This is documentation for the next version of Grafana. For the latest stable release, go to the latest version.
Plugin management
You can enhance your Grafana experience with plugins, extensions to Grafana beyond the wide range of visualizations and data sources that are built-in.
This guide shows you how to install plugins that are built by Grafana Labs, commercial partners, our community, or plugins that you have built yourself.
Types of plugins
Grafana supports three types of plugins:
- Panels - These plugins make it easy to create and add any kind of panel, to show your data, or improve your favorite dashboards.
- Data sources - These plugins allow you to pull data from various data sources such as databases, APIs, log files, and so on, and display it in the form of graphs, charts, and dashboards in Grafana.
- Apps - These plugins enable the bundling of data sources, panels, dashboards, and Grafana pages into a cohesive experience.
Panel plugins
Add new visualizations to your dashboard with panel plugins, such as the Clock, Mosaic and Variable panels.
Use panel plugins when you want to:
- Visualize data returned by data source queries.
- Navigate between dashboards.
- Control external systems, such as smart home devices.
Data source plugins
Data source plugins add support for new databases, such as Google BigQuery.
Data source plugins communicate with external sources of data and return the data in a format that Grafana understands. By adding a data source plugin, you can immediately use the data in any of your existing dashboards.
Use data source plugins when you want to query data from external or third-party systems.
App plugins
Applications, or app plugins, bundle data sources and panels to provide a cohesive experience, such as the Zabbix app.
Apps can also add custom pages for things like control panels.
Use app plugins when you want an out-of-the-box monitoring experience.
Managing access for app plugins
Customize access to app plugins with RBAC.
By default, the Viewer, Editor and Admin roles have access to all app plugins that their Organization role allows them to access. Access is granted by the fixed:plugins.app:reader role.
Note
To prevent users from seeing an app plugin, refer to these permissions scenarios.
Plugin catalog
The Grafana plugin catalog allows you to browse and manage plugins from within Grafana. Only Grafana server administrators and Organization administrators can access and use the plugin catalog. For more information about Grafana roles and permissions, refer to Roles and permissions.
The following access rules apply depending on the user role:
- If you are an Org Admin, you can configure app plugins, but you can’t install, uninstall, or update them.
- If you are a Server Admin, you can’t configure app plugins, but you can install, uninstall, or update them.
- If you are both Org Admin and Server Admin, you can configure app plugins and also install, uninstall, or update them.
Note
The Grafana plugin catalog is designed to work with a single Grafana server instance only. Support for Grafana clusters is planned for future Grafana releases.
Video shows the Plugin catalog in a previous version of Grafana.
Note
If required, the Grafana plugin catalog can be disabled using theplugin_admin_enabledflag in the configuration file.
Browse plugins
To browse for available plugins:
- While logged into Grafana as an administrator, click Administration > Plugins and data > Plugins in the side menu to view installed and available plugins.
- Use the search to filter based on name, keywords, organization and other metadata.
- Click the Data sources, Panels, or Applications buttons to filter by plugin type.
Install a plugin
To install a plugin:
- In Grafana, click Administration > Plugins and data > Plugins in the side navigation menu to view all plugins.
- Browse and find a plugin.
- Click the plugin’s logo.
- Click Install.
When the update is complete, you’ll see a confirmation message that the installation was successful.
Update a plugin
To update a plugin:
- In Grafana, click Administration > Plugins and data > Plugins in the side navigation menu to view all plugins.
- Click the Installed filter to show only installed plugins.
- Click the plugin’s logo.
- Click Update.
When the update is complete, you’ll see a confirmation message that the update was successful.
Uninstall a plugin
To uninstall a plugin:
- In Grafana, click Administration > Plugins and data > Plugins in the side navigation menu to view all plugins.
- Click the plugin’s logo.
- Click the Installed filter to show only installed plugins.
- Click Uninstall.
When the update is complete, you’ll see a confirmation message that the uninstall was successful.
Install Grafana plugins
Grafana supports data source, panel, and app plugins.
- In a web browser, navigate to the Grafana plugin catalog and find a plugin that you want to install.
- Click the plugin, and then click the Installation tab.
Install plugin on Grafana Cloud
On the Installation tab, in the For field, click the name of the Grafana instance on which you want to install the plugin.
Grafana Cloud handles the plugin installation automatically.
If you’re logged in to Grafana Cloud when you add a plugin, log out and then log back in again to use the new plugin.
Install plugins using the Grafana Helm chart
With the Grafana Helm chart, add the plugins you want to install as a list using the plugins field in the your values file. For more information about the configuration, refer to the Helm chart configuration reference.
The following YAML snippet installs v1.9.0 of the Grafana OnCall App plugin and the Redis data source plugin. You must incorporate this snippet within your Helm values file.
plugins:
- https://grafana.com/api/plugins/grafana-oncall-app/versions/v1.9.0/download;grafana-oncall-app
- redis-datasourceInstall plugin on local Grafana
Follow the instructions on the Install tab. You can either install the plugin with a Grafana CLI command or by downloading and uncompressing a zip file into the Grafana plugins directory. We recommend using Grafana CLI in most instances. The zip option is available if your Grafana server doesn’t have access to the internet.
For more information about Grafana CLI plugin commands, refer to Plugin commands.
Install a packaged plugin
After the user has downloaded the archive containing the plugin assets, they can install it by extracting the archive into their plugin directory. For example:
unzip my-plugin-0.2.0.zip -d YOUR_PLUGIN_DIR/my-pluginThe path to the plugin directory is defined in the configuration file. For more information, refer to Configuration.
Plugin signatures
Plugin signature verification, also known as signing, is a security measure to make sure plugins haven’t been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.
At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana neither loads nor starts it. To see the result of this verification for each plugin, navigate to Configuration -> Plugins.
Grafana also writes an error message to the server log:
WARN[05-26|12:00:00] Some plugin scanning errors were found errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"If you are a plugin developer and want to know how to sign your plugin, refer to Sign a plugin.
| Signature status | Description |
|---|---|
| Core | Core plugin built into Grafana. |
| Invalid signature | The plugin has an invalid signature. |
| Modified signature | The plugin has changed since it was signed. This may indicate malicious intent. |
| Unsigned | The plugin is not signed. |
| Signed | The plugin signature was successfully verified. |
Plugin signature levels
All plugins are signed under a signature level. The signature level determines how the plugin can be distributed.
| Plugin Level | Description |
|---|---|
| Private | Private plugins are for use on your own Grafana. They may not be distributed to the Grafana community, and are not published in the Grafana catalog. |
| Community | Community plugins have dependent technologies that are open source and not for profit. Community plugins are published in the official Grafana catalog, and are available to the Grafana community. |
| Commercial | Commercial plugins have dependent technologies that are closed source or commercially backed. Commercial plugins are published on the official Grafana catalog, and are available to the Grafana community. |
Allow unsigned plugins
Note
Unsigned plugins are not supported in Grafana Cloud.
We strongly recommend that you don’t run unsigned plugins in your Grafana instance. However, if you’re aware of the risks and you still want to load an unsigned plugin, refer to Configuration.
If you’ve allowed loading of an unsigned plugin, then Grafana writes a warning message to the server log:
WARN[06-01|16:45:59] Running an unsigned plugin pluginID=<plugin id>Note
If you’re developing a plugin, then you can enable development mode to allow all unsigned plugins.
Plugin Frontend Sandbox
Caution
Plugin Frontend Sandbox is currently in public preview. Grafana Labs offers limited support, and breaking changes might occur prior to the feature being made generally available.
The Plugin Frontend Sandbox is a security feature that isolates plugin frontend code from the main Grafana application. When enabled, plugins run in a separate JavaScript context, which provides several security benefits:
- Prevents plugins from modifying parts of the Grafana interface outside their designated areas
- Stops plugins from interfering with other plugins functionality
- Protects core Grafana features from being altered by plugins
- Prevents plugins from modifying global browser objects and behaviors
Plugins running inside the Frontend Sandbox should continue to work normally without any noticeable changes in their intended functionality.
Enable Frontend Sandbox
The Frontend Sandbox feature is currently behind the pluginsFrontendSandbox feature flag. To enable it, you’ll need to:
Enable the feature flag in your Grafana configuration. For more information about enabling feature flags, refer to Configure feature toggles.
For self-hosted Grafana installations, add the plugin IDs you want to sandbox in the
securitysection using theenable_frontend_sandbox_for_pluginsconfiguration option.
For Grafana Cloud users, you can simply use the toggle switch in the plugin catalog page to enable or disable the sandbox for each plugin. By default, the sandbox is disabled for all plugins.
Note
Enabling the Frontend Sandbox might impact the performance of certain plugins. Only disable the sandbox if you fully trust the plugin and understand the security implications.
Compatibility
The Frontend Sandbox is available in public preview in Grafana >=11.4. It is compatible with all types of plugins including app plugins, panel plugins, and data source plugins. Angular-based plugins are not supported. Plugins developed and signed by Grafana Labs are excluded and cannot be sandboxed.
When to Use Frontend Sandbox
We strongly recommend enabling the Frontend Sandbox for plugins that allow users to write custom JavaScript code for data visualization or manipulation. These plugins, while powerful, can potentially execute arbitrary JavaScript code in your Grafana instance. The sandbox provides an additional layer of security by restricting what this code can access and modify.
Examples of plugins where the sandbox is particularly important include:
- Panel plugins that allow users to write custom JavaScript code
- Plugins from untrusted sources
Troubleshooting
If a plugin isn’t functioning correctly with the Frontend Sandbox enabled:
- Temporarily disable the sandbox for that specific plugin
- Test if the plugin works correctly without the sandbox
- If the plugin only works with the sandbox disabled, ensure you trust the plugin source before continuing to use it without sandbox protection
- Report any sandbox-related issues to the plugin developer
Learn more
Was this page helpful?
Related resources from Grafana Labs
