Advanced Settings

edit

Advanced Settings control the behavior of Kibana. For example, you can change the format used to display dates, specify the default data view, and set the precision for displayed decimal values.

  1. Open the main menu, then click Stack Management > Advanced Settings.
  2. Scroll or search for the setting.
  3. Make your change, then click Save changes.

Required permissions

edit

The Advanced Settings Kibana privilege is required to access Advanced Settings.

When you have insufficient privileges to edit advanced settings, the edit options are not visible, and the following indicator is displayed:

Example of Advanced Settings Management’s read only access indicator in Kibana’s header

To add the privilege, open the main menu, then click Stack Management > Roles.

For more information on granting access to Kibana, refer to Granting access to Kibana.

Kibana settings reference

edit

Changing a setting can affect Kibana performance and cause problems that are difficult to diagnose. Setting a property value to a blank field reverts to the default behavior, which might not be compatible with other configuration settings. Deleting a custom setting permanently removes it from Kibana.

General

edit

autocomplete:useTimeRange

When disabled, autocompletes the suggestions from your data set instead of the time range.

bfetch:disableCompression

When disabled, allows you to debug individual requests, but increases the response size.

csv:quoteValues

Set this property to true to quote exported values.

csv:separator

A string that serves as the separator for exported values.

dateFormat

The format to use for displaying pretty formatted dates.

dateFormat:dow

The day that a week should start on.

dateFormat:scaled

The values that define the format to use to render ordered time-based data. Formatted timestamps must adapt to the interval between measurements. Keys are ISO8601 intervals.

dateFormat:tz

The timezone that Kibana uses. The default value of Browser uses the timezone detected by the browser.

dateNanosFormat

The format to use for displaying pretty formatted dates of Elasticsearch date_nanos type.

defaultIndex

The index to access if no index is set. The default is null.

defaultRoute

The default route when opening Kibana. Use this setting to route users to a specific dashboard, application, or saved object as they enter each space.

fields:popularLimit

The top N most popular fields to show.

fileUpload:maxFileSize

Sets the file size limit when importing files. The default value is 100MB. The highest supported value for this setting is 1GB.

filterEditor:suggestValues

Set this property to false to prevent the filter editor and KQL autocomplete from suggesting values for fields.

autocomplete:valueSuggestionMethod

When set to terms_enum, autocomplete uses the terms enum API for value suggestions. Kibana returns results faster, but suggestions are approximate, sorted alphabetically, and can be outside the selected time range. When set to terms_agg, Kibana uses a terms aggregation for value suggestions, which is slower, but suggestions include all values that optionally match your time range and are sorted by popularity. Learn more.

autocomplete:useTimeRange

Disable this property to get autocomplete suggestions from your full dataset, rather than from the current time range. Learn more.

filters:pinnedByDefault

Set this property to true to make filters have a global state (be pinned) by default.

format:bytes:defaultPattern

The default numeral pattern format for the "bytes" format.

format:currency:defaultPattern

The default numeral pattern format for the "currency" format.

format:defaultTypeMap

A map of the default format name for each field type. Field types that are not explicitly mentioned use "_default_".

format:number:defaultLocale

The numeral pattern locale.

format:number:defaultPattern

The numeral pattern for the "number" format.

format:percent:defaultPattern

The numeral pattern for the "percent" format.

histogram:barTarget

When date histograms use the auto interval, Kibana attempts to generate this number of bars.

histogram:maxBars

To improve performance, limits the density of date and number histograms across Kibana using a test query. When the test query contains too many buckets, the interval between buckets increases. This setting applies separately to each histogram aggregation, and does not apply to other types of aggregations. To find the maximum value of this setting, divide the Elasticsearch search.max_buckets value by the maximum number of aggregations in each visualization.

history:limit

In fields that have history, such as query inputs, show this many recent values.

metaFields

Fields that exist outside of _source. Kibana merges these fields into the document when displaying it.

metrics:allowStringIndices

Enables you to use Elasticsearch indices in TSVB visualizations.

metrics:max_buckets

Affects the TSVB histogram density. Must be set higher than histogram:maxBars.

query:allowLeadingWildcards

Allows a wildcard (*) as the first character in a query clause. Only applies when experimental query features are enabled in the query bar. To disallow leading wildcards in Lucene queries, use query:queryString:options.

query:queryString:options

Options for the Lucene query string parser. Only used when "Query language" is set to Lucene.

savedObjects:listingLimit

The number of objects to fetch for lists of saved objects. The default value is 1000. Do not set above 10000.

savedObjects:perPage

The number of objects to show on each page of the list of saved objects. The default is 5.

search:queryLanguage

The query language to use in the query bar. Choices are KQL, a language built specifically for Kibana, and the Lucene query syntax.

shortDots:enable

Set this property to true to shorten long field names in visualizations. For example, show f.b.baz instead of foo.bar.baz.

sort:options

Options for the Elasticsearch sort parameter.

state:storeInSessionStorage

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Kibana tracks UI state in the URL, which can lead to problems when there is a lot of state information, and the URL gets very long. Enabling this setting stores part of the URL in your browser session to keep the URL short.

theme:darkMode

Set to true to enable a dark mode for the Kibana UI. You must refresh the page to apply the setting.

theme:version

Kibana only ships with the v8 theme now, so this setting can no longer be edited.

timepicker:quickRanges

The list of ranges to show in the Quick section of the time filter. This should be an array of objects, with each object containing from, to (see accepted formats), and display (the title to be displayed).

timepicker:refreshIntervalDefaults

The default refresh interval for the time filter. Example: { "display": "15 seconds", "pause": true, "value": 15000 }.

timepicker:timeDefaults

The default selection in the time filter.

truncate:maxHeight

The maximum height that a cell occupies in a table. Set to 0 to disable truncation.

Presentation Labs

edit

labs:canvas:enable_ui

When enabled, provides access to the experimental Labs features for Canvas.

labs:dashboard:deferBelowFold

When enabled, the panels that appear below the fold are loaded when they become visible on the dashboard. Below the fold refers to panels that are not immediately visible when you open a dashboard, but become visible as you scroll. For additional information, refer to Improve dashboard loading time.

labs:dashboard:enable_ui

When enabled, provides access to the experimental Labs features for Dashboard.

Accessibility

edit

accessibility:disableAnimations

Turns off all unnecessary animations in the Kibana UI. Refresh the page to apply the changes.

Banners

edit

Banners are a subscription feature.

banners:placement

Set to Top to display a banner above the Elastic header for this space. Defaults to the value of the xpack.banners.placement configuration property.

banners:textContent

The text to display inside the banner for this space, either plain text or Markdown. Defaults to the value of the xpack.banners.textContent configuration property.

banners:textColor

The color for the banner text for this space. Defaults to the value of the xpack.banners.textColor configuration property.

banners:backgroundColor

The color of the banner background for this space. Defaults to the value of the xpack.banners.backgroundColor configuration property.

Dashboard

edit

xpackDashboardMode:roles

Deprecated. Use feature privileges instead. The roles that belong to dashboard only mode.

Discover

edit

context:defaultSize

The number of surrounding entries to display in the context view. The default value is 5.

context:step

The number by which to increment or decrement the context size. The default value is 5.

context:tieBreakerFields

A comma-separated list of fields to use for breaking a tie between documents that have the same timestamp value. The first field that is present and sortable in the current data view is used.

defaultColumns

The columns that appear by default on the Discover page. The default is _source.

discover:sampleSize

The number of rows to show in the Discover table.

discover:maxDocFieldsDisplayed

Specifies the maximum number of fields to show in the document column of the Discover table.

discover:modifyColumnsOnSwitch

When enabled, removes the columns that are not in the new data view.

discover:sampleSize

Specifies the number of rows to display in the Discover table.

discover:searchFieldsFromSource

Load fields from the original JSON _source. When disabled, Discover loads fields using the Elasticsearch search API’s fields parameter.

discover:searchOnPageLoad

Controls whether a search is executed when Discover first loads. This setting does not have an effect when loading a saved search.

discover:showMultiFields

When enabled, displays multi-fields in the expanded document view.

discover:sort:defaultOrder

The default sort direction for time-based data views.

doc_table:hideTimeColumn

Hides the "Time" column in Discover and in all saved searches on dashboards.

doc_table:highlight

Highlights results in Discover and saved searches on dashboards. Highlighting slows requests when working on big documents.

doc_table:legacy

Controls the way the document table looks and works. To use the new Document Explorer instead of the classic view, turn off this option. The Document Explorer offers better data sorting, resizable columns, and a full screen view.

Machine Learning

edit

ml:anomalyDetection:results:enableTimeDefaults

Use the default time filter in the Single Metric Viewer and Anomaly Explorer. If this setting is disabled, the results for the full time range are shown.

ml:anomalyDetection:results:timeDefaults

Sets the default time filter for viewing anomaly detection job results. This setting must contain from and to values (see accepted formats). It is ignored unless ml:anomalyDetection:results:enableTimeDefaults is enabled.

Notifications

edit

notifications:banner

A custom banner intended for temporary notices to all users. Supports Markdown.

notifications:lifetime:banner

The duration, in milliseconds, for banner notification displays. The default value is 3000000.

notifications:lifetime:error

The duration, in milliseconds, for error notification displays. The default value is 300000.

notifications:lifetime:info

The duration, in milliseconds, for information notification displays. The default value is 5000.

notifications:lifetime:warning

The duration, in milliseconds, for warning notification displays. The default value is 10000.

Observability

edit

apm:enableServiceOverview

When enabled, displays the Overview tab for services in APM.

observability:apmServiceInventoryOptimizedSorting

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Sorts services without anomaly detection rules on the APM Service inventory page by service name.

observability:enableComparisonByDefault

Enables the comparison feature in the APM app.

observability:enableInfrastructureView

Enables the Infrastructure view in the APM app.

observability:enableInspectEsQueries

When enabled, allows you to inspect Elasticsearch queries in API responses.

observability:enableServiceGroups

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. When enabled, allows users to create Service Groups from the APM Service Inventory page.

Reporting

edit

xpackReporting:customPdfLogo

A custom image to use in the footer of the PDF.

Rollup

edit

rollups:enableIndexPatterns

Enables the creation of data views that capture rollup indices, which in turn enables visualizations based on rollup data. Refresh the page to apply the changes.

Search

edit
courier:customRequestPreference
Request preference to use when courier:setRequestPreference is set to "custom".
courier:ignoreFilterIfFieldNotInIndex
Skips filters that apply to fields that don’t exist in the index for a visualization. Useful when dashboards consist of visualizations from multiple data views.
courier:maxConcurrentShardRequests
Controls the max_concurrent_shard_requests setting used for _msearch requests sent by Kibana. Set to 0 to disable this config and use the Elasticsearch default.
courier:setRequestPreference

Enables you to set which shards handle your search requests.

  • Session ID: Restricts operations to execute all search requests on the same shards. This has the benefit of reusing shard caches across requests.
  • Custom: Allows you to define your own preference. Use courier:customRequestPreference to customize your preference value.
  • None: Do not set a preference. This might provide better performance because requests can be spread across all shard copies. However, results might be inconsistent because different shards might be in different refresh states.
search:includeFrozen
This setting is deprecated and will not be supported as of 9.0. Includes frozen indices in results. Searching through frozen indices might increase the search time. This setting is off by default. Users must opt-in to include frozen indices.
search:timeout
Change the maximum timeout, in milliseconds (ms), for a search session. To disable the timeout and allow queries to run to completion, set to 0. The default is 600,000 ms, or 10 minutes.

Security Solution

edit

securitySolution:defaultAnomalyScore

The threshold above which machine learning job anomalies are displayed in the Elastic Security app.

securitySolution:defaultIndex

A comma-delimited list of Elasticsearch indices from which the Elastic Security app collects events.

securitySolution:defaultThreatIndex

A comma-delimited list of Threat Intelligence indices from which the Elastic Security app collects indicators.

securitySolution:enableNewsFeed

Enables the security news feed on the Security Overview page.

securitySolution:ipReputationLinks

A JSON array containing links for verifying the reputation of an IP address. The links are displayed on IP detail pages.

securitySolution:newsFeedUrl

The URL from which the security news feed content is retrieved.

securitySolution:refreshIntervalDefaults

The default refresh interval for the Security time filter, in milliseconds.

securitySolution:rulesTableRefresh

The default period of time in the Security time filter.

securitySolution:timeDefaults

The default period of time in the Security time filter.

Timelion

edit
timelion:es.default_index
The default index when using the .es() query.
timelion:es.timefield
The default field containing a timestamp when using the .es() query.
timelion:graphite.url
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Used with graphite queries, this is the URL of your graphite host in the form https://www.hostedgraphite.com/UID/ACCESS_KEY/graphite. This URL can be selected from an allow-list configured in the kibana.yml under timelion.graphiteUrls.
timelion:max_buckets
The maximum number of buckets a single data source can return. This value is used for calculating automatic intervals in visualizations.
timelion:min_interval
The smallest interval to calculate when using "auto".
timelion:quandl.key
[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Used with quandl queries, this is your API key from www.quandl.com.
timelion:target_buckets
Used for calculating automatic intervals in visualizations, this is the number of buckets to try to represent.
timelion:legacyChartsLibrary
Enables the legacy charts library for timelion charts in Visualize.

Visualization

edit

visualization:colorMapping

This setting is deprecated and will not be supported as of 8.0. Maps values to specific colors in charts using the Compatibility palette.

visualization:useLegacyTimeAxis

Enables the legacy time axis for charts in Lens, Discover, Visualize and TSVB

visualization:heatmap:maxBuckets

The maximum number of buckets a datasource can return. High numbers can have a negative impact on your browser rendering performance.

visualization:visualize:legacyPieChartsLibrary

The visualize editor uses new pie charts with improved performance, color palettes, label positioning, and more. Enable this option if you prefer to use the legacy charts library.

visualization:visualize:legacyHeatmapChartsLibrary

Disable this option if you prefer to use the new heatmap charts with improved performance, legend settings, and more..

visualize:enableLabs

Enables users to create, view, and edit experimental visualizations. When disabled, only production-ready visualizations are available to users.

Usage Data

edit

telemetry:enabled

When enabled, helps improve the Elastic Stack by providing usage statistics for basic features.