWatch API modes](/static/img/docs/cloudwatch/cloudwatch-query-editor-api-modes-8.3.0.png)
 
-## Using the Metric Query Editor
+### Metrics query editor
 
-To create a valid query, you need to specify the namespace, metric name and at least one statistic. If `Match Exact` is enabled, you also need to specify all the dimensions of the metric you’re querying, so that the [metric schema](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/search-expression-syntax.html) matches exactly. If `Match Exact` is off, you can specify any number of dimensions by which you’d like to filter. Up to 100 metrics matching your filter criteria will be returned.
+The metrics query editor allows you to build two types of queries - **Metric Search** and **Metric Query**.
 
-### Dynamic queries using dimension wildcards
+#### Using the Metric Search option
+
+To create a valid Metric Search query specify the namespace, metric name and at least one statistic.
+
+If `Match Exact` is enabled, you also need to specify all the dimensions of the metric you’re querying, so that the [metric schema](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/search-expression-syntax.html) matches exactly. If `Match Exact` is disabled, you can specify any number of dimensions by which you’d like to filter. Up to 100 metrics matching your filter criteria will be returned.
+
+##### Dynamic queries using dimension wildcards
 
 You can monitor a dynamic list of metrics by using the asterisk (\*) wildcard for one or more dimension values.
 
-{{< figure src="/static/img/docs/v65/cloudwatch-dimension-wildcard.png" max-width="800px" class="docs-image--right" caption="CloudWatch dimension wildcard" >}}
+![CloudWatch dimension wildcard](/static/img/docs/cloudwatch/cloudwatch-dimension-wildcard-8.3.0.png)
 
-In this example, the query returns all metrics in the namespace `AWS/EC2` with a metric name of `CPUUtilization` and ANY value for the `InstanceId` dimension are queried. This can help you monitor metrics for AWS resources, like EC2 instances or containers. For example, when new instances are created as part of an auto scaling event, they will automatically appear in the graph without needing to track the new instance IDs. This capability is currently limited to retrieving up to 100 metrics.
+In this example, the query returns all metrics in the namespace `AWS/EC2` with a metric name of `CPUUtilization` and ANY value for the `InstanceId` dimension are queried. This can help you monitor metrics for AWS resources, like EC2 instances or containers. When new instances are created as part of an auto scaling event, they will automatically appear in the graph without you having to track the new instance IDs. This capability is currently limited to retrieving up to 100 metrics.
 
-Click on `Show Query Preview` to see the search expression that is automatically built to support wildcards. To learn more about search expressions, visit the [CloudWatch documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/search-expression-syntax.html). By default, the search expression is defined in such a way that the queried metrics must match the defined dimension names exactly. This means that in the example only metrics with exactly one dimension with name ‘InstanceId’ will be returned.
+You can expand the [Query inspector](https://grafana.com/docs/grafana/latest/panels/queries/#query-inspector-button) button and click `Meta Data` to see the search expression that is automatically built to support wildcards. To learn more about search expressions, visit the [CloudWatch documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/search-expression-syntax.html). By default, the search expression is defined in such a way that the queried metrics must match the defined dimension names exactly. This means that in the example only metrics with exactly one dimension with the name ‘InstanceId’ will be returned.
 
-You can untoggle `Match Exact` to include metrics that have other dimensions defined. Disabling `Match Exact` also creates a search expression even if you don’t use wildcards. We simply search for any metric that matches at least the namespace, metric name, and all defined dimensions.
+![CloudWatch Meta Inspector](/static/img/docs/cloudwatch/cloudwatch-meta-inspector-8.3.0.png)
 
-### Multi-value template variables
+You can disable `Match Exact` to include metrics that have other dimensions defined. Disabling `Match Exact` also creates a search expression even if you don’t use wildcards. We simply search for any metric that matches at least the namespace, metric name, and all defined dimensions.
+
+##### Multi-value template variables
 
 When defining dimension values based on multi-valued template variables, a search expression is used to query for the matching metrics. This enables the use of multiple template variables in one query and also allows you to use template variables for queries that have the `Match Exact` option disabled.
 
@@ -131,7 +133,7 @@ Search expressions are currently limited to 1024 characters, so your query may f
 
 The use of multi-valued template variables is only supported for dimension values. Using multi-valued template variables for `Region`, `Namespace`, or `Metric Name` is not supported.
 
-### Metric math expressions
+##### Metric math expressions
 
 You can create new time series metrics by operating on top of CloudWatch metrics using mathematical functions. Arithmetic operators, unary subtraction and other functions are supported and can be applied to CloudWatch metrics. More details on the available functions can be found on [AWS Metric Math](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html)
 
@@ -139,13 +141,7 @@ As an example, if you want to apply arithmetic operations on a metric, you can d
 
 Please note that in the case you use the expression field to reference another query, like `queryA * 2`, it will not be possible to create an alert rule based on that query.
 
-### Period
-
-A period is the length of time associated with a specific Amazon CloudWatch statistic. Periods are defined in numbers of seconds, and valid values for period are 1, 5, 10, 30, or any multiple of 60.
-
-If the period field is left blank or set to `auto`, then it calculates automatically based on the time range and [cloudwatch's retention policy](https://aws.amazon.com/about-aws/whats-new/2016/11/cloudwatch-extends-metrics-retention-and-new-user-interface/). The formula used is `time range in seconds / 2000`, and then it snaps to the next higher value in an array of predefined periods `[60, 300, 900, 3600, 21600, 86400]` after removing periods based on retention. By clicking `Show Query Preview` in the query editor, you can see what period Grafana used.
-
-### Deep linking from Grafana panels to the CloudWatch console
+##### Deep linking from Grafana panels to the CloudWatch console
 
 {{< figure src="/static/img/docs/v65/cloudwatch-deep-linking.png" max-width="500px" class="docs-image--right" caption="CloudWatch deep linking" >}}
 
@@ -153,257 +149,140 @@ Left clicking a time series in the panel shows a context menu with a link to `Vi
 
 This feature is not available for metrics that are based on metric math expressions.
 
-## Using the Logs Query Editor
+### Using the Metric Query option
 
-To query CloudWatch Logs, select the region and up to 20 log groups which you want to query. Use the main input area to write your query in [CloudWatch Logs Query Language](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html)
+> **Note:** This query option is available in Grafana 8.3 and higher versions only.
+
+Metrics Query in the CloudWatch plugin is what is referred to as **Metric Insights** in the AWS console. It's a fast, flexible, SQL-based query engine that enables you to identify trends and patterns across millions of operational metrics in real time. It uses a dialect of SQL. The query syntax is as follows.
+
+```
+
+SELECT FUNCTION(MetricName)
+FROM Namespace | SCHEMA(...)
+[ WHERE labelKey OPERATOR labelValue [AND|...]]
+[ GROUP BY labelKey [, ...]]
+[ ORDER BY FUNCTION() [DESC | ASC] ]
+[ LIMIT number]
+
+```
+
+The following table provides basic explanation of the query keywords. For details about the Metrics Insights syntax, refer to the [AWS documentation](https://docs.aws.amazon.com/console/cloudwatch/metricsinsights-syntax).
+
+| Keyword      | Description                                                                                                                                                                                                                 |
+| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `FUNCTION`   | Required. Specifies the aggregate function to use, and also specifies the name of the metric that is to be queried. Valid values are AVG, COUNT, MAX, MIN, and SUM                                                          |
+| `MetricName` | Required. For example, `CPUUtilization`.                                                                                                                                                                                    |
+| `FROM`       | Required. Specifies the source of the metric. You can specify either the metric namespace that contains the metric that is to be queried, or a SCHEMA table function. Some namespace examples are 1`AWS/EC2`, `AWS/Lambda`. |
+| `SCHEMA`     | Optional. Allows you to narrow down the query results to only the metrics that is an exact match or to metrics that do noy match.                                                                                           |
+| `WHERE`      | Optional. Filters the results to only those metrics that match your specified expression. For example, `WHERE InstanceType != 'c3.4xlarge'`.                                                                                |
+| `GROUP BY`   | Optional. Groups the query results into multiple time series. For example, `GROUP BY ServiceName`.                                                                                                                          |
+| `ORDER BY`   | Optional. Specifies the order of time series that are returned. Options are `ASC`, `DESC`.                                                                                                                                  |
+| `LIMIT`      | Optional. Limits the number of time series returned.                                                                                                                                                                        |
+
+For information about limits for the Metrics Insights, please refer to the [AWS documentation](https://docs.aws.amazon.com/console/cloudwatch/metricsinsights).
+
+**Builder mode**
+
+To create a query in Builder mode:
+
+1. Browse and select a metric namespace, metric name, filter, group, and order options using information from the table above.
+1. For each of these options, choose from the list of possible options.
+
+Grafana automatically constructs a SQL query based on your selections.
+
+**Code mode**
+
+To create a query in the Code mode:
+
+1. Write your SQL query.
+1. To run the query, click the **Run query** above the code editor.
+
+The code editor has a built in autocomplete feature that gives suggestions for keywords, aggregations, namespaces, metrics, labels and label values. The suggestions are shown when hitting space, comma or dollar character. You can also use the keyboard combination CTRL+Space.
+
+![Code editor autocomplete](/static/img/docs/cloudwatch/cloudwatch-code-editor-autocomplete-8.3.0.gif)
+
+> **Note:** Usage of template variables in the code editor might interfere the autocompletion.
+
+### Common metric query editor fields
+
+At the bottom of the metric query editor, you'll find three fields that are common to both _Metric Search_ and _Metric Query_.
+
+#### Id
+
+The GetMetricData API requires that all queries have a unique ID. Use this field to specify an ID of choice. The ID can include numbers, letters, and underscore, and must start with a lowercase letter. If no ID is specified, grafana will generate an ID using the following pattern `query[refId of the current query row]`, e.g `queryA` for the first query row in the panel editor.
+
+The ID can be used to reference queries in Metric Math expressions.
+
+#### Period
+
+A period is the length of time associated with a specific Amazon CloudWatch statistic. Periods are defined in numbers of seconds, and valid values for period are 1, 5, 10, 30, or any multiple of 60.
+
+If the period field is left blank or set to `auto`, then it calculates automatically based on the time range and [cloudwatch's retention policy](https://aws.amazon.com/about-aws/whats-new/2016/11/cloudwatch-extends-metrics-retention-and-new-user-interface/). The formula used is `time range in seconds / 2000`, and then it snaps to the next higher value in an array of predefined periods `[60, 300, 900, 3600, 21600, 86400]` after removing periods based on retention. By clicking `Show Query Preview` in the query editor, you can see what period Grafana used.
+
+#### Alias
+
+The alias field allows you to override the default name of the metric legend.
+
+##### Alias patterns
+
+| Alias Pattern          | Description                                                   | Example Result   |
+| ---------------------- | ------------------------------------------------------------- | ---------------- |
+| `{{region}}`           | returns the region                                            | `us-east-1`      |
+| `{{period}}`           | returns the period                                            | `3000`           |
+| `{{metric}}`           | returns the metric                                            | `CPUUtilization` |
+| `{{label}}`            | returns the label returned by the API (only in Metric Search) | `i-01343`        |
+| `{{namespace}}`        | returns the namespace (only in Metric Search)                 | `AWS/EC2`        |
+| `{{stat}}`             | returns the statistic (only in Metric Search)                 | `Average`        |
+| `{{[dimension name]}}` | returns the dimension name (only in Metric Search)            | `i-01343`        |
+
+## Using the Logs query editor
+
+To query CloudWatch Logs:
+
+1. Select the region and up to 20 log groups which you want to query.
+1. Use the main input area to write your query in [CloudWatch Logs Query Language](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).
 
 You can also write queries returning time series data by using the [`stats` command](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_Insights-Visualizing-Log-Data.html). When making `stats` queries in Explore, you have to make sure you are in Metrics Explore mode.
 
 {{< figure src="/static/img/docs/v70/explore-mode-switcher.png" max-width="500px" class="docs-image--right" caption="Explore mode switcher" >}}
 
-To the right of the query input field is a CloudWatch Logs Insights link that opens the CloudWatch Logs Insights console with your query. You can continue exploration there if necessary.
-
-{{< figure src="/static/img/docs/v70/cloudwatch-logs-deep-linking.png" max-width="500px" class="docs-image--right" caption="CloudWatch Logs deep linking" >}}
-
-### Using template variables
-
-The CloudWatch data source supports use of template variables in queries.
-For an introduction to templating and template variables, refer to the [Templating]({{< relref "../../variables/_index.md" >}}) documentation.
-
 ### Deep linking from Grafana panels to the CloudWatch console
 
 {{< figure src="/static/img/docs/v70/cloudwatch-logs-deep-linking.png" max-width="500px" class="docs-image--right" caption="CloudWatch Logs deep linking" >}}
 If you'd like to view your query in the CloudWatch Logs Insights console, simply click the `CloudWatch Logs Insights` button next to the query editor.
 If you're not currently logged in to the CloudWatch console, the link will forward you to the login page. The provided link is valid for any account but will only display the right metrics if you're logged in to the account that corresponds to the selected data source in Grafana.
 
-### Alerting
+## Alerting
 
 Since CloudWatch Logs queries can return numeric data, for example through the use of the `stats` command, alerts are supported.
 For more information on Grafana alerts, refer to [Alerting]({{< relref "../../alerting/_index.md" >}}) documentation.
 
-## Curated dashboards
+## Configure CloudWatch with grafana.ini
 
-The updated CloudWatch data source ships with pre-configured dashboards for five of the most popular AWS services:
+The Grafana [configuration]({{< relref "../../administration/configuration.md#aws" >}}) file includes an `AWS` section where you can customize the data source.
 
-- Amazon Elastic Compute Cloud `Amazon EC2`,
-- Amazon Elastic Block Store `Amazon EBS`,
-- AWS Lambda `AWS Lambda`,
-- Amazon CloudWatch Logs `Amazon CloudWatch Logs`, and
-- Amazon Relational Database Service `Amazon RDS`.
-
-To import the pre-configured dashboards, go to the configuration page of your CloudWatch data source and click on the `Dashboards` tab. Click `Import` for the dashboard you would like to use. To customize the dashboard, we recommend saving the dashboard under a different name, because otherwise the dashboard will be overwritten when a new version of the dashboard is released.
-
-{{< figure src="/static/img/docs/v65/cloudwatch-dashboard-import.png" caption="CloudWatch dashboard import" >}}
-
-## Templated queries
-
-Instead of hard-coding server, application, and sensor names in your metric queries, you can use variables. The variables are listed as dropdown select boxes at the top of the dashboard. These dropdowns make it easy to change the display of data in your dashboard.
-
-For an introduction to templating and template variables, refer to the [Templating]({{< relref "../../variables/_index.md" >}}) documentation.
-
-### Query variable
-
-The CloudWatch data source provides the following queries that you can specify in the `Query` field in the Variable edit view. They allow you to fill a variable's options list with things like `region`, `namespaces`, `metric names` and `dimension keys/values`.
-
-In place of `region` you can specify `default` to use the default region configured in the data source for the query,
-e.g. `metrics(AWS/DynamoDB, default)` or `dimension_values(default, ..., ..., ...)`.
-
-Read more about the available dimensions in the [CloudWatch Metrics and Dimensions Reference](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CW_Support_For_AWS.html).
-
-| Name                                                                    | Description                                                                                                                                                                        |
-| ----------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `regions()`                                                             | Returns a list of all AWS regions                                                                                                                                                  |
-| `namespaces()`                                                          | Returns a list of namespaces CloudWatch support.                                                                                                                                   |
-| `metrics(namespace, [region])`                                          | Returns a list of metrics in the namespace. (specify region or use "default" for custom metrics)                                                                                   |
-| `dimension_keys(namespace)`                                             | Returns a list of dimension keys in the namespace.                                                                                                                                 |
-| `dimension_values(region, namespace, metric, dimension_key, [filters])` | Returns a list of dimension values matching the specified `region`, `namespace`, `metric`, `dimension_key` or you can use dimension `filters` to get more specific result as well. |
-| `ebs_volume_ids(region, instance_id)`                                   | Returns a list of volume ids matching the specified `region`, `instance_id`.                                                                                                       |
-| `ec2_instance_attribute(region, attribute_name, filters)`               | Returns a list of attributes matching the specified `region`, `attribute_name`, `filters`.                                                                                         |
-| `resource_arns(region, resource_type, tags)`                            | Returns a list of ARNs matching the specified `region`, `resource_type` and `tags`.                                                                                                |
-| `statistics()`                                                          | Returns a list of all the standard statistics                                                                                                                                      |
-
-For details about the metrics CloudWatch provides, please refer to the [CloudWatch documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).
-
-#### Examples templated queries
-
-Example dimension queries which will return list of resources for individual AWS Services:
-
-| Query                                                                                                                         | Service          |
-| ----------------------------------------------------------------------------------------------------------------------------- | ---------------- |
-| `dimension_values(us-east-1,AWS/ELB,RequestCount,LoadBalancerName)`                                                           | ELB              |
-| `dimension_values(us-east-1,AWS/ElastiCache,CPUUtilization,CacheClusterId)`                                                   | ElastiCache      |
-| `dimension_values(us-east-1,AWS/Redshift,CPUUtilization,ClusterIdentifier)`                                                   | RedShift         |
-| `dimension_values(us-east-1,AWS/RDS,CPUUtilization,DBInstanceIdentifier)`                                                     | RDS              |
-| `dimension_values(us-east-1,AWS/S3,BucketSizeBytes,BucketName)`                                                               | S3               |
-| `dimension_values(us-east-1,CWAgent,disk_used_percent,device,{"InstanceId":"$instance_id"})`                                  | CloudWatch Agent |
-| `resource_arns(eu-west-1,elasticloadbalancing:loadbalancer,{"elasticbeanstalk:environment-name":["myApp-dev","myApp-prod"]})` | ELB              |
-| `resource_arns(eu-west-1,elasticloadbalancing:loadbalancer,{"Component":["$service"],"Environment":["$environment"]})`        | ELB              |
-| `resource_arns(eu-west-1,ec2:instance,{"elasticbeanstalk:environment-name":["myApp-dev","myApp-prod"]})`                      | EC2              |
-
-## ec2_instance_attribute examples
-
-### JSON filters
-
-The `ec2_instance_attribute` query takes `filters` in JSON format.
-You can specify [pre-defined filters of ec2:DescribeInstances](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html).
-Note that the actual filtering takes place on Amazon's servers, not in Grafana.
-
-Filters syntax:
-
-```javascript
-{ "filter_name1": [ "filter_value1" ], "filter_name2": [ "filter_value2" ] }
-```
-
-Example `ec2_instance_attribute()` query
-
-```javascript
-ec2_instance_attribute(us - east - 1, InstanceId, { 'tag:Environment': ['production'] });
-```
-
-### Selecting attributes
-
-Only 1 attribute per instance can be returned. Any flat attribute can be selected (i.e. if the attribute has a single value and isn't an object or array). Below is a list of available flat attributes:
-
-- `AmiLaunchIndex`
-- `Architecture`
-- `ClientToken`
-- `EbsOptimized`
-- `EnaSupport`
-- `Hypervisor`
-- `IamInstanceProfile`
-- `ImageId`
-- `InstanceId`
-- `InstanceLifecycle`
-- `InstanceType`
-- `KernelId`
-- `KeyName`
-- `LaunchTime`
-- `Platform`
-- `PrivateDnsName`
-- `PrivateIpAddress`
-- `PublicDnsName`
-- `PublicIpAddress`
-- `RamdiskId`
-- `RootDeviceName`
-- `RootDeviceType`
-- `SourceDestCheck`
-- `SpotInstanceRequestId`
-- `SriovNetSupport`
-- `SubnetId`
-- `VirtualizationType`
-- `VpcId`
-
-Tags can be selected by prepending the tag name with `Tags.`
-
-Example `ec2_instance_attribute()` query
-
-```javascript
-ec2_instance_attribute(us - east - 1, Tags.Name, { 'tag:Team': ['sysops'] });
-```
-
-## Using JSON format template variables
-
-Some queries accept filters in JSON format and Grafana supports the conversion of template variables to JSON.
-
-If `env = 'production', 'staging'`, following query will return ARNs of EC2 instances which `Environment` tag is `production` or `staging`.
-
-```javascript
-resource_arns(us-east-1, ec2:instance, {"Environment":${env:json}})
-```
+| Configuration option      | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
+| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `allowed_auth_providers`  | Specifies which authentication providers are allowed for the CloudWatch data source. The following providers are enabled by default in OSS Grafana: `default` (AWS SDK default), keys (Access and secret key), credentials (Credentials file), ec2_IAM_role (EC2 IAM role).                                                                                                                                                                                                                                                                                                 |
+| `assume_role_enabled`     | Allows you to disable `assume role (ARN)` in the CloudWatch data source. By default, assume role (ARN) is enabled for OSS Grafana.                                                                                                                                                                                                                                                                                                                                                                                                                                          |
+| `list_metrics_page_limit` | When a custom namespace is specified in the query editor, the [List Metrics API](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) is used to populate the _Metrics_ field and the _Dimension_ fields. The API is paginated and returns up to 500 results per page. The CloudWatch data source also limits the number of pages to 500. However, you can change this limit using the `list_metrics_page_limit` variable in the [grafana configuration file](https://grafana.com/docs/grafana/latest/administration/configuration/#aws). |
 
 ## Pricing
 
 The Amazon CloudWatch data source for Grafana uses the `ListMetrics` and `GetMetricData` CloudWatch API calls to list and retrieve metrics.
 Pricing for CloudWatch Logs is based on the amount of data ingested, archived, and analyzed via CloudWatch Logs Insights queries.
-Please see the [CloudWatch pricing page](https://aws.amazon.com/cloudwatch/pricing/) for more details.
+Every time you pick a dimension in the query editor Grafana will issue a ListMetrics request. Whenever you make a change to the queries in the query editor, one new request to GetMetricData will be issued.
 
-Every time you pick a dimension in the query editor Grafana will issue a ListMetrics request.
-Whenever you make a change to the queries in the query editor, one new request to GetMetricData will be issued.
+In Grafana version 6.5 or higher, all API requests to GetMetricStatistics have been replaced with calls to GetMetricData to provide better support for CloudWatch metric math and enables the automatic generation of search expressions when using wildcards or disabling the `Match Exact` option. While GetMetricStatistics qualified for the CloudWatch API free tier, this is not the case for GetMetricData calls.
 
-Please note that for Grafana version 6.5 or higher, all API requests to GetMetricStatistics have been replaced with calls to GetMetricData. This change enables better support for CloudWatch metric math and enables the automatic generation of search expressions when using wildcards or disabling the `Match Exact` option. While GetMetricStatistics qualified for the CloudWatch API free tier, this is not the case for GetMetricData calls. For more information, please refer to the [CloudWatch pricing page](https://aws.amazon.com/cloudwatch/pricing/).
+For more information, please refer to the [CloudWatch pricing page](https://aws.amazon.com/cloudwatch/pricing/).
 
 ## Service quotas
 
 AWS defines quotas, or limits, for resources, actions, and items in your AWS account. Depending on the number of queries in your dashboard and the number of users accessing the dashboard, you may reach the usage limits for various CloudWatch and CloudWatch Logs resources. Note that quotas are defined per account and per region. If you're using multiple regions or have set up more than one CloudWatch data source to query against multiple accounts, you need to request a quota increase for each account and each region in which you hit the limit.
 
-To request a quota increase, visit the [AWS Service Quotas console](https://console.aws.amazon.com/servicequotas/home?r#!/services/monitoring/quotas/L-5E141212).
+To request a quota increase, visit the [AWS Service Quotas console](https://console.aws.amazon.com/servicequotas/home?r#!/services/monitoring/quotas/L-5E141212). For more information, refer to the AWS documentation for [Service Quotas](https://docs.aws.amazon.com/servicequotas/latest/userguide/intro.html) and [CloudWatch limits](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_limits.html).
 
-Please see the AWS documentation for [Service Quotas](https://docs.aws.amazon.com/servicequotas/latest/userguide/intro.html) and [CloudWatch limits](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_limits.html) for more information.
-
-## Configure the data source with grafana.ini
-
-The Grafana [configuration]({{< relref "../../administration/configuration.md#aws" >}}) file includes an `AWS` section where you can customize the data source.
-
-### allowed_auth_providers
-
-Specify which authentication providers are allowed for the CloudWatch data source. The following providers are enabled by default in OSS Grafana: `default` (AWS SDK default), keys (Access and secret key), credentials (Credentials file), ec2_IAM_role (EC2 IAM role).
-
-### assume_role_enabled
-
-Allows you to disable `assume role (ARN)` in the CloudWatch data source. By default, assume role (ARN) is enabled for OSS Grafana.
-
-### list_metrics_page_limit
-
-When a custom namespace is specified in the query editor, the [List Metrics API](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html) is used to populate the _Metrics_ field and the _Dimension_ fields. The API is paginated and returns up to 500 results per page. The CloudWatch data source also limits the number of pages to 500. However, you can change this limit using the `list_metrics_page_limit` variable in the [grafana configuration file](https://grafana.com/docs/grafana/latest/administration/configuration/#aws).
-
-## Configure the data source with provisioning
-
-You can configure the CloudWatch data source by customizing configuration files in Grafana's provisioning system. To know more about provisioning and learn about available configuration options, refer to the [Provisioning Grafana]({{< relref "../../administration/provisioning/#datasources" >}}) topic.
-
-Here are some provisioning examples for this data source.
-
-### Using AWS SDK (default)
-
-```yaml
-apiVersion: 1
-datasources:
-  - name: CloudWatch
-    type: cloudwatch
-    jsonData:
-      authType: default
-      defaultRegion: eu-west-2
 ```
 
-### Using credentials' profile name (non-default)
-
-```yaml
-apiVersion: 1
-
-datasources:
-  - name: CloudWatch
-    type: cloudwatch
-    jsonData:
-      authType: credentials
-      defaultRegion: eu-west-2
-      customMetricsNamespaces: 'CWAgent,CustomNameSpace'
-      profile: secondary
-```
-
-### Using `accessKey` and `secretKey`
-
-```yaml
-apiVersion: 1
-
-datasources:
-  - name: CloudWatch
-    type: cloudwatch
-    jsonData:
-      authType: keys
-      defaultRegion: eu-west-2
-    secureJsonData:
-      accessKey: '<your access key>'
-      secretKey: '<your secret key>'
-```
-
-### Using AWS SDK Default and ARN of IAM Role to Assume
-
-```yaml
-apiVersion: 1
-datasources:
-  - name: CloudWatch
-    type: cloudwatch
-    jsonData:
-      authType: default
-      assumeRoleArn: arn:aws:iam::123456789012:root
-      defaultRegion: eu-west-2
 ```

docs/sources/datasources/aws-cloudwatch/aws-authentication.md

@@ -3,7 +3,7 @@ title = "Authentication"
 description = "AWS authentication"
 keywords = ["grafana", "aws", "authentication"]
 aliases = ["/docs/grafana/latest/datasources/cloudwatch"]
-weight = 205
+weight = 5
 +++
 
 # AWS authentication
@@ -12,6 +12,14 @@ Requests from a Grafana plugin to AWS are made on behalf of an IAM role or an IA
 
 All requests to AWS APIs are performed on the server side by the Grafana backend using the official AWS SDK.
 
+This topic has the following sections:
+
+- [Authentication methods](#authentication-methods)
+- [Assuming a role](#assuming-a-role)
+- [Endpoint](#endpoint)
+- [AWS credentials file](#aws-credentials-file)
+- [EKS IAM roles for service accounts](#eks-iam-roles-for-service-accounts)
+
 ## Authentication methods
 
 You can use one of the following authentication methods. Currently, `AWS SDK Default`, `Credentials file` and `Access and secret key` are enabled by default in open source Grafana. You can enable/disable them if necessary if you have server configuration access. For more information, refer to [allowed_auth_providers]({{< relref "../../administration/configuration.md#allowed_auth_providers" >}}) documentation.
@@ -36,18 +44,7 @@ If you are assuming a role in another account that was created with an external
 
 ## Endpoint
 
-The `Endpoint` field allows you to specify a custom endpoint URL that overrides the default generated endpoint for the CloudWatch API. Leave this field blank if you want to use the default generated endpoint. For more information on why and how to use Service endpoints, refer to the [AWS service endpoints documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html).
-
-## EKS IAM roles for service accounts
-
-The Grafana process in the container runs as user 472 (called "grafana"). When Kubernetes mounts your projected credentials, they will by default only be available to the root user. To allow user 472 to access the credentials (and avoid falling back to the IAM role attached to the EC2 instance), you need to provide a [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for your pod.
-
-```yaml
-securityContext:
-  fsGroup: 472
-  runAsUser: 472
-  runAsGroup: 472
-```
+The `Endpoint` field allows you to specify a custom endpoint URL that overrides the default generated endpoint for the AWS service API. Leave this field blank if you want to use the default generated endpoint. For more information on why and how to use Service endpoints, refer to the [AWS service endpoints documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html).
 
 ## AWS credentials file
 
@@ -63,3 +60,14 @@ aws_access_key_id = asdsadasdasdasd
 aws_secret_access_key = dasdasdsadasdasdasdsa
 region = us-west-2
 ```
+
+## EKS IAM roles for service accounts
+
+The Grafana process in the container runs as user 472 (called "grafana"). When Kubernetes mounts your projected credentials, they will by default only be available to the root user. To allow user 472 to access the credentials (and avoid falling back to the IAM role attached to the EC2 instance), you need to provide a [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for your pod.
+
+```yaml
+securityContext:
+  fsGroup: 472
+  runAsUser: 472
+  runAsGroup: 472
+```

docs/sources/datasources/aws-cloudwatch/preconfig-cloudwatch-dashboards.md

@@ -0,0 +1,27 @@
++++
+title = "Curated CloudWatch dashboards"
+description = "Guide for using AWS CloudWatch in Grafana"
+keywords = ["grafana", "stackdriver", "google", "guide", "cloud", "monitoring"]
+aliases = ["/docs/grafana/latest/datasources/cloudwatch"]
+weight = 15
++++
+
+# Curated CloudWatch dashboards
+
+The updated CloudWatch data source ships with pre-configured dashboards for five of the most popular AWS services:
+
+- Amazon Elastic Compute Cloud `Amazon EC2`,
+- Amazon Elastic Block Store `Amazon EBS`,
+- AWS Lambda `AWS Lambda`,
+- Amazon CloudWatch Logs `Amazon CloudWatch Logs`, and
+- Amazon Relational Database Service `Amazon RDS`.
+
+To import curatedd dashboards:
+
+1. On the configuration page of your CloudWatch data source, click the **Dashboards** tab.
+
+1. Click **Import** for the dashboard you would like to use.
+
+In case you want to customize a dashboard, we recommend that you save it under a different name. Otherwise the dashboard will be overwritten when a new version of the dashboard is released.
+
+{{< figure src="/static/img/docs/v65/cloudwatch-dashboard-import.png" caption="CloudWatch dashboard import" >}}

docs/sources/datasources/aws-cloudwatch/provision-cloudwatch.md

@@ -0,0 +1,68 @@
++++
+title = "Provision CloudWatch"
+description = "Guide for provisioning CloudWatch"
+weight = 400
+aliases = ["/docs/grafana/latest/datasources/cloudwatch"]
++++
+
+# Provision CloudWatch data source
+
+You can configure the CloudWatch data source by customizing configuration files in Grafana's provisioning system. To know more about provisioning and learn about available configuration options, refer to the [Provisioning Grafana]({{< relref "../../administration/provisioning/#datasources" >}}) topic.
+
+Here are some provisioning examples for this data source.
+
+## Using AWS SDK (default)
+
+```yaml
+apiVersion: 1
+datasources:
+  - name: CloudWatch
+    type: cloudwatch
+    jsonData:
+      authType: default
+      defaultRegion: eu-west-2
+```
+
+## Using credentials' profile name (non-default)
+
+```yaml
+apiVersion: 1
+
+datasources:
+  - name: CloudWatch
+    type: cloudwatch
+    jsonData:
+      authType: credentials
+      defaultRegion: eu-west-2
+      customMetricsNamespaces: 'CWAgent,CustomNameSpace'
+      profile: secondary
+```
+
+## Using accessKey and secretKey
+
+```yaml
+apiVersion: 1
+
+datasources:
+  - name: CloudWatch
+    type: cloudwatch
+    jsonData:
+      authType: keys
+      defaultRegion: eu-west-2
+    secureJsonData:
+      accessKey: '<your access key>'
+      secretKey: '<your secret key>'
+```
+
+## Using AWS SDK Default and ARN of IAM Role to Assume
+
+```yaml
+apiVersion: 1
+datasources:
+  - name: CloudWatch
+    type: cloudwatch
+    jsonData:
+      authType: default
+      assumeRoleArn: arn:aws:iam::123456789012:root
+      defaultRegion: eu-west-2
+```

docs/sources/datasources/aws-cloudwatch/template-queries-cloudwatch.md

@@ -0,0 +1,122 @@
++++
+title = "Template variables in CloudWatch query"
+description = "Template variables in CloudWatch queryh"
+weight = 10
+aliases = ["/docs/grafana/latest/datasources/cloudwatch"]
++++
+
+# Using template variables in CloudWatch queries
+
+Instead of hard-coding server, application, and sensor names in your metric queries, you can use variables. The variables are listed as dropdown select boxes at the top of the dashboard. These dropdowns make it easy to change the display of data in your dashboard.
+
+For an introduction to templating and template variables, refer to the [Templating]({{< relref "../../variables/_index.md" >}}) documentation.
+
+## Query variable
+
+The CloudWatch data source provides the following queries that you can specify in the `Query` field in the Variable edit view. They allow you to fill a variable's options list with things like `region`, `namespaces`, `metric names` and `dimension keys/values`.
+
+In place of `region` you can specify `default` to use the default region configured in the data source for the query,
+e.g. `metrics(AWS/DynamoDB, default)` or `dimension_values(default, ..., ..., ...)`.
+
+Read more about the available dimensions in the [CloudWatch Metrics and Dimensions Reference](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CW_Support_For_AWS.html).
+
+| Name                                                                    | Description                                                                                                                                                                        |
+| ----------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `regions()`                                                             | Returns a list of all AWS regions                                                                                                                                                  |
+| `namespaces()`                                                          | Returns a list of namespaces CloudWatch support.                                                                                                                                   |
+| `metrics(namespace, [region])`                                          | Returns a list of metrics in the namespace. (specify region or use "default" for custom metrics)                                                                                   |
+| `dimension_keys(namespace)`                                             | Returns a list of dimension keys in the namespace.                                                                                                                                 |
+| `dimension_values(region, namespace, metric, dimension_key, [filters])` | Returns a list of dimension values matching the specified `region`, `namespace`, `metric`, `dimension_key` or you can use dimension `filters` to get more specific result as well. |
+| `ebs_volume_ids(region, instance_id)`                                   | Returns a list of volume ids matching the specified `region`, `instance_id`.                                                                                                       |
+| `ec2_instance_attribute(region, attribute_name, filters)`               | Returns a list of attributes matching the specified `region`, `attribute_name`, `filters`.                                                                                         |
+| `resource_arns(region, resource_type, tags)`                            | Returns a list of ARNs matching the specified `region`, `resource_type` and `tags`.                                                                                                |
+| `statistics()`                                                          | Returns a list of all the standard statistics                                                                                                                                      |
+
+For details about the metrics CloudWatch provides, please refer to the [CloudWatch documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).
+
+## Example of templated queries
+
+Here is an example of the dimension queries which will return list of resources for individual AWS Services:
+
+| Query                                                                                                                         | Service          |
+| ----------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `dimension_values(us-east-1,AWS/ELB,RequestCount,LoadBalancerName)`                                                           | ELB              |
+| `dimension_values(us-east-1,AWS/ElastiCache,CPUUtilization,CacheClusterId)`                                                   | ElastiCache      |
+| `dimension_values(us-east-1,AWS/Redshift,CPUUtilization,ClusterIdentifier)`                                                   | RedShift         |
+| `dimension_values(us-east-1,AWS/RDS,CPUUtilization,DBInstanceIdentifier)`                                                     | RDS              |
+| `dimension_values(us-east-1,AWS/S3,BucketSizeBytes,BucketName)`                                                               | S3               |
+| `dimension_values(us-east-1,CWAgent,disk_used_percent,device,{"InstanceId":"$instance_id"})`                                  | CloudWatch Agent |
+| `resource_arns(eu-west-1,elasticloadbalancing:loadbalancer,{"elasticbeanstalk:environment-name":["myApp-dev","myApp-prod"]})` | ELB              |
+| `resource_arns(eu-west-1,elasticloadbalancing:loadbalancer,{"Component":["$service"],"Environment":["$environment"]})`        | ELB              |
+| `resource_arns(eu-west-1,ec2:instance,{"elasticbeanstalk:environment-name":["myApp-dev","myApp-prod"]})`                      | EC2              |
+
+## Using JSON format template variables
+
+Some queries accept filters in JSON format and Grafana supports the conversion of template variables to JSON.
+
+If `env = 'production', 'staging'`, following query will return ARNs of EC2 instances which `Environment` tag is `production` or `staging`.
+
+```javascript
+resource_arns(us-east-1, ec2:instance, {"Environment":${env:json}})
+```
+
+## ec2_instance_attribute examples
+
+### JSON filters
+
+The `ec2_instance_attribute` query takes `filters` in JSON format.
+You can specify [pre-defined filters of ec2:DescribeInstances](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html).
+Note that the actual filtering takes place on Amazon's servers, not in Grafana.
+
+Filters syntax:
+
+```javascript
+{ "filter_name1": [ "filter_value1" ], "filter_name2": [ "filter_value2" ] }
+```
+
+Example `ec2_instance_attribute()` query
+
+```javascript
+ec2_instance_attribute(us - east - 1, InstanceId, { 'tag:Environment': ['production'] });
+```
+
+### Selecting attributes
+
+Only 1 attribute per instance can be returned. Any flat attribute can be selected (i.e. if the attribute has a single value and isn't an object or array). Below is a list of available flat attributes:
+
+- `AmiLaunchIndex`
+- `Architecture`
+- `ClientToken`
+- `EbsOptimized`
+- `EnaSupport`
+- `Hypervisor`
+- `IamInstanceProfile`
+- `ImageId`
+- `InstanceId`
+- `InstanceLifecycle`
+- `InstanceType`
+- `KernelId`
+- `KeyName`
+- `LaunchTime`
+- `Platform`
+- `PrivateDnsName`
+- `PrivateIpAddress`
+- `PublicDnsName`
+- `PublicIpAddress`
+- `RamdiskId`
+- `RootDeviceName`
+- `RootDeviceType`
+- `SourceDestCheck`
+- `SpotInstanceRequestId`
+- `SriovNetSupport`
+- `SubnetId`
+- `VirtualizationType`
+- `VpcId`
+
+Tags can be selected by prepending the tag name with `Tags.`
+
+Example `ec2_instance_attribute()` query
+
+```javascript
+ec2_instance_attribute(us - east - 1, Tags.Name, { 'tag:Team': ['sysops'] });
+```

docs/sources/datasources/elasticsearch.md

@@ -20,12 +20,12 @@ visualize logs or metrics stored in Elasticsearch. You can also annotate your gr
 
 > **Note:** If you're not seeing the `Data Sources` link in your side menu it means that your current user does not have the `Admin` role for the current organization.
 
-| Name      | Description                                                                                                                           |
-| --------- | ------------------------------------------------------------------------------------------------------------------------------------- |
-| `Name`    | The data source name. This is how you refer to the data source in panels and queries.                                                 |
-| `Default` | Default data source means that it will be pre-selected for new panels.                                                                |
-| `Url`     | The HTTP protocol, IP, and port of your Elasticsearch server.                                                                         |
-| `Access`  | Server (default) = URL needs to be accessible from the Grafana backend/server, Browser = URL needs to be accessible from the browser. |
+| Name      | Description                                                                                                                                                                                                                    |
+| --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `Name`    | The data source name. This is how you refer to the data source in panels and queries.                                                                                                                                          |
+| `Default` | Default data source means that it will be pre-selected for new panels.                                                                                                                                                         |
+| `Url`     | The HTTP protocol, IP, and port of your Elasticsearch server.                                                                                                                                                                  |
+| `Access`  | Server (default) = URL needs to be accessible from the Grafana backend/server, Browser = URL needs to be accessible from the browser. **Note**: Browser (direct) access is deprecated and will be removed in a future release. |
 
 Access mode controls how requests to the data source will be handled. Server should be the preferred way if nothing else stated.
 

docs/sources/datasources/google-cloud-monitoring/_index.md

@@ -12,7 +12,7 @@ Grafana ships with built-in support for Google Cloud Monitoring. Add it as a dat
 
 > **Note** Before Grafana v7.1, Google Cloud Monitoring was referred to as Google Stackdriver.
 
-## Google Cloud Monitoring settings
+## Configure the Google Cloud Monitoring data source
 
 To access Google Cloud Monitoring settings, hover your mouse over the **Configuration** (gear) icon, then click **Data Sources**, and then click the Google Cloud Monitoring data source.
 
@@ -22,15 +22,9 @@ To access Google Cloud Monitoring settings, hover your mouse over the **Configur
 | `Default`             | Default data source means that it is pre-selected for new panels.                                                                                                                      |
 | `Service Account Key` | Upload or paste in the Service Account Key file for a GCP Project. For more information, refer to [Using a Google Service Account Key File](#using-a-google-service-account-key-file). |
 
-## Authentication
+For authentication options and configuration details, see the [Google authentication]({{< relref "google-authentication.md" >}}) documentation.
 
-There are two ways to authenticate the Google Cloud Monitoring plugin - either by uploading a Google JWT file, or by automatically retrieving credentials from Google metadata server. The latter option is only available when running Grafana on GCE virtual machine.
-
-### Using a Google Service Account Key File
-
-To authenticate with the Google Cloud Monitoring API, you need to create a Google Cloud Platform (GCP) Service Account for the Project you want to show data for. A Grafana data source integrates with one GCP Project. If you want to visualize data from multiple GCP Projects then you need to create one data source per GCP Project.
-
-#### Enable APIs
+### Google Cloud Monitoring specific data source configuration
 
 The following APIs need to be enabled first:
 
@@ -41,39 +35,13 @@ Click on the links above and click the `Enable` button:
 
 {{< figure src="/static/img/docs/v71/cloudmonitoring_enable_api.png" max-width="450px" class="docs-image--no-shadow" caption="Enable GCP APIs" >}}
 
-#### Create a GCP Service Account for a Project
+#### Using GCP Service Account Key File
 
-1. Navigate to the [APIs and Services Credentials page](https://console.cloud.google.com/apis/credentials).
-1. Click on the `Create credentials` dropdown/button and choose the `Service account key` option.
+The GCP Service Account must have the **Monitoring Viewer** role as shown in the image below:
 
-   {{< figure src="/static/img/docs/v71/cloudmonitoring_create_service_account_button.png" max-width="500px" class="docs-image--no-shadow" caption="Create service account button" >}}
+{{< figure src="/static/img/docs/v71/cloudmonitoring_create_service_account_button.png" max-width="500px" class="docs-image--no-shadow" caption="Create service account button" >}}
 
-1. On the `Create service account key` page, choose key type `JSON`. Then in the `Service Account` dropdown, choose the `New service account` option:
-
-   {{< figure src="/static/img/docs/v71/cloudmonitoring_create_service_account_key.png" max-width="500px" class="docs-image--no-shadow" caption="Create service account key" >}}
-
-1. Some new fields will appear. Fill in a name for the service account in the `Service account name` field and then choose the `Monitoring Viewer` role from the `Role` dropdown:
-
-   {{< figure src="/static/img/docs/v71/cloudmonitoring_service_account_choose_role.png" max-width="600px" class="docs-image--no-shadow" caption="Choose role" >}}
-
-1. Click the Create button. A JSON key file will be created and downloaded to your computer. Store this file in a secure place as it allows access to your Google Cloud Monitoring data.
-1. Upload it to Grafana on the data source Configuration page. You can either upload the file or paste in the contents of the file.
-
-   {{< figure src="/static/img/docs/v71/cloudmonitoring_grafana_upload_key.png" max-width="550px" class="docs-image--no-shadow" caption="Upload service key file to Grafana" >}}
-
-1. The file contents will be encrypted and saved in the Grafana database. Don't forget to save after uploading the file!
-
-   {{< figure src="/static/img/docs/v71/cloudmonitoring_grafana_key_uploaded.png" max-width="600px" class="docs-image--no-shadow" caption="Service key file is uploaded to Grafana" >}}
-
-### Using GCE Default Service Account
-
-If Grafana is running on a Google Compute Engine (GCE) virtual machine, it is possible for Grafana to automatically retrieve default credentials from the metadata server. This has the advantage of not needing to generate a private key file for the service account and also not having to upload the file to Grafana. However for this to work, there are a few preconditions that need to be met.
-
-1. First of all, you need to create a Service Account that can be used by the GCE virtual machine. For more information, refer to [Create new service account](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#createanewserviceaccount).
-1. Make sure the GCE virtual machine instance is being run as the service account that you just created. For more information, refer to [using service account for instance](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#using).
-1. Allow access to the `Cloud Monitoring API` scope.
-
-For more information about creating and enabling service accounts for GCE VM instances, refer to [enable service accounts for instances](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances).
+If Grafana is running on a Google Compute Engine (GCE) virtual machine, the service account in use must have access to the `Cloud Monitoring API` scope.
 
 ## Using the Query Editor
 

docs/sources/datasources/google-cloud-monitoring/google-authentication.md

@@ -0,0 +1,39 @@
++++
+title = "Authentication"
+description = "Google authentication"
+keywords = ["grafana", "google", "authentication"]
+aliases = ["/docs/grafana/next/datasources/cloudmonitoring/"]
+weight = 5
++++
+
+# Google authentication
+
+Requests from a Grafana plugin to Google are made on behalf of an IAM role or an IAM user. The IAM user or IAM role must have the associated policies to perform certain API actions. Since these policies are specific to each data source, refer to the data source documentation for details. All requests to Google APIs are performed on the server-side by the Grafana backend.
+
+You can authenticate a Grafana plugin to Google by uploading a Google JWT file or by automatically retrieving credentials from the Google metadata server. The latter option is only available when running Grafana on GCE virtual machine.
+
+## Using Google Service Account Key File
+
+To authenticate the Grafana plugin with the Google API, create a Google Cloud Platform (GCP) Service Account for the Project you want to show data. A Grafana data source integrates with one GCP Project. If you want to visualize data from multiple GCP Projects, then create one data source per GCP Project.
+
+### Create a GCP Service Account for a Project
+
+1. Navigate to the [APIs and Services Credentials page](https://console.cloud.google.com/apis/credentials).
+1. Click on the **Create credentials** dropdown and select the **Service account** option.
+1. In **Service account name**, enter a name for the account.
+1. From the **Role** dropdown, choose the roles required by the specific plugin.
+1. Click **Done**.
+1. Use the newly created account to [create a service account key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-console). A JSON key file is created and downloaded to your computer.
+1. Store this file in a secure place as it allows access to your Google data.
+1. Upload the key to Grafana via the data source configuration page.
+   The file contents is encrypted and saved in the Grafana database. Don't forget to save the file after uploading!
+
+## Using GCE Default Service Account
+
+When Grafana is running on a Google Compute Engine (GCE) virtual machine, Grafana can automatically retrieve default credentials from the metadata server. As a result, there is no need to generate a private key file for the service account. You also do not need to upload the file to Grafana. The following preconditions must be met before Grafana can retrieve default credentials.
+
+- You must create a Service Account for use by the GCE virtual machine. For more information, refer to [Create new service account](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#createanewserviceaccount).
+- Verify that the GCE virtual machine instance is running as the service account that you created. For more information, refer to [setting up an instance to run as a service account](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#using).
+- Allow access to the specified API scope.
+
+For more information about creating and enabling service accounts for GCE instances, refer to [enabling service accounts for instances in Google documentation](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances).

docs/sources/datasources/influxdb/_index.md

@@ -27,21 +27,19 @@ InfluxDB data source options differ depending on which [query language](#query-l
 
 These options apply if you are using the InfluxQL query language. If you are using Flux, refer to [Flux support in Grafana]({{< relref "influxdb-flux.md" >}}).
 
-| Name      | Description                                                                                                                            |
-| --------- | -------------------------------------------------------------------------------------------------------------------------------------- |
-| `Name`    | The data source name. This is how you refer to the data source in panels and queries. We recommend something like `InfluxDB-InfluxQL`. |
-| `Default` | Default data source means that it will be pre-selected for new panels.                                                                 |
-| `URL`     | The HTTP protocol, IP address and port of your InfluxDB API. InfluxDB API port is by default 8086.                                     |
-| `Access`  | Server (default) = URL needs to be accessible from the Grafana backend/server, Browser = URL needs to be accessible from the browser.  |
-
-**Note**: Browser access is deprecated and will be removed in a future release.
-`Allowed cookies`| Cookies that will be forwarded to the data source. All other cookies will be deleted.
-`Database` | The ID of the bucket you want to query from, copied from the [Buckets page](https://docs.influxdata.com/influxdb/v2.0/organizations/buckets/view-buckets/) of the InfluxDB UI.
-`User` | The username you use to sign into InfluxDB.
-`Password` | The token you use to query the bucket above, copied from the [Tokens page](https://docs.influxdata.com/influxdb/v2.0/security/tokens/view-tokens/) of the InfluxDB UI.
-`HTTP mode` | How to query the database (`GET` or `POST` HTTP verb). The `POST` verb allows heavy queries that would return an error using the `GET` verb. Default is `GET`.
-`Min time interval` | (Optional) Refer to [Min time interval]({{< relref "#min-time-interval" >}}).
-`Max series`| (Optional) Limits the number of series/tables that Grafana processes. Lower this number to prevent abuse, and increase it if you have lots of small time series and not all are shown. Defaults to 1000.
+| Name                | Description                                                                                                                                                                                                                    |
+| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `Name`              | The data source name. This is how you refer to the data source in panels and queries. We recommend something like `InfluxDB-InfluxQL`.                                                                                         |
+| `Default`           | Default data source means that it will be pre-selected for new panels.                                                                                                                                                         |
+| `URL`               | The HTTP protocol, IP address and port of your InfluxDB API. InfluxDB API port is by default 8086.                                                                                                                             |
+| `Access`            | Server (default) = URL needs to be accessible from the Grafana backend/server, Browser = URL needs to be accessible from the browser. **Note**: Browser (direct) access is deprecated and will be removed in a future release. |
+| `Allowed cookies`   | Cookies that will be forwarded to the data source. All other cookies will be deleted.                                                                                                                                          |
+| `Database`          | The ID of the bucket you want to query from, copied from the [Buckets page](https://docs.influxdata.com/influxdb/v2.0/organizations/buckets/view-buckets/) of the InfluxDB UI.                                                 |
+| `User`              | The username you use to sign into InfluxDB.                                                                                                                                                                                    |
+| `Password`          | The token you use to query the bucket above, copied from the [Tokens page](https://docs.influxdata.com/influxdb/v2.0/security/tokens/view-tokens/) of the InfluxDB UI.                                                         |
+| `HTTP mode`         | How to query the database (`GET` or `POST` HTTP verb). The `POST` verb allows heavy queries that would return an error using the `GET` verb. Default is `GET`.                                                                 |
+| `Min time interval` | (Optional) Refer to [Min time interval]({{< relref "#min-time-interval" >}}).                                                                                                                                                  |
+| `Max series`        | (Optional) Limits the number of series/tables that Grafana processes. Lower this number to prevent abuse, and increase it if you have lots of small time series and not all are shown. Defaults to 1000.                       |
 
 ### Flux
 

docs/sources/datasources/postgres.md

@@ -12,7 +12,7 @@ Grafana ships with a built-in PostgreSQL data source plugin that allows you to q
 
 ## PostgreSQL settings
 
-To access PostgreSQL settings, hover your mouse over the **Configuration** (gear) icon, then click **Data Sources**, and then click the Prometheus data source.
+To access PostgreSQL settings, hover your mouse over the **Configuration** (gear) icon, then click **Data Sources**, and then click the PostgreSQL data source.
 
 | Name                      | Description                                                                                                                                                                                                                             |
 | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

docs/sources/datasources/tempo.md

@@ -36,7 +36,19 @@ This is a configuration for the [trace to logs feature]({{< relref "../explore/t
 - **Filter by Trace ID -** Toggle to append the trace ID to the Loki query.
 - **Filter by Span ID -** Toggle to append the span ID to the Loki query.
 
-![Trace to logs settings](/static/img/docs/explore/trace-to-logs-settings-8-2.png 'Screenshot of the trace to logs settings')
+{{< figure src="/static/img/docs/explore/traces-to-logs-settings-8-2.png" class="docs-image--no-shadow" caption="Screenshot of the trace to logs settings" >}}
+
+### Service Graph
+
+This is a configuration for the Service Graph feature.
+
+-- **Data source -** Prometheus instance where the Service Graph data is stored.
+
+### Search
+
+This is a configuration for Tempo search.
+
+-- **Hide search -** Optionally, hide the search query option in Explore in cases where search is not configured in the Tempo instance.
 
 ### Node Graph
 
@@ -49,18 +61,16 @@ This is a configuration for the beta Node Graph visualization. The Node Graph is
 You can query and display traces from Tempo via [Explore]({{< relref "../explore/_index.md" >}}).
 You can search for traces if you set up the trace to logs setting in the data source configuration page. To find traces to visualize, use the [Loki query editor]({{< relref "loki.md#loki-query-editor" >}}). To get search results, you must have [derived fields]({{< relref "loki.md#derived-fields" >}}) configured, which point to this data source.
 
-{{< figure src="/static/img/docs/tempo/query-editor-search.png" class="docs-image--no-shadow" caption="Screenshot of the Tempo query editor showing the search tab" >}}
+{{< figure src="/static/img/docs/tempo/query-editor-search.png" class="docs-image--no-shadow" max-width="750px" caption="Screenshot of the Tempo query editor showing the search tab" >}}
 
 To query a particular trace, select the **TraceID** query type, and then put the ID into the Trace ID field.
 
-{{< figure src="/static/img/docs/tempo/query-editor-traceid.png" class="docs-image--no-shadow" caption="Screenshot of the Tempo TraceID query type" >}}
+{{< figure src="/static/img/docs/tempo/query-editor-traceid.png" class="docs-image--no-shadow" max-width="750px" caption="Screenshot of the Tempo TraceID query type" >}}
 
 ## Upload JSON trace file
 
 You can upload a JSON file that contains a single trace to visualize it. If the file has multiple traces then the first trace is used for visualization.
 
-{{< figure src="/static/img/docs/explore/tempo-upload-json.png" class="docs-image--no-shadow" caption="Screenshot of the Tempo data source in explore with upload selected" >}}
-
 Here is an example JSON:
 
 ```json
@@ -105,6 +115,67 @@ Here is an example JSON:
 }
 ```
 
+## Service Graph
+
+A service graph is a visual representation of the relationships between services. Each node on the graph represents a service such as an API or database. With this graph, customers can easily detect performance issues, increases in error, fault, or throttle rates in any of their services, and dive deep into corresponding traces and root causes.
+
+![Node graph panel](/static/img/docs/node-graph/node-graph-8-0.png 'Node graph')
+
+To display the service graph:
+
+- [Configure the Grafana Agent](https://grafana.com/docs/tempo/next/grafana-agent/service-graphs/#quickstart) to generate service graph data
+- Link a Prometheus datasource in the Tempo datasource settings.
+- Navigate to [Explore]({{< relref "../explore/_index.md" >}})
+- Select the Tempo datasource
+- Select the **Service Graph** query type and run the query
+- Optionally, filter by service name
+
+You can pan and zoom the view with buttons or you mouse. For details about the visualization, refer to [Node graph panel](https://grafana.com/docs/grafana/latest/panels/visualizations/node-graph/).
+
+Each service in the graph is represented as a circle. Numbers on the inside shows average time per request and request per second.
+
+The color of each circle represents the percentage of requests in each of the following states:
+
+- green = success
+- red = fault
+- yellow = errors
+- purple = throttled responses
+
+Click on the service to see a context menu with additional links for quick navigation to other relevant information.
+
 ## Linking Trace ID from logs
 
 You can link to Tempo trace from logs in Loki or Elastic by configuring an internal link. See the [Derived fields]({{< relref "loki.md#derived-fields" >}}) section in the [Loki data source]({{< relref "loki.md" >}}) or [Data links]({{< relref "elasticsearch.md#data-links" >}}) section in the [Elastic data source]({{< relref "elasticsearch.md" >}}) for configuration instructions.
+
+## Provision the Tempo data source
+
+You can modify the Grafana configuration files to provision the Tempo data source. Read more about how it works and all the settings you can set for data sources on the [provisioning]({{< relref "../administration/provisioning/#datasources" >}}) topic.
+
+Here is an example config:
+
+```yaml
+apiVersion: 1
+
+datasources:
+  - name: Tempo
+    type: tempo
+    # Access mode - proxy (server in the UI) or direct (browser in the UI).
+    access: proxy
+    url: http://localhost:3200
+    jsonData:
+      httpMethod: GET
+      tracesToLogs:
+        datasourceUid: 'loki'
+        tags: ['job', 'instance', 'pod', 'namespace']
+        spanStartTimeShift: '1h'
+        spanEndTimeShift: '1h'
+        filterByTraceID: false
+        filterBySpanID: false
+        lokiSearch: true
+      serviceMap:
+        datasourceUid: 'prometheus'
+      search:
+        hide: false
+      nodeGraph:
+        enabled: true
+```

docs/sources/developers/plugins/_index.md

@@ -17,6 +17,8 @@ Open the terminal, and run the following command in your [plugin directory]({{<
 npx @grafana/toolkit plugin:create my-grafana-plugin
 ```
 
+> **Note:** If running NPM 7+ the `npx` commands mentioned in this article may hang. The workaround is to use `npx --legacy-peer-deps <command to run>`.
+
 If you want a more guided introduction to plugin development, check out our tutorials:
 
 - [Build a panel plugin]({{< relref "/tutorials/build-a-panel-plugin.md" >}})
@@ -76,9 +78,9 @@ Learn more about Grafana options and packages.
 
 #### Typescript
 
-- [Grafana Data]({{< relref "../../packages_api/data/_index.md" >}})
-- [Grafana Runtime]({{< relref "../../packages_api/runtime/_index.md" >}})
-- [Grafana UI]({{< relref "../../packages_api/ui/_index.md" >}})
+- Grafana Data
+- Grafana Runtime
+- Grafana UI
 
 #### Go
 

docs/sources/developers/plugins/add-support-for-explore-queries.md

@@ -46,7 +46,7 @@ The query editor for Explore is similar to the query editor for the data source
      .setExploreQueryField(ExploreQueryEditor);
    ```
 
-1. Add a [QueryField]({{< relref "../../packages_api/ui/queryfield.md" >}}) to `ExploreQueryEditor`.
+1. Add a `QueryField` to `ExploreQueryEditor`.
 
    ```ts
    import { QueryField } from '@grafana/ui';

docs/sources/developers/plugins/add-support-for-variables.md

@@ -24,7 +24,7 @@ Grafana provides a couple of helper functions to interpolate variables in a stri
 
 ## Interpolate variables in panel plugins
 
-For panels, the [replaceVariables]({{< relref "../../packages_api/data/panelprops.md#replacevariables-property" >}}) function is available in the [PanelProps]({{< relref "../../packages_api/data/panelprops.md" >}}).
+For panels, the `replaceVariables` function is available in the PanelProps.
 
 Add `replaceVariables` to the argument list, and pass it a user-defined template string.
 
@@ -38,7 +38,7 @@ export const SimplePanel: React.FC<Props> = ({ options, data, width, height, rep
 
 ## Interpolate variables in data source plugins
 
-For data sources, you need to use the [getTemplateSrv]({{< relref "../../packages_api/runtime/gettemplatesrv.md" >}}), which returns an instance of [TemplateSrv]({{< relref "../../packages_api/runtime/templatesrv.md" >}}).
+For data sources, you need to use the getTemplateSrv, which returns an instance of TemplateSrv.
 
 1. Import `getTemplateSrv` from the `runtime` package.
 
@@ -80,7 +80,7 @@ For more information on the available variable formats, refer to [Advanced varia
 
 ## Set a variable from your plugin
 
-Not only can you read the value of a variable, you can also update the variable from your plugin. Use [LocationSrv.update()]({{< relref "../../packages_api/runtime/locationsrv.md/#update-method" >}}) to update a variable using query parameters.
+Not only can you read the value of a variable, you can also update the variable from your plugin. Use LocationSrv.update()
 
 The following example shows how to update a variable called `service`.
 
@@ -117,7 +117,7 @@ export interface MyVariableQuery {
 }
 ```
 
-For a data source to support query variables, you must override the [`metricFindQuery`]({{< relref "../../packages_api/data/datasourceapi.md#metricfindquery-method" >}}) in your `DataSourceApi` class. `metricFindQuery` returns an array of [`MetricFindValue`]({{< relref "../../packages_api/data/metricfindvalue.md" >}}) which has a single property, `text`:
+For a data source to support query variables, you must override the `metricFindQuery` in your `DataSourceApi` class. `metricFindQuery` returns an array of `MetricFindValue` which has a single property, `text`:
 
 ```ts
 async metricFindQuery(query: MyVariableQuery, options?: any) {

docs/sources/developers/plugins/build-a-logs-data-source-plugin.md

@@ -74,7 +74,7 @@ const frame = new MutableDataFrame({
 
 To help filter log lines, many log systems let you query logs based on metadata, or _labels_.
 
-You can add labels to a stream of logs by setting the [labels](../../packages_api/data/field.md#labels-property) property on the [Field]({{< relref "../../packages_api/data/field.md" >}}).
+You can add labels to a stream of logs by setting the labels property on the Field.
 
 **Example**:
 

docs/sources/developers/plugins/legacy/snapshot-mode.md

@@ -7,7 +7,7 @@ aliases = ["/docs/grafana/latest/plugins/developing/snapshot-mode/"]
 
 {{< figure class="float-right"  src="/static/img/docs/Grafana-snapshot-example.png" caption="A dashboard using snapshot data and not live data." >}}
 
-Grafana has this great feature where you can [save a snapshot of your dashboard]({{< relref "../../../dashboards/json-model.md" >}}). Instead of sending a screenshot of a dashboard to someone, you can send them a working, interactive Grafana dashboard with the snapshot data embedded inside it. The snapshot can be saved on your Grafana server and is available to all your co-workers. Raintank also hosts a [snapshot server](http://snapshot.raintank.io/) if you want to send the snapshot to someone who does not have access to your Grafana server.
+Grafana has this great feature where you can [save a snapshot of your dashboard]({{< relref "../../../dashboards/json-model.md" >}}). Instead of sending a screenshot of a dashboard to someone, you can send them a working, interactive Grafana dashboard with the snapshot data embedded inside it. The snapshot can be saved on your Grafana server and is available to all your co-workers. Raintank also hosts a [snapshot server](https://snapshots.raintank.io) if you want to send the snapshot to someone who does not have access to your Grafana server.
 
 {{< figure class="float-right"  src="/static/img/docs/animated_gifs/snapshots.gif" caption="Selecting a snapshot" >}}
 
@@ -72,4 +72,4 @@ loadLocationDataFromFile(reload) {
 
 It is really easy to forget to add this support but it enables a great feature and can be used to demo your panel.
 
-If there is a panel plugin that you would like to be installed on the Raintank Snapshot server then please contact us via [Slack](https://raintank.slack.com) or [GitHub](https://github.com/grafana/grafana).
+If there is a panel plugin that you would like to be installed on the Raintank Snapshot server then please contact us via [Slack](https://slack.grafana.com) or [GitHub](https://github.com/grafana/grafana).

docs/sources/developers/plugins/sign-a-plugin.md

@@ -41,6 +41,8 @@ Public plugins need to be reviewed by the Grafana team before you can sign them.
    npx @grafana/toolkit plugin:sign
    ```
 
+> **Note:** If running NPM 7+ the `npx` commands mentioned in this article may hang. The workaround is to use `npx --legacy-peer-deps <command to run>`.
+
 ## Sign a private plugin
 
 1. In your plugin directory, sign the plugin with the API key you just created. Grafana Toolkit creates a [MANIFEST.txt](#plugin-manifest) file in the `dist` directory of your plugin.

docs/sources/developers/plugins/working-with-data-frames.md

@@ -6,7 +6,7 @@ title = "Working with data frames"
 
 The data frame is a columnar data structure which allows efficient querying of large amounts of data. Since data frames are a central concept when developing plugins for Grafana, in this guide we'll look at some ways you can use them.
 
-The [DataFrame]({{< relref "../../packages_api/data/dataframe.md" >}}) interface contains a `name` and an array of `fields` where each field contains the name, type, and the values for the field.
+The DataFrame interface contains a `name` and an array of `fields` where each field contains the name, type, and the values for the field.
 
 > **Note:** If you're looking to migrate an existing plugin to use the data frame format, refer to [Migrate to data frames]({{< relref "migration-guide.md#migrate-to-data-frames" >}}).
 
@@ -14,7 +14,7 @@ The [DataFrame]({{< relref "../../packages_api/data/dataframe.md" >}}) interface
 
 If you build a data source plugin, then you'll most likely want to convert a response from an external API to a data frame. Let's look at how to create a data frame.
 
-Let's start with creating a simple data frame that represents a time series. The easiest way to create a data frame is to use the [toDataFrame]({{< relref "../../packages_api/data/todataframe.md" >}}) function.
+Let's start with creating a simple data frame that represents a time series. The easiest way to create a data frame is to use the toDataFrame function.
 
 ```ts
 // Need to be of the same length.
@@ -78,7 +78,7 @@ for (let i = 0; i < frame.length; i++) {
 }
 ```
 
-Alternatively, you can use the [DataFrameView]({{< relref "../../packages_api/data/dataframeview.md" >}}), which gives you an array of objects that contain a property for each field in the frame.
+Alternatively, you can use the DataFrameView, which gives you an array of objects that contain a property for each field in the frame.
 
 ```ts
 const view = new DataFrameView(frame);
@@ -113,7 +113,7 @@ return (
 );
 ```
 
-To apply field options to the name of a field, use [getFieldDisplayName]({{< relref "../../packages_api/data/getfielddisplayname.md" >}}).
+To apply field options to the name of a field, use getFieldDisplayName.
 
 ```ts
 const valueField = frame.fields.find((field) => field.type === FieldType.number);

docs/sources/enterprise/access-control/_index.md

@@ -21,18 +21,23 @@ Fine-grained access control considers a) _who_ has an access (`identity`), and b
 
 You can grant, change, or revoke access to _users_ (`identity`). When an authenticated user tries to access a Grafana resource, the authorization system checks the required fine-grained permissions for the resource and determines whether or not the action is allowed. Refer to [Fine-grained permissions]({{< relref "./permissions.md" >}}) for a complete list of available permissions.
 
-To grant or revoke access to your users, create or remove built-in role assignments. For more information, refer to [Built-in role assignments]({{< relref "./roles.md#built-in-role-assignments" >}}).
+Refer to [Assign roles]({{< relref "./roles.md#assign-roles" >}}) to learn about grant or revoke access to your users.
 
 ## Resources with fine-grained permissions
 
-Fine-grained access control is currently available for [Reporting]({{< relref "../reporting.md" >}}) and [Managing Users]({{< relref "../../manage-users/_index.md" >}}).
-To learn more about specific endpoints where you can use access control, refer to [Permissions]({{< relref "./permissions.md" >}}) and to the relevant API guide:
+Fine-grained access control is available for the following capabilities:
 
-- [Fine-grained access control API]({{< relref "../../http_api/access_control.md" >}})
-- [Admin API]({{< relref "../../http_api/admin.md" >}})
-- [Organization API]({{< relref "../../http_api/org.md" >}})
-- [Reporting API]({{< relref "../../http_api/reporting.md" >}})
-- [User API]({{< relref "../../http_api/user.md" >}})
+- [Use Explore mode]({{< relref "../../explore/_index.md" >}})
+- [Manage users]({{< relref "../../manage-users/_index.md" >}})
+- [Manage LDAP authentication]({{< relref "../../auth/ldap/_index.md" >}})
+- [Manage data sources]({{< relref "../../datasources/_index.md" >}})
+- [Manage data source permissions]({{< relref "../datasource_permissions.md" >}})
+- [Manage a Grafana Enterprise license]({{< relref "../license/_index.md" >}})
+- [Provision Grafana]({{< relref "../../administration/provisioning/_index.md" >}})
+- [Manage reports]({{< relref "../reporting.md" >}})
+- [View server information]({{< relref "../../administration/view-server/_index.md" >}})
+
+To learn about specific endpoints where you can use fine-grained access control, refer to [Permissions]({{< relref "./permissions.md" >}}) and to the relevant [API]({{< relref "../../http_api/_index.md" >}}) documentation.
 
 ## Enable fine-grained access control
 

docs/sources/enterprise/access-control/fine-grained-access-control-references.md

@@ -13,8 +13,8 @@ The reference information that follows complements conceptual information about
 
 | Fixed roles                            | Permissions                                                                                                                                                                                                                                                              | Descriptions                                                                                                                                                                                                                                                                          |
 | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `fixed:roles:reader`                   | `roles:read`<br>`roles:list`<br>`roles.builtin:list`                                                                                                                                                                                                                     | Read all access control roles and built-in role assignments.                                                                                                                                                                                                                          |
-| `fixed:roles:writer`                   | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`roles.builtin:add`<br>`roles.builtin:remove`                                                                                                                                       | Create, read, update, or delete all roles and built-in role assignments.                                                                                                                                                                                                              |
+| `fixed:roles:reader`                   | `roles:read`<br>`roles:list`<br>`users.roles:list`<br>`users.permissions:list`<br>`roles.builtin:list`                                                                                                                                                                   | Read all access control roles, roles and permissions assigned to users and built-in role assignments.                                                                                                                                                                                 |
+| `fixed:roles:writer`                   | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`users.roles:add`<br>`users.roles:remove`<br>`roles.builtin:add`<br>`roles.builtin:remove`                                                                                          | Create, read, update, or delete all roles, assign or unassign roles to users and built-in role assignments.                                                                                                                                                                           |
 | `fixed:reports:reader`                 | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                              | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
 | `fixed:reports:writer`                 | All permissions from `fixed:reports:reader` and <br>`reports.admin:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                                                | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
 | `fixed:users:reader`                   | `users:read`<br>`users.quotas:list`<br>`users.authtoken:list`<br>`users.teams:read`                                                                                                                                                                                      | Read all users and their information, such as team memberships, authentication tokens, and quotas.                                                                                                                                                                                    |
@@ -35,16 +35,16 @@ The reference information that follows complements conceptual information about
 | `fixed:licensing:reader`               | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                             | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
 | `fixed:licensing:writer`               | All permissions from `fixed:licensing:viewer` and <br>`licensing:update`<br>`licensing:delete`                                                                                                                                                                           | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
 | `fixed:provisioning:writer`            | `provisioning:reload`                                                                                                                                                                                                                                                    | Reload provisioning.                                                                                                                                                                                                                                                                  |
-| `fixed:orgs:reader`                    | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                        | Read the organization and its quotas.                                                                                                                                                                                                                                                 |
-| `fixed:orgs:writer`                    | All permissions from `fixed:orgs:reader` and <br> `orgs:write`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                                                   | Create, read, write, or delete an organization. Read or write its quotas.                                                                                                                                                                                                             |
-| `fixed:current.org:reader`             | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                        | Read the current organization, such as its ID, name, address, or quotas.                                                                                                                                                                                                              |
-| `fixed:current.org:writer`             | All permissions from `fixed:current.orgs:reader` and <br> `orgs:write`<br>`orgs.quotas:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                     | Read the current organization, its quotas, or its preferences. Update the current organization properties, or its preferences.                                                                                                                                                        |
+| `fixed:organization:reader`            | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                        | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
+| `fixed:organization:writer`            | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                            | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
+| `fixed:organization:maintainer`        | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                          | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
+|                                        |
 
 ## Default built-in role assignments
 
-| Built-in role | Associated role                                                                                                                                                                                                                                                                                                                                                                                                       | Description                                                                                                                 |
-| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
-| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:orgs:reader`<br>`fixed:orgs:writer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
-| Admin         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:current.org:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>                                                                                                                                                                                    | Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments.         |
-| Editor        | `fixed:datasources:explorer`                                                                                                                                                                                                                                                                                                                                                                                          | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments.                                     |
-| Viewer        | `fixed:datasources:id:reader`                                                                                                                                                                                                                                                                                                                                                                                         | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments.                                     |
+| Built-in role | Associated role                                                                                                                                                                                                                                                                                                                                                                                                                           | Description                                                                                                                 |
+| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
+| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
+| Admin         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>                                                                                                                                                                                                       | Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments.         |
+| Editor        | `fixed:datasources:explorer`                                                                                                                                                                                                                                                                                                                                                                                                              | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments.                                     |
+| Viewer        | `fixed:datasources:id:reader`<br>`fixed:organization:reader`                                                                                                                                                                                                                                                                                                                                                                              | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments.                                     |

docs/sources/enterprise/access-control/manage-role-assignments/_index.md

@@ -0,0 +1,15 @@
++++
+title = "Manage role assignments"
+description = ""
+keywords = ["grafana", "fine-grained-access-control", "roles", "permissions", "enterprise"]
+weight = 115
++++
+
+# Manage role assignments
+
+To grant or revoke access to your users, you can assign [Roles]({{< relref "../roles.md" >}}) to users, [Organization roles]({{< relref "../../../permissions/organization_roles.md" >}}) and [Grafana Server Admin]({{< relref "../../../permissions/_index.md#grafana-server-admin-role" >}}) role.
+
+The following pages provide more information on how to manage role assignments:
+
+- [Manage user role assignments]({{< relref "manage-user-role-assignments.md" >}}).
+- [Manage role assignments to Organization roles and Grafana Server Admin role]({{< relref "manage-built-in-role-assignments.md" >}}).

docs/sources/enterprise/access-control/manage-role-assignments/manage-built-in-role-assignments.md

@@ -0,0 +1,19 @@
++++
+title = "Manage built-in role assignments"
+description = "Manage built-in role assignments"
+keywords = ["grafana", "fine-grained-access-control", "roles", "permissions", "fine-grained-access-control-usage", "enterprise"]
+weight = 210
++++
+
+# Built-in role assignments
+
+To control what your users can access or not, you can assign or unassign [Custom roles]({{< ref "#custom-roles" >}}) or [Fixed roles]({{< ref "#fixed-roles" >}}) to the existing [Organization roles]({{< relref "../../../permissions/organization_roles.md" >}}) or to [Grafana Server Admin]({{< relref "../../../permissions/_index.md#grafana-server-admin-role" >}}) role.
+These assignments are called built-in role assignments.
+
+During startup, Grafana will create default assignments for you. When you make any changes to the built-on role assignments, Grafana will take them into account and won’t overwrite during next start.
+
+For more information, refer to [Fine-grained access control references]({{< relref "../fine-grained-access-control-references.md#default-built-in-role-assignments" >}}).
+
+# Manage built-in role assignments
+
+You can create or remove built-in role assignments using [Fine-grained access control API]({{< relref "../../../http_api/access_control.md#create-and-remove-built-in-role-assignments" >}}) or using [Grafana Provisioning]({{< relref "../provisioning.md#manage-default-built-in-role-assignments" >}}).

docs/sources/enterprise/access-control/manage-role-assignments/manage-user-role-assignments.md

@@ -0,0 +1,64 @@
++++
+title = "Manage user role assignments"
+description = "Manage user role assignments"
+keywords = ["grafana", "fine-grained-access-control", "roles", "permissions", "fine-grained-access-control-usage", "enterprise"]
+weight = 200
++++
+
+# Manage user role assignments
+
+There are two ways to assign roles directly to users: in the UI using the role picker, and using the API.
+
+## Manage users' roles within a specific Organization using the role picker
+
+In order to assign roles to a user within a specific Organization using the role picker, you must have a user account with one of the following:
+
+- The Admin built-in role.
+- The Server Admin role.
+- The fixed role `fixed:permissions:writer`, [assigned for the given Organization]({{< relref "../roles/#scope-of-assignments" >}}).
+- A custom role with `users.roles:add` and `users.roles:remove` permissions.
+
+You must also have the permissions granted by the roles that you want to assign or revoke.
+
+Steps:
+
+1. Navigate to the Users Configuration page by hovering over **Configuration** (the gear icon) in the left navigation menu and selecting **Users**.
+1. Click on the **Role** column in the row for the user whose role you would like to edit.
+1. Deselect one or more selected roles that you would like to remove from that user.
+1. Select one or more roles that you would like to assign to that user.
+1. Click the **Apply** button to apply the selected roles to that user.
+
+![User role picker in Organization](/static/img/docs/enterprise/user_role_picker_global.png)
+
+The user's permissions will update immediately, and the UI will reflect their new permissions the next time they reload their browser or visit a new page.
+
+**Note**: The roles that you select will be assigned only within the given Organization. For example, if you grant the user the "Data source editor" role while you are in the main Organization, then that user will be able to edit data source in the main Organization but not in others.
+
+## Manage users' roles in multiple Organizations using the role picker
+
+In order to assign roles across multiple Organizations to a user using the role picker, you must have a user account with one of the following:
+
+- The Server Admin built-in role
+- The fixed role `fixed:permissions:writer`, [assigned globally]({{< relref "../roles/#scope-of-assignments" >}}).
+- A custom role with `users.roles:add` and `users.roles:remove` permissions, [assigned globally]({{< relref "../roles/#scope-of-assignments" >}}).
+
+You must also have the permissions granted by the roles that you want to assign or revoke within the Organization in which you're making changes.
+
+Steps:
+
+1. Navigate to the Users Admin page by hovering over **Server Admin** (the shield icon) in the left navigation menu and selecting **Users**.
+1. Click on a user row to edit that user's roles.
+1. Under the **Organizations** header, you will see a list of roles assigned to that user within each of their Organizations. Click on the roles in an organization to open the role picker.
+1. Deselect one or more selected roles that you would like to remove from that user.
+1. Select one or more roles that you would like to assign to that user.
+1. Click the **Apply** button to apply the selected roles to that user.
+
+![User role picker in Organization](/static/img/docs/enterprise/user_role_picker_in_org.png)
+
+The user's permissions will update immediately, and the UI will reflect their new permissions the next time they reload their browser or visit a new page.
+
+**Note**: The roles that you select will be assigned only within one Organization. For example, if you grant the user the "Data source editor" role in the row for the main Organization, then that user will be able to edit data source in the main Organization but not in others.
+
+## Manage users' roles via API
+
+To manage user role assignment via API, refer to the [fine-grained access control HTTP API docs]({{< relref "../../../http_api/access_control.md#create-and-remove-user-role-assignments" >}}).

docs/sources/enterprise/access-control/permissions.md

@@ -2,7 +2,7 @@
 title = "Permissions"
 description = "Understand fine-grained access control permissions"
 keywords = ["grafana", "fine-grained access-control", "roles", "permissions", "enterprise"]
-weight = 115
+weight = 110
 +++
 
 # Permissions
@@ -54,6 +54,10 @@ The following list contains fine-grained access control actions.
 | `users:logout`                   | `global:users:*` <br> `global:users:id:*`                                                   | Sign out a user.                                                                                                                                           |
 | `users.quotas:list`              | `global:users:*` <br> `global:users:id:*`                                                   | List a user’s quotas.                                                                                                                                      |
 | `users.quotas:update`            | `global:users:*` <br> `global:users:id:*`                                                   | Update a user’s quotas.                                                                                                                                    |
+| `users.roles:list`               | `users:*`                                                                                   | List roles assigned directly to a user.                                                                                                                    |
+| `users.roles:add`                | `permissions:delegate`                                                                      | Assign a role to a user.                                                                                                                                   |
+| `users.roles:remove`             | `permissions:delegate`                                                                      | Unassign a role from a auser.                                                                                                                              |
+| `users.permissions:list`         | `users:*`                                                                                   | List permissions of a user.                                                                                                                                |
 | `org.users:read`                 | `users:*` <br> `users:id:*`                                                                 | Get user profiles within an organization.                                                                                                                  |
 | `org.users:add`                  | `users:*`                                                                                   | Add a user to an organization.                                                                                                                             |
 | `org.users:remove`               | `users:*` <br> `users:id:*`                                                                 | Remove a user from an organization.                                                                                                                        |

docs/sources/enterprise/access-control/provisioning.md

@@ -25,7 +25,7 @@ You can create, update, and delete custom roles, as well as create and remove bu
 
 To create or update custom roles, you can add a list of `roles` in the configuration.
 
-Every role has a [version]({{< relref "./roles.md#custom-roles" >}}) number. For each role you update, you must remember to increment it, otherwise changes won't be accounted for.
+Every role has a [version]({{< relref "./roles.md#custom-roles" >}}) number. For each role you update, you must remember to increment it, otherwise changes won't be applied.
 
 When you update a role, the existing role inside Grafana is altered to be exactly what is specified in the YAML file, including permissions.
 

docs/sources/enterprise/access-control/roles.md

@@ -44,6 +44,14 @@ Role names must be unique within an organization.
 
 Roles with names prefixed by `fixed:` are fixed roles created by Grafana and cannot be created or modified by users.
 
+### Display name
+
+A role's display name is intended as a human friendly identifier for the role, helping users understand the purpose of a role. The display name of the role is displayed in the role picker in the UI.
+
+### Group
+
+A role's group is used to organize roles in the role picker in the UI.
+
 ### Role version
 
 The version of a role is a positive integer which defines the current version of the role. When updating a role, you can either omit the version field to increment the previous value by 1 or set a new version which must be strictly larger than the previous version for the update to succeed.
@@ -67,20 +75,13 @@ If a Grafana Server Admin wants to delegate that privilege to other users, they
 
 Note that you won't be able to create, update or delete a custom role with permissions which you yourself do not have. For example, if the only permission you have is a `users:create`, you won't be able to create a role with other permissions.
 
-## Built-in role assignments
+## Assign roles
 
-To control what your users can access or not, you can assign or unassign [Custom roles]({{< ref "#custom-roles" >}}) or [Fixed roles]({{< ref "#fixed-roles" >}}) to the existing [Organization roles]({{< relref "../../permissions/organization_roles.md" >}}) or to [Grafana Server Admin]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) role.
-These assignments are called built-in role assignments.
+[Custom roles]({{< ref "#custom-roles" >}}) and [Fixed roles]({{< ref "#fixed-roles" >}}) can be assigned to users, the existing [Organization roles]({{< relref "../../permissions/organization_roles.md" >}}) and to [Grafana Server Admin]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) role.
 
-During startup, Grafana will create default assignments for you. When you make any changes to the built-on role assignments, Grafana will take them into account and won’t overwrite during next start.
-
-For more information, refer to [Fine-grained access control references]({{< relref "./fine-grained-access-control-references.md#default-built-in-role-assignments" >}}).
-
-## Create and remove built-in role assignments
-
-You can create or remove built-in role assignments using [Fine-grained access control API]({{< relref "../../http_api/access_control.md" >}}) or using [Grafana Provisioning]({{< relref "./provisioning" >}}).
+Visit [Manage role assignments]({{< relref "manage-role-assignments/_index.md" >}}) page for more details.
 
 ### Scope of assignments
 
-A built-in role assignment can be either _global_ or _organization local_. _Global_ assignments are not mapped to any specific organization and will be applied to all organizations, whereas _organization local_ assignments are only applied for that specific organization.
+A role assignment can be either _global_ or _organization local_. _Global_ assignments are not mapped to any specific organization and will be applied to all organizations, whereas _organization local_ assignments are only applied for that specific organization.
 You can only create _organization local_ assignments for _organization local_ roles.

docs/sources/enterprise/access-control/usage-scenarios.md

@@ -132,6 +132,10 @@ Example response:
 }
 ```
 
+## Manage roles granted directly to users
+
+To learn about granting roles to users, refer to [Manage user role assignments]({{< relref "manage-role-assignments/manage-user-role-assignments.md" >}}) page.
+
 ## Create your first custom role
 
 You can create your custom role by either using an [HTTP API]({{< relref "../../http_api/access_control.md#create-a-new-custom-role" >}}) or by using [Grafana provisioning]({{< relref "./provisioning.md" >}}).

docs/sources/enterprise/auditing.md

@@ -181,6 +181,14 @@ external group.
 | Restore old dashboard version | `{"action": "restore", "resources": [{"type": "dashboard"}]}`            |
 | Delete dashboard              | `{"action": "delete", "resources": [{"type": "dashboard"}]}`             |
 
+#### Library elements management
+
+| Action                 | Distinguishing fields                                              |
+| ---------------------- | ------------------------------------------------------------------ |
+| Create library element | `{"action": "create", "resources": [{"type": "library-element"}]}` |
+| Update library element | `{"action": "update", "resources": [{"type": "library-element"}]}` |
+| Delete library element | `{"action": "delete", "resources": [{"type": "library-element"}]}` |
+
 #### Data sources management
 
 | Action                                             | Distinguishing fields                                                                     |
@@ -192,11 +200,37 @@ external group.
 | Disable permissions for datasource                 | `{"action": "disable-permissions", "resources": [{"type": "datasource"}]}`                |
 | Grant datasource permission to role, team, or user | `{"action": "create", "resources": [{"type": "datasource"}, {"type": "dspermission"}]}`\* |
 | Remove datasource permission                       | `{"action": "delete", "resources": [{"type": "datasource"}, {"type": "dspermission"}]}`   |
+| Enable caching for datasource                      | `{"action": "enable-cache", "resources": [{"type": "datasource"}]}`                       |
+| Disable caching for datasource                     | `{"action": "disable-cache", "resources": [{"type": "datasource"}]}`                      |
+| Update datasource caching configuration            | `{"action": "update", "resources": [{"type": "datasource"}]}`                             |
 
 \* `resources` may also contain a third item with `"type":` set to `"user"` or `"team"`.
 
 #### Alerts and notification channels management
 
+| Action                                                                | Distinguishing fields                                                                          |
+| --------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
+| Save alert manager configuration                                      | `{"action": "update", "requestUri": "/api/alertmanager/RECIPIENT/config/api/v1/alerts"}`       |
+| Reset alert manager configuration                                     | `{"action": "delete", "requestUri": "/api/alertmanager/RECIPIENT/config/api/v1/alerts"}`       |
+| Create silence                                                        | `{"action": "create", "requestUri": "/api/alertmanager/RECIPIENT/api/v2/silences"}`            |
+| Delete silence                                                        | `{"action": "delete", "requestUri": "/api/alertmanager/RECIPIENT/api/v2/silences/SILENCE-ID"}` |
+| Create alert                                                          | `{"action": "create", "requestUri": "/api/ruler/RECIPIENT/api/v2/alerts"}`                     |
+| Create or update rule group                                           | `{"action": "create-update", "requestUri": "/api/ruler/RECIPIENT/api/v1/rules/NAMESPACE"}`     |
+| Delete rule group                                                     | `{"action": "delete", "requestUri": "/api/ruler/RECIPIENT/api/v1/rules/NAMESPACE/GROUP-NAME"}` |
+| Delete namespace                                                      | `{"action": "delete", "requestUri": "/api/ruler/RECIPIENT/api/v1/rules/NAMESPACE"}`            |
+| Test Grafana managed receivers                                        | `{"action": "test", "requestUri": "/api/alertmanager/RECIPIENT/config/api/v1/receivers/test"}` |
+| Create or update the NGalert configuration of the user's organization | `{"action": "create-update", "requestUri": "/api/v1/ngalert/admin_config"}`                    |
+| Delete the NGalert configuration of the user's organization           | `{"action": "delete", "requestUri": "/api/v1/ngalert/admin_config"}`                           |
+
+Where the following:
+
+- `RECIPIENT` is `grafana` for requests handled by Grafana or the numeric data source ID for requests forwarded to a data source.
+- `NAMESPACE` is the string identifier for the rules namespace.
+- `GROUP-NAME` is the string identifier for the rules group.
+- `SILENCE-ID` is the ID of the affected silence.
+
+The following legacy alerting actions are still supported:
+
 | Action                            | Distinguishing fields                                                 |
 | --------------------------------- | --------------------------------------------------------------------- |
 | Test alert rule                   | `{"action": "test", "resources": [{"type": "panel"}]}`                |
@@ -235,13 +269,6 @@ external group.
 
 #### Provisioning
 
-"resources": [
-{
-"id": 1,
-"type": "api-key"
-}
-],
-
 | Action                           | Distinguishing fields                      |
 | -------------------------------- | ------------------------------------------ |
 | Reload provisioned dashboards    | `{"action": "provisioning-dashboards"}`    |
@@ -249,6 +276,13 @@ external group.
 | Reload provisioned plugins       | `{"action": "provisioning-plugins"}`       |
 | Reload provisioned notifications | `{"action": "provisioning-notifications"}` |
 
+#### Plugins management
+
+| Action           | Distinguishing fields     |
+| ---------------- | ------------------------- |
+| Install plugin   | `{"action": "install"}`   |
+| Uninstall plugin | `{"action": "uninstall"}` |
+
 #### Miscellaneous
 
 | Action              | Distinguishing fields                                        |

docs/sources/enterprise/enterprise-configuration.md

@@ -34,6 +34,12 @@ side to be valid for a different number of users or a new duration,
 your Grafana instance will be updated with the new terms
 automatically. Defaults to `true`.
 
+### license_validation_type
+
+> **Note:** Available in Grafana Enterprise v8.3+.
+
+When set to `aws`, Grafana will validate its license status with Amazon Web Services (AWS) instead of with Grafana Labs. Only use this setting if you purchased an Enterprise license from AWS Marketplace. Defaults to empty, which means that by default Grafana Enterprise will validate using a license issued by Grafana Labs. For details about licenses issued by AWS, refer to [Activate a Grafana Enterprise license purchased through AWS Marketplace]({{< relref "../enterprise/license/activate-aws-marketplace-license/" >}}).
+
 ## [white_labeling]
 
 ### app_title
@@ -456,3 +462,42 @@ The default is `"grafana"`.
 A space-separated list of memcached servers. Example: `memcached-server-1:11211 memcached-server-2:11212 memcached-server-3:11211`. Or if there's only one server: `memcached-server:11211`.
 
 The default is `"localhost:11211"`.
+
+## [recorded_queries]
+
+### enabled
+
+Whether the recorded queries feature is enabled
+
+### min_interval
+
+Sets the minimum interval to enforce between query evaluations. The default value is `10s`. Query evaluation will be
+adjusted if they are less than this value. Higher values can help with resource management.
+
+The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g.
+30s or 1m.
+
+### max_queries
+
+The maximum number of recorded queries that can exist.
+
+### default_remote_write_datasource_uid
+
+The UID of the datasource where the query data will be written.
+
+If all `default_remote_write_*` properties are set, this information will be populated at startup. If a remote write target has
+already been configured, nothing will happen.
+
+### default_remote_write_path
+
+The api path where metrics will be written
+
+If all `default_remote_write_*` properties are set, this information will be populated at startup. If a remote write target has
+already been configured, nothing will happen.
+
+### default_remote_write_datasource_org_id
+
+The org id of the datasource where the query data will be written.
+
+If all `default_remote_write_*` properties are set, this information will be populated at startup. If a remote write target has
+already been configured, nothing will happen.

docs/sources/enterprise/kms-integration/_index.md

@@ -0,0 +1,17 @@
++++
+title = "KMS integration"
+description = ""
+keywords = ["grafana", "kms", "key management system integration"]
+weight = 1200
++++
+
+# Key management systems (KMSs)
+
+You can choose to encrypt secrets stored in the Grafana database using a key from a KMS, which is a secure central storage location that is designed to help you to create and manage cryptographic keys and control their use across many services. When you integrate with a KMS, Grafana does not directly store your encryption key. Instead, Grafana stores KMS credentials and the identifier of the key, which Grafana uses to encrypt the database.
+
+Grafana integrates with the following key management systems:
+
+- [AWS KMS]({{< relref "/using-aws-kms-to-encrypt-database-secrets.md" >}})
+- [Azure Key Vault]({{< relref "/using-azure-key-vault-to-encrypt-database-secrets.md" >}})
+
+Refer to [Database encryption]({{< relref "../../administration/database-encryption.md" >}}) to learn more about how Grafana encrypts secrets in the database.

docs/sources/enterprise/kms-integration/using-aws-kms-to-encrypt-database-secrets.md

@@ -0,0 +1,83 @@
++++
+title = "AMS KMS"
+description = "Using AWS KMS to encrypt database secrets"
+keywords = ["grafana", "AWS KMS integration"]
+weight = 3
++++
+
+# Using AWS KMS to encrypt database secrets
+
+You can use an encryption key from AWS Key Management Service to encrypt secrets in the Grafana database.
+
+**Prerequisites:**
+
+- An AWS account with permission to view and create KMS keys and programmatic credentials to access those keys
+- Access to the Grafana [configuration]({{< relref "../../administration/configuration/#config-file-locations" >}}) file
+
+1. Create a symmetric API key either from the AWS Management Console or by using the AWS KMS API.
+   <br><br>For detailed instructions, refer to [Creating keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html).
+
+2. Retrieve the Key ID.
+   <br><br>In AWS terms, this can be a key ID, a key ARN (Amazon Resource Name), an alias name, or an alias ARN. For more information about how to retrieve a key ID from AWS, refer to [Finding the key ID and key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html).
+
+3. Create a [programmatic credential](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys) (access key ID and secret access key), which has permission to view the key that you created.
+   <br><br>In AWS, you can control access to your KMS keys by using [key policies](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html), [IAM policies](https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html), and [grants](https://docs.aws.amazon.com/kms/latest/developerguide/grants.html). You can also create [temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html), which must provide a session token along with an access key ID and a secret access key.
+
+4. From within Grafana, turn on [envelope encryption]({{< relref "../../administration/envelope-encryption.md" >}}).
+5. Add your AWS KMS details to the Grafana configuration file; depending on your operating system, it is usually named `grafana.ini`:
+   <br><br>a. Add a new section to the configuration file, with a name in the format of `[security.encryption.awskms.<KEY-NAME>]`, where `<KEY-NAME>` is any name that uniquely identifies this key among other provider keys.
+   <br><br>b. Fill in the section with the following values:
+   <br>
+
+   - `key_id`: a reference to a key stored in the KMS. This can be a key ID, a key Amazon Resource Name (ARN), an alias name, or an alias ARN. If you are using an alias, use the prefix `alias/`. To specify a KMS key in a different AWS account, use its ARN or alias. For more information about how to retrieve a key ID from AWS, refer to [Finding the key ID and key ARN](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html).<br>
+     | `key_id` option | Example value |
+     | --- | --- |
+     | Key ID | `1234abcd-12ab-34cd-56ef-1234567890ab` |
+     | Key ARN | `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` |
+     | Alias name | `alias/ExampleAlias` |
+     | Alias ARN | `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias` |
+
+   - `access_key_id`: The AWS Access Key ID that you previously generated.
+   - `secret_access_key`: The AWS Secret Access Key you previously generated.
+   - `region`: The AWS region where you created the KMS key. The region is contained in the key’s ARN. For example: `arn:aws:kms:*us-east-2*:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+
+   An example of an AWS KMS provider section in the `grafana.ini` file is as follows:
+
+   ```
+   # AWS key management service provider setup
+   ;[security.encryption.awskms.example-encryption-key]
+   # Reference to a KMS key - either key ID, key ARN, alias name, or ARN
+   ;key_id = 1234abcd-12ab-34cd-56ef-1234567890ab
+   # AWS access key ID
+   ;access_key_id = AKIAIOSFODNN7EXAMPLE
+   # AWS secret access key
+   ;secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+   # AWS region, for example eu-north-1
+   ;region = eu-north-1
+   ```
+
+6. Update the `[security]` section of the `grafana.ini` configuration file with the new Encryption Provider key that you created:
+
+   ```
+   [security]
+   # previous encryption key, used for legacy alerts, decrypting existing secrets or used as default provider when external providers are not configured
+   secret_key = AaaaAaaa
+   # encryption provider key in the format <PROVIDER>.<KEY_NAME>
+   encryption_provider = awskms.example-encryption-key
+   # list of configured key providers, space separated
+   available_encryption_providers = awskms.example-encryption-key
+   ```
+
+   **> Note:** The encryption key that is stored in the `secret_key` field is still used by Grafana’s legacy alerting system to encrypt secrets, for decrypting existing secrets, or it is used as the default provider when external providers are not configured. Do not change or remove that value when adding a new KMS provider.
+
+7. [Restart Grafana](https://grafana.com/docs/grafana/latest/installation/restart-grafana/).
+
+8. (Optional) From the command line and the root directory of Grafana, re-encrypt all of the secrets within the Grafana database with the new key using the following command:
+
+   `grafana-cli admin secrets-migration re-encrypt`
+
+   If you do not re-encrypt existing secrets, then they will remain encrypted by the previous encryption key. Users will still be able to access them.
+
+   **> Note:** This process could take a few minutes to complete, depending on the number of secrets (such as data sources or alert notification channels) in your database. Users might experience errors while this process is running, and alert notifications might not be sent.
+
+   **> Note:** If you are updating this encryption key during the initial setup of Grafana before any data sources, alert notification channels, or dashboards have been created, then this step is not necessary because there are no secrets in Grafana to migrate.

docs/sources/enterprise/kms-integration/using-azure-key-vault-to-encrypt-database-secrets.md

@@ -0,0 +1,81 @@
++++
+title = "Azure Key Vault"
+description = "Using Azure Key Vault to encrypt database secrets"
+keywords = ["grafana", "Azure key vault"]
+weight = 2
++++
+
+# Using Azure Key Vault to encrypt database secrets
+
+You can use an encryption key from Azure Key Vault to encrypt secrets in the Grafana database.
+
+**Prerequisites:**
+
+- An Azure account with permission to view and create Key Vault keys and programmatic credentials to access those keys
+- Access to the Grafana [configuration]({{< relref "../../administration/configuration/#config-file-locations" >}}) file
+
+1. [Create a vault](https://docs.microsoft.com/en-us/azure/key-vault/general/quick-create-portal#create-a-vault).
+
+2. Create a key in the **Key Vault** with the name that you want by using **RSA** as the type and `2048` as the size with encrypt and decrypt permissions.
+
+3. [Register an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application) and generate a client secret for it.
+
+4. [Assign a Key Vault access policy](https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal) for the key vault that you created:
+
+5. In the Key Permissions section, set encrypt and decrypt permissions, and click **Save**.
+
+6. From within Grafana, turn on [envelope encryption]({{< relref "../../administration/envelope-encryption.md" >}}).
+
+7. Add your Azure Key Vault details to the Grafana configuration file; depending on your operating system, is usually named `grafana.ini`:
+   <br><br>a. Add a new section to the configuration file, with a name in the format of `[security.encryption.azurekv.<KEY-NAME>]`, where `<KEY-NAME>` is any name that uniquely identifies this key among other provider keys.
+   <br><br>b. Fill in the section with the following values:
+   <br>
+
+   - `tenant_id`: the **Directory ID** (tenant) from the application that you registered.
+   - `client_id`: the **Application ID** (client) from the application that you registered.
+   - `client_secret`: the VALUE of the secret that you generated in your app. (Don't use the Secret ID).
+   - `key_id`: the key name that you created in the key vault.
+   - `vault_uri`: the URL of your key vault.
+
+   An example of an Azure Key Vault provider section in the `grafana.ini` file is as follows:
+
+   ```
+   # Azure Key Vault provider setup
+   ;[security.encryption.azurekv.example-encryption-key]
+   # Azure Application directory ID (tenant)
+   tenant_id = 1234abcd-12ab-34cd-56ef-1234567890ab
+   # Azure Application application ID (client).
+   client_id = 1356dfgh-12ab-34cd-56ef-3322114455cc
+   # Azure Application client secret.
+   client_secret = FbE4X~4Jq45ERKxx823Aheb9plBjQqHHe81Sc
+   # Azure Key Vault key name.
+   key_id = mysecretkey
+   # Azure Key Vault uri.
+   vault_uri = https://my-vault-name.vault.azure.net
+   ```
+
+8. Update the `[security]` section of the `grafana.ini` configuration file with the new Encryption Provider key that you created:
+
+   ```
+   [security]
+   # previous encryption key, used for legacy alerts, decrypting existing secrets or used as default provider when external providers are not configured
+   secret_key = AaaaAaaa
+   # encryption provider key in the format <PROVIDER>.<KEY-NAME>
+   encryption_provider = azurekv.example-encryption-key
+   # list of configured key providers, space separated
+   available_encryption_providers =  azurekv.example-encryption-key
+   ```
+
+   **> Note:** The encryption key stored in the `secret_key` field is still used by Grafana’s legacy alerting system to encrypt secrets. Do not change or remove that value.
+
+9. [Restart Grafana](https://grafana.com/docs/grafana/latest/installation/restart-grafana/).
+
+10. (Optional) From the command line and the root directory of Grafana Enterprise, re-encrypt all of the secrets within the Grafana database with the new key using the following command:
+
+    `grafana-cli admin secrets-migration re-encrypt`
+
+    If you do not re-encrypt existing secrets, then they will remain encrypted by the previous encryption key. Users will still be able to access them.
+
+    **> Note:** This process could take a few minutes to complete, depending on the number of secrets (such as data sources or alert notification channels) in your database. Users might experience errors while this process is running, and alert notifications might not be sent.
+
+    **> Note:** If you are updating this encryption key during the initial setup of Grafana before any data sources, alert notification channels, or dashboards have been created, then this step is not necessary because there are no secrets in Grafana to migrate.

docs/sources/enterprise/license/_index.md

@@ -7,9 +7,10 @@ weight = 10
 
 # Grafana Enterprise license
 
-To run Grafana Enterprise, you need a valid license. [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise) to obtain the license. For information on how to activate your license, refer to [Activate an Enterprise license]({{< relref "./activate-license.md" >}}).
+When you become a Grafana Enterprise customer, you gain access to Grafana's premium observability features, including enterprise data source plugins, reporting, and fine-grained access control. In order to use these [enhanced features of Grafana Enterprise]({{< relref "../_index.md" >}}), you must purchase and activate a Grafana Enterprise license.
 
-See also:
+To purchase a license directly from Grafana Labs, [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise). To activate an Enterprise license purchased from Grafana Labs, refer to [Activate an Enterprise license]({{< relref "./activate-license.md" >}}).
 
-- [License expiration]({{< relref "./license-expiration.md" >}})
-- [License restrictions]({{< relref "./license-restrictions.md" >}})
+You can also purchase a Grafana Enterprise license through the AWS Marketplace. To learn more about activating a license purchased through AWS, refer to [Activate a Grafana Enterprise license purchased through AWS Marketplace]({{< relref "../license/activate-aws-marketplace-license" >}}).
+
+{{< section >}}

docs/sources/enterprise/license/activate-aws-marketplace-license/_index.md

@@ -0,0 +1,12 @@
++++
+title = "Activate a Grafana Enterprise license purchased through AWS Marketplace"
+description = "Activate Enterprise license purchased through AWS Marketplace"
+keywords = ["grafana", "aws", "marketplace", "enterprise", "license"]
+weight = 400
++++
+
+# Activate a Grafana Enterprise license purchased through AWS Marketplace
+
+AWS Marketplace is a convenient place for AWS customers to buy and manage a license for Grafana Enterprise versions 8.3.0 and later.
+
+{{< section >}}

docs/sources/enterprise/license/activate-aws-marketplace-license/about-ge-license-through-aws.md

@@ -0,0 +1,24 @@
++++
+title = "About Grafana Enterprise licenses from AWS Marketplace"
+description = "About Grafana Enterprise licenses from AWS Marketplace"
+keywords = ["grafana", "about", "enterprise", "overview", "aws", "marketplace"]
+aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/about-ge-license-through-aws"]
+weight = 100
++++
+
+# About Grafana Enterprise licenses from AWS Marketplace
+
+AWS Marketplace is a convenient place for AWS customers to buy and manage a license for Grafana Enterprise versions 8.3.0 and later.
+
+You can deploy Grafana Enterprise in the following ways:
+
+- Using AWS services like ECS, EKS or EC2.
+- In an instance outside AWS.
+
+In each case, you must activate the Grafana Enterprise license purchased in AWS Marketplace to take advantage of Grafana Enterprise observability features. Grafana Enterprise licenses purchased through AWS Marketplace are subject to the same [restrictions]({{< relref "../license-restrictions.md" >}}) as Grafana Enterprise licensed purchased directly from Grafana Labs.
+
+> To purchase a license directly from Grafana Labs or learn more about other Grafana offerings, [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise).
+
+## Before you begin
+
+Become an AWS customer. Only AWS customers have access to purchase services through AWS Marketplace. To learn more about becoming an AWS customer, refer to [Sign up for AWS](https://portal.aws.amazon.com/billing/signup#/start).

docs/sources/enterprise/license/activate-aws-marketplace-license/activate-license-on-ecs.md

@@ -0,0 +1,105 @@
++++
+title = "Activate a Grafana Enterprise license from AWS Marketplace on ECS"
+description = "Activate a Grafana Enterprise license from AWS Marketplace on ECS"
+keywords = ["grafana", "ecs", "enterprise", "aws", "marketplace", "activate"]
+aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-ecs"]
+weight = 250
++++
+
+# Activate a Grafana Enterprise license from AWS Marketplace on ECS
+
+If you have purchased a Grafana Enterprise subscription through AWS Marketplace, you must activate it in order to use Grafana Enterprise data source plugins and features in Grafana.
+
+## Before you begin
+
+- Purchase a subscription to [Grafana Enterprise from AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-dlncd4kzt5kx6).
+- Be sure that the IAM user that was used to purchase Grafana Enterprise has permission to manage subscriptions, create new IAM users and roles, and create access policies.
+
+To activate your license, complete the following tasks.
+
+## Task 1: Deploy Grafana Enterprise on Amazon ECS
+
+1. Deploy Grafana Enterprise on Amazon ECS.
+
+   For more information about deploying an application on Amazon ECS, refer to [Creating an Amazon ECS service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service.html).
+
+1. As you create the Amazon ECS service, use the Grafana Enterprise version 8.3.0 or later container image.
+
+   For example, enter `grafana/grafana-enterprise:8.3.3`.
+
+   > Only Grafana Enterprise versions 8.3.0 and later support licenses granted through AWS Marketplace.
+
+## Task 2: Configure Grafana for high availability
+
+Grafana requires that you configure a database to hold dashboards, users, and other persistent data.
+
+### Before you begin
+
+- Ensure that you have a supported Grafana database available.
+  - For a list of supported databases, refer to [Supported databases]({{< relref "../../../installation/requirements.md#supported-databases" >}}).
+  - For information about creating a database, refer to [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html).
+- Review the information required to connect to the RDS DB instance. For more information, refer to [Connecting to an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.Connect.html).
+
+To configure Grafana for high availability:
+
+1. In AWS ECS, use environment variables to update the `database` parameters.
+
+   For a list of database parameters, refer to [Configuration]({{< relref "../../../administration/configuration.md#database" >}}).
+
+1. Create a revision of the task definition for the ECS Task that runs Grafana Enterprise.
+
+   For more information about creating a task, refer to [Updating a task definition using the classic console](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html).
+
+1. Within the new revision, edit the Grafana Enterprise container for this task, and add the following environment variables to the container:
+
+   ```
+   GF_DATABASE_TYPE=[database type]
+   GF_DATABASE_HOST=[database address and port]
+   GF_DATABASE_NAME=[database name]
+   GF_DATABASE_USER=[database username]
+   GF_DATABASE_PASSWORD=[database password]
+   ```
+
+> For more information about how to update your ECS service with an environment variable, refer to [Updating a service using the new console](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service-console-v2.html).
+
+## Task 3: Configure Grafana Enterprise to validate its license with AWS
+
+In this task you configure Grafana Enterprise to validate the license with AWS instead of Grafana Labs.
+
+1. In AWS IAM, create an access policy with the following permissions:
+
+   - `"license-manager:CheckoutLicense"`
+   - `"license-manager:ListReceivedLicenses"`
+   - `"license-manager:GetLicenseUsage"`
+   - `"license-manager:CheckInLicense"`
+
+   For more information about creating an access policy, refer to [Creating IAM policies (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html).
+
+   For more information about AWS license permissions, refer to [Actions, resources, and condition keys for AWS License Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslicensemanager.html).
+
+1. Create an Elastic Container Service task role and attach the policy you created in the previous step.
+
+   For more information about creating a task role, refer to [IAM Roles for Tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
+
+1. Create a revision of the task definition for the ECS Task that runs Grafana Enterprise.
+
+   For more information about creating a revision of the task definition, refer to [Updating a task definition using the classic console](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html).
+
+1. Within the new revision, perform the following steps:
+
+   a. Update the Task Role of your ECS Task to the role that you created, with permission to access license information.
+
+   b. Edit the Grafana Enterprise container for this task, and add the following environment variable to the container:
+
+   ```
+   GF_ENTERPRISE_LICENSE_VALIDATION_TYPE=aws
+   ```
+
+   For more information about how to update your ECS service with an environment variable, refer to [Updating a service using the new console](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service-console-v2.html).
+
+### Task 4: Start or restart Grafana
+
+1. To restart Grafana and activate your license, update the service running Grafana to use the latest revision of the task definition that you created.
+1. After you update the service, navigate to your Grafana instance, sign in with Grafana Admin credentials, and navigate to the **Statistics and Licensing** page to validate that your license is active.
+
+For more information about validating that your license is active, refer to [Determine the number of active users for each licensed role](../../license-restrictions/#determine-the-number-of-active-users-for-each-licensed-role).

docs/sources/enterprise/license/activate-aws-marketplace-license/activate-license-on-eks.md

@@ -0,0 +1,118 @@
++++
+title = "Activate a Grafana Enterprise license from AWS Marketplace on EKS"
+description = "Activate a Grafana Enterprise license from AWS Marketplace on EKS"
+keywords = ["grafana", "enterprise", "aws", "marketplace", "eks", "activate"]
+aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-eks"]
+weight = 200
++++
+
+# Activate a Grafana Enterprise license from AWS Marketplace on EKS
+
+If you have purchased a Grafana Enterprise subscription through AWS Marketplace, you must activate it in order to use Grafana Enterprise data source plugins and features in Grafana.
+
+## Before you begin:
+
+- Purchase a subscription to [Grafana Enterprise from AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-dlncd4kzt5kx6).
+- Be sure that the IAM user that was used to purchase Grafana Enterprise has permission to manage subscriptions, create new IAM users and roles, and create access policies.
+
+To activate your license, complete the following tasks:
+
+## Task 1: Deploy Grafana Enterprise on Amazon EKS
+
+1. Deploy Grafana Enterprise on Amazon EKS.
+
+   For more information about deploying an application on Amazon EKS, refer to [Getting started with Amazon EKS – AWS Management Console and AWS CLI](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html).
+
+   For more information about installing Grafana on Kubernetes using the Helm Chart, refer to the [Grafana Helm Chart](https://github.com/grafana/helm-charts/tree/main/charts/grafana#readme).
+
+1. Use `kubectl set image deployment/my-release grafana=grafana/grafana-enterprise:<version>` to update the container image to Grafana Enterprise version 8.3.0 or later.
+
+   For example, enter `grafana/grafana-enterprise:8.3.3`.
+
+> Only Grafana Enterprise versions 8.3.0 and later support licenses granted through AWS Marketplace.
+
+## Task 2: Configure Grafana for high availability
+
+Grafana requires that you configure a database to hold dashboards, users, and other persistent data.
+
+### Before you begin
+
+- Ensure that you have a supported Grafana database available.
+  - For a list of supported databases, refer to [Supported databases]({{< relref "../../../installation/requirements.md#supported-databases" >}}).
+  - For information about creating a database, refer to [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html).
+- Review the information required to connect to the RDS DB instance. For more information, refer to [Connecting to an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.Connect.html).
+
+To configure Grafana for high availability, choose **one** of the following options:
+
+- **Option 1:** Use `kubectl edit configmap grafana` to edit `grafana.ini` add the following section to the configuration:
+
+  ```
+  [database]
+  type = [database type]
+  host = [database address and port]
+  name = [database name]
+  user = [database username]
+  password = [database password]
+  ```
+
+- **Option 2:** use `kubectl edit deployment my-release` to edit the pod `env` variables and add the following database variables:
+
+  ```
+  - name: GF_DATABASE_TYPE
+    value: [database type]
+  - name: GF_DATABASE_HOST
+    value: [database address and port]
+  - name: GF_DATABASE_NAME
+    value: [database name]
+  - name: GF_DATABASE_USER
+    value: [database username]
+  - name: GF_DATABASE_PASSWORD
+    value: [database password]
+  ```
+
+For more information on Grafana High Availability setup, refer to [Set up Grafana for high availability]({{< relref "../../../administration/set-up-for-high-availability.md" >}}).
+
+## Task 3: Configure Grafana Enterprise to validate its license with AWS
+
+In this task, you configure Grafana Enterprise to validate the license with AWS instead of Grafana Labs.
+
+1. In AWS IAM, assign the following permissions to the Node IAM role (if you are using a Node Group), or the Pod Execution role (if you are using a Fargate profile):
+
+   - `"license-manager:CheckoutLicense"`
+   - `"license-manager:ListReceivedLicenses"`
+   - `"license-manager:GetLicenseUsage"`
+   - `"license-manager:CheckInLicense"`
+
+   For more information about creating an access policy, refer to [Creating IAM policies (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html).
+
+   For more information about AWS license permissions, refer to [Actions, resources, and condition keys for AWS License Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslicensemanager.html).
+
+1. Choose **one** of the following options to update the [license_validation_type]({{< relref "../../enterprise-configuration.md#license_validation_type" >}}) configuration to `aws`:
+
+   - **Option 1:** Use `kubectl edit configmap grafana` to edit `grafana.ini` add the following section to the configuration:
+
+     ```
+     [enterprise]
+     license_validation_type=aws
+     ```
+
+   - **Option 2:** Use `kubectl edit deployment my-release` to edit the pod `env` variables and add the following variable:
+
+     ```
+     name: GF_ENTERPRISE_LICENSE_VALIDATION_TYPE
+     value: aws
+     ```
+
+### Task 4: Start or restart Grafana
+
+To activate Grafana Enterprise features, you must start (or restart) Grafana.
+
+To restart Grafana on a Kubernetes cluster,
+
+1. Run the command `kubectl rollout restart deployment my-release`.
+
+1. After you update the service, navigate to your Grafana instance, sign in with Grafana Admin credentials, and navigate to the Statistics and Licensing page to validate that your license is active.
+
+For more information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../installation/restart-grafana" >}}).
+
+> If you experience issues when you update the EKS cluster, refer to [Amazon EKS troubleshooting](https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html).

docs/sources/enterprise/license/activate-aws-marketplace-license/activate-license-on-instance-outside-aws.md

@@ -0,0 +1,121 @@
++++
+title = "Activate a Grafana Enterprise license from AWS on an instance deployed outside of AWS"
+description = "Activate a Grafana Enterprise license from AWS on an instance deployed outside of AWS"
+keywords = ["grafana", "enterprise", "aws", "marketplace", "activate"]
+aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-instance-outside-aws"]
+weight = 300
++++
+
+# Activate a Grafana Enterprise license from AWS on an instance deployed outside of AWS
+
+While AWS Marketplace lists ECS and EKS as the supported environments for Grafana Enterprise, you can apply a Grafana Enterprise license from AWS Marketplace to any Grafana instance with network access to the AWS licensing service.
+
+## Before you begin
+
+- Purchase a subscription to [Grafana Enterprise from AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-dlncd4kzt5kx6).
+- Be sure that the IAM user that was used to purchase Grafana Enterprise has permission to manage subscriptions, create new IAM users, and create access policies.
+- Be sure there is network access between AWS and the environment where you intend to run Grafana. Network access is required because your Grafana instance communicates with the [AWS License Manager endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/licensemanager.html) to retrieve license and subscription information. Grafana instances with access to the public internet will have access to AWS license manager.
+
+To activate a Grafana Enterprise license from AWS on a Grafana Enterprise instance deployed outside of AWS, complete the following tasks.
+
+## Task 1: Install Grafana Enterprise
+
+To install Grafana, refer to the documentation specific to your implementation.
+
+- [Install Grafana]({{< relref "../../../installation/" >}}).
+- [Run Grafana Docker image]({{< relref "../../../installation/docker" >}}).
+- [Deploy Grafana on Kubernetes]({{< relref "../../../installation/kubernetes/#deploy-grafana-enterprise-on-kubernetes" >}}).
+
+## Task 2: Create an AWS IAM user with access to your Grafana Enterprise license
+
+To retrieve your license, Grafana Enterprise requires access to your AWS account and license information. To grant access, create an IAM user in AWS with access to the license, and pass its credentials as environment variables on the host or container where Grafana is running. These environment variables allow Grafana to retrieve license details from AWS.
+
+1. In the AWS License Manager service, create an IAM policy with the following permissions:
+
+   - `"license-manager:CheckoutLicense"`
+   - `"license-manager:ListReceivedLicenses"`
+   - `"license-manager:GetLicenseUsage"`
+   - `"license-manager:CheckInLicense"`
+
+   For more information about creating a policy in AWS, refer to [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html).
+
+   For more information about AWS Identity and Access Management, refer to [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html).
+
+1. To limit the policy to obtain usage data just for Grafana Enterprise, in the **Resources** section of the policy, specify your license ARN.
+
+   You can find your license ID in the **Granted Licenses** section of [AWS License Manager](https://console.aws.amazon.com/license-manager/home).
+
+   The policy JSON should look similar to the following example:
+
+   ```
+   {
+      "Version": "2012-10-17",
+      "Statement": [
+         {
+               "Sid": "VisualEditor0",
+               "Effect": "Allow",
+               "Action": "license-manager:GetLicenseUsage",
+               "Resource": "arn:aws:license-manager::[YOUR_ACCOUNT]:license:[YOUR_LICENSE_ID]"
+         },
+         {
+               "Sid": "VisualEditor1",
+               "Effect": "Allow",
+               "Action": [
+                  "license-manager:CheckoutLicense",
+                  "license-manager:ListReceivedLicenses",
+                  "license-manager:CheckInLicense"
+               ],
+               "Resource": "*"
+         }
+      ]
+   }
+   ```
+
+1. Create an IAM user and choose access key credentials as its authentication method.
+
+   For more information about creating an IAM user, refer to [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html).
+
+   For more information about access key credentials, refer to [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).
+
+1. Attach the policy you created to the IAM user.
+
+1. Add the following values as environment variables to the host or container running Grafana:
+
+   - AWS region
+   - IAM user's access key ID
+   - IAM user's secret access key
+
+   The environment variables should look similar to the following example:
+
+   ```
+   AWS_ACCESS_KEY_ID=ABCD5E75FGHIJKTM7
+   AWS_SECRET_ACCESS_KEY=k8fhYAQVy+5NhCejhe6HeSjSphjRuy+12C06
+   AWS_REGION=us-east-1
+   ```
+
+## Task 3: Configure Grafana Enterprise to validate its license with AWS
+
+In this task you configure Grafana Enterprise to validate the license with AWS instead of Grafana Labs.
+
+Choose one of the following options to update the [license_validation_type]({{< relref "../../enterprise-configuration.md#license_validation_type" >}}) configuration to `aws`:
+
+- **Option 1:** In the `[enterprise]` section of the grafana.ini configuration file, add `license_validation_type=aws`.
+
+  For example:
+
+  ```
+  [enterprise]
+  license_validation_type=aws
+  ```
+
+- **Option 2:** Add the following environment variable to the container or host:
+
+  ```
+  GF_ENTERPRISE_LICENSE_VALIDATION_TYPE=aws
+  ```
+
+## Task 4: Start or restart Grafana
+
+To activate Grafana Enterprise features, start (or restart) Grafana.
+
+For information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../installation/restart-grafana" >}}).

docs/sources/enterprise/license/activate-aws-marketplace-license/manage-license-in-aws-marketplace.md

@@ -0,0 +1,31 @@
++++
+title = "Manage your Grafana Enterprise license in AWS Marketplace"
+description = "Manage your Grafana Enterprise license in AWS Marketplace"
+keywords = ["grafana", "enterprise", "aws", "marketplace", "manage", "add", "remove", "users"]
+aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/manage-license-in-aws-marketplace"]
+weight = 400
++++
+
+## Manage your Grafana Enterprise license in AWS Marketplace
+
+You can use AWS Marketplace to make the following modifications to your Grafana Enterprise license:
+
+- Add active users
+- Remove active users
+- Cancel your subscription to Grafana Enterprise.
+
+**To modify your Grafana Enterprise subscription in AWS Marketplace:**
+
+1. Open the AWS Console and navigate to [Subscription Management](https://console.aws.amazon.com/marketplace/home/subscriptions#/subscriptions).
+
+1. Update your license.
+
+1. Sign in to Grafana as a Server Administrator.
+
+1. Hover over **Server Admin** in the navigation bar and click **Statistics and Licensing**.
+
+1. In the **Token** section under **Enterprise License**, click **Renew License**.
+
+   This action retrieves updated license information from AWS.
+
+> To learn more about licensing and active users, refer to [Understanding Grafana Enterprise licensing]({{< relref "../../license/license-restrictions" >}}).

docs/sources/enterprise/license/activate-aws-marketplace-license/transfer-ge-license.md

@@ -0,0 +1,22 @@
++++
+title = "Transfer your AWS Marketplace Grafana Enterprise license"
+description = "Transfer your AWS Marketplace Grafana Enterprise license"
+keywords = ["grafana", "enterprise", "aws", "marketplace", "transfer", "move"]
+aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/transfer-ge-license"]
+weight = 400
++++
+
+# Transfer your AWS Marketplace Grafana Enterprise license
+
+You can transfer your AWS Marketplace Grafana Enterprise license to another Grafana Enterprise instance. The transfer process requires that you first remove your license from one instance, and then apply the license to another instance.
+
+> When you remove an Enterprise license, the system immediately disables all Grafana Enterprise features.
+
+To remove an Enterprise license from a Grafana Enterprise instance, perform one of the following steps:
+
+- If you are using Amazon ECS or Amazon EKS, remove the `GF_ENTERPRISE_LICENSE_VALIDATION_TYPE` environment variable from the container.
+- If you have deployed Grafana Enterprise outside of AWS, remove the `aws` license_validation_type value from the grafana.ini configuration file.
+
+It can take the system up to one hour to clear the license. After the system clears the license, you can apply the same license to another Grafana Enterprise instance.
+
+To determine that the system has returned your license, check the license details in AWS License Manager.

docs/sources/enterprise/recorded-queries.md

@@ -13,7 +13,7 @@ For our plugins that do not return time series, it might be useful to plot histo
 
 ## How recorded queries work
 
-**> Note:** An administrator must configure a Prometheus data source and associate it with a [Remote write target](#remote-write-target) before recorded queries can be used.
+> **Note:** An administrator must configure a Prometheus data source and associate it with a [Remote write target](#remote-write-target) before recorded queries can be used.
 
 Recorded queries only work with backend data source plugins. Refer to [Backend data source plugin](https://grafana.com/tutorials/build-a-data-source-backend-plugin/) for more information about backend data source plugins. You can recorded three types of queries:
 

docs/sources/http_api/_index.md

@@ -13,25 +13,28 @@ dashboards, creating users, and updating data sources.
 
 ## HTTP APIs
 
+- [Admin API]({{< relref "admin.md" >}})
+- [Alerting Notification Channels API]({{< relref "alerting_notification_channels.md" >}})
+- [Alerting API]({{< relref "alerting.md" >}})
+- [Annotations API]({{< relref "annotations.md" >}})
 - [Authentication API]({{< relref "auth.md" >}})
 - [Dashboard API]({{< relref "dashboard.md" >}})
-- [Dashboard versions API]({{< relref "dashboard_versions.md" >}})
-- [Dashboard permissions API]({{< relref "dashboard_permissions.md" >}})
-- [Folder API]({{< relref "folder.md" >}})
-- [Folder permissions API]({{< relref "folder_permissions.md" >}})
-- [Folder/dashboard search API]({{< relref "folder_dashboard_search.md" >}})
+- [Dashboard Permissions API]({{< relref "dashboard_permissions.md" >}})
+- [Dashboard Versions API]({{< relref "dashboard_versions.md" >}})
 - [Data source API]({{< relref "data_source.md" >}})
+- [Folder API]({{< relref "folder.md" >}})
+- [Folder Permissions API]({{< relref "folder_permissions.md" >}})
+- [Folder/Dashboard Search API]({{< relref "folder_dashboard_search.md" >}})
+- [Library Element API]({{< relref "library_element.md" >}})
 - [Organization API]({{< relref "org.md" >}})
-- [Snapshot API]({{< relref "snapshot.md" >}})
-- [Annotations API]({{< relref "annotations.md" >}})
-- [Playlists API]({{< relref "playlist.md" >}})
-- [Alerting API]({{< relref "alerting.md" >}})
-- [Alert notification channels API]({{< relref "alerting_notification_channels.md" >}})
-- [User API]({{< relref "user.md" >}})
-- [Team API]({{< relref "team.md" >}})
-- [Admin API]({{< relref "admin.md" >}})
-- [Preferences API]({{< relref "preferences.md" >}})
 - [Other API]({{< relref "other.md" >}})
+- [Playlists API]({{< relref "playlist.md" >}})
+- [Preferences API]({{< relref "preferences.md" >}})
+- [Service account API]({{< relref "serviceaccount.md" >}})
+- [Short URL API]({{< relref "short_url.md" >}})
+- [Snapshot API]({{< relref "snapshot.md" >}})
+- [Team API]({{< relref "team.md" >}})
+- [User API]({{< relref "user.md" >}})
 
 ## Grafana Enterprise HTTP APIs
 

docs/sources/http_api/access_control.md

@@ -86,23 +86,27 @@ Content-Type: application/json; charset=UTF-8
 #### Status codes
 
 | Code | Description                                                          |
-| ---- | -------------------------------------------------------------------- |
-| 200  | Global and organization local roles are returned.                    |
-| 403  | Access denied                                                        |
-| 500  | Unexpected error. Refer to body and/or server logs for more details. |
-
-### Get a role
-
+| ---- | -------------------------------------------------------------------- |
+| 200  | Global and organization local roles are returned.                    |
+| 403  | Access denied                                                        |
+| 500  | Unexpected error. Refer to body and/or server logs for more details. |
+
+### Get a role
+
+`GET /api/access-control/roles/:uid`
+
 Get a role for the given UID.
 
-Get a role for the given UID.
-
-#### Required permissions
-
-| Action     | Scope    |
-| ---------- | -------- |
-| roles:read | roles:\* |
-
+#### Required permissions
+
+| Action     | Scope    |
+| ---------- | -------- |
+| roles:read | roles:\* |
+
+#### Example request
+
+```http
+GET /api/access-control/roles/PYnDO3rMk
 Accept: application/json
 Content-Type: application/json
 ```
@@ -141,27 +145,59 @@ HTTP/1.1 200 OK
 #### Example request
 
 ```http
-
-#### Example request
-
-```http
-POST /api/access-control/roles
+POST /api/access-control/roles
+Accept: application/json
+Content-Type: application/json
+
+{
+    "version": 1,
     "uid": "jZrmlLCGka",
     "name": "custom:delete:roles",
-
-{
-    "version": 1,
-    "uid": "jZrmlLCGka",
+    "description": "My custom role which gives users permissions to delete roles",
+    "group":"My Group",
+    "displayName": "My Custom Role",
+    "global": false,
     "permissions": [
         {
-    "global": true,
-    "permissions": [
-        {
-            "action": "roles:delete",
+            "action": "roles:delete",
+            "scope": "permissions:delegate"
+        }
+    ]
+}
+```
+
+#### JSON body schema
+
+| Field Name  | Date Type  | Required | Description                                                                                                                                                                                                                                                         |
+| ----------- | ---------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| uid         | string     | No       | UID of the role. If not present, the UID will be automatically created for you and returned in response. Refer to the [Custom roles]({{< relref "../enterprise/access-control/roles.md#custom-roles" >}}) for more information.                                     |
+| global      | boolean    | No       | A flag indicating if the role is global or not. If set to `false`, the default org ID of the authenticated user will be used from the request. Refer to the [Role scopes]({{< relref "../enterprise/access-control/roles.md#role-scopes" >}}) for more information. |
+| version     | number     | No       | Version of the role. If not present, version 0 will be assigned to the role and returned in the response. Refer to the [Custom roles]({{< relref "../enterprise/access-control/roles.md#custom-roles" >}}) for more information.                                    |
+| name        | string     | Yes      | Name of the role. Refer to [Custom roles]({{< relref "../enterprise/access-control/roles.md#custom-roles" >}}) for more information.                                                                                                                                |
+| description | string     | No       | Description of the role.                                                                                                                                                                                                                                            |
+| displayName | string     | No       | Display name of the role, visible in the UI.                                                                                                                                                                                                                        |
+| group       | string     | No       | The group name the role belongs to.                                                                                                                                                                                                                                 |
+| permissions | Permission | No       | If not present, the role will be created without any permissions.                                                                                                                                                                                                   |
+
+**Permission**
+
+| Field Name | Data Type | Required | Description                                                                                                                                                                                          |
+| ---------- | --------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| action     | string    | Yes      | Refer to [Permissions]({{< relref "../enterprise/access-control/permissions.md" >}}) for full list of available actions.                                                                             |
+| scope      | string    | No       | If not present, no scope will be mapped to the permission. Refer to [Permissions]({{< relref "../enterprise/access-control/permissions.md#scope-definitions" >}}) for full list of available scopes. |
+
+#### Example response
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+
+```
 
 #### Status codes
-    ]
-}
+
+| Code | Description                                                                        |
+| ---- | ---------------------------------------------------------------------------------- |
 | 200  | Role is updated.                                                                   |
 | 400  | Bad request (invalid json, missing content-type, missing or invalid fields, etc.). |
 | 403  | Access denied                                                                      |
@@ -170,7 +206,7 @@ Content-Type: application/json; charset=UTF-8
 ### Update a custom role
 
 `PUT /api/access-control/roles/:uid`
-| version     | number     | No       | Version of the role. If not present, version 0 will be assigned to the role and returned in the response. Refer to the [Custom roles]({{< relref "../enterprise/access-control/roles.md#custom-roles" >}}) for more information.                                    |
+
 Update the role with the given UID, and it's permissions with the given UID. The operation is idempotent and all permissions of the role will be replaced with what is in the request. You would need to increment the version of the role with each update, otherwise the request will fail.
 
 #### Required permissions
@@ -200,7 +236,9 @@ Content-Type: application/json
         {
             "action": "roles:delete",
             "scope": "permissions:delegate"
-
+        },
+        {
+            "action": "roles:write",
             "scope": "permissions:delegate"
         }
     ]
@@ -219,6 +257,8 @@ Content-Type: application/json
 | permissions | List of Permissions | No       | The full list of permissions the role should have after the update. |
 
 **Permission**
+
+| Field Name | Data Type | Required | Description                                                                                                                                                                                          |
 | ---------- | --------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | action     | string    | Yes      | Refer to [Permissions]({{< relref "../enterprise/access-control/permissions.md" >}}) for full list of available actions.                                                                             |
 | scope      | string    | No       | If not present, no scope will be mapped to the permission. Refer to [Permissions]({{< relref "../enterprise/access-control/permissions.md#scope-definitions" >}}) for full list of available scopes. |
@@ -239,7 +279,9 @@ Content-Type: application/json; charset=UTF-8
 | 400  | Bad request (invalid json, missing content-type, missing or invalid fields, etc.). |
 | 403  | Access denied                                                                      |
 | 404  | Role was not found to update.                                                      |
-#### JSON body schema
+| 500  | Unexpected error. Refer to body and/or server logs for more details.               |
+
+### Delete a custom role
 
 `DELETE /api/access-control/roles/:uid?force=false`
 
@@ -288,7 +330,9 @@ Content-Type: application/json
 
 ### List roles assigned to a user
 
-#### Example request
+`GET /api/access-control/users/:userId/roles`
+
+Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.
 
 #### Required permissions
 
@@ -309,6 +353,8 @@ Content-Type: application/json
 HTTP/1.1 200 OK
 Content-Type: application/json; charset=UTF-8
 
+```
+
 #### Status codes
 
 | Code | Description                                                          |
@@ -329,6 +375,8 @@ Content-Type: application/json; charset=UTF-8
 | ---------------------- | -------------------- |
 | users.permissions:list | users:id:`<user ID>` |
 
+#### Example request
+
 ```http
 GET /api/access-control/users/1/permissions
 Accept: application/json
@@ -345,7 +393,7 @@ Content-Type: application/json; charset=UTF-8
 #### Status codes
 
 | Code | Description                                                          |
-HTTP/1.1 200 OK
+| ---- | -------------------------------------------------------------------- |
 | 200  | Set of assigned permissions is returned.                             |
 | 403  | Access denied.                                                       |
 | 500  | Unexpected error. Refer to body and/or server logs for more details. |
@@ -377,7 +425,7 @@ For example, if a user does not have required permissions for creating users, th
 
 {
     "global": false,
-Accept: application/json
+    "roleUid": "XvHQJq57z"
 }
 ```
 
@@ -407,6 +455,275 @@ Content-Type: application/json; charset=UTF-8
 
 ## Remove a user role assignment
 
+`DELETE /api/access-control/users/:userId/roles/:roleUID`
+
+Revoke a role from a user.
+
+For bulk updates consider
+[Set user role assignments]({{< ref "#set-user-role-assignments" >}}).
+
+#### Required permissions
+
+`permission:delegate` scope ensures that users can only unassign roles which have same, or a subset of permissions which the user has.
+For example, if a user does not have required permissions for creating users, they won't be able to unassign a role which will allow to do that. This is done to prevent escalation of privileges.
+
+| Action             | Scope                |
+| ------------------ | -------------------- |
+| users.roles:remove | permissions:delegate |
+
+#### Query parameters
+
+| Param  | Type    | Required | Description                                                                                                                                                               |
+| ------ | ------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| global | boolean | No       | A flag indicating if the assignment is global or not. If set to `false`, the default org ID of the authenticated user will be used from the request to remove assignment. |
+
+#### Example request
+
+```http
+DELETE /api/access-control/users/1/roles/AFUXBHKnk
+Accept: application/json
+```
+
+#### Example response
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+
+```
+
+#### Status codes
+
+| Code | Description                                                          |
+| ---- | -------------------------------------------------------------------- |
+| 200  | Role is unassigned.                                                  |
+| 403  | Access denied.                                                       |
+| 500  | Unexpected error. Refer to body and/or server logs for more details. |
+
+### Set user role assignments
+
+`PUT /api/access-control/users/:userId/roles`
+
+Update the user's role assignments to match the provided set of UIDs.
+This will remove any assigned roles that aren't in the request and add
+roles that are in the set but are not already assigned to the user.
+
+If you want to add or remove a single role, consider using
+[Add a user role assignment]({{< ref "#add-a-user-role-assignment" >}}) or
+[Remove a user role assignment]({{< ref "#remove-a-user-role-assignment" >}})
+instead.
+
+#### Required permissions
+
+`permission:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has.
+For example, if a user does not have required permissions for creating users, they won't be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.
+
+| Action             | Scope                |
+| ------------------ | -------------------- |
+| users.roles:add    | permissions:delegate |
+| users.roles:remove | permissions:delegate |
+
+#### Example request
+
+```http
+PUT /api/access-control/users/1/roles
+Accept: application/json
+Content-Type: application/json
+
+{
+    "global": false,
+    "roleUids": [
+        "ZiHQJq5nk",
+        "GzNQ1357k"
+    ]
+}
+```
+
+#### JSON body schema
+
+| Field Name | Date Type | Required | Description                                                                                                                                          |
+| ---------- | --------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
+| global     | boolean   | No       | A flag indicating if the assignment is global or not. If set to `false`, the default org ID of the authenticated user will be used from the request. |
+| roleUids   | list      | Yes      | List of role UIDs.                                                                                                                                   |
+
+#### Example response
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+
+```
+
+#### Status codes
+
+| Code | Description                                                          |
+| ---- | -------------------------------------------------------------------- |
+| 200  | Roles have been assigned.                                            |
+| 403  | Access denied.                                                       |
+| 404  | Role not found.                                                      |
+| 500  | Unexpected error. Refer to body and/or server logs for more details. |
+
+## Create and remove built-in role assignments
+
+API set allows to create or remove [built-in role assignments]({{< relref "../enterprise/access-control/roles.md#built-in-role-assignments" >}}) and list current assignments.
+
+### Get all built-in role assignments
+
+`GET /api/access-control/builtin-roles`
+
+Gets all built-in role assignments.
+
+#### Required permissions
+
+| Action             | Scope    |
+| ------------------ | -------- |
+| roles.builtin:list | roles:\* |
+
+#### Example request
+
+```http
+GET /api/access-control/builtin-roles
+Accept: application/json
+Content-Type: application/json
+```
+
+#### Example response
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+
+```
+
+#### Status codes
+
+| Code | Description                                                          |
+| ---- | -------------------------------------------------------------------- |
+| 200  | Built-in role assignments are returned.                              |
+| 403  | Access denied                                                        |
+| 500  | Unexpected error. Refer to body and/or server logs for more details. |
+
+### Create a built-in role assignment
+
+`POST /api/access-control/builtin-roles`
+
+Creates a new built-in role assignment.
+
+#### Required permissions
+
+`permission:delegate` scope ensures that users can only create built-in role assignments with the roles which have same, or a subset of permissions which the user has.
+For example, if a user does not have required permissions for creating users, they won't be able to create a built-in role assignment which will allow to do that. This is done to prevent escalation of privileges.
+
+| Action            | Scope                |
+| ----------------- | -------------------- |
+| roles.builtin:add | permissions:delegate |
+
+#### Example request
+
+```http
+POST /api/access-control/builtin-roles
+Accept: application/json
+Content-Type: application/json
+
+{
+    "roleUid": "LPMGN99Mk",
+    "builtinRole": "Grafana Admin",
+    "global": false
+}
+```
+
+#### JSON body schema
+
+| Field Name  | Date Type | Required | Description                                                                                                                                                                                                                                                                                                                                   |
+| ----------- | --------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| roleUid     | string    | Yes      | UID of the role.                                                                                                                                                                                                                                                                                                                              |
+| builtinRole | boolean   | Yes      | Can be one of `Viewer`, `Editor`, `Admin` or `Grafana Admin`.                                                                                                                                                                                                                                                                                 |
+| global      | boolean   | No       | A flag indicating if the assignment is global or not. If set to `false`, the default org ID of the authenticated user will be used from the request to create organization local assignment. Refer to the [Built-in role assignments]({{< relref "../enterprise/access-control/roles.md#built-in-role-assignments" >}}) for more information. |
+
+#### Example response
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+
+```
+
+#### Status codes
+
+| Code | Description                                                                        |
+| ---- | ---------------------------------------------------------------------------------- |
+| 200  | Role was assigned to built-in role.                                                |
+| 400  | Bad request (invalid json, missing content-type, missing or invalid fields, etc.). |
+| 403  | Access denied                                                                      |
+| 404  | Role not found                                                                     |
+| 500  | Unexpected error. Refer to body and/or server logs for more details.               |
+
+### Remove a built-in role assignment
+
+`DELETE /api/access-control/builtin-roles/:builtinRole/roles/:roleUID`
+
+Deletes a built-in role assignment (for one of _Viewer_, _Editor_, _Admin_, or _Grafana Admin_) to the role with the provided UID.
+
+#### Required permissions
+
+`permission:delegate` scope ensures that users can only remove built-in role assignments with the roles which have same, or a subset of permissions which the user has.
+For example, if a user does not have required permissions for creating users, they won't be able to remove a built-in role assignment which allows to do that.
+
+| Action               | Scope                |
+| -------------------- | -------------------- |
+| roles.builtin:remove | permissions:delegate |
+
+#### Example request
+
+```http
+DELETE /api/access-control/builtin-roles/Grafana%20Admin/roles/LPMGN99Mk?global=false
+Accept: application/json
+```
+
+#### Query parameters
+
+| Param  | Type    | Required | Description                                                                                                                                                                                                                                                                                                                |
+| ------ | ------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| global | boolean | No       | A flag indicating if the assignment is global or not. If set to `false`, the default org ID of the authenticated user will be used from the request to remove assignment. Refer to the [Built-in role assignments]({{< relref "../enterprise/access-control/roles.md#built-in-role-assignments" >}}) for more information. |
+
+#### Example response
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+
+```
+
+#### Status codes
+
+| Code | Description                                                                        |
+| ---- | ---------------------------------------------------------------------------------- |
+| 200  | Role was unassigned from built-in role.                                            |
+| 400  | Bad request (invalid json, missing content-type, missing or invalid fields, etc.). |
+| 403  | Access denied                                                                      |
+| 404  | Role not found.                                                                    |
+| 500  | Unexpected error. Refer to body and/or server logs for more details.               |
+
+#### Example response
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+
+{
+    "message": "User roles have been updated."
+}
+```
+
+#### Status codes
+
+| Code | Description                                                          |
+| ---- | -------------------------------------------------------------------- |
+| 200  | Roles have been assigned.                                            |
+| 403  | Access denied.                                                       |
+| 404  | Role not found.                                                      |
+| 500  | Unexpected error. Refer to body and/or server logs for more details. |
+
 ## Create and remove built-in role assignments
 
 API set allows to create or remove [built-in role assignments]({{< relref "../enterprise/access-control/roles.md#built-in-role-assignments" >}}) and list current assignments.
@@ -444,7 +761,7 @@ Content-Type: application/json; charset=UTF-8
             "uid": "qQui_LCMk",
             "name": "fixed:users:org:edit",
             "description": "",
-HTTP/1.1 200 OK
+            "global": false,
             "updated": "2021-05-13T16:24:26+02:00",
             "created": "2021-05-13T16:24:26+02:00"
         },
@@ -453,7 +770,7 @@ Content-Type: application/json; charset=UTF-8
             "uid": "PeXmlYjMk",
             "name": "fixed:users:org:read",
             "description": "",
-| 200  | Role was unassigned from built-in role.                                            |
+            "global": false,
             "updated": "2021-05-13T16:24:26+02:00",
             "created": "2021-05-13T16:24:26+02:00"
         }
@@ -464,7 +781,7 @@ Content-Type: application/json; charset=UTF-8
             "uid": "qQui_LCMk",
             "name": "fixed:users:org:edit",
             "description": "",
-            "global": true,
+            "global": false,
             "updated": "2021-05-13T16:24:26+02:00",
             "created": "2021-05-13T16:24:26+02:00"
         }

docs/sources/http_api/library_element.md

@@ -176,35 +176,37 @@ HTTP/1.1 200
 Status Codes:
 
 - **200** – Created
-- **400** – Errors (for example, name or UID already exists, invalid JSON, missing or invalid fields, and so on).
-- **401** – Unauthorized
-- **403** – Access denied
-
-## Update library element
-
-`PATCH /api/library-elements/:uid`
-
-Updates an existing library element identified by uid.
-
-JSON Body schema:
-
-- **folderId** – ID of the folder where the library element is stored.
-- **name** – Name of the library element.
-- **model** – The JSON model for the library element.
-- **kind** – Kind of element to create. Use `1` for library panels or `2` for library variables.
-- **version** – Version of the library element you are updating.
-- **uid** – Optional, the [unique identifier](/http_api/library_element/#identifier-id-vs-unique-identifier-uid).
-
-**Example Request**:
-
-```http
-PATCH /api/library-elements/nErXDvCkzz HTTP/1.1
-Accept: application/json
-Content-Type: application/json
-Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
-
-```
-
+- **400** – Errors (for example, name or UID already exists, invalid JSON, missing or invalid fields, and so on).
+- **401** – Unauthorized
+- **403** – Access denied
+
+## Update library element
+
+`PATCH /api/library-elements/:uid`
+
+Updates an existing library element identified by uid.
+
+JSON Body schema:
+
+- **folderId** – ID of the folder where the library element is stored.
+- **name** – Name of the library element.
+- **model** – The JSON model for the library element.
+- **kind** – Kind of element to create. Use `1` for library panels or `2` for library variables.
+- **version** – Version of the library element you are updating.
+- **uid** – Optional, the [unique identifier](/http_api/library_element/#identifier-id-vs-unique-identifier-uid).
+
+**Example Request**:
+
+```http
+PATCH /api/library-elements/nErXDvCkzz HTTP/1.1
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+```
+
+**Example Response**:
+
 ```http
 HTTP/1.1 200
 Content-Type: application/json

docs/sources/http_api/org.md

@@ -20,6 +20,14 @@ the admin of all organizations API only works with basic authentication, see [Ad
 
 `GET /api/org/`
 
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action    | Scope |
+| --------- | ----- |
+| orgs:read | N/A   |
+
 **Example Request**:
 
 ```http
@@ -94,6 +102,14 @@ Accessible to users with org admin role, admin in any folder or admin of any tea
 Content-Type: application/json
 Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 ```
+
+**Example Response**:
+
+```http
+HTTP/1.1 200
+Content-Type: application/json
+
+```
 
 ### Updates the given user
 
@@ -186,6 +202,14 @@ Content-Type: application/json
 
 ### Add a new user to the current organization
 
+`POST /api/org/users`
+
+Adds a global user to the current organization.
+
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
 | Action        | Scope    |
 | ------------- | -------- |
 | org.users:add | users:\* |
@@ -259,6 +283,14 @@ is called `admin` and has permission to use this API).
 | Action    | Scope | Note                           |
 | --------- | ----- | ------------------------------ |
 | orgs:read | N/A   | Needs to be assigned globally. |
+
+**Example Request**:
+
+```http
+GET /api/orgs/name/Main%20Org%2E HTTP/1.1
+Accept: application/json
+Content-Type: application/json
+```
 
 **Example Response**:
 
@@ -293,6 +325,14 @@ Content-Type: application/json
 
 Note: The api will work in the following two ways
 
+1. Need to set GF_USERS_ALLOW_ORG_CREATE=true
+2. Set the config value users.allow_org_create to true in ini file
+
+**Example Response**:
+
+```http
+HTTP/1.1 200
+Content-Type: application/json
 
 ```
 
@@ -327,6 +367,14 @@ Content-Type: application/json
 
 ```http
 HTTP/1.1 200
+Content-Type: application/json
+
+```
+
+### Update Organization
+
+`PUT /api/orgs/:orgId`
+
 Update Organization, fields _Address 1_, _Address 2_, _City_ are not implemented yet.
 Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
 
@@ -362,6 +410,14 @@ Content-Type: application/json
 Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
 
 #### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action      | Scope |
+| ----------- | ----- |
+| orgs:delete | N/A   |
+
+**Example Request**:
 
 ```http
 DELETE /api/orgs/1 HTTP/1.1
@@ -396,6 +452,14 @@ Content-Type: application/json
 GET /api/orgs/1/users HTTP/1.1
 Accept: application/json
 Content-Type: application/json
+```
+
+Note: The api will only work when you pass the admin name and password
+to the request HTTP URL, like http://admin:admin@localhost:3000/api/orgs/1/users
+
+**Example Response**:
+
+```http
 HTTP/1.1 200
 Content-Type: application/json
 [
@@ -423,6 +487,14 @@ Content-Type: application/json
 Content-Type: application/json
 
 ```
+
+**Example Response**:
+
+```http
+HTTP/1.1 200
+Content-Type: application/json
+
+```
 
 ### Update Users in Organization
 

docs/sources/http_api/team.md

@@ -7,7 +7,13 @@ aliases = ["/docs/grafana/latest/http_api/team/"]
 
 # Team API
 
-This API can be used to create/update/delete Teams and to add/remove users to Teams. All actions require that the user has the Admin role for the organization.
+This API can be used to manage Teams and Team Memberships.
+
+Access to these API endpoints is restricted as follows:
+
+- All authenticated users are able to view details of teams they are a member of.
+- Organization Admins are able to manage all teams and team members.
+- If the `editors_can_admin` configuration flag is enabled, Organization Editors are able to view details of all teams and to manage teams that they are Admin members of.
 
 ## Team Search With Paging
 

docs/sources/image-rendering/_index.md

@@ -72,7 +72,7 @@ RENDERING_MODE=default
 
 #### Clustered
 
-With the `clustered` mode, you can configure how many browser instances or incognito pages can execute concurrently. Default is `browser` and will ensure a maximum amount of browser instances can execute concurrently. Mode `context` will ensure a maximum amount of incognito pages can execute concurrently. You can also configure the maximum concurrency allowed, which per default is `5`.
+With the `clustered` mode, you can configure how many browser instances or incognito pages can execute concurrently. Default is `browser` and will ensure a maximum amount of browser instances can execute concurrently. Mode `context` will ensure a maximum amount of incognito pages can execute concurrently. You can also configure the maximum concurrency allowed, which per default is `5`, and the maximum duration of a rendering request, which per default is `30` seconds.
 
 Using a cluster of incognito pages is more performant and consumes less CPU and memory than a cluster of browsers. However, if one page crashes it can bring down the entire browser with it (making all the rendering requests happening at the same time fail). Also, each page isn't guaranteed to be totally clean (cookies and storage might bleed-through as seen [here](https://bugs.chromium.org/p/chromium/issues/detail?id=754576)).
 
@@ -80,6 +80,7 @@ Using a cluster of incognito pages is more performant and consumes less CPU and
 RENDERING_MODE=clustered
 RENDERING_CLUSTERING_MODE=browser
 RENDERING_CLUSTERING_MAX_CONCURRENCY=5
+RENDERING_CLUSTERING_TIMEOUT=30
 ```
 
 ```json
@@ -88,7 +89,8 @@ RENDERING_CLUSTERING_MAX_CONCURRENCY=5
     "mode": "clustered",
     "clustering": {
       "mode": "browser",
-      "maxConcurrency": 5
+      "maxConcurrency": 5,
+      "timeout": 30
     }
   }
 }

docs/sources/image-rendering/troubleshooting.md

@@ -55,34 +55,40 @@ ldd chrome-linux/chrome
 
 **Ubuntu:**
 
-On Ubuntu 18.10 the following dependencies have been confirmed as needed for the image rendering to function.
+On Ubuntu 18.10 the following dependencies are required for the image rendering to function.
 
 ```bash
-libx11-6 libx11-xcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrender1 libxtst6 libglib2.0-0 libnss3 libcups2  libdbus-1-3 libxss1 libxrandr2 libgtk-3-0 libgtk-3-0 libasound2 libxcb-dri3-0 libgbm1 libxshmfence1
+libx11-6 libx11-xcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrender1 libxtst6 libglib2.0-0 libnss3 libcups2  libdbus-1-3 libxss1 libxrandr2 libgtk-3-0 libasound2 libxcb-dri3-0 libgbm1 libxshmfence1
 ```
 
 **Debian:**
 
-On Debian 9 (Stretch) the following dependencies have been confirmed as needed for the image rendering to function.
+On Debian 9 (Stretch) the following dependencies are required for the image rendering to function.
 
 ```bash
-libx11 libcairo bcairo2 libcairo2 libxtst6 libxcomposite1 libx11-xcb1 libxcursor1 libxdamage1 libnss3 libcups libcups2 libXss libXss1 libxss1 libxrandr2 libasound2 libatk1.0-0 libatk-bridge2.0-0 libpangocairo-1.0-0 libgtk-3-0 libgbm1 libxshmfence1
+libx11 libcairo libcairo2 libxtst6 libxcomposite1 libx11-xcb1 libxcursor1 libxdamage1 libnss3 libcups libcups2 libxss libxss1 libxrandr2 libasound2 libatk1.0-0 libatk-bridge2.0-0 libpangocairo-1.0-0 libgtk-3-0 libgbm1 libxshmfence1
 ```
 
-On Debian 10 (Buster) the following dependencies have been confirmed as needed for the image rendering to function.
+On Debian 10 (Buster) the following dependencies are required for the image rendering to function.
 
 ```bash
-libxdamage1 libxext6 libxi6 libxtst6 libnss3 libnss3 libcups2 libxss1 libxrandr2 libasound2 libatk1.0-0 libatk-bridge2.0-0 libpangocairo-1.0-0 libpango-1.0-0 libcairo2 libatspi2.0-0 libgtk3.0-cil libgdk3.0-cil libx11-xcb-dev libgbm1 libxshmfence1
+libxdamage1 libxext6 libxi6 libxtst6 libnss3 libcups2 libxss1 libxrandr2 libasound2 libatk1.0-0 libatk-bridge2.0-0 libpangocairo-1.0-0 libpango-1.0-0 libcairo2 libatspi2.0-0 libgtk3.0-cil libgdk3.0-cil libx11-xcb-dev libgbm1 libxshmfence1
 ```
 
 **Centos:**
 
-On a minimal Centos installation, the following dependencies have been confirmed as needed for the image rendering to function:
+On a minimal CentOS 7 installation, the following dependencies are required for the image rendering to function:
 
 ```bash
 libXcomposite libXdamage libXtst cups libXScrnSaver pango atk adwaita-cursor-theme adwaita-icon-theme at at-spi2-atk at-spi2-core cairo-gobject colord-libs dconf desktop-file-utils ed emacs-filesystem gdk-pixbuf2 glib-networking gnutls gsettings-desktop-schemas gtk-update-icon-cache gtk3 hicolor-icon-theme jasper-libs json-glib libappindicator-gtk3 libdbusmenu libdbusmenu-gtk3 libepoxy liberation-fonts liberation-narrow-fonts liberation-sans-fonts liberation-serif-fonts libgusb libindicator-gtk3 libmodman libproxy libsoup libwayland-cursor libwayland-egl libxkbcommon m4 mailx nettle patch psmisc redhat-lsb-core redhat-lsb-submod-security rest spax time trousers xdg-utils xkeyboard-config alsa-lib
 ```
 
+On a minimal CentOS 8 installation, the following dependencies are required for the image rendering to function:
+
+```bash
+libXcomposite libXdamage libXtst cups libXScrnSaver pango atk adwaita-cursor-theme adwaita-icon-theme at at-spi2-atk at-spi2-core cairo-gobject colord-libs dconf desktop-file-utils ed emacs-filesystem gdk-pixbuf2 glib-networking gnutls gsettings-desktop-schemas gtk-update-icon-cache gtk3 hicolor-icon-theme jasper-libs json-glib libappindicator-gtk3 libdbusmenu libdbusmenu-gtk3 libepoxy liberation-fonts liberation-narrow-fonts liberation-sans-fonts liberation-serif-fonts libgusb libindicator-gtk3 libmodman libproxy libsoup libwayland-cursor libwayland-egl libxkbcommon m4 mailx nettle patch psmisc redhat-lsb-core redhat-lsb-submod-security rest spax time trousers xdg-utils xkeyboard-config alsa-lib libX11-xcb
+```
+
 ## Certificate signed by internal certificate authorities
 
 In many cases, Grafana runs on internal servers and uses certificates that have not been signed by a CA ([Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority)) known to Chrome, and therefore cannot be validated. Chrome internally uses NSS ([Network Security Services](https://en.wikipedia.org/wiki/Network_Security_Services)) for cryptographic operations such as the validation of certificates.

docs/sources/live/configure-grafana-live.md

@@ -93,7 +93,7 @@ http {
         location / {
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "Upgrade";
+            proxy_set_header Connection $connection_upgrade;
             proxy_set_header Host $http_host;
             proxy_pass http://grafana;
         }

docs/sources/panels/add-a-panel.md

@@ -25,12 +25,11 @@ Each panel needs at least one query to display a visualization. You write querie
 1. Choose a data source. In the first line of the Query tab, click the drop-down list to see all available data sources. This list includes all data sources you added. Refer to [Add a data source]({{< relref "../datasources/add-a-data-source.md" >}}) if you need instructions.
 1. Write or construct a query in the query language of your data source. Options will vary. Refer to your specific [data source documentation]({{< relref "../datasources/_index.md" >}}) for specific guidelines.
 
-## 3. Choose a visualization type
-
-In the Visualization list, click a visualization type. Grafana displays a preview of your query results with that visualization applied.
+## 3. Choose a visualization
 
 ![](/static/img/docs/panel-editor/select-visualization-8-0.png)
 
+When you choose a visualization, Grafana will offer visualization suggestions based on your query. You can select from the available suggestions or you can pick a visualization from the complete list of supported visualizations. When you select a visualization, Grafana will show a preview of your query results with that visualization applied.
 For more information about individual visualizations, refer to [Visualizations options]({{< relref "../visualizations/_index.md" >}}).
 
 ## 4. (Optional) Edit panel settings

docs/sources/panels/queries.md

@@ -95,6 +95,8 @@ Panel data source query options:
 
 - **Relative time -** You can override the relative time range for individual panels, causing them to be different than what is selected in the dashboard time picker in the top right corner of the dashboard. This allows you to show metrics from different time periods or days on the same dashboard.
 
+  > **Note:** Panel time overrides have no effect when the time range for the dashboard is absolute.
+
 - **Time shift -** The time shift function is another way to override the time range for individual panels. It only works with relative time ranges and allows you to adjust the time range.
 
   For example, you could shift the time range for the panel to be two hours earlier than the dashboard time picker. For more information, refer to [Time range controls]({{< relref "../dashboards/time-range-controls.md" >}}).

docs/sources/panels/transformations/_index.md

@@ -29,6 +29,7 @@ Before you can configure and apply transformations:
 - [Add field from calculation]({{< relref "./types-options.md#add-field-from-calculation" >}})
 - [Concatenate fields]({{< relref "./types-options.md#concatenate-fields" >}})
 - [Config from query results]({{< relref "./config-from-query.md" >}})
+- [Convert field type]({{< relref "./types-options.md#convert-field-type" >}})
 - [Filter data by name]({{< relref "./types-options.md#filter-data-by-name" >}})
 - [Filter data by query]({{< relref "./types-options.md#filter-data-by-query" >}})
 - [Filter data by value]({{< relref "./types-options.md#filter-data-by-value" >}})

docs/sources/panels/transformations/types-options.md

@@ -347,10 +347,10 @@ This transformation changes the field type of the specified field.
   - **Numeric -** attempts to make the values numbers
   - **String -** will make the values strings
   - **Time -** attempts to parse the values as time
-    - Will show an option to specify a DateFormat as input by a string like yyyy-mm-dd or DD MM YYYY hh:mm:ss
+    - Will show an option to specify a DateFormat for the input field like yyyy-mm-dd or DD MM YYYY hh:mm:ss
   - **Boolean -** will make the values booleans
 
-For example the following query could be modified by selecting the time field, as Time, and Date Format as YYYY.
+For example the following query could be modified by selecting the time field, as Time, and Input format as YYYY.
 
 | Time       | Mark  | Value |
 | ---------- | ----- | ----- |

docs/sources/plugins/catalog.md

@@ -23,7 +23,7 @@ The Plugin catalog allows you to browse and manage plugins from within Grafana.
   </video>
 </div>
 
-Before you can use the Plugin catalog, you must enable it in the Grafana [configuration]({{< relref "../administration/configuration.md#plugin_admin_enabled" >}}) file.
+In order to be able to install / uninstall / update plugins using plugin catalog, you must enable it via the `plugin_admin_enabled` flag in the [configuration]({{< relref "../administration/configuration.md#plugin_admin_enabled" >}}) file.
 Before following the steps below, make sure you are logged in as a Grafana administrator.
 
 <a id="#plugin-catalog-entry"></a>

docs/sources/release-notes/_index.md

@@ -8,6 +8,18 @@ weight = 10000
 Here you can find detailed release notes that list everything that is included in every release as well as notices
 about deprecations, breaking changes as well as changes that relate to plugin development.
 
+- [Release notes for 8.4.0-beta1]({{< relref "release-notes-8-4-0-beta1" >}})
+- [Release notes for 8.3.5]({{< relref "release-notes-8-3-5" >}})
+- [Release notes for 8.3.4]({{< relref "release-notes-8-3-4" >}})
+- [Release notes for 8.3.3]({{< relref "release-notes-8-3-3" >}})
+- [Release notes for 8.3.2]({{< relref "release-notes-8-3-2" >}})
+- [Release notes for 8.3.1]({{< relref "release-notes-8-3-1" >}})
+- [Release notes for 8.3.0]({{< relref "release-notes-8-3-0" >}})
+- [Release notes for 8.3.0-beta2]({{< relref "release-notes-8-3-0-beta2" >}})
+- [Release notes for 8.3.0-beta1]({{< relref "release-notes-8-3-0-beta1" >}})
+- [Release notes for 8.2.7]({{< relref "release-notes-8-2-7" >}})
+- [Release notes for 8.2.6]({{< relref "release-notes-8-2-6" >}})
+- [Release notes for 8.2.5]({{< relref "release-notes-8-2-5" >}})
 - [Release notes for 8.2.4]({{< relref "release-notes-8-2-4" >}})
 - [Release notes for 8.2.3]({{< relref "release-notes-8-2-3" >}})
 - [Release notes for 8.2.2]({{< relref "release-notes-8-2-2" >}})
@@ -15,6 +27,7 @@ about deprecations, breaking changes as well as changes that relate to plugin de
 - [Release notes for 8.2.0]({{< relref "release-notes-8-2-0" >}})
 - [Release notes for 8.2.0-beta2]({{< relref "release-notes-8-2-0-beta2" >}})
 - [Release notes for 8.2.0-beta1]({{< relref "release-notes-8-2-0-beta1" >}})
+- [Release notes for 8.1.8]({{< relref "release-notes-8-1-8" >}})
 - [Release notes for 8.1.7]({{< relref "release-notes-8-1-7" >}})
 - [Release notes for 8.1.6]({{< relref "release-notes-8-1-6" >}})
 - [Release notes for 8.1.5]({{< relref "release-notes-8-1-5" >}})
@@ -26,6 +39,7 @@ about deprecations, breaking changes as well as changes that relate to plugin de
 - [Release notes for 8.1.0-beta3]({{< relref "release-notes-8-1-0-beta3" >}})
 - [Release notes for 8.1.0-beta2]({{< relref "release-notes-8-1-0-beta2" >}})
 - [Release notes for 8.1.0-beta1]({{< relref "release-notes-8-1-0-beta1" >}})
+- [Release notes for 8.0.7]({{< relref "release-notes-8-0-7" >}})
 - [Release notes for 8.0.6]({{< relref "release-notes-8-0-6" >}})
 - [Release notes for 8.0.5]({{< relref "release-notes-8-0-5" >}})
 - [Release notes for 8.0.4]({{< relref "release-notes-8-0-4" >}})
@@ -36,6 +50,9 @@ about deprecations, breaking changes as well as changes that relate to plugin de
 - [Release notes for 8.0.0-beta3]({{< relref "release-notes-8-0-0-beta3" >}})
 - [Release notes for 8.0.0-beta2]({{< relref "release-notes-8-0-0-beta2" >}})
 - [Release notes for 8.0.0-beta1]({{< relref "release-notes-8-0-0-beta1" >}})
+- [Release notes for 7.5.15]({{< relref "release-notes-7-5-15" >}})
+- [Release notes for 7.5.13]({{< relref "release-notes-7-5-13" >}})
+- [Release notes for 7.5.12]({{< relref "release-notes-7-5-12" >}})
 - [Release notes for 7.5.11]({{< relref "release-notes-7-5-11" >}})
 - [Release notes for 7.5.10]({{< relref "release-notes-7-5-10" >}})
 - [Release notes for 7.5.9]({{< relref "release-notes-7-5-9" >}})

docs/sources/release-notes/release-notes-7-5-12.md

@@ -0,0 +1,13 @@
++++
+title = "Release notes for Grafana 7.5.12"
+[_build]
+list = false
++++
+
+<!-- Auto generated by update changelog github action -->
+
+# Release notes for Grafana 7.5.12
+
+### Bug fixes
+
+- **Security**: Fixes CVE-2021-43813 and CVE-2021-PENDING. For more information, see our [blog](https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/)