This is documentation for the next version of Grafana. For the latest stable release, go to the latest version.
Plugin management
You can enhance your Grafana experience with plugins, extensions to Grafana beyond the wide range of visualizations and data sources that are built-in.
This guide shows you how to install plugins that are built by Grafana Labs, commercial partners, our community, or plugins that you have built yourself.
Types of plugins
Grafana supports three types of plugins:
- Panels - These plugins make it easy to create and add any kind of panel, to show your data, or improve your favorite dashboards.
- Data sources - These plugins allow you to pull data from various data sources such as databases, APIs, log files, and so on, and display it in the form of graphs, charts, and dashboards in Grafana.
- Apps - These plugins enable the bundling of data sources, panels, dashboards, and Grafana pages into a cohesive experience.
Panel plugins
Add new visualizations to your dashboard with panel plugins, such as the Clock, Mosaic and Variable panels.
Use panel plugins when you want to:
- Visualize data returned by data source queries.
- Navigate between dashboards.
- Control external systems, such as smart home devices.
Data source plugins
Data source plugins add support for new databases, such as Google BigQuery.
Data source plugins communicate with external sources of data and return the data in a format that Grafana understands. By adding a data source plugin, you can immediately use the data in any of your existing dashboards.
Use data source plugins when you want to query data from external or third-party systems.
App plugins
Applications, or app plugins, bundle data sources and panels to provide a cohesive experience, such as the Zabbix app.
Apps can also add custom pages for things like control panels.
Use app plugins when you want an out-of-the-box monitoring experience.
Managing access for app plugins
Customize access to app plugins with RBAC.
By default, the Viewer, Editor and Admin roles have access to all app plugins that their Organization role allows them to access. Access is granted by the fixed:plugins.app:reader
role.
Note
To prevent users from seeing an app plugin, refer to these permissions scenarios.
Plugin catalog
The Grafana plugin catalog allows you to browse and manage plugins from within Grafana. Only Grafana server administrators and Organization administrators can access and use the plugin catalog. For more information about Grafana roles and permissions, refer to Roles and permissions.
The following access rules apply depending on the user role:
- If you are an Org Admin, you can configure app plugins, but you can’t install, uninstall, or update them.
- If you are a Server Admin, you can’t configure app plugins, but you can install, uninstall, or update them.
- If you are both Org Admin and Server Admin, you can configure app plugins and also install, uninstall, or update them.
Note
The Grafana plugin catalog is designed to work with a single Grafana server instance only. Support for Grafana clusters is planned for future Grafana releases.
Video shows the Plugin catalog in a previous version of Grafana.
Note
If required, the Grafana plugin catalog can be disabled using theplugin_admin_enabled
flag in the configuration file.
Browse plugins
To browse for available plugins:
- While logged into Grafana as an administrator, click Administration > Plugins and data > Plugins in the side menu to view installed and available plugins.
- Use the search to filter based on name, keywords, organization and other metadata.
- Click the Data sources, Panels, or Applications buttons to filter by plugin type.
Install a plugin
The most common way to install a plugin is through the Grafana UI, but alternative methods are also available.
- In Grafana, click Administration > Plugins and data > Plugins in the side navigation menu to view all plugins.
- Browse and find a plugin.
- Click the plugin’s logo.
- Click Install.
There are also additional ways to install plugins depending on your setup.
Install a plugin using Grafana CLI
Grafana CLI allows you to install, upgrade, and manage your Grafana plugins using a command line. For more information about Grafana CLI plugin commands, refer to Plugin commands.
Install a plugin from a ZIP file
This method is typically used for plugins not available in the Plugin Catalog or in environments without internet access.
Download the archive containing the plugin assets, and install it by extracting the archive into the plugin directory. For example:
unzip my-plugin-0.2.0.zip -d YOUR_PLUGIN_DIR/my-plugin
The path to the plugin directory is defined in the configuration file. For more information, refer to Configuration.
#### Install a plugin using Grafana configuration
Note
This feature requires Grafana 11.5.0 or later.
You can install plugins by adding the plugin ID to the plugins.preinstall
section in the Grafana configuration file. This prevents the plugin from being accidentally uninstalled and can be auto-updated. For more information, refer to Configuration.
Install a plugin in air-gapped environment
Plugin installation usually requires an internet connection. You can check which endpoints are used during the installation on your instance and add them to your instance’s allowlist.
If this is not possible you can go via installing a plugin using Grafana CLI or as a ZIP file.
You can fetch any plugin from Grafana.com API following the download link referenced in the API.
Here is an example based on grafana-lokiexplore-app
plugins.
- Open
https://grafana.com/api/plugins/grafana-lokiexplore-app
and look forlinks
section - Find a
download
url which looks something likehttps://grafana.com/api/plugins/grafana-lokiexplore-app/versions/1.0.2/download
- Use this URL to download the plugin ZIP file, which you can then install as described above.
Install plugins using the Grafana Helm chart
With the Grafana Helm chart, add the plugins you want to install as a list using the plugins
field in the your values file. For more information about the configuration, refer to the Helm chart configuration reference.
The following YAML snippet installs v1.9.0 of the Grafana OnCall App plugin and the Redis data source plugin. You must incorporate this snippet within your Helm values file.
plugins:
- https://grafana.com/api/plugins/grafana-oncall-app/versions/v1.9.0/download;grafana-oncall-app
- redis-datasource
When the update is complete, a confirmation message will indicate the installation was successful.
Update a plugin
To update a plugin:
- In Grafana, click Administration > Plugins and data > Plugins in the side navigation menu to view all plugins.
- Click the Installed filter to show only installed plugins.
- Click the plugin’s logo.
- Click Update.
When the update is complete, a confirmation message will indicate the installation was successful.
Uninstall a plugin
To uninstall a plugin:
- In Grafana, click Administration > Plugins and data > Plugins in the side navigation menu to view all plugins.
- Click the plugin’s logo.
- Click the Installed filter to show only installed plugins.
- Click Uninstall.
When the update is complete, a confirmation message will indicate the installation was successful.
Plugin signatures
Plugin signature verification, also known as signing, is a security measure to make sure plugins haven’t been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.
At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana neither loads nor starts it. To see the result of this verification for each plugin, navigate to Configuration -> Plugins.
Grafana also writes an error message to the server log:
WARN[05-26|12:00:00] Some plugin scanning errors were found errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"
If you are a plugin developer and want to know how to sign your plugin, refer to Sign a plugin.
Signature status | Description |
---|---|
Core | Core plugin built into Grafana. |
Invalid signature | The plugin has an invalid signature. |
Modified signature | The plugin has changed since it was signed. This may indicate malicious intent. |
Unsigned | The plugin is not signed. |
Signed | The plugin signature was successfully verified. |
Plugin signature levels
All plugins are signed under a signature level. The signature level determines how the plugin can be distributed.
Plugin Level | Description |
---|---|
Private | Private plugins are for use on your own Grafana. They may not be distributed to the Grafana community, and are not published in the Grafana catalog. |
Community | Community plugins have dependent technologies that are open source and not for profit. Community plugins are published in the official Grafana catalog, and are available to the Grafana community. |
Commercial | Commercial plugins have dependent technologies that are closed source or commercially backed. Commercial plugins are published on the official Grafana catalog, and are available to the Grafana community. |
Allow unsigned plugins
Note
Unsigned plugins are not supported in Grafana Cloud.
We strongly recommend that you don’t run unsigned plugins in your Grafana instance. However, if you’re aware of the risks and you still want to load an unsigned plugin, refer to Configuration.
If you’ve allowed loading of an unsigned plugin, then Grafana writes a warning message to the server log:
WARN[06-01|16:45:59] Running an unsigned plugin pluginID=<plugin id>
Note
If you’re developing a plugin, then you can enable development mode to allow all unsigned plugins.
Plugin Frontend Sandbox
Caution
Plugin Frontend Sandbox is currently in public preview. Grafana Labs offers limited support, and breaking changes might occur prior to the feature being made generally available.
The Plugin Frontend Sandbox is a security feature that isolates plugin frontend code from the main Grafana application. When enabled, plugins run in a separate JavaScript context, which provides several security benefits:
- Prevents plugins from modifying parts of the Grafana interface outside their designated areas
- Stops plugins from interfering with other plugins functionality
- Protects core Grafana features from being altered by plugins
- Prevents plugins from modifying global browser objects and behaviors
Plugins running inside the Frontend Sandbox should continue to work normally without any noticeable changes in their intended functionality.
Enable Frontend Sandbox
The Frontend Sandbox feature is currently behind the pluginsFrontendSandbox
feature flag. To enable it, you’ll need to:
Enable the feature flag in your Grafana configuration. For more information about enabling feature flags, refer to Configure feature toggles.
For self-hosted Grafana installations, add the plugin IDs you want to sandbox in the
security
section using theenable_frontend_sandbox_for_plugins
configuration option.
For Grafana Cloud users, you can simply use the toggle switch in the plugin catalog page to enable or disable the sandbox for each plugin. By default, the sandbox is disabled for all plugins.
Note
Enabling the Frontend Sandbox might impact the performance of certain plugins. Only disable the sandbox if you fully trust the plugin and understand the security implications.
Compatibility
The Frontend Sandbox is available in public preview in Grafana >=11.4. It is compatible with all types of plugins including app plugins, panel plugins, and data source plugins. Angular-based plugins are not supported. Plugins developed and signed by Grafana Labs are excluded and cannot be sandboxed.
When to Use Frontend Sandbox
We strongly recommend enabling the Frontend Sandbox for plugins that allow users to write custom JavaScript code for data visualization or manipulation. These plugins, while powerful, can potentially execute arbitrary JavaScript code in your Grafana instance. The sandbox provides an additional layer of security by restricting what this code can access and modify.
Examples of plugins where the sandbox is particularly important include:
- Panel plugins that allow users to write custom JavaScript code
- Plugins from untrusted sources
Troubleshooting
If a plugin isn’t functioning correctly with the Frontend Sandbox enabled:
- Temporarily disable the sandbox for that specific plugin
- Test if the plugin works correctly without the sandbox
- If the plugin only works with the sandbox disabled, ensure you trust the plugin source before continuing to use it without sandbox protection
- Report any sandbox-related issues to the plugin developer