Advanced Settings
editAdvanced Settings
editAdvanced Settings control the behavior of Kibana. For example, you can change the format used to display dates, specify the default data view, and set the precision for displayed decimal values.
- Open the main menu, then click Stack Management > Advanced Settings.
- Scroll or search for the setting.
- Make your change, then click Save changes.
Required permissions
editThe Advanced Settings
Kibana privilege is required to access Advanced Settings.
When you have insufficient privileges to edit advanced settings, the edit options are not visible, and the following indicator is displayed:
To add the privilege, open the main menu, then click Stack Management > Roles.
For more information on granting access to Kibana, refer to Granting access to Kibana.
Kibana settings reference
editChanging a setting can affect Kibana performance and cause problems that are difficult to diagnose. Setting a property value to a blank field reverts to the default behavior, which might not be compatible with other configuration settings. Deleting a custom setting permanently removes it from Kibana.
General
edit
When disabled, autocompletes the suggestions from your data set instead of the time range. |
|
When disabled, allows you to debug individual requests, but increases the response size. |
|
Set this property to |
|
A string that serves as the separator for exported values. |
|
The format to use for displaying pretty formatted dates. |
|
The day that a week should start on. |
|
The values that define the format to use to render ordered time-based data. Formatted timestamps must adapt to the interval between measurements. Keys are ISO8601 intervals. |
|
The timezone that Kibana uses. The default value of |
|
The format to use for displaying pretty formatted dates of Elasticsearch date_nanos type. |
|
The index to access if no index is set. The default is |
|
The default route when opening Kibana. Use this setting to route users to a specific dashboard, application, or saved object as they enter each space. |
|
The top N most popular fields to show. |
|
Sets the file size limit when importing files. The default
value is |
|
Set this property to |
|
When set to |
|
Disable this property to get autocomplete suggestions from your full dataset, rather than from the current time range. |
|
Set this property to |
|
The default numeral pattern format for the "bytes" format. |
|
The default numeral pattern format for the "currency" format. |
|
A map of the default format name for each field type. Field types that are not explicitly mentioned use "_default_". |
|
The numeral pattern locale. |
|
The numeral pattern for the "number" format. |
|
The numeral pattern for the "percent" format. |
|
When date histograms use the |
|
To improve performance, limits the density of date and number histograms across Kibana
using a test query. When the test query contains too many buckets,
the interval between buckets increases. This setting applies separately
to each histogram aggregation, and does not apply to other types of aggregations.
To find the maximum value of this setting, divide the Elasticsearch |
|
In fields that have history, such as query inputs, show this many recent values. |
|
Fields that exist outside of |
|
Enables you to use Elasticsearch indices in TSVB visualizations. |
|
Affects the TSVB histogram density. Must be set higher than |
|
Allows a wildcard (*) as the first character in a query clause. Only applies
when experimental query features are enabled in the query bar. To disallow
leading wildcards in Lucene queries, use |
|
Options for the Lucene query string parser. Only used when "Query language" is set to Lucene. |
|
The number of objects to fetch for lists of saved objects. The default value is 1000. Do not set above 10000. |
|
The number of objects to show on each page of the list of saved objects. The default is 5. |
|
The query language to use in the query bar. Choices are KQL, a language built specifically for Kibana, and the Lucene query syntax. |
|
Set this property to |
|
Options for the Elasticsearch sort parameter. |
|
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Kibana tracks UI state in the URL, which can lead to problems when there is a lot of state information, and the URL gets very long. Enabling this setting stores part of the URL in your browser session to keep the URL short. |
|
Set to |
|
Kibana only ships with the v8 theme now, so this setting can no longer be edited. |
|
The list of ranges to show in the Quick section of the time filter. This should
be an array of objects, with each object containing |
|
The default refresh interval for the time filter. Example:
|
|
The default selection in the time filter. |
|
The maximum height that a cell occupies in a table. Set to 0 to disable truncation. |
Presentation Labs
edit
When enabled, provides access to the experimental Labs features for Canvas. |
|
When enabled, the panels that appear below the fold are loaded when they become visible on the dashboard. Below the fold refers to panels that are not immediately visible when you open a dashboard, but become visible as you scroll. For additional information, refer to Improve dashboard loading time. |
|
When enabled, provides access to the experimental Labs features for Dashboard. |
Accessibility
edit
Turns off all unnecessary animations in the Kibana UI. Refresh the page to apply the changes. |
Banners
editBanners are a subscription feature.
Set to |
|
The text to display inside the banner for this space, either plain text or Markdown.
Defaults to the value of the |
|
The color for the banner text for this space. Defaults to the value of
the |
|
The color of the banner background for this space. Defaults to the value of
the |
Dashboard
edit
Deprecated. Use feature privileges instead. The roles that belong to dashboard only mode. |
Discover
edit
The number of surrounding entries to display in the context view. The default value is 5. |
|
The number by which to increment or decrement the context size. The default value is 5. |
|
A comma-separated list of fields to use for breaking a tie between documents that have the same timestamp value. The first field that is present and sortable in the current data view is used. |
|
The columns that appear by default on the Discover page. The default is
|
|
The number of rows to show in the Discover table. |
|
Specifies the maximum number of fields to show in the document column of the Discover table. |
|
When enabled, removes the columns that are not in the new data view. |
|
Specifies the number of rows to display in the Discover table. |
|
Load fields from the original JSON |
|
Controls whether a search is executed when Discover first loads. This setting does not have an effect when loading a saved search. |
|
When enabled, displays multi-fields in the expanded document view. |
|
The default sort direction for time-based data views. |
|
Hides the "Time" column in Discover and in all saved searches on dashboards. |
|
Highlights results in Discover and saved searches on dashboards. Highlighting slows requests when working on big documents. |
|
Controls the way the document table looks and works. To use the new Document Explorer instead of the classic view, turn off this option. The Document Explorer offers better data sorting, resizable columns, and a full screen view. |
Machine Learning
edit
Use the default time filter in the Single Metric Viewer and Anomaly Explorer. If this setting is disabled, the results for the full time range are shown. |
|
Sets the default time filter for viewing anomaly detection job results. This setting
must contain |
Notifications
edit
A custom banner intended for temporary notices to all users. Supports Markdown. |
|
The duration, in milliseconds, for banner notification displays. The default value is 3000000. |
|
The duration, in milliseconds, for error notification displays. The default value is 300000. |
|
The duration, in milliseconds, for information notification displays. The default value is 5000. |
|
The duration, in milliseconds, for warning notification displays. The default value is 10000. |
Observability
edit
When enabled, displays the Overview tab for services in APM. |
|
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Sorts services without anomaly detection rules on the APM Service inventory page by service name. |
|
Enables the comparison feature in the APM app. |
|
Enables the Infrastructure view in the APM app. |
|
When enabled, allows you to inspect Elasticsearch queries in API responses. |
|
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. When enabled, allows users to create Service Groups from the APM Service Inventory page. |
Reporting
editRollup
edit
Enables the creation of data views that capture rollup indices, which in turn enables visualizations based on rollup data. Refresh the page to apply the changes. |
Search
edit-
courier:customRequestPreference
-
Request preference
to use when
courier:setRequestPreference
is set to "custom". -
courier:ignoreFilterIfFieldNotInIndex
- Skips filters that apply to fields that don’t exist in the index for a visualization. Useful when dashboards consist of visualizations from multiple data views.
-
courier:maxConcurrentShardRequests
-
Controls the max_concurrent_shard_requests
setting used for
_msearch
requests sent by Kibana. Set to 0 to disable this config and use the Elasticsearch default. -
courier:setRequestPreference
-
Enables you to set which shards handle your search requests.
- Session ID: Restricts operations to execute all search requests on the same shards. This has the benefit of reusing shard caches across requests.
-
Custom: Allows you to define your own preference. Use
courier:customRequestPreference
to customize your preference value. - None: Do not set a preference. This might provide better performance because requests can be spread across all shard copies. However, results might be inconsistent because different shards might be in different refresh states.
-
search:includeFrozen
- This setting is deprecated and will not be supported as of 9.0. Includes frozen indices in results. Searching through frozen indices might increase the search time. This setting is off by default. Users must opt-in to include frozen indices.
-
search:timeout
- Change the maximum timeout, in milliseconds (ms), for a search session. To disable the timeout and allow queries to run to completion, set to 0. The default is 600,000 ms, or 10 minutes.
Security Solution
edit
The threshold above which machine learning job anomalies are displayed in the Elastic Security app. |
|
A comma-delimited list of Elasticsearch indices from which the Elastic Security app collects events. |
|
A comma-delimited list of Threat Intelligence indices from which the Elastic Security app collects indicators. |
|
Enables privilege check warnings in rules for CCS indices. |
|
Enables the security news feed on the Security Overview page. |
|
A JSON array containing links for verifying the reputation of an IP address. The links are displayed on IP detail pages. |
|
The URL from which the security news feed content is retrieved. |
|
The default refresh interval for the Security time filter, in milliseconds. |
|
Enables auto refresh on the rules and monitoring tables, in milliseconds. |
|
Shows related integrations on the rules and monitoring tables. |
|
The default period of time in the Security time filter. |
Timelion
edit-
timelion:es.default_index
-
The default index when using the
.es()
query. -
timelion:es.timefield
-
The default field containing a timestamp when using the
.es()
query. -
timelion:max_buckets
- The maximum number of buckets a single data source can return. This value is used for calculating automatic intervals in visualizations.
-
timelion:min_interval
- The smallest interval to calculate when using "auto".
-
timelion:target_buckets
- Used for calculating automatic intervals in visualizations, this is the number of buckets to try to represent.
-
timelion:legacyChartsLibrary
- The legacy timelion charts are deprecated and will not be supported as of 8.4. Enables the legacy charts library for timelion charts in Visualize.
Visualization
edit
This setting is deprecated and will not be supported as of 8.0. Maps values to specific colors in charts using the Compatibility palette. |
|
Enables the legacy time axis for charts in Lens, Discover, Visualize and TSVB |
|
The maximum number of buckets a datasource can return. High numbers can have a negative impact on your browser rendering performance. |
|
The legacy pie charts are deprecated and will not be supported in a future version. The visualize editor uses new pie charts with improved performance, color palettes, label positioning, and more. Enable this option if you prefer to use the legacy charts library. |
|
Disable this option if you prefer to use the new heatmap charts with improved performance, legend settings, and more.. |
|
Enables users to create, view, and edit experimental visualizations. When disabled, only production-ready visualizations are available to users. |