Update .github/CODEOWNERS

Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com>
revert
2025-12-15 09:23:10 +01:00 · 2025-12-12 17:51:18 +01:00 · 2025-12-12 17:50:22 +01:00 · 2025-12-12 17:48:59 +01:00 · 2025-12-12 17:48:13 +01:00 · 2025-12-12 17:26:29 +01:00
289 changed files with 2159 additions and 13947 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -77,11 +77,11 @@
 /.air.toml @macabu

 # Git Sync / App Platform Provisioning
-/apps/provisioning/ @grafana/grafana-git-ui-sync-team
-/pkg/operators @grafana/grafana-git-ui-sync-team
-/public/app/features/provisioning @grafana/grafana-git-ui-sync-team
-/pkg/registry/apis/provisioning @grafana/grafana-git-ui-sync-team
-/pkg/tests/apis/provisioning @grafana/grafana-git-ui-sync-team
+/apps/provisioning/ @grafana/grafana-app-platform-squad
+/pkg/operators @grafana/grafana-app-platform-squad
+/public/app/features/provisioning @grafana/grafana-search-navigate-organise
+/pkg/registry/apis/provisioning @grafana/grafana-app-platform-squad
+/pkg/tests/apis/provisioning @grafana/grafana-app-platform-squad
 # Git Sync frontend owned by frontend team as a whole.

 /apps/alerting/ @grafana/alerting-backend
@@ -208,7 +208,7 @@
 /pkg/tests/apis/shorturl @grafana/sharing-squad
 /pkg/tests/api/correlations/ @grafana/datapro
 /pkg/tsdb/grafanads/ @grafana/grafana-backend-group
-/pkg/tsdb/opentsdb/ @grafana/oss-big-tent
+/pkg/tsdb/opentsdb/ @grafana/partner-datasources
 /pkg/util/ @grafana/grafana-backend-group
 /pkg/web/ @grafana/grafana-backend-group

@@ -260,7 +260,7 @@
 /devenv/dev-dashboards/dashboards.go @grafana/dataviz-squad
 /devenv/dev-dashboards/home.json @grafana/dataviz-squad
 /devenv/dev-dashboards/datasource-elasticsearch/ @grafana/partner-datasources
-/devenv/dev-dashboards/datasource-opentsdb/ @grafana/oss-big-tent
+/devenv/dev-dashboards/datasource-opentsdb/ @grafana/partner-datasources
 /devenv/dev-dashboards/datasource-influxdb/ @grafana/partner-datasources
 /devenv/dev-dashboards/datasource-mssql/ @grafana/partner-datasources
 /devenv/dev-dashboards/datasource-loki/ @grafana/plugins-platform-frontend
@@ -307,7 +307,7 @@
 /devenv/docker/blocks/mysql_exporter/ @grafana/oss-big-tent
 /devenv/docker/blocks/mysql_opendata/ @grafana/oss-big-tent
 /devenv/docker/blocks/mysql_tests/ @grafana/oss-big-tent
-/devenv/docker/blocks/opentsdb/ @grafana/oss-big-tent
+/devenv/docker/blocks/opentsdb/ @grafana/partner-datasources
 /devenv/docker/blocks/postgres/ @grafana/oss-big-tent
 /devenv/docker/blocks/postgres_tests/ @grafana/oss-big-tent
 /devenv/docker/blocks/prometheus/ @grafana/oss-big-tent
@@ -520,7 +520,7 @@ i18next.config.ts @grafana/grafana-frontend-platform
 /e2e-playwright/various-suite/solo-route.spec.ts @grafana/dashboards-squad
 /e2e-playwright/various-suite/trace-view-scrolling.spec.ts @grafana/observability-traces-and-profiling
 /e2e-playwright/various-suite/verify-i18n.spec.ts @grafana/grafana-frontend-platform
-/e2e-playwright/various-suite/visualization-suggestions.spec.ts @grafana/dataviz-squad
+/e2e-playwright/various-suite/visualization-suggestions.spec.ts @grafana/dashboards-squad
 /e2e-playwright/various-suite/perf-test.spec.ts @grafana/grafana-frontend-platform

 # Packages
@@ -753,7 +753,7 @@ i18next.config.ts @grafana/grafana-frontend-platform
 /packages/grafana-api-clients/src/clients/rtkq/iam/ @grafana/access-squad @grafana/identity-squad
 /packages/grafana-api-clients/src/clients/rtkq/logsdrilldown/ @grafana/observability-logs
 /packages/grafana-api-clients/src/clients/rtkq/preferences/ @grafana/plugins-platform-frontend
-/packages/grafana-api-clients/src/clients/rtkq/provisioning/ @grafana/grafana-git-ui-sync-team
+/packages/grafana-api-clients/src/clients/rtkq/provisioning/ @grafana/grafana-search-navigate-organise
 /packages/grafana-api-clients/src/clients/rtkq/shorturl/ @grafana/sharing-squad

 # root files, mostly frontend
@@ -956,7 +956,6 @@ playwright.storybook.config.ts @grafana/grafana-frontend-platform
 /public/app/features/notifications/ @grafana/grafana-search-navigate-organise
 /public/app/features/org/ @grafana/grafana-search-navigate-organise
 /public/app/features/panel/ @grafana/dashboards-squad
-/public/app/features/panel/components/VizTypePicker/VisualizationSuggestions.tsx @grafana/dataviz-squad
 /public/app/features/panel/suggestions/ @grafana/dataviz-squad
 /public/app/features/playlist/ @grafana/dashboards-squad
 /public/app/features/plugins/ @grafana/plugins-platform-frontend
@@ -1085,7 +1084,7 @@ playwright.storybook.config.ts @grafana/grafana-frontend-platform
 eslint-suppressions.json @grafanabot

 # Design system
-/public/img/icons/unicons/ @grafana/design-system
+/public/img/icons/unicons/ @grafana/product-design-engineering

 # Core datasources
 /public/app/plugins/datasource/dashboard/ @grafana/dashboards-squad
@@ -1101,7 +1100,7 @@ eslint-suppressions.json @grafanabot
 /public/app/plugins/datasource/mixed/ @grafana/dashboards-squad
 /public/app/plugins/datasource/mssql/ @grafana/partner-datasources
 /public/app/plugins/datasource/mysql/ @grafana/oss-big-tent
-/public/app/plugins/datasource/opentsdb/ @grafana/oss-big-tent
+/public/app/plugins/datasource/opentsdb/ @grafana/partner-datasources
 /public/app/plugins/datasource/grafana-postgresql-datasource/ @grafana/oss-big-tent
 /public/app/plugins/datasource/prometheus/ @grafana/oss-big-tent
 /public/app/plugins/datasource/cloud-monitoring/ @grafana/partner-datasources
@@ -1261,11 +1260,11 @@ embed.go @grafana/grafana-as-code
 /.github/workflows/stale.yml @grafana/grafana-developer-enablement-squad
 /.github/workflows/storybook-a11y.yml @grafana/grafana-frontend-platform
 /.github/workflows/update-make-docs.yml @grafana/docs-tooling
-/.github/workflows/scripts/kinds/verify-kinds.go @grafana/platform-monitoring
+/.github/workflows/scripts/kinds/verify-kinds.go @grafana/grafana-app-platform-squad
 /.github/workflows/scripts/create-security-branch/create-security-branch.sh @grafana/grafana-developer-enablement-squad
-/.github/workflows/publish-kinds-next.yml @grafana/platform-monitoring
-/.github/workflows/publish-kinds-release.yml @grafana/platform-monitoring
-/.github/workflows/verify-kinds.yml @grafana/platform-monitoring
+/.github/workflows/publish-kinds-next.yml @grafana/grafana-app-platform-squad
+/.github/workflows/publish-kinds-release.yml @grafana/grafana-app-platform-squad
+/.github/workflows/verify-kinds.yml @grafana/grafana-app-platform-squad
 /.github/workflows/dashboards-issue-add-label.yml @grafana/dashboards-squad
 /.github/workflows/run-schema-v2-e2e.yml  @grafana/dashboards-squad
 /.github/workflows/run-dashboard-search-e2e.yml  @grafana/grafana-search-and-storage
@@ -1326,7 +1325,7 @@ embed.go @grafana/grafana-as-code
 /conf/provisioning/dashboards/ @grafana/dashboards-squad
 /conf/provisioning/datasources/ @grafana/plugins-platform-backend
 /conf/provisioning/plugins/ @grafana/plugins-platform-backend
-/conf/provisioning/sample/ @grafana/grafana-git-ui-sync-team
+/conf/provisioning/sample/ @grafana/grafana-app-platform-squad

 # Security
 /relyance.yaml @grafana/security-team
--- a/.github/workflows/pr-patch-check-event.yml
+++ b/.github/workflows/pr-patch-check-event.yml
@@ -12,7 +12,6 @@ on:
 permissions:
  id-token: write
  contents: read
-  statuses: write

 # Since this is run on a pull request, we want to apply the patches intended for the
 # target branch onto the source branch, to verify compatibility before merging.
--- a/.github/workflows/pr-patch-check.yml
+++ b/.github/workflows/pr-patch-check.yml
@@ -29,10 +29,6 @@ permissions:
 # target branch onto the source branch, to verify compatibility before merging.
 jobs:
  dispatch-job:
-    # If the source is not from a fork then dispatch the job to the workflow.
-    # This will fail on forks when trying to broker a token, so instead, forks will create the required status and mark
-    # it as a success
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
    env:
      HEAD_REF: ${{ inputs.head_ref }}
      BASE_REF: ${{ github.base_ref }}
@@ -80,20 +76,3 @@ jobs:
                  triggering_github_handle: SENDER
                }
            })
-  dispatch-job-fork:
-    # If the source is from a fork then use the built-in workflow token to create the same status and unconditionally
-    # mark it as a success.
-    if: ${{ github.event.pull_request.head.repo.fork }}
-    permissions:
-      statuses: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Create status
-        uses: myrotvorets/set-commit-status-action@6d6905c99cd24a4a2cbccc720b62dc6ca5587141
-        with:
-          token: ${{ github.token }}
-          sha: ${{ inputs.pr_commit_sha }}
-          repo: ${{ inputs.repo }}
-          status: success
-          context: "Test Patches (event)"
-          description: "Test Patches (event) on a fork"
--- a/.github/workflows/release-comms.yml
+++ b/.github/workflows/release-comms.yml
@@ -111,13 +111,12 @@ jobs:
      ownerRepo: 'grafana/grafana-enterprise'
      from: ${{ needs.setup.outputs.release_branch }}
      to: ${{ needs.create_next_release_branch_enterprise.outputs.branch }}
-  # Removed this for now since it doesn't work
-  # post_changelog_on_forum:
-  #   needs: setup
-  #   uses: grafana/grafana/.github/workflows/community-release.yml@main
-  #   with:
-  #     version: ${{ needs.setup.outputs.version }}
-  #     dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}
+  post_changelog_on_forum:
+    needs: setup
+    uses: grafana/grafana/.github/workflows/community-release.yml@main
+    with:
+      version: ${{ needs.setup.outputs.version }}
+      dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}
  create_github_release:
    # a github release requires a git tag
    # The github-release action retrieves the changelog using the /repos/grafana/grafana/contents/CHANGELOG.md API
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -3,7 +3,7 @@
 # Others can set up the YAML LSP manually, which supports schemas: https://github.com/redhat-developer/yaml-language-server

 # $schema: https://golangci-lint.run/jsonschema/golangci.jsonschema.json
-version: '2'
+version: "2"
 run:
  timeout: 15m
  concurrency: 10
@@ -83,16 +83,6 @@ linters:
          deny:
            - pkg: github.com/grafana/grafana/pkg
              desc: apps/playlist is not allowed to import grafana core
-        apps-dashboard:
-          list-mode: lax
-          files:
-            - ./apps/dashboard/*
-            - ./apps/dashboard/**/*
-          allow:
-            - github.com/grafana/grafana/pkg/apimachinery
-          deny:
-            - pkg: github.com/grafana/grafana/pkg
-              desc: apps/dashboard is not allowed to import grafana core
        apps-secret:
          list-mode: lax
          files:
@@ -291,16 +281,16 @@ linters:
        text: G306
      - linters:
          - gosec
-        text: '401'
+        text: "401"
      - linters:
          - gosec
-        text: '402'
+        text: "402"
      - linters:
          - gosec
-        text: '501'
+        text: "501"
      - linters:
          - gosec
-        text: '404'
+        text: "404"
      - linters:
          - errorlint
        text: non-wrapping format verb for fmt.Errorf
--- a/apps/advisor/go.mod
+++ b/apps/advisor/go.mod
@@ -15,7 +15,6 @@ require (
 	github.com/stretchr/testify v1.11.1
 	k8s.io/apimachinery v0.34.2
 	k8s.io/apiserver v0.34.2
-	k8s.io/client-go v0.34.2
 	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912
 )

@@ -44,7 +43,6 @@ replace github.com/grafana/grafana/apps/plugins => ../plugins
 replace github.com/prometheus/alertmanager => github.com/grafana/prometheus-alertmanager v0.25.1-0.20250911094103-5456b6e45604

 require (
-	cel.dev/expr v0.24.0 // indirect
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	dario.cat/mergo v1.0.2 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
@@ -57,7 +55,6 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
-	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f // indirect
 	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
@@ -88,7 +85,6 @@ require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
@@ -105,7 +101,6 @@ require (
 	github.com/evanphx/json-patch v5.9.11+incompatible // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/gchaincl/sqlhooks v1.3.0 // indirect
 	github.com/getkin/kin-openapi v0.133.0 // indirect
@@ -149,13 +144,12 @@ require (
 	github.com/golang-migrate/migrate/v4 v4.7.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
-	github.com/google/cel-go v0.26.1 // indirect
 	github.com/google/flatbuffers v25.2.10+incompatible // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/google/wire v0.7.0 // indirect
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 // indirect
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba // indirect
 	github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f // indirect
 	github.com/grafana/dataplane/sdata v0.0.9 // indirect
 	github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4 // indirect
@@ -168,7 +162,6 @@ require (
 	github.com/grafana/sqlds/v4 v4.2.7 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 // indirect
-	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20191002090509-6af20e3a5340 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-hclog v1.6.3 // indirect
@@ -183,7 +176,6 @@ require (
 	github.com/hashicorp/memberlist v0.5.2 // indirect
 	github.com/hashicorp/yamux v0.1.2 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jaegertracing/jaeger-idl v0.5.0 // indirect
 	github.com/jessevdk/go-flags v1.6.1 // indirect
 	github.com/jmespath-community/go-jmespath v1.1.1 // indirect
@@ -256,9 +248,7 @@ require (
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
-	github.com/spf13/cobra v1.10.1 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
-	github.com/stoewer/go-strcase v1.3.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tetratelabs/wazero v1.8.2 // indirect
 	github.com/thomaspoignant/go-feature-flag v1.42.0 // indirect
@@ -266,9 +256,6 @@ require (
 	github.com/woodsbury/decimal128 v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zeebo/xxh3 v1.0.2 // indirect
-	go.etcd.io/etcd/api/v3 v3.6.4 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect
-	go.etcd.io/etcd/client/v3 v3.6.4 // indirect
 	go.mongodb.org/mongo-driver v1.17.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
@@ -287,8 +274,6 @@ require (
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/mock v0.6.0 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/crypto v0.45.0 // indirect
@@ -312,26 +297,23 @@ require (
 	google.golang.org/grpc v1.77.0 // indirect
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/mail.v2 v2.3.1 // indirect
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/src-d/go-errors.v1 v1.0.0 // indirect
 	gopkg.in/telebot.v3 v3.3.8 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.34.2 // indirect
 	k8s.io/apiextensions-apiserver v0.34.2 // indirect
+	k8s.io/client-go v0.34.2 // indirect
 	k8s.io/component-base v0.34.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kms v0.34.2 // indirect
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
 	modernc.org/libc v1.66.10 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.40.1 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect
--- a/apps/advisor/go.sum
+++ b/apps/advisor/go.sum
@@ -282,7 +282,6 @@ github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03V
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8=
 github.com/cznic/fileutil v0.0.0-20180108211300-6a051e75936f/go.mod h1:8S58EK26zhXSxzv7NQFpnliaOQsmDUxvoQO3rt154Vg=
@@ -407,8 +406,6 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
-github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/analysis v0.24.0 h1:vE/VFFkICKyYuTWYnplQ+aVr45vlG6NcZKC7BdIXhsA=
 github.com/go-openapi/analysis v0.24.0/go.mod h1:GLyoJA+bvmGGaHgpfeDh8ldpGo69fAJg7eeMDMRCIrw=
 github.com/go-openapi/errors v0.22.3 h1:k6Hxa5Jg1TUyZnOwV2Lh81j8ayNw5VVYLvKrp4zFKFs=
@@ -609,10 +606,8 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
 github.com/gorilla/mux v1.7.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
-github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f h1:Cbm6OKkOcJ+7CSZsGsEJzktC/SIa5bxVeYKQLuYK86o=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f/go.mod h1:axY0cdOg3q0TZHwpHnIz5x16xZ8ZBxJHShsSHHXcHQg=
 github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 h1:Muoy+FMGrHj3GdFbvsMzUT7eusgii9PKf9L1ZaXDDbY=
@@ -754,8 +749,6 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
-github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
-github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
@@ -986,7 +979,6 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
 github.com/pressly/goose/v3 v3.26.0 h1:KJakav68jdH0WDvoAcj8+n61WqOIaPGgH0bJWS6jpmM=
 github.com/pressly/goose/v3 v3.26.0/go.mod h1:4hC1KrritdCxtuFsqgs1R4AU5bWtTAf+cnWvfhf2DNY=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
@@ -1004,7 +996,6 @@ github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
@@ -1019,7 +1010,6 @@ github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57J
 github.com/prometheus/exporter-toolkit v0.14.0 h1:NMlswfibpcZZ+H0sZBiTjrA3/aBFHkNZqE+iCj5EmRg=
 github.com/prometheus/exporter-toolkit v0.14.0/go.mod h1:Gu5LnVvt7Nr/oqTBUC23WILZepW0nffNo10XdhQcwWA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
@@ -1046,7 +1036,6 @@ github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0t
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
 github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8=
 github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
@@ -1069,8 +1058,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
-github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -1084,7 +1071,6 @@ github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
 github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
@@ -1110,7 +1096,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
@@ -1127,8 +1112,6 @@ github.com/thomaspoignant/go-feature-flag v1.42.0/go.mod h1:y0QiWH7chHWhGATb/+Xq
 github.com/tidwall/pretty v0.0.0-20180105212114-65a9db5fad51/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tjhop/slog-gokit v0.1.5 h1:ayloIUi5EK2QYB8eY4DOPO95/mRtMW42lUkp3quJohc=
 github.com/tjhop/slog-gokit v0.1.5/go.mod h1:yA48zAHvV+Sg4z4VRyeFyFUNNXd3JY5Zg84u3USICq0=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
 github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
@@ -1146,8 +1129,6 @@ github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcY
 github.com/xanzy/go-gitlab v0.15.0/go.mod h1:8zdQa/ri1dfn8eS3Ir1SyfvOKlw7WBJ8DVThkpGiXrs=
 github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
 github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
-github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510 h1:S2dVYn90KE98chqDkyE9Z4N61UnQd+KOfgp5Iu53llk=
-github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1158,8 +1139,6 @@ github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN
 github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
 gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE=
-go.etcd.io/bbolt v1.4.2 h1:IrUHp260R8c+zYx/Tm8QZr04CX+qWS5PGfPdevhdm1I=
-go.etcd.io/bbolt v1.4.2/go.mod h1:Is8rSHO/b4f3XigBC0lL0+4FwAQv3HXEEIgFMuKHceM=
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
 go.etcd.io/etcd/api/v3 v3.6.4 h1:7F6N7toCKcV72QmoUKa23yYLiiljMrT4xCeBL9BmXdo=
 go.etcd.io/etcd/api/v3 v3.6.4/go.mod h1:eFhhvfR8Px1P6SEuLT600v+vrhdDTdcfMzmnxVXXSbk=
@@ -1170,12 +1149,6 @@ go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+
 go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY=
 go.etcd.io/etcd/client/v3 v3.6.4 h1:YOMrCfMhRzY8NgtzUsHl8hC2EBSnuqbR3dh84Uryl7A=
 go.etcd.io/etcd/client/v3 v3.6.4/go.mod h1:jaNNHCyg2FdALyKWnd7hxZXZxZANb0+KGY+YQaEMISo=
-go.etcd.io/etcd/pkg/v3 v3.6.4 h1:fy8bmXIec1Q35/jRZ0KOes8vuFxbvdN0aAFqmEfJZWA=
-go.etcd.io/etcd/pkg/v3 v3.6.4/go.mod h1:kKcYWP8gHuBRcteyv6MXWSN0+bVMnfgqiHueIZnKMtE=
-go.etcd.io/etcd/server/v3 v3.6.4 h1:LsCA7CzjVt+8WGrdsnh6RhC0XqCsLkBly3ve5rTxMAU=
-go.etcd.io/etcd/server/v3 v3.6.4/go.mod h1:aYCL/h43yiONOv0QIR82kH/2xZ7m+IWYjzRmyQfnCAg=
-go.etcd.io/raft/v3 v3.6.0 h1:5NtvbDVYpnfZWcIHgGRk9DyzkBIXOi8j+DDp1IcnUWQ=
-go.etcd.io/raft/v3 v3.6.0/go.mod h1:nLvLevg6+xrVtHUmVaTcTz603gQPHfh7kUAwV6YpfGo=
 go.mongodb.org/mongo-driver v1.1.0/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.17.4 h1:jUorfmVzljjr0FLzYQsGP8cgN/qzzxlY9Vh0C9KFXVw=
 go.mongodb.org/mongo-driver v1.17.4/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
@@ -1328,7 +1301,6 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1740,7 +1712,6 @@ google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba/go.
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba h1:UKgtfRM7Yh93Sya0Fo8ZzhDP4qBckrrxEr2oF5UIVb8=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
-google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
--- a/apps/advisor/pkg/app/app.go
+++ b/apps/advisor/pkg/app/app.go
@@ -8,24 +8,18 @@ import (

 	"github.com/grafana/grafana-app-sdk/app"
 	"github.com/grafana/grafana-app-sdk/k8s"
-	appsdkapiserver "github.com/grafana/grafana-app-sdk/k8s/apiserver"
 	"github.com/grafana/grafana-app-sdk/logging"
 	"github.com/grafana/grafana-app-sdk/operator"
 	"github.com/grafana/grafana-app-sdk/resource"
 	"github.com/grafana/grafana-app-sdk/simple"
-	advisorapi "github.com/grafana/grafana/apps/advisor/pkg/apis"
 	advisorv0alpha1 "github.com/grafana/grafana/apps/advisor/pkg/apis/advisor/v0alpha1"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checkregistry"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checks"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checkscheduler"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checktyperegisterer"
 	"github.com/grafana/grafana/pkg/apimachinery/identity"
-	"github.com/grafana/grafana/pkg/services/org"
-	"github.com/grafana/grafana/pkg/setting"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apiserver/pkg/authorization/authorizer"
-	"k8s.io/client-go/rest"
 )

 func New(cfg app.Config) (app.App, error) {
@@ -194,45 +188,3 @@ func GetKinds() map[schema.GroupVersion][]resource.Kind {
 		},
 	}
 }
-
-func ProvideAppInstaller(
-	authorizer authorizer.Authorizer,
-	checkRegistry checkregistry.CheckService,
-	cfg *setting.Cfg,
-	orgService org.Service,
-) (*AdvisorAppInstaller, error) {
-	provider := simple.NewAppProvider(advisorapi.LocalManifest(), nil, New)
-	pluginConfig := cfg.PluginSettings["grafana-advisor-app"]
-	specificConfig := checkregistry.AdvisorAppConfig{
-		CheckRegistry: checkRegistry,
-		PluginConfig:  pluginConfig,
-		StackID:       cfg.StackID,
-		OrgService:    orgService,
-	}
-	appCfg := app.Config{
-		KubeConfig:     rest.Config{},
-		ManifestData:   *advisorapi.LocalManifest().ManifestData,
-		SpecificConfig: specificConfig,
-	}
-
-	defaultInstaller, err := appsdkapiserver.NewDefaultAppInstaller(provider, appCfg, advisorapi.NewGoTypeAssociator())
-	if err != nil {
-		return nil, err
-	}
-
-	installer := &AdvisorAppInstaller{
-		AppInstaller: defaultInstaller,
-		authorizer:   authorizer,
-	}
-
-	return installer, nil
-}
-
-type AdvisorAppInstaller struct {
-	appsdkapiserver.AppInstaller
-	authorizer authorizer.Authorizer
-}
-
-func (a *AdvisorAppInstaller) GetAuthorizer() authorizer.Authorizer {
-	return a.authorizer
-}
--- a/apps/advisor/pkg/app/authorizer.go
+++ b/apps/advisor/pkg/app/authorizer.go
@@ -0,0 +1,47 @@
+package app
+
+import (
+	"context"
+
+	claims "github.com/grafana/authlib/types"
+	"github.com/grafana/grafana/pkg/apimachinery/identity"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+func GetAuthorizer() authorizer.Authorizer {
+	return authorizer.AuthorizerFunc(func(
+		ctx context.Context, attr authorizer.Attributes,
+	) (authorized authorizer.Decision, reason string, err error) {
+		if !attr.IsResourceRequest() {
+			return authorizer.DecisionNoOpinion, "", nil
+		}
+
+		// Check for service identity
+		if identity.IsServiceIdentity(ctx) {
+			return authorizer.DecisionAllow, "", nil
+		}
+
+		// Check for access policy identity
+		info, ok := claims.AuthInfoFrom(ctx)
+		if ok && claims.IsIdentityType(info.GetIdentityType(), claims.TypeAccessPolicy) {
+			// For access policy identities, we need to use ResourceAuthorizer
+			// This requires an AccessClient, which should be provided by the API server
+			// For now, we'll use the default ResourceAuthorizer from the API server
+			// This will be set up by the API server's authorization chain
+			return authorizer.DecisionNoOpinion, "", nil
+		}
+
+		// For regular Grafana users, check if they are admin
+		u, err := identity.GetRequester(ctx)
+		if err != nil {
+			return authorizer.DecisionDeny, "valid user is required", err
+		}
+
+		// check if is admin
+		if u.HasRole(identity.RoleAdmin) {
+			return authorizer.DecisionAllow, "", nil
+		}
+
+		return authorizer.DecisionDeny, "forbidden", nil
+	})
+}
--- a/apps/advisor/pkg/app/authorizer_test.go
+++ b/apps/advisor/pkg/app/authorizer_test.go
@@ -0,0 +1,91 @@
+package app
+
+import (
+	"context"
+	"testing"
+
+	claims "github.com/grafana/authlib/types"
+	"github.com/grafana/grafana/pkg/apimachinery/identity"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+func TestGetAuthorizer(t *testing.T) {
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		attr             authorizer.Attributes
+		expectedDecision authorizer.Decision
+		expectedReason   string
+		expectedErr      error
+	}{
+		{
+			name:             "non-resource request",
+			ctx:              context.TODO(),
+			attr:             &mockAttributes{resourceRequest: false},
+			expectedDecision: authorizer.DecisionNoOpinion,
+			expectedReason:   "",
+			expectedErr:      nil,
+		},
+		{
+			name:             "user is admin",
+			ctx:              identity.WithRequester(context.TODO(), &mockUser{isGrafanaAdmin: true}),
+			attr:             &mockAttributes{resourceRequest: true},
+			expectedDecision: authorizer.DecisionAllow,
+			expectedReason:   "",
+			expectedErr:      nil,
+		},
+		{
+			name:             "user is not admin",
+			ctx:              identity.WithRequester(context.TODO(), &mockUser{isGrafanaAdmin: false}),
+			attr:             &mockAttributes{resourceRequest: true},
+			expectedDecision: authorizer.DecisionDeny,
+			expectedReason:   "forbidden",
+			expectedErr:      nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			auth := GetAuthorizer()
+			decision, reason, err := auth.Authorize(tt.ctx, tt.attr)
+			assert.Equal(t, tt.expectedDecision, decision)
+			assert.Equal(t, tt.expectedReason, reason)
+			assert.Equal(t, tt.expectedErr, err)
+		})
+	}
+}
+
+type mockAttributes struct {
+	authorizer.Attributes
+	resourceRequest bool
+}
+
+func (m *mockAttributes) IsResourceRequest() bool {
+	return m.resourceRequest
+}
+
+// Implement other methods of authorizer.Attributes as needed
+
+type mockUser struct {
+	identity.Requester
+	isGrafanaAdmin bool
+}
+
+func (m *mockUser) GetIsGrafanaAdmin() bool {
+	return m.isGrafanaAdmin
+}
+
+func (m *mockUser) HasRole(role identity.RoleType) bool {
+	return role == identity.RoleAdmin && m.isGrafanaAdmin
+}
+
+func (m *mockUser) GetUID() string {
+	return "test-uid"
+}
+
+func (m *mockUser) GetIdentityType() claims.IdentityType {
+	return claims.TypeUser
+}
+
+// Implement other methods of identity.Requester as needed
--- a/apps/alerting/historian/go.mod
+++ b/apps/alerting/historian/go.mod
@@ -4,7 +4,7 @@ go 1.25.5

 require (
 	github.com/go-kit/log v0.2.1
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba
 	github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4
 	github.com/grafana/grafana-app-sdk v0.48.5
 	github.com/grafana/grafana-app-sdk/logging v0.48.3
--- a/apps/alerting/historian/go.sum
+++ b/apps/alerting/historian/go.sum
@@ -216,10 +216,12 @@ github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grafana/grafana-app-sdk v0.48.5 h1:MS8l9fTZz+VbTfgApn09jw27GxhQ6fNOWGhC4ydvZmM=
+github.com/grafana/grafana-app-sdk v0.48.5/go.mod h1:HJsMOSBmt/D/Ihs1SvagOwmXKi0coBMVHlfvdd+qe9Y=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4 h1:jSojuc7njleS3UOz223WDlXOinmuLAIPI0z2vtq8EgI=
 github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4/go.mod h1:VahT+GtfQIM+o8ht2StR6J9g+Ef+C2Vokh5uuSmOD/4=
 github.com/grafana/grafana-app-sdk v0.48.5 h1:MS8l9fTZz+VbTfgApn09jw27GxhQ6fNOWGhC4ydvZmM=
--- a/apps/dashboard/go.mod
+++ b/apps/dashboard/go.mod
@@ -9,7 +9,6 @@ require (
 	github.com/grafana/grafana-app-sdk/logging v0.48.3
 	github.com/grafana/grafana-plugin-sdk-go v0.284.0
 	github.com/grafana/grafana/pkg/apimachinery v0.0.0-20250514132646-acbc7b54ed9e
-	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/prometheus/client_golang v1.23.2
 	github.com/stretchr/testify v1.11.1
 	k8s.io/apimachinery v0.34.2
@@ -58,6 +57,7 @@ require (
 	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.7.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/yamux v0.1.2 // indirect
 	github.com/jaegertracing/jaeger-idl v0.5.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
--- a/apps/dashboard/pkg/migration/conversion/testdata/input/v1beta1.value-mapping-and-overrides.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/input/v1beta1.value-mapping-and-overrides.json
@@ -1,603 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v1beta1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    },
-    "annotations": {},
-    "managedFields": []
-  },
-  "spec": {
-    "annotations": {
-      "list": [
-        {
-          "builtIn": 1,
-          "datasource": {
-            "type": "grafana",
-            "uid": "-- Grafana --"
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations & Alerts",
-          "type": "dashboard"
-        }
-      ]
-    },
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "fiscalYearStartMonth": 0,
-    "graphTooltip": 0,
-    "links": [],
-    "panels": [
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "critical": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Critical!"
-                  },
-                  "warning": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  },
-                  "ok": {
-                    "color": "green",
-                    "index": 2,
-                    "text": "OK"
-                  }
-                },
-                "type": "value"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 100
-                },
-                {
-                  "id": "custom.align",
-                  "value": "center"
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 0
-        },
-        "id": 1,
-        "targets": [
-          {
-            "expr": "up",
-            "refId": "A"
-          }
-        ],
-        "title": "ValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "from": 0,
-                  "to": 50,
-                  "result": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Low"
-                  }
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 50,
-                  "to": 80,
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Medium"
-                  }
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 80,
-                  "to": 100,
-                  "result": {
-                    "color": "red",
-                    "index": 2,
-                    "text": "High"
-                  }
-                },
-                "type": "range"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^cpu_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "percent"
-                },
-                {
-                  "id": "decimals",
-                  "value": 2
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 0
-        },
-        "id": 2,
-        "targets": [
-          {
-            "expr": "cpu_usage_percent",
-            "refId": "A"
-          }
-        ],
-        "title": "RangeMap Example",
-        "type": "gauge"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "pattern": "/^error.*/",
-                  "result": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Error"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^warn.*/",
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^info.*/",
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "Info"
-                  }
-                },
-                "type": "regex"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "string"
-              },
-              "properties": [
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-text"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 8
-        },
-        "id": 3,
-        "targets": [
-          {
-            "expr": "log_level",
-            "refId": "A"
-          }
-        ],
-        "title": "RegexMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 0,
-                    "text": "No Data"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 1,
-                    "text": "Not a Number"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "null+nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 2,
-                    "text": "N/A"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "true",
-                  "result": {
-                    "color": "green",
-                    "index": 3,
-                    "text": "Yes"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "false",
-                  "result": {
-                    "color": "red",
-                    "index": 4,
-                    "text": "No"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "empty",
-                  "result": {
-                    "color": "gray",
-                    "index": 5,
-                    "text": "Empty"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "A"
-              },
-              "properties": [
-                {
-                  "id": "color",
-                  "value": {
-                    "mode": "fixed",
-                    "fixedColor": "blue"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 8
-        },
-        "id": 4,
-        "targets": [
-          {
-            "expr": "some_metric",
-            "refId": "A"
-          }
-        ],
-        "title": "SpecialValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "success": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Success"
-                  },
-                  "failure": {
-                    "color": "red",
-                    "index": 1,
-                    "text": "Failure"
-                  }
-                },
-                "type": "value"
-              },
-              {
-                "options": {
-                  "from": 0,
-                  "to": 100,
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "In Range"
-                  }
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "pattern": "/^[A-Z]{3}-\\d+$/",
-                  "result": {
-                    "color": "purple",
-                    "index": 3,
-                    "text": "ID Format"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 4,
-                    "text": "Missing"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 120
-                },
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-background"
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^value_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "short"
-                },
-                {
-                  "id": "min",
-                  "value": 0
-                },
-                {
-                  "id": "max",
-                  "value": 100
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "number"
-              },
-              "properties": [
-                {
-                  "id": "decimals",
-                  "value": 2
-                },
-                {
-                  "id": "thresholds",
-                  "value": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "yellow",
-                        "value": 50
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "B"
-              },
-              "properties": [
-                {
-                  "id": "displayName",
-                  "value": "Secondary Query"
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byValue",
-                "options": {
-                  "reducer": "allIsNull",
-                  "op": "gte",
-                  "value": 0
-                }
-              },
-              "properties": [
-                {
-                  "id": "custom.hidden",
-                  "value": true
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 24,
-          "x": 0,
-          "y": 16
-        },
-        "id": 5,
-        "targets": [
-          {
-            "expr": "combined_metric",
-            "refId": "A"
-          },
-          {
-            "expr": "secondary_metric",
-            "refId": "B"
-          }
-        ],
-        "title": "Combined Mappings and Overrides Example",
-        "type": "table"
-      }
-    ],
-    "schemaVersion": 42,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "templating": {
-      "list": []
-    },
-    "time": {
-      "from": "now-6h",
-      "to": "now"
-    },
-    "timepicker": {},
-    "timezone": "browser",
-    "title": "Value Mapping and Overrides Test",
-    "weekStart": ""
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v0alpha1"
-    }
-  },
-  "access": {
-    "slug": "value-mapping-test",
-    "url": "/d/value-mapping-test/value-mapping-and-overrides-test",
-    "canSave": true,
-    "canEdit": true,
-    "canAdmin": true,
-    "canStar": true,
-    "canDelete": true,
-    "annotationsPermissions": {
-      "dashboard": {
-        "canAdd": true,
-        "canEdit": true,
-        "canDelete": true
-      },
-      "organization": {
-        "canAdd": true,
-        "canEdit": true,
-        "canDelete": true
-      }
-    }
-  }
-}
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v30.value_mappings_and_tooltip_options.v42.v2alpha1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v30.value_mappings_and_tooltip_options.v42.v2alpha1.json
@@ -530,7 +530,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v30.value_mappings_and_tooltip_options.v42.v2beta1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v30.value_mappings_and_tooltip_options.v42.v2beta1.json
@@ -546,7 +546,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v33.panel_ds_name_to_ref.v42.v2alpha1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v33.panel_ds_name_to_ref.v42.v2alpha1.json
@@ -548,7 +548,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v33.panel_ds_name_to_ref.v42.v2beta1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v33.panel_ds_name_to_ref.v42.v2beta1.json
@@ -574,7 +574,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v34.multiple_stats_cloudwatch.v42.v2alpha1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v34.multiple_stats_cloudwatch.v42.v2alpha1.json
@@ -1663,7 +1663,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v34.multiple_stats_cloudwatch.v42.v2beta1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v34.multiple_stats_cloudwatch.v42.v2beta1.json
@@ -1727,7 +1727,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v42.hidefrom_tooltip.v42.v2alpha1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v42.hidefrom_tooltip.v42.v2alpha1.json
@@ -328,7 +328,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v42.hidefrom_tooltip.v42.v2beta1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/migrated_dashboards_output/v1beta1-mig-v42.hidefrom_tooltip.v42.v2beta1.json
@@ -335,7 +335,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
--- a/apps/dashboard/pkg/migration/conversion/testdata/output/v1beta1.value-mapping-and-overrides.v0alpha1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/output/v1beta1.value-mapping-and-overrides.v0alpha1.json
@@ -1,580 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v0alpha1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    }
-  },
-  "spec": {
-    "annotations": {
-      "list": [
-        {
-          "builtIn": 1,
-          "datasource": {
-            "type": "grafana",
-            "uid": "-- Grafana --"
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations \u0026 Alerts",
-          "type": "dashboard"
-        }
-      ]
-    },
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "fiscalYearStartMonth": 0,
-    "graphTooltip": 0,
-    "links": [],
-    "panels": [
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "critical": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Critical!"
-                  },
-                  "ok": {
-                    "color": "green",
-                    "index": 2,
-                    "text": "OK"
-                  },
-                  "warning": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  }
-                },
-                "type": "value"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 100
-                },
-                {
-                  "id": "custom.align",
-                  "value": "center"
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 0
-        },
-        "id": 1,
-        "targets": [
-          {
-            "expr": "up",
-            "refId": "A"
-          }
-        ],
-        "title": "ValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "from": 0,
-                  "result": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Low"
-                  },
-                  "to": 50
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 50,
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Medium"
-                  },
-                  "to": 80
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 80,
-                  "result": {
-                    "color": "red",
-                    "index": 2,
-                    "text": "High"
-                  },
-                  "to": 100
-                },
-                "type": "range"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^cpu_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "percent"
-                },
-                {
-                  "id": "decimals",
-                  "value": 2
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 0
-        },
-        "id": 2,
-        "targets": [
-          {
-            "expr": "cpu_usage_percent",
-            "refId": "A"
-          }
-        ],
-        "title": "RangeMap Example",
-        "type": "gauge"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "pattern": "/^error.*/",
-                  "result": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Error"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^warn.*/",
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^info.*/",
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "Info"
-                  }
-                },
-                "type": "regex"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "string"
-              },
-              "properties": [
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-text"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 8
-        },
-        "id": 3,
-        "targets": [
-          {
-            "expr": "log_level",
-            "refId": "A"
-          }
-        ],
-        "title": "RegexMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 0,
-                    "text": "No Data"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 1,
-                    "text": "Not a Number"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "null+nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 2,
-                    "text": "N/A"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "true",
-                  "result": {
-                    "color": "green",
-                    "index": 3,
-                    "text": "Yes"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "false",
-                  "result": {
-                    "color": "red",
-                    "index": 4,
-                    "text": "No"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "empty",
-                  "result": {
-                    "color": "gray",
-                    "index": 5,
-                    "text": "Empty"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "A"
-              },
-              "properties": [
-                {
-                  "id": "color",
-                  "value": {
-                    "fixedColor": "blue",
-                    "mode": "fixed"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 8
-        },
-        "id": 4,
-        "targets": [
-          {
-            "expr": "some_metric",
-            "refId": "A"
-          }
-        ],
-        "title": "SpecialValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "failure": {
-                    "color": "red",
-                    "index": 1,
-                    "text": "Failure"
-                  },
-                  "success": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Success"
-                  }
-                },
-                "type": "value"
-              },
-              {
-                "options": {
-                  "from": 0,
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "In Range"
-                  },
-                  "to": 100
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "pattern": "/^[A-Z]{3}-\\d+$/",
-                  "result": {
-                    "color": "purple",
-                    "index": 3,
-                    "text": "ID Format"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 4,
-                    "text": "Missing"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 120
-                },
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-background"
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^value_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "short"
-                },
-                {
-                  "id": "min",
-                  "value": 0
-                },
-                {
-                  "id": "max",
-                  "value": 100
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "number"
-              },
-              "properties": [
-                {
-                  "id": "decimals",
-                  "value": 2
-                },
-                {
-                  "id": "thresholds",
-                  "value": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "yellow",
-                        "value": 50
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "B"
-              },
-              "properties": [
-                {
-                  "id": "displayName",
-                  "value": "Secondary Query"
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byValue",
-                "options": {
-                  "op": "gte",
-                  "reducer": "allIsNull",
-                  "value": 0
-                }
-              },
-              "properties": [
-                {
-                  "id": "custom.hidden",
-                  "value": true
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 24,
-          "x": 0,
-          "y": 16
-        },
-        "id": 5,
-        "targets": [
-          {
-            "expr": "combined_metric",
-            "refId": "A"
-          },
-          {
-            "expr": "secondary_metric",
-            "refId": "B"
-          }
-        ],
-        "title": "Combined Mappings and Overrides Example",
-        "type": "table"
-      }
-    ],
-    "schemaVersion": 42,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "templating": {
-      "list": []
-    },
-    "time": {
-      "from": "now-6h",
-      "to": "now"
-    },
-    "timepicker": {},
-    "timezone": "browser",
-    "title": "Value Mapping and Overrides Test",
-    "weekStart": ""
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v1beta1"
-    }
-  }
-}
--- a/apps/dashboard/pkg/migration/conversion/testdata/output/v1beta1.value-mapping-and-overrides.v2alpha1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/output/v1beta1.value-mapping-and-overrides.v2alpha1.json
@@ -1,783 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v2alpha1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    }
-  },
-  "spec": {
-    "annotations": [
-      {
-        "kind": "AnnotationQuery",
-        "spec": {
-          "datasource": {
-            "type": "grafana",
-            "uid": "-- Grafana --"
-          },
-          "query": {
-            "kind": "grafana",
-            "spec": {}
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations \u0026 Alerts",
-          "builtIn": true,
-          "legacyOptions": {
-            "type": "dashboard"
-          }
-        }
-      }
-    ],
-    "cursorSync": "Off",
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "elements": {
-      "panel-1": {
-        "kind": "Panel",
-        "spec": {
-          "id": 1,
-          "title": "ValueMap Example",
-          "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "up"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "stat",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "critical": {
-                          "text": "Critical!",
-                          "color": "red",
-                          "index": 0
-                        },
-                        "ok": {
-                          "text": "OK",
-                          "color": "green",
-                          "index": 2
-                        },
-                        "warning": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 100
-                      },
-                      {
-                        "id": "custom.align",
-                        "value": "center"
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-2": {
-        "kind": "Panel",
-        "spec": {
-          "id": 2,
-          "title": "RangeMap Example",
-          "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "cpu_usage_percent"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "gauge",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 50,
-                        "result": {
-                          "text": "Low",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 50,
-                        "to": 80,
-                        "result": {
-                          "text": "Medium",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 80,
-                        "to": 100,
-                        "result": {
-                          "text": "High",
-                          "color": "red",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^cpu_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "percent"
-                      },
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-3": {
-        "kind": "Panel",
-        "spec": {
-          "id": 3,
-          "title": "RegexMap Example",
-          "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "log_level"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "stat",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^error.*/",
-                        "result": {
-                          "text": "Error",
-                          "color": "red",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^warn.*/",
-                        "result": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^info.*/",
-                        "result": {
-                          "text": "Info",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "string"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-text"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-4": {
-        "kind": "Panel",
-        "spec": {
-          "id": 4,
-          "title": "SpecialValueMap Example",
-          "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "some_metric"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "stat",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "No Data",
-                          "color": "gray",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "nan",
-                        "result": {
-                          "text": "Not a Number",
-                          "color": "gray",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null+nan",
-                        "result": {
-                          "text": "N/A",
-                          "color": "gray",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "true",
-                        "result": {
-                          "text": "Yes",
-                          "color": "green",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "false",
-                        "result": {
-                          "text": "No",
-                          "color": "red",
-                          "index": 4
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "empty",
-                        "result": {
-                          "text": "Empty",
-                          "color": "gray",
-                          "index": 5
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "A"
-                    },
-                    "properties": [
-                      {
-                        "id": "color",
-                        "value": {
-                          "fixedColor": "blue",
-                          "mode": "fixed"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-5": {
-        "kind": "Panel",
-        "spec": {
-          "id": 5,
-          "title": "Combined Mappings and Overrides Example",
-          "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "combined_metric"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                },
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "secondary_metric"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "B",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "table",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "failure": {
-                          "text": "Failure",
-                          "color": "red",
-                          "index": 1
-                        },
-                        "success": {
-                          "text": "Success",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 100,
-                        "result": {
-                          "text": "In Range",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^[A-Z]{3}-\\d+$/",
-                        "result": {
-                          "text": "ID Format",
-                          "color": "purple",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "Missing",
-                          "color": "gray",
-                          "index": 4
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 120
-                      },
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-background"
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^value_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "short"
-                      },
-                      {
-                        "id": "min",
-                        "value": 0
-                      },
-                      {
-                        "id": "max",
-                        "value": 100
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "number"
-                    },
-                    "properties": [
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      },
-                      {
-                        "id": "thresholds",
-                        "value": {
-                          "mode": "absolute",
-                          "steps": [
-                            {
-                              "color": "green",
-                              "value": null
-                            },
-                            {
-                              "color": "yellow",
-                              "value": 50
-                            },
-                            {
-                              "color": "red",
-                              "value": 80
-                            }
-                          ]
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "B"
-                    },
-                    "properties": [
-                      {
-                        "id": "displayName",
-                        "value": "Secondary Query"
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byValue",
-                      "options": {
-                        "op": "gte",
-                        "reducer": "allIsNull",
-                        "value": 0
-                      }
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.hidden",
-                        "value": true
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      }
-    },
-    "layout": {
-      "kind": "GridLayout",
-      "spec": {
-        "items": [
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-1"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-2"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-3"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-4"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 16,
-              "width": 24,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-5"
-              }
-            }
-          }
-        ]
-      }
-    },
-    "links": [],
-    "liveNow": false,
-    "preload": false,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "timeSettings": {
-      "timezone": "browser",
-      "from": "now-6h",
-      "to": "now",
-      "autoRefresh": "",
-      "autoRefreshIntervals": [
-        "5s",
-        "10s",
-        "30s",
-        "1m",
-        "5m",
-        "15m",
-        "30m",
-        "1h",
-        "2h",
-        "1d"
-      ],
-      "hideTimepicker": false,
-      "fiscalYearStartMonth": 0
-    },
-    "title": "Value Mapping and Overrides Test",
-    "variables": []
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v1beta1"
-    }
-  }
-}
--- a/apps/dashboard/pkg/migration/conversion/testdata/output/v1beta1.value-mapping-and-overrides.v2beta1.json
+++ b/apps/dashboard/pkg/migration/conversion/testdata/output/v1beta1.value-mapping-and-overrides.v2beta1.json
@@ -1,795 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v2beta1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    }
-  },
-  "spec": {
-    "annotations": [
-      {
-        "kind": "AnnotationQuery",
-        "spec": {
-          "query": {
-            "kind": "DataQuery",
-            "group": "grafana",
-            "version": "v0",
-            "datasource": {
-              "name": "-- Grafana --"
-            },
-            "spec": {}
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations \u0026 Alerts",
-          "builtIn": true,
-          "legacyOptions": {
-            "type": "dashboard"
-          }
-        }
-      }
-    ],
-    "cursorSync": "Off",
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "elements": {
-      "panel-1": {
-        "kind": "Panel",
-        "spec": {
-          "id": 1,
-          "title": "ValueMap Example",
-          "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "up"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "stat",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "critical": {
-                          "text": "Critical!",
-                          "color": "red",
-                          "index": 0
-                        },
-                        "ok": {
-                          "text": "OK",
-                          "color": "green",
-                          "index": 2
-                        },
-                        "warning": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 100
-                      },
-                      {
-                        "id": "custom.align",
-                        "value": "center"
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-2": {
-        "kind": "Panel",
-        "spec": {
-          "id": 2,
-          "title": "RangeMap Example",
-          "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "cpu_usage_percent"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "gauge",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 50,
-                        "result": {
-                          "text": "Low",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 50,
-                        "to": 80,
-                        "result": {
-                          "text": "Medium",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 80,
-                        "to": 100,
-                        "result": {
-                          "text": "High",
-                          "color": "red",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^cpu_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "percent"
-                      },
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-3": {
-        "kind": "Panel",
-        "spec": {
-          "id": 3,
-          "title": "RegexMap Example",
-          "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "log_level"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "stat",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^error.*/",
-                        "result": {
-                          "text": "Error",
-                          "color": "red",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^warn.*/",
-                        "result": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^info.*/",
-                        "result": {
-                          "text": "Info",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "string"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-text"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-4": {
-        "kind": "Panel",
-        "spec": {
-          "id": 4,
-          "title": "SpecialValueMap Example",
-          "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "some_metric"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "stat",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "No Data",
-                          "color": "gray",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "nan",
-                        "result": {
-                          "text": "Not a Number",
-                          "color": "gray",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null+nan",
-                        "result": {
-                          "text": "N/A",
-                          "color": "gray",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "true",
-                        "result": {
-                          "text": "Yes",
-                          "color": "green",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "false",
-                        "result": {
-                          "text": "No",
-                          "color": "red",
-                          "index": 4
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "empty",
-                        "result": {
-                          "text": "Empty",
-                          "color": "gray",
-                          "index": 5
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "A"
-                    },
-                    "properties": [
-                      {
-                        "id": "color",
-                        "value": {
-                          "fixedColor": "blue",
-                          "mode": "fixed"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-5": {
-        "kind": "Panel",
-        "spec": {
-          "id": 5,
-          "title": "Combined Mappings and Overrides Example",
-          "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "combined_metric"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                },
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "secondary_metric"
-                      }
-                    },
-                    "refId": "B",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "table",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "failure": {
-                          "text": "Failure",
-                          "color": "red",
-                          "index": 1
-                        },
-                        "success": {
-                          "text": "Success",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 100,
-                        "result": {
-                          "text": "In Range",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^[A-Z]{3}-\\d+$/",
-                        "result": {
-                          "text": "ID Format",
-                          "color": "purple",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "Missing",
-                          "color": "gray",
-                          "index": 4
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 120
-                      },
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-background"
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^value_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "short"
-                      },
-                      {
-                        "id": "min",
-                        "value": 0
-                      },
-                      {
-                        "id": "max",
-                        "value": 100
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "number"
-                    },
-                    "properties": [
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      },
-                      {
-                        "id": "thresholds",
-                        "value": {
-                          "mode": "absolute",
-                          "steps": [
-                            {
-                              "color": "green",
-                              "value": null
-                            },
-                            {
-                              "color": "yellow",
-                              "value": 50
-                            },
-                            {
-                              "color": "red",
-                              "value": 80
-                            }
-                          ]
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "B"
-                    },
-                    "properties": [
-                      {
-                        "id": "displayName",
-                        "value": "Secondary Query"
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byValue",
-                      "options": {
-                        "op": "gte",
-                        "reducer": "allIsNull",
-                        "value": 0
-                      }
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.hidden",
-                        "value": true
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      }
-    },
-    "layout": {
-      "kind": "GridLayout",
-      "spec": {
-        "items": [
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-1"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-2"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-3"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-4"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 16,
-              "width": 24,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-5"
-              }
-            }
-          }
-        ]
-      }
-    },
-    "links": [],
-    "liveNow": false,
-    "preload": false,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "timeSettings": {
-      "timezone": "browser",
-      "from": "now-6h",
-      "to": "now",
-      "autoRefresh": "",
-      "autoRefreshIntervals": [
-        "5s",
-        "10s",
-        "30s",
-        "1m",
-        "5m",
-        "15m",
-        "30m",
-        "1h",
-        "2h",
-        "1d"
-      ],
-      "hideTimepicker": false,
-      "fiscalYearStartMonth": 0
-    },
-    "title": "Value Mapping and Overrides Test",
-    "variables": []
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v1beta1"
-    }
-  }
-}
--- a/apps/dashboard/pkg/migration/conversion/v1beta1_to_v2alpha1.go
+++ b/apps/dashboard/pkg/migration/conversion/v1beta1_to_v2alpha1.go
@@ -501,9 +501,11 @@ func convertToRowsLayout(ctx context.Context, panels []interface{}, dsIndexProvi

 			if currentRow != nil {
 				// If currentRow is a hidden-header row (panels before first explicit row),
-				// it should not be collapsed because it will disappear and be visible only in edit mode
+				// set its collapse to match the first explicit row's collapsed value
+				// This matches frontend behavior: collapse: panel.collapsed
 				if currentRow.Spec.HideHeader != nil && *currentRow.Spec.HideHeader {
-					currentRow.Spec.Collapse = &[]bool{false}[0]
+					rowCollapsed := getBoolField(panelMap, "collapsed", false)
+					currentRow.Spec.Collapse = &rowCollapsed
 				}
 				// Flush current row to layout
 				rows = append(rows, *currentRow)
@@ -2020,9 +2022,6 @@ func transformPanelQueries(ctx context.Context, panelMap map[string]interface{},

 func transformSingleQuery(ctx context.Context, targetMap map[string]interface{}, panelDatasource *dashv2alpha1.DashboardDataSourceRef, dsIndexProvider schemaversion.DataSourceIndexProvider) dashv2alpha1.DashboardPanelQueryKind {
 	refId := schemaversion.GetStringValue(targetMap, "refId", "A")
-	if refId == "" {
-		refId = "A"
-	}
 	hidden := getBoolField(targetMap, "hide", false)

 	// Extract datasource from query or use panel datasource
@@ -2519,15 +2518,22 @@ func buildRegexMap(mappingMap map[string]interface{}) *dashv2alpha1.DashboardReg
 	regexMap := &dashv2alpha1.DashboardRegexMap{}
 	regexMap.Type = dashv2alpha1.DashboardMappingTypeRegex

-	optMap, ok := mappingMap["options"].(map[string]interface{})
+	opts, ok := mappingMap["options"].([]interface{})
+	if !ok || len(opts) == 0 {
+		return nil
+	}
+
+	optMap, ok := opts[0].(map[string]interface{})
 	if !ok {
 		return nil
 	}

 	r := dashv2alpha1.DashboardV2alpha1RegexMapOptions{}
-	if pattern, ok := optMap["pattern"].(string); ok {
+	if pattern, ok := optMap["regex"].(string); ok {
 		r.Pattern = pattern
 	}
+
+	// Result is a DashboardValueMappingResult
 	if resMap, ok := optMap["result"].(map[string]interface{}); ok {
 		r.Result = buildValueMappingResult(resMap)
 	}
--- a/apps/dashboard/pkg/migration/schemaversion/cache.go
+++ b/apps/dashboard/pkg/migration/schemaversion/cache.go
@@ -5,11 +5,12 @@ import (
 	"sync"
 	"time"

-	"github.com/hashicorp/golang-lru/v2/expirable"
-	"k8s.io/apiserver/pkg/endpoints/request"
-
 	"github.com/grafana/authlib/types"
-	"github.com/grafana/grafana-app-sdk/logging"
+	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/hashicorp/golang-lru/v2/expirable"
+	k8srequest "k8s.io/apiserver/pkg/endpoints/request"
+
+	"github.com/grafana/grafana/pkg/services/apiserver/endpoints/request"
 )

 const defaultCacheSize = 1000
@@ -31,15 +32,17 @@ type cachedProvider[T any] struct {
 	fetch    func(context.Context) T
 	cache    *expirable.LRU[string, T] // LRU cache: namespace to cache entry
 	inFlight sync.Map                  // map[string]*sync.Mutex - per-namespace fetch locks
+	logger   log.Logger
 }

 // newCachedProvider creates a new cachedProvider.
 // The fetch function should be able to handle context with different namespaces.
 // A non-positive size turns LRU mechanism off (cache of unlimited size).
 // A non-positive cacheTTL disables TTL expiration.
-func newCachedProvider[T any](fetch func(context.Context) T, size int, cacheTTL time.Duration) *cachedProvider[T] {
+func newCachedProvider[T any](fetch func(context.Context) T, size int, cacheTTL time.Duration, logger log.Logger) *cachedProvider[T] {
 	cacheProvider := &cachedProvider[T]{
-		fetch: fetch,
+		fetch:  fetch,
+		logger: logger,
 	}
 	cacheProvider.cache = expirable.NewLRU(size, func(key string, value T) {
 		cacheProvider.inFlight.Delete(key)
@@ -50,13 +53,14 @@ func newCachedProvider[T any](fetch func(context.Context) T, size int, cacheTTL
 // Get returns the cached value if it's still valid, otherwise calls fetch and caches the result.
 func (p *cachedProvider[T]) Get(ctx context.Context) T {
 	// Get namespace info from ctx
-	namespace, ok := request.NamespaceFrom(ctx)
-	if !ok {
+	nsInfo, err := request.NamespaceInfoFrom(ctx, true)
+	if err != nil {
 		// No namespace, fall back to direct fetch call without caching
-		logging.FromContext(ctx).Warn("Unable to get namespace info from context, skipping cache")
+		p.logger.Warn("Unable to get namespace info from context, skipping cache", "error", err)
 		return p.fetch(ctx)
 	}

+	namespace := nsInfo.Value
 	// Fast path: check if cache is still valid
 	if entry, ok := p.cache.Get(namespace); ok {
 		return entry
@@ -77,7 +81,7 @@ func (p *cachedProvider[T]) Get(ctx context.Context) T {
 	}

 	// Fetch outside the main lock - only this namespace is blocked
-	logging.FromContext(ctx).Debug("cache miss or expired, fetching new value", "namespace", namespace)
+	p.logger.Debug("cache miss or expired, fetching new value", "namespace", namespace)
 	value := p.fetch(ctx)

 	// Update the cache for this namespace
@@ -89,12 +93,12 @@ func (p *cachedProvider[T]) Get(ctx context.Context) T {
 // Preload loads data into the cache for the given namespaces.
 func (p *cachedProvider[T]) Preload(ctx context.Context, nsInfos []types.NamespaceInfo) {
 	// Build the cache using a context with the namespace
-	logging.FromContext(ctx).Info("preloading cache", "nsInfos", len(nsInfos))
+	p.logger.Info("preloading cache", "nsInfos", len(nsInfos))
 	startedAt := time.Now()
 	defer func() {
-		logging.FromContext(ctx).Info("finished preloading cache", "nsInfos", len(nsInfos), "elapsed", time.Since(startedAt))
+		p.logger.Info("finished preloading cache", "nsInfos", len(nsInfos), "elapsed", time.Since(startedAt))
 	}()
 	for _, nsInfo := range nsInfos {
-		p.cache.Add(nsInfo.Value, p.fetch(request.WithNamespace(ctx, nsInfo.Value)))
+		p.cache.Add(nsInfo.Value, p.fetch(k8srequest.WithNamespace(ctx, nsInfo.Value)))
 	}
 }
--- a/apps/dashboard/pkg/migration/schemaversion/cache_test.go
+++ b/apps/dashboard/pkg/migration/schemaversion/cache_test.go
@@ -8,11 +8,11 @@ import (
 	"testing"
 	"time"

+	authlib "github.com/grafana/authlib/types"
+	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"k8s.io/apiserver/pkg/endpoints/request"
-
-	authlib "github.com/grafana/authlib/types"
 )

 // testProvider tracks how many times get() is called
@@ -44,7 +44,7 @@ func TestCachedProvider_CacheHit(t *testing.T) {

 	underlying := newTestProvider(datasources)
 	// Test newCachedProvider directly instead of the wrapper
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Use "default" namespace (org 1) - this is the standard Grafana namespace format
 	ctx := request.WithNamespace(context.Background(), "default")
@@ -69,7 +69,7 @@ func TestCachedProvider_NamespaceIsolation(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Use "default" (org 1) and "org-2" (org 2) - standard Grafana namespace formats
 	ctx1 := request.WithNamespace(context.Background(), "default")
@@ -102,7 +102,7 @@ func TestCachedProvider_NoNamespaceFallback(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Context without namespace - should fall back to direct provider call
 	ctx := context.Background()
@@ -123,7 +123,7 @@ func TestCachedProvider_ConcurrentAccess(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Use "default" namespace (org 1)
 	ctx := request.WithNamespace(context.Background(), "default")
@@ -155,7 +155,7 @@ func TestCachedProvider_ConcurrentNamespaces(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	var wg sync.WaitGroup
 	numOrgs := 10
@@ -198,7 +198,7 @@ func TestCachedProvider_CorrectDataPerNamespace(t *testing.T) {
 			"org-2":   {{UID: "org2-ds", Type: "loki", Name: "Org2 DS", Default: true}},
 		},
 	}
-	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute, log.New("test"))

 	// Use valid namespace formats
 	ctx1 := request.WithNamespace(context.Background(), "default")
@@ -228,7 +228,7 @@ func TestCachedProvider_PreloadMultipleNamespaces(t *testing.T) {
 			"org-3":   {{UID: "org3-ds", Type: "tempo", Name: "Org3 DS", Default: true}},
 		},
 	}
-	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute, log.New("test"))

 	// Preload multiple namespaces
 	nsInfos := []authlib.NamespaceInfo{
@@ -346,7 +346,7 @@ func TestCachedProvider_TTLExpiration(t *testing.T) {
 	underlying := newTestProvider(datasources)
 	// Use a very short TTL for testing
 	shortTTL := 50 * time.Millisecond
-	cached := newCachedProvider(underlying.get, defaultCacheSize, shortTTL)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, shortTTL, log.New("test"))

 	ctx := request.WithNamespace(context.Background(), "default")

@@ -379,7 +379,7 @@ func TestCachedProvider_ParallelNamespacesFetch(t *testing.T) {
 			{UID: "ds1", Type: "prometheus", Name: "Prometheus", Default: true},
 		},
 	}
-	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute, log.New("test"))

 	numNamespaces := 5
 	var wg sync.WaitGroup
@@ -421,7 +421,7 @@ func TestCachedProvider_SameNamespaceSerialFetch(t *testing.T) {
 			{UID: "ds1", Type: "prometheus", Name: "Prometheus", Default: true},
 		},
 	}
-	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute, log.New("test"))

 	numGoroutines := 10
 	var wg sync.WaitGroup
--- a/apps/dashboard/pkg/migration/schemaversion/datasource_utils.go
+++ b/apps/dashboard/pkg/migration/schemaversion/datasource_utils.go
@@ -3,6 +3,8 @@ package schemaversion
 import (
 	"context"
 	"time"
+
+	"github.com/grafana/grafana/pkg/infra/log"
 )

 // Shared utility functions for datasource migrations across different schema versions.
@@ -34,7 +36,7 @@ func WrapIndexProviderWithCache(provider DataSourceIndexProvider, cacheTTL time.
 		return provider
 	}
 	return &cachedIndexProvider{
-		newCachedProvider[*DatasourceIndex](provider.Index, defaultCacheSize, cacheTTL),
+		newCachedProvider[*DatasourceIndex](provider.Index, defaultCacheSize, cacheTTL, log.New("schemaversion.dsindexprovider")),
 	}
 }

@@ -44,7 +46,7 @@ func WrapLibraryElementProviderWithCache(provider LibraryElementIndexProvider, c
 		return provider
 	}
 	return &cachedLibraryElementProvider{
-		newCachedProvider[[]LibraryElementInfo](provider.GetLibraryElementInfo, defaultCacheSize, cacheTTL),
+		newCachedProvider[[]LibraryElementInfo](provider.GetLibraryElementInfo, defaultCacheSize, cacheTTL, log.New("schemaversion.leindexprovider")),
 	}
 }

--- a/apps/dashboard/pkg/migration/testdata/dev-dashboards-output/panel-gauge/gauge_tests_new.v42.json
+++ b/apps/dashboard/pkg/migration/testdata/dev-dashboards-output/panel-gauge/gauge_tests_new.v42.json
@@ -75,9 +75,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -154,9 +154,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -233,9 +233,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -312,9 +312,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -391,9 +391,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -470,9 +470,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": false,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -549,9 +549,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": false,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -641,9 +641,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -720,9 +720,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -799,9 +799,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -878,9 +878,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -974,9 +974,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1053,9 +1053,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1132,9 +1132,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1211,9 +1211,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1290,9 +1290,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1386,9 +1386,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1469,9 +1469,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1552,9 +1552,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1643,9 +1643,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1727,9 +1727,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1825,9 +1825,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1910,9 +1910,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1994,9 +1994,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -2078,9 +2078,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -2172,9 +2172,7 @@
        },
        "orientation": "auto",
        "reduceOptions": {
-          "calcs": [
-            "lastNotNull"
-          ],
+          "calcs": ["lastNotNull"],
          "fields": "",
          "values": false
        },
@@ -2240,9 +2238,7 @@
        },
        "orientation": "auto",
        "reduceOptions": {
-          "calcs": [
-            "lastNotNull"
-          ],
+          "calcs": ["lastNotNull"],
          "fields": "",
          "values": false
        },
@@ -2279,4 +2275,4 @@
  "title": "Panel tests - Gauge (new)",
  "uid": "panel-tests-gauge-new",
  "weekStart": ""
-}
+}
--- a/apps/dashboard/pkg/migration/testdata/dev-dashboards-output/panel-gauge/gauge_tests_old_to_new.v42.json
+++ b/apps/dashboard/pkg/migration/testdata/dev-dashboards-output/panel-gauge/gauge_tests_old_to_new.v42.json
@@ -955,9 +955,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1162,4 +1162,4 @@
  "title": "Panel tests - Old gauge to new",
  "uid": "panel-tests-old-gauge-to-new",
  "weekStart": ""
-}
+}
--- a/apps/iam/go.mod
+++ b/apps/iam/go.mod
@@ -221,7 +221,7 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
 	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 // indirect
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba // indirect
 	github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f // indirect
 	github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 // indirect
 	github.com/grafana/dataplane/sdata v0.0.9 // indirect
--- a/apps/iam/go.sum
+++ b/apps/iam/go.sum
@@ -817,8 +817,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f h1:Cbm6OKkOcJ+7CSZsGsEJzktC/SIa5bxVeYKQLuYK86o=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f/go.mod h1:axY0cdOg3q0TZHwpHnIz5x16xZ8ZBxJHShsSHHXcHQg=
 github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 h1:Muoy+FMGrHj3GdFbvsMzUT7eusgii9PKf9L1ZaXDDbY=
--- a/apps/plugins/go.mod
+++ b/apps/plugins/go.mod
@@ -74,7 +74,7 @@ require (
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 // indirect
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba // indirect
 	github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f // indirect
 	github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 // indirect
 	github.com/grafana/dataplane/sdata v0.0.9 // indirect
--- a/apps/plugins/go.sum
+++ b/apps/plugins/go.sum
@@ -174,8 +174,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f h1:Cbm6OKkOcJ+7CSZsGsEJzktC/SIa5bxVeYKQLuYK86o=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f/go.mod h1:axY0cdOg3q0TZHwpHnIz5x16xZ8ZBxJHShsSHHXcHQg=
 github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 h1:Muoy+FMGrHj3GdFbvsMzUT7eusgii9PKf9L1ZaXDDbY=
--- a/apps/scope/pkg/apis/scope/v0alpha1/types.go
+++ b/apps/scope/pkg/apis/scope/v0alpha1/types.go
@@ -211,12 +211,6 @@ type ScopeNavigationSpec struct {
 	Scope string `json:"scope"`
 	// Used to navigate to a sub-scope of the main scope. URL will not be used if this is set.
 	SubScope string `json:"subScope,omitempty"`
-	// Preload the subscope children, as soon as the ScopeNavigation is loaded.
-	PreLoadSubScopeChildren bool `json:"preLoadSubScopeChildren,omitempty"`
-	// Expands to display the subscope children when the ScopeNavigation is loaded.
-	ExpandOnLoad bool `json:"expandOnLoad,omitempty"`
-	// Makes the subscope not selectable, only serving as a way to build the tree.
-	DisableSubScopeSelection bool `json:"disableSubScopeSelection,omitempty"`
 }

 // Type of the item.
--- a/apps/scope/pkg/apis/scope/v0alpha1/zz_generated.openapi.go
+++ b/apps/scope/pkg/apis/scope/v0alpha1/zz_generated.openapi.go
@@ -642,27 +642,6 @@ func schema_pkg_apis_scope_v0alpha1_ScopeNavigationSpec(ref common.ReferenceCall
 							Format:      "",
 						},
 					},
-					"preLoadSubScopeChildren": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Preload the subscope children, as soon as the ScopeNavigation is loaded.",
-							Type:        []string{"boolean"},
-							Format:      "",
-						},
-					},
-					"expandOnLoad": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Expands to display the subscope children when the ScopeNavigation is loaded.",
-							Type:        []string{"boolean"},
-							Format:      "",
-						},
-					},
-					"disableSubScopeSelection": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Makes the subscope not selectable, only serving as a way to build the tree.",
-							Type:        []string{"boolean"},
-							Format:      "",
-						},
-					},
 				},
 				Required: []string{"url", "scope"},
 			},
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -1327,10 +1327,6 @@ alertmanager_max_silences_count =
 # Maximum silence size in bytes. Default: 0 (no limit).
 alertmanager_max_silence_size_bytes =

-# Maximum size of the expanded template output in bytes. Default: 10485760 (0 - no limit).
-# The result of template expansion will be truncated to the limit.
-alertmanager_max_template_output_bytes =
-
 # Redis server address or addresses. It can be a single Redis address if using Redis standalone,
 # or a list of comma-separated addresses if using Redis Cluster/Sentinel.
 ha_redis_address =
--- a/devenv/scopes/scopes-config.yaml
+++ b/devenv/scopes/scopes-config.yaml
@@ -210,7 +210,6 @@ navigationTree:
    url: /d/UTv--wqMk
    scope: shoe-org
    subScope: apparel
-    disableSubScopeSelection: true
    children:
      - name: apparel-product-overview
        title: Product Overview
--- a/devenv/scopes/scopes.go
+++ b/devenv/scopes/scopes.go
@@ -77,24 +77,22 @@ type TreeNode struct {
 }

 type NavigationConfig struct {
-	URL                      string   `yaml:"url"`                      // URL path (e.g., /d/abc123 or /explore)
-	Scope                    string   `yaml:"scope"`                    // Required scope
-	SubScope                 string   `yaml:"subScope"`                 // Optional subScope for hierarchical navigation
-	Title                    string   `yaml:"title"`                    // Display title
-	Groups                   []string `yaml:"groups"`                   // Optional groups for categorization
-	DisableSubScopeSelection bool     `yaml:"disableSubScopeSelection"` // Makes the subscope not selectable
+	URL      string   `yaml:"url"`      // URL path (e.g., /d/abc123 or /explore)
+	Scope    string   `yaml:"scope"`    // Required scope
+	SubScope string   `yaml:"subScope"` // Optional subScope for hierarchical navigation
+	Title    string   `yaml:"title"`    // Display title
+	Groups   []string `yaml:"groups"`   // Optional groups for categorization
 }

 // NavigationTreeNode represents a node in the navigation tree structure
 type NavigationTreeNode struct {
-	Name                     string               `yaml:"name"`
-	Title                    string               `yaml:"title"`
-	URL                      string               `yaml:"url"`
-	Scope                    string               `yaml:"scope"`
-	SubScope                 string               `yaml:"subScope,omitempty"`
-	Groups                   []string             `yaml:"groups,omitempty"`
-	DisableSubScopeSelection bool                 `yaml:"disableSubScopeSelection,omitempty"`
-	Children                 []NavigationTreeNode `yaml:"children,omitempty"`
+	Name     string               `yaml:"name"`
+	Title    string               `yaml:"title"`
+	URL      string               `yaml:"url"`
+	Scope    string               `yaml:"scope"`
+	SubScope string               `yaml:"subScope,omitempty"`
+	Groups   []string             `yaml:"groups,omitempty"`
+	Children []NavigationTreeNode `yaml:"children,omitempty"`
 }

 // Helper function to convert ScopeFilterConfig to v0alpha1.ScopeFilter
@@ -315,9 +313,8 @@ func (c *Client) createScopeNavigation(name string, nav NavigationConfig) error
 	prefixedScope := prefix + "-" + nav.Scope

 	spec := v0alpha1.ScopeNavigationSpec{
-		URL:                      nav.URL,
-		Scope:                    prefixedScope,
-		DisableSubScopeSelection: nav.DisableSubScopeSelection,
+		URL:   nav.URL,
+		Scope: prefixedScope,
 	}

 	if nav.SubScope != "" {
@@ -407,10 +404,9 @@ func treeToNavigations(node NavigationTreeNode, parentPath []string, dashboardCo

 	// Create navigation for this node
 	nav := NavigationConfig{
-		URL:                      url,
-		Scope:                    node.Scope,
-		Title:                    node.Title,
-		DisableSubScopeSelection: node.DisableSubScopeSelection,
+		URL:   url,
+		Scope: node.Scope,
+		Title: node.Title,
 	}
 	if node.SubScope != "" {
 		nav.SubScope = node.SubScope
--- a/docs/sources/administration/plugin-management/plugin-install.md
+++ b/docs/sources/administration/plugin-management/plugin-install.md
@@ -21,28 +21,11 @@ weight: 120

 # Install a plugin

-{{< admonition type="note" >}}
-
-Installing plugins from the Grafana website into a Grafana Cloud instance will be removed in February 2026.
-
-If you're a Grafana Cloud user, follow [Install a plugin through the Grafana UI](#install-a-plugin-through-the-grafana-uiinstall-a-plugin-through-the-grafana-ui) instead.
-
-{{< /admonition >}}
-
-## Install a plugin through the Grafana UI
-
-The most common way to install a plugin is through the Grafana UI.
-
-1. In Grafana, click **Administration > Plugins and data > Plugins** in the side navigation menu to view all plugins.
-1. Browse and find a plugin.
-1. Click the plugin's logo.
-1. Click **Install**.
-
-You can use use the following alternative methods to install a plugin depending on your environment or setup.
+Besides the UI, you can use alternative methods to install a plugin depending on your environment or set-up.

 ## Install a plugin using Grafana CLI

-The Grafana CLI allows you to install, upgrade, and manage your Grafana plugins using a command line tool. For more information about Grafana CLI plugin commands, refer to [Plugin commands](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/cli/#plugins-commands).
+The Grafana CLI allows you to install, upgrade, and manage your Grafana plugins using a command line tool. For more information about Grafana CLI plugin commands, refer to [Plugin commands](/docs/grafana/<GRAFANA_VERSION>/cli/#plugins-commands).

 ## Install a plugin from a ZIP file

--- a/docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md
+++ b/docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md
@@ -44,7 +44,7 @@ refs:
      destination: /docs/grafana-cloud/alerting-and-irm/oncall/user-and-team-management/#available-grafana-oncall-rbac-roles--granted-actions
 ---

-# Grafana RBAC role definitions
+# RBAC role definitions

 {{< admonition type="note" >}}
 Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
@@ -59,7 +59,7 @@ The following tables list permissions associated with basic and fixed roles. Thi
 | Grafana Admin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | `basic_grafana_admin`                                                                                                                                    |
 | `fixed:authentication.config:writer`<br>`fixed:general.auth.config:writer`<br>`fixed:ldap:writer`<br>`fixed:licensing:writer`<br>`fixed:migrationassistant:migrator`<br>`fixed:org.users:writer`<br>`fixed:organization:maintainer`<br>`fixed:plugins:maintainer`<br>`fixed:provisioning:writer`<br>`fixed:roles:writer`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:stats:reader`<br>`fixed:support.bundles:writer`<br>`fixed:usagestats:reader`<br>`fixed:users:writer` | Default [Grafana server administrator](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators) assignments. |
 | Admin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | `basic_admin`                                                                                                                                            | All roles assigned to Editor and `fixed:reports:writer` <br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:writer`<br>`fixed:dashboards.public:writer`<br>`fixed:folders:writer`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer`<br>`fixed:datasources.caching:writer`<br>`fixed:plugins:writer`<br>`fixed:library.panels:writer` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments. |
-| Editor                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `basic_editor`                                                                                                                                           | All roles assigned to Viewer and `fixed:datasources:explorer` <br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:alerting:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.provenance:writer`                                                                                                                                                                                                                                                                        | Default [Editor](ref:rbac-basic-roles) assignments.                             |
+| Editor                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `basic_editor`                                                                                                                                           | All roles assigned to Viewer and `fixed:datasources:explorer` <br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:alerting:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer`                                                                                                                                                                                                                                                                            | Default [Editor](ref:rbac-basic-roles) assignments.                             |
 | Viewer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `basic_viewer`                                                                                                                                           | `fixed:datasources.id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:folders.general:reader`<br>`fixed:datasources.builtin:reader`                                                                                                                                                                                             | Default [Viewer](ref:rbac-basic-roles) assignments.                             |
 | No Basic Role                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | n/a                                                                                                                                                      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | Default [No Basic Role](ref:rbac-basic-roles)                                   |

@@ -74,86 +74,86 @@ These UUIDs won't be available if your instance was created before Grafana v10.2
 To learn how to use the roles API to determine the role UUIDs, refer to [Manage RBAC roles](ref:rbac-manage-rbac-roles).
 {{< /admonition >}}

-| Fixed role                                      | UUID                                | Permissions                                                                                                                                                                                                                                                                 | Description                                                                                                                                                                                                                                                                           |
-| ----------------------------------------------- | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `fixed:alerting:reader`                         | `fixed_O2oP1_uBFozI2i93klAkcvEWR30` | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                           | Read-only permissions for all Grafana, Mimir, Loki and Alertmanager alert rules\*, alerts, contact points, and notification policies.[\*](#alerting-roles)                                                                                                                            |
-| `fixed:alerting:writer`                         | `fixed_-PAZgSJsDlRD8NUg-PFSeH_BkJY` | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer`                                                                                                                                           | Create, update, and delete Grafana, Mimir, Loki and Alertmanager alert rules\*, silences, contact points, templates, mute timings, and notification policies.[\*](#alerting-roles)                                                                                                    |
-| `fixed:alerting.instances:reader`               | `fixed_ut5fVS-Ulh_ejFoskFhJT_rYg0Y` | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                                | Read all alerts and silences in the organization produced by Grafana Alerts and Mimir and Loki alerts and silences.[\*](#alerting-roles)                                                                                                                                              |
-| `fixed:alerting.instances:writer`               | `fixed_pKOBJE346uyqMLdgWbk1NsQfEl0` | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                                   | Create, update and expire all silences in the organization produced by Grafana, Mimir, and Loki.[\*](#alerting-roles)                                                                                                                                                                 |
-| `fixed:alerting.notifications:reader`           | `fixed_hmBn0lX5h1RZXB9Vaot420EEdA0` | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                                                                                          | Read all Grafana and Alertmanager contact points, templates, and notification policies.[\*](#alerting-roles)                                                                                                                                                                          |
-| `fixed:alerting.notifications:writer`           | `fixed_XplK6HPNxf9AP5IGTdB5Iun4tJc` | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                        | Create, update, and delete contact points, templates, mute timings and notification policies for Grafana and external Alertmanager.[\*](#alerting-roles)                                                                                                                              |
-| `fixed:alerting.provisioning:writer`            | `fixed_y7pFjdEkxpx5ETdcxPvp0AgRuUo` | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                    | Create, update and delete Grafana alert rules, notification policies, contact points, templates, etc via provisioning API. [\*](#alerting-roles)                                                                                                                                      |
-| `fixed:alerting.provisioning.secrets:reader`    | `fixed_9fmzXXZZG-Od0Amy2ofEG8Uk--c` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                             | Read-only permissions for Provisioning API and let export resources with decrypted secrets [\*](#alerting-roles)                                                                                                                                                                      |
-| `fixed:alerting.provisioning.provenance:writer` | `fixed_eAxlzfkTuobvKEgXHveFMBZrOj8` | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                       | Set provenance status to alert rules, notification policies, contact points, etc. Should be used together with regular writer roles. [\*](#alerting-roles)                                                                                                                            |
-| `fixed:alerting.rules:reader`                   | `fixed_fRGKL_vAqUsmUWq5EYKnOha9DcA` | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list`                                                          | Read all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and read rule-specific silences                                                                                                                                                                                 |
-| `fixed:alerting.rules:writer`                   | `fixed_YJJGwAalUwDZPrXSyFH8GfYBXAc` | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*` | Create, update, and delete all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and manage rule-specific silences                                                                                                                                                         |
-| `fixed:annotations:reader`                      | `fixed_hpZnoizrfAJsrceNcNQqWYV-xNU` | `annotations:read` for scopes `annotations:type:*`                                                                                                                                                                                                                          | Read all annotations and annotation tags.                                                                                                                                                                                                                                             |
-| `fixed:annotations:writer`                      | `fixed_ZVW-Aa9Tzle6J4s2aUFcq1StKWE` | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*`                                                                                                                    | Read, create, update and delete all annotations and annotation tags.                                                                                                                                                                                                                  |
-| `fixed:annotations.dashboard:writer`            | `fixed_8A775xenXeKaJk4Cr7bchP9yXOA` | `annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:dashboard`                                                                                                                                                                | Create, update and delete dashboard annotations and annotation tags.                                                                                                                                                                                                                  |
-| `fixed:authentication.config:writer`            | `fixed_0rYhZ2Qnzs8AdB1nX7gexk3fHDw` | `settings:read` for scope `settings:auth.saml:*` <br> `settings:write` for scope `settings:auth.saml:*`                                                                                                                                                                     | Read and update authentication and SAML settings.                                                                                                                                                                                                                                     |
-| `fixed:general.auth.config:writer`              | `fixed_QFxIT_FGtBqbIVJIwx1bLgI5z6c` | `settings:read` for scope `settings:auth:oauth_allow_insecure_email_lookup` <br> `settings:write` for scope `settings:auth:oauth_allow_insecure_email_lookup`                                                                                                               | Read and update the Grafana instance's general authentication configuration settings.                                                                                                                                                                                                 |
-| `fixed:dashboards:creator`                      | `fixed_ZorKUcEPCM01A1fPakEzGBUyU64` | `dashboards:create`<br>`folders:read`                                                                                                                                                                                                                                       | Create dashboards.                                                                                                                                                                                                                                                                    |
-| `fixed:dashboards:reader`                       | `fixed_Sgr67JTOhjQGFlzYRahOe45TdWM` | `dashboards:read`                                                                                                                                                                                                                                                           | Read all dashboards.                                                                                                                                                                                                                                                                  |
-| `fixed:dashboards:writer`                       | `fixed_OK2YOQGIoI1G031hVzJB6rAJQAs` | All permissions from `fixed:dashboards:reader` and <br>`dashboards:write`<br>`dashboards:delete`<br>`dashboards:create`<br>`dashboards.permissions:read`<br>`dashboards.permissions:write`                                                                                  | Read, create, update, and delete all dashboards.                                                                                                                                                                                                                                      |
-| `fixed:dashboards.insights:reader`              | `fixed_JlBJ2_gizP8zhgaeGE2rjyZe2Rs` | `dashboards.insights:read`                                                                                                                                                                                                                                                  | Read dashboard insights data and see presence indicators.                                                                                                                                                                                                                             |
-| `fixed:dashboards.permissions:reader`           | `fixed_f17oxuXW_58LL8mYJsm4T_mCeIw` | `dashboards.permissions:read`                                                                                                                                                                                                                                               | Read all dashboard permissions.                                                                                                                                                                                                                                                       |
-| `fixed:dashboards.permissions:writer`           | `fixed_CcznxhWX_Yqn8uWMXMQ-b5iFW9k` | All permissions from `fixed:dashboards.permissions:reader` and <br>`dashboards.permissions:write`                                                                                                                                                                           | Read and update all dashboard permissions.                                                                                                                                                                                                                                            |
-| `fixed:dashboards.public:writer`                | `fixed_f_GHHRBciaqESXfGz2oCcooqHxs` | `dashboards.public:write`                                                                                                                                                                                                                                                   | Create, update, delete or pause a shared dashboard.                                                                                                                                                                                                                                   |
-| `fixed:datasources:creator`                     | `fixed_XX8jHREgUt-wo1A-rPXIiFlX6Zw` | `datasources:create`                                                                                                                                                                                                                                                        | Create data sources.                                                                                                                                                                                                                                                                  |
-| `fixed:datasources:explorer`                    | `fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw` | `datasources:explore`                                                                                                                                                                                                                                                       | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions.                                                                                                                                                |
-| `fixed:datasources:reader`                      | `fixed_C2x8IxkiBc1KZVjyYH775T9jNMQ` | `datasources:read`<br>`datasources:query`                                                                                                                                                                                                                                   | Read and query data sources.                                                                                                                                                                                                                                                          |
-| `fixed:datasources:writer`                      | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | All permissions from `fixed:datasources:reader` and <br>`datasources:create`<br>`datasources:write`<br>`datasources:delete`                                                                                                                                                 | Read, query, create, delete, or update a data source.                                                                                                                                                                                                                                 |
-| `fixed:datasources.builtin:reader`              | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | `datasources:read` and `datasources:query` scoped to `datasources:uid:grafana`                                                                                                                                                                                              | An internal role used to grant Viewers access to the builtin example data source in Grafana.                                                                                                                                                                                          |
-| `fixed:datasources.caching:reader`              | `fixed_D2ddpGxJYlw0mbsTS1ek9fj0kj4` | `datasources.caching:read`                                                                                                                                                                                                                                                  | Read data source query caching settings.                                                                                                                                                                                                                                              |
-| `fixed:datasources.caching:writer`              | `fixed_JtFjHr7jd7hSqUYcktKvRvIOGRE` | `datasources.caching:read`<br>`datasources.caching:write`                                                                                                                                                                                                                   | Enable, disable, or update query caching settings.                                                                                                                                                                                                                                    |
-| `fixed:datasources.id:reader`                   | `fixed_entg--fHmDqWY2-69N0ocawK0Os` | `datasources.id:read`                                                                                                                                                                                                                                                       | Read the ID of a data source based on its name.                                                                                                                                                                                                                                       |
-| `fixed:datasources.insights:reader`             | `fixed_EBZ3NwlfecNPp2p0XcZRC1nfEYk` | `datasources.insights:read`                                                                                                                                                                                                                                                 | Read data source insights data.                                                                                                                                                                                                                                                       |
-| `fixed:datasources.permissions:reader`          | `fixed_ErYA-cTN3yn4h4GxaVPcawRhiOY` | `datasources.permissions:read`                                                                                                                                                                                                                                              | Read data source permissions.                                                                                                                                                                                                                                                         |
-| `fixed:datasources.permissions:writer`          | `fixed_aiQh9YDfLOKjQhYasF9_SFUjQiw` | All permissions from `fixed:datasources.permissions:reader` and <br>`datasources.permissions:write`                                                                                                                                                                         | Create, read, or delete permissions of a data source.                                                                                                                                                                                                                                 |
-| `fixed:folders:creator`                         | `fixed_gGLRbZGAGB6n9uECqSh_W382RlQ` | `folders:create`                                                                                                                                                                                                                                                            | Create folders in the root level.                                                                                                                                                                                                                                                     |
-| `fixed:folders:reader`                          | `fixed_yeW-5QPeo-i5PZUIUXMlAA97GnQ` | `folders:read`<br>`dashboards:read`                                                                                                                                                                                                                                         | Read all folders and dashboards.                                                                                                                                                                                                                                                      |
-| `fixed:folders:writer`                          | `fixed_wJXLoTzgE7jVuz90dryYoiogL0o` | All permissions from `fixed:dashboards:writer` and <br>`folders:read`<br>`folders:write`<br>`folders:create`<br>`folders:delete`<br>`folders.permissions:read`<br>`folders.permissions:write`                                                                               | Read, update, and delete all folders and dashboards. Create folders and subfolders.                                                                                                                                                                                                   |
-| `fixed:folders.general:reader`                  | `fixed_rSASbkg8DvpG_gTX5s41d7uxRvI` | `folders:read` scoped to `folders:uid:general`                                                                                                                                                                                                                              | An internal role used to correctly display access to the folder tree for Viewer role.                                                                                                                                                                                                 |
-| `fixed:folders.permissions:reader`              | `fixed_E06l4cx0JFm47EeLBE4nmv3pnSo` | `folders.permissions:read`                                                                                                                                                                                                                                                  | Read all folder permissions.                                                                                                                                                                                                                                                          |
-| `fixed:folders.permissions:writer`              | `fixed_3GAgpQ_hWG8o7-lwNb86_VB37eI` | All permissions from `fixed:folders.permissions:reader` and <br>`folders.permissions:write`                                                                                                                                                                                 | Read and update all folder permissions.                                                                                                                                                                                                                                               |
-| `fixed:ldap:reader`                             | `fixed_lMcOPwSkxKY-qCK8NMJc5k6izLE` | `ldap.user:read`<br>`ldap.status:read`                                                                                                                                                                                                                                      | Read the LDAP configuration and LDAP status information.                                                                                                                                                                                                                              |
-| `fixed:ldap:writer`                             | `fixed_p6AvnU4GCQyIh7-hbwI-bk3GYnU` | All permissions from `fixed:ldap:reader` and <br>`ldap.user:sync`<br>`ldap.config:reload`                                                                                                                                                                                   | Read and update the LDAP configuration, and read LDAP status information.                                                                                                                                                                                                             |
-| `fixed:library.panels:creator`                  | `fixed_6eX6ItfegCIY5zLmPqTDW8ZV7KY` | `library.panels:create`<br>`folders:read`                                                                                                                                                                                                                                   | Create library panel at the root level.                                                                                                                                                                                                                                               |
-| `fixed:library.panels:general.reader`           | `fixed_ct0DghiBWR_2BiQm3EvNPDVmpio` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels at the root level.                                                                                                                                                                                                                                            |
-| `fixed:library.panels:general.writer`           | `fixed_DgprkmqfN_1EhZ2v1_d1fYG8LzI` | All permissions from `fixed:library.panels:general.reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                             | Create, read, write or delete all library panels and their permissions at the root level.                                                                                                                                                                                             |
-| `fixed:library.panels:reader`                   | `fixed_tvTr9CnZ6La5vvUO_U_X1LPnhUs` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels.                                                                                                                                                                                                                                                              |
-| `fixed:library.panels:writer`                   | `fixed_JTljAr21LWLTXCkgfBC4H0lhBC8` | All permissions from `fixed:library.panels:reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                                     | Create, read, write or delete all library panels and their permissions.                                                                                                                                                                                                               |
-| `fixed:licensing:reader`                        | `fixed_OADpuXvNEylO2Kelu3GIuBXEAYE` | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                                | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
-| `fixed:licensing:writer`                        | `fixed_gzbz3rJpQMdaKHt-E4q0PVaKMoE` | All permissions from `fixed:licensing:reader` and <br>`licensing:write`<br>`licensing:delete`                                                                                                                                                                               | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
-| `fixed:migrationassistant:migrator`             | `fixed_LLk2p7TRuBztOAksTQb1Klc8YTk` | `migrationassistant:migrate`                                                                                                                                                                                                                                                | Execute on-prem to cloud migrations through the Migration Assistant.                                                                                                                                                                                                                  |
-| `fixed:org.users:reader`                        | `fixed_oCqNwlVHLOpw7-jAlwp4HzYqwGY` | `org.users:read`                                                                                                                                                                                                                                                            | Read users within a single organization.                                                                                                                                                                                                                                              |
-| `fixed:org.users:writer`                        | `fixed_VERj5nayasjgf_Yh0sWqqCkxWlw` | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                            | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                        |
-| `fixed:organization:maintainer`                 | `fixed_CMm-uuBaPUBf4r8XG3jIvxo55bg` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                             | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
-| `fixed:organization:reader`                     | `fixed_0SZPJlTHdNEe8zO91zv7Zwiwa2w` | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                           | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
-| `fixed:organization:writer`                     | `fixed_Y4jGqDd8w1yCrPwlik8z5Iu8-3M` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                               | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
-| `fixed:plugins:maintainer`                      | `fixed_yEOKidBcWgbm74x-nTa3lW5lOyY` | `plugins:install`                                                                                                                                                                                                                                                           | Install and uninstall plugins. Needs to be assigned globally.                                                                                                                                                                                                                         |
-| `fixed:plugins:writer`                          | `fixed_MRYpGk7kpNNwt2VoVOXFiPnQziE` | `plugins:write`                                                                                                                                                                                                                                                             | Enable and disable plugins and edit plugins' settings.                                                                                                                                                                                                                                |
-| `fixed:plugins.app:reader`                      | `fixed_AcZRiNYx7NueYkUqzw1o2OGGUAA` | `plugins.app:access`                                                                                                                                                                                                                                                        | Access application plugins (still enforcing the organization role).                                                                                                                                                                                                                   |
-| `fixed:provisioning:writer`                     | `fixed_bgk1FCyR6OEDwhgirZlQgu5LlCA` | `provisioning:reload`                                                                                                                                                                                                                                                       | Reload provisioning.                                                                                                                                                                                                                                                                  |
-| `fixed:reports:reader`                          | `fixed_72_8LU_0ukfm6BdblOw8Z9q-GQ8` | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                                 | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
-| `fixed:reports:writer`                          | `fixed_jBW3_7g1EWOjGVBYeVRwtFxhUNw` | All permissions from `fixed:reports:reader` and <br>`reports:create`<br>`reports:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                                     | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
-| `fixed:roles:reader`                            | `fixed_GkfG-1NSwEGb4hpK3-E3qHyNltc` | `roles:read`<br>`teams.roles:read`<br>`users.roles:read`<br>`users.permissions:read`                                                                                                                                                                                        | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
-| `fixed:roles:resetter`                          | `fixed_WgPpC3qJRmVpVTJavFNwfS5RuzQ` | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                        | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
-| `fixed:roles:writer`                            | `fixed_W5aFaw8isAM27x_eWfElBhZ0iOc` | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                                 | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
-| `fixed:serviceaccounts:creator`                 | `fixed_Ikw60fckA0MyiiZ73BawSfOULy4` | `serviceaccounts:create`                                                                                                                                                                                                                                                    | Create Grafana service accounts.                                                                                                                                                                                                                                                      |
-| `fixed:serviceaccounts:reader`                  | `fixed_QFjJAZ88iawMLInYOxPA1DB1w6I` | `serviceaccounts:read`                                                                                                                                                                                                                                                      | Read Grafana service accounts.                                                                                                                                                                                                                                                        |
-| `fixed:serviceaccounts:writer`                  | `fixed_iBvUNUEZBZ7PUW0vdkN5iojc2sk` | `serviceaccounts:read`<br>`serviceaccounts:create`<br>`serviceaccounts:write`<br>`serviceaccounts:delete`<br>`serviceaccounts.permissions:read`<br>`serviceaccounts.permissions:write`                                                                                      | Create, update, read and delete all Grafana service accounts and manage service account permissions.                                                                                                                                                                                  |
-| `fixed:settings:reader`                         | `fixed_0LaUt1x6PP8hsZzEBhqPQZFUd8Q` | `settings:read`                                                                                                                                                                                                                                                             | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
-| `fixed:settings:writer`                         | `fixed_joIHDgMrGg790hMhUufVzcU4j44` | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                        | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
-| `fixed:stats:reader`                            | `fixed_OnRCXxZVINWpcKvTF5A1gecJ7pA` | `server.stats:read`                                                                                                                                                                                                                                                         | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |
-| `fixed:support.bundles:reader`                  | `fixed_gcPjI3PTUJwRx-GJZwDhNa7zbos` | `support.bundles:read`                                                                                                                                                                                                                                                      | List and download support bundles.                                                                                                                                                                                                                                                    |
-| `fixed:support.bundles:writer`                  | `fixed_dTgCv9Wxrp_WHAhwHYIgeboxKpE` | `support.bundles:read`<br>`support.bundles:create`<br>`support.bundles:delete`                                                                                                                                                                                              | Create, delete, list and download support bundles.                                                                                                                                                                                                                                    |
-| `fixed:teams:creator`                           | `fixed_nzVQoNSDSn0fg1MDgO6XnZX2RZI` | `teams:create`<br>`org.users:read`                                                                                                                                                                                                                                          | Create a team and list organization users (required to manage the created team).                                                                                                                                                                                                      |
-| `fixed:teams:read`                              | `fixed_Z8pB0GQlrqRt8IZBCJQxPWvJPgQ` | `teams:read`                                                                                                                                                                                                                                                                | List all teams.                                                                                                                                                                                                                                                                       |
-| `fixed:teams:writer`                            | `fixed_xw1T0579h620MOYi4L96GUs7fZY` | `teams:create`<br>`teams:delete`<br>`teams:read`<br>`teams:write`<br>`teams.permissions:read`<br>`teams.permissions:write`                                                                                                                                                  | Create, read, update and delete teams and manage team memberships.                                                                                                                                                                                                                    |
-| `fixed:usagestats:reader`                       | `fixed_eAM0azEvnWFCJAjNkUKnGL_1-bU` | `server.usagestats.report:read`                                                                                                                                                                                                                                             | View usage statistics report.                                                                                                                                                                                                                                                         |
-| `fixed:users:reader`                            | `fixed_buZastUG3reWyQpPemcWjGqPAd0` | `users:read`<br>`users.quotas:read`<br>`users.authtoken:read`                                                                                                                                                                                                               | Read all users and their information, such as team memberships, authentication tokens, and quotas.                                                                                                                                                                                    |
-| `fixed:users:writer`                            | `fixed_wjzgHHo_Ux25DJuELn_oiAdB_yM` | All permissions from `fixed:users:reader` and <br>`users:write`<br>`users:create`<br>`users:delete`<br>`users:enable`<br>`users:disable`<br>`users.password:write`<br>`users.permissions:write`<br>`users:logout`<br>`users.authtoken:write`<br>`users.quotas:write`        | Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a user’s authentication token, or update quotas for all users. |
+| Fixed role                                   | UUID                                | Permissions                                                                                                                                                                                                                                                                 | Description                                                                                                                                                                                                                                                                           |
+| -------------------------------------------- | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `fixed:alerting:reader`                      | `fixed_O2oP1_uBFozI2i93klAkcvEWR30` | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                           | Read-only permissions for all Grafana, Mimir, Loki and Alertmanager alert rules\*, alerts, contact points, and notification policies.[\*](#alerting-roles)                                                                                                                            |
+| `fixed:alerting:writer`                      | `fixed_-PAZgSJsDlRD8NUg-PFSeH_BkJY` | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer`                                                                                                                                           | Create, update, and delete Grafana, Mimir, Loki and Alertmanager alert rules\*, silences, contact points, templates, mute timings, and notification policies.[\*](#alerting-roles)                                                                                                    |
+| `fixed:alerting.instances:reader`            | `fixed_ut5fVS-Ulh_ejFoskFhJT_rYg0Y` | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                                | Read all alerts and silences in the organization produced by Grafana Alerts and Mimir and Loki alerts and silences.[\*](#alerting-roles)                                                                                                                                              |
+| `fixed:alerting.instances:writer`            | `fixed_pKOBJE346uyqMLdgWbk1NsQfEl0` | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                                   | Create, update and expire all silences in the organization produced by Grafana, Mimir, and Loki.[\*](#alerting-roles)                                                                                                                                                                 |
+| `fixed:alerting.notifications:reader`        | `fixed_hmBn0lX5h1RZXB9Vaot420EEdA0` | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                                                                                          | Read all Grafana and Alertmanager contact points, templates, and notification policies.[\*](#alerting-roles)                                                                                                                                                                          |
+| `fixed:alerting.notifications:writer`        | `fixed_XplK6HPNxf9AP5IGTdB5Iun4tJc` | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                        | Create, update, and delete contact points, templates, mute timings and notification policies for Grafana and external Alertmanager.[\*](#alerting-roles)                                                                                                                              |
+| `fixed:alerting.provisioning:writer`         | `fixed_y7pFjdEkxpx5ETdcxPvp0AgRuUo` | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                    | Create, update and delete Grafana alert rules, notification policies, contact points, templates, etc via provisioning API. [\*](#alerting-roles)                                                                                                                                      |
+| `fixed:alerting.provisioning.secrets:reader` | `fixed_9fmzXXZZG-Od0Amy2ofEG8Uk--c` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                             | Read-only permissions for Provisioning API and let export resources with decrypted secrets [\*](#alerting-roles)                                                                                                                                                                      |
+| `fixed:alerting.provisioning.status:writer`  | `fixed_eAxlzfkTuobvKEgXHveFMBZrOj8` | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                       | Set provenance status to alert rules, notification policies, contact points, etc. Should be used together with regular writer roles. [\*](#alerting-roles)                                                                                                                            |
+| `fixed:alerting.rules:reader`                | `fixed_fRGKL_vAqUsmUWq5EYKnOha9DcA` | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list`                                                          | Read all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and read rule-specific silences                                                                                                                                                                                 |
+| `fixed:alerting.rules:writer`                | `fixed_YJJGwAalUwDZPrXSyFH8GfYBXAc` | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*` | Create, update, and delete all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and manage rule-specific silences                                                                                                                                                         |
+| `fixed:annotations:reader`                   | `fixed_hpZnoizrfAJsrceNcNQqWYV-xNU` | `annotations:read` for scopes `annotations:type:*`                                                                                                                                                                                                                          | Read all annotations and annotation tags.                                                                                                                                                                                                                                             |
+| `fixed:annotations:writer`                   | `fixed_ZVW-Aa9Tzle6J4s2aUFcq1StKWE` | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*`                                                                                                                    | Read, create, update and delete all annotations and annotation tags.                                                                                                                                                                                                                  |
+| `fixed:annotations.dashboard:writer`         | `fixed_8A775xenXeKaJk4Cr7bchP9yXOA` | `annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:dashboard`                                                                                                                                                                | Create, update and delete dashboard annotations and annotation tags.                                                                                                                                                                                                                  |
+| `fixed:authentication.config:writer`         | `fixed_0rYhZ2Qnzs8AdB1nX7gexk3fHDw` | `settings:read` for scope `settings:auth.saml:*` <br> `settings:write` for scope `settings:auth.saml:*`                                                                                                                                                                     | Read and update authentication and SAML settings.                                                                                                                                                                                                                                     |
+| `fixed:general.auth.config:writer`           | `fixed_QFxIT_FGtBqbIVJIwx1bLgI5z6c` | `settings:read` for scope `settings:auth:oauth_allow_insecure_email_lookup` <br> `settings:write` for scope `settings:auth:oauth_allow_insecure_email_lookup`                                                                                                               | Read and update the Grafana instance's general authentication configuration settings.                                                                                                                                                                                                 |
+| `fixed:dashboards:creator`                   | `fixed_ZorKUcEPCM01A1fPakEzGBUyU64` | `dashboards:create`<br>`folders:read`                                                                                                                                                                                                                                       | Create dashboards.                                                                                                                                                                                                                                                                    |
+| `fixed:dashboards:reader`                    | `fixed_Sgr67JTOhjQGFlzYRahOe45TdWM` | `dashboards:read`                                                                                                                                                                                                                                                           | Read all dashboards.                                                                                                                                                                                                                                                                  |
+| `fixed:dashboards:writer`                    | `fixed_OK2YOQGIoI1G031hVzJB6rAJQAs` | All permissions from `fixed:dashboards:reader` and <br>`dashboards:write`<br>`dashboards:delete`<br>`dashboards:create`<br>`dashboards.permissions:read`<br>`dashboards.permissions:write`                                                                                  | Read, create, update, and delete all dashboards.                                                                                                                                                                                                                                      |
+| `fixed:dashboards.insights:reader`           | `fixed_JlBJ2_gizP8zhgaeGE2rjyZe2Rs` | `dashboards.insights:read`                                                                                                                                                                                                                                                  | Read dashboard insights data and see presence indicators.                                                                                                                                                                                                                             |
+| `fixed:dashboards.permissions:reader`        | `fixed_f17oxuXW_58LL8mYJsm4T_mCeIw` | `dashboards.permissions:read`                                                                                                                                                                                                                                               | Read all dashboard permissions.                                                                                                                                                                                                                                                       |
+| `fixed:dashboards.permissions:writer`        | `fixed_CcznxhWX_Yqn8uWMXMQ-b5iFW9k` | All permissions from `fixed:dashboards.permissions:reader` and <br>`dashboards.permissions:write`                                                                                                                                                                           | Read and update all dashboard permissions.                                                                                                                                                                                                                                            |
+| `fixed:dashboards.public:writer`             | `fixed_f_GHHRBciaqESXfGz2oCcooqHxs` | `dashboards.public:write`                                                                                                                                                                                                                                                   | Create, update, delete or pause a shared dashboard.                                                                                                                                                                                                                                   |
+| `fixed:datasources:creator`                  | `fixed_XX8jHREgUt-wo1A-rPXIiFlX6Zw` | `datasources:create`                                                                                                                                                                                                                                                        | Create data sources.                                                                                                                                                                                                                                                                  |
+| `fixed:datasources:explorer`                 | `fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw` | `datasources:explore`                                                                                                                                                                                                                                                       | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions.                                                                                                                                                |
+| `fixed:datasources:reader`                   | `fixed_C2x8IxkiBc1KZVjyYH775T9jNMQ` | `datasources:read`<br>`datasources:query`                                                                                                                                                                                                                                   | Read and query data sources.                                                                                                                                                                                                                                                          |
+| `fixed:datasources:writer`                   | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | All permissions from `fixed:datasources:reader` and <br>`datasources:create`<br>`datasources:write`<br>`datasources:delete`                                                                                                                                                 | Read, query, create, delete, or update a data source.                                                                                                                                                                                                                                 |
+| `fixed:datasources.builtin:reader`           | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | `datasources:read` and `datasources:query` scoped to `datasources:uid:grafana`                                                                                                                                                                                              | An internal role used to grant Viewers access to the builtin example data source in Grafana.                                                                                                                                                                                          |
+| `fixed:datasources.caching:reader`           | `fixed_D2ddpGxJYlw0mbsTS1ek9fj0kj4` | `datasources.caching:read`                                                                                                                                                                                                                                                  | Read data source query caching settings.                                                                                                                                                                                                                                              |
+| `fixed:datasources.caching:writer`           | `fixed_JtFjHr7jd7hSqUYcktKvRvIOGRE` | `datasources.caching:read`<br>`datasources.caching:write`                                                                                                                                                                                                                   | Enable, disable, or update query caching settings.                                                                                                                                                                                                                                    |
+| `fixed:datasources.id:reader`                | `fixed_entg--fHmDqWY2-69N0ocawK0Os` | `datasources.id:read`                                                                                                                                                                                                                                                       | Read the ID of a data source based on its name.                                                                                                                                                                                                                                       |
+| `fixed:datasources.insights:reader`          | `fixed_EBZ3NwlfecNPp2p0XcZRC1nfEYk` | `datasources.insights:read`                                                                                                                                                                                                                                                 | Read data source insights data.                                                                                                                                                                                                                                                       |
+| `fixed:datasources.permissions:reader`       | `fixed_ErYA-cTN3yn4h4GxaVPcawRhiOY` | `datasources.permissions:read`                                                                                                                                                                                                                                              | Read data source permissions.                                                                                                                                                                                                                                                         |
+| `fixed:datasources.permissions:writer`       | `fixed_aiQh9YDfLOKjQhYasF9_SFUjQiw` | All permissions from `fixed:datasources.permissions:reader` and <br>`datasources.permissions:write`                                                                                                                                                                         | Create, read, or delete permissions of a data source.                                                                                                                                                                                                                                 |
+| `fixed:folders:creator`                      | `fixed_gGLRbZGAGB6n9uECqSh_W382RlQ` | `folders:create`                                                                                                                                                                                                                                                            | Create folders in the root level.                                                                                                                                                                                                                                                     |
+| `fixed:folders:reader`                       | `fixed_yeW-5QPeo-i5PZUIUXMlAA97GnQ` | `folders:read`<br>`dashboards:read`                                                                                                                                                                                                                                         | Read all folders and dashboards.                                                                                                                                                                                                                                                      |
+| `fixed:folders:writer`                       | `fixed_wJXLoTzgE7jVuz90dryYoiogL0o` | All permissions from `fixed:dashboards:writer` and <br>`folders:read`<br>`folders:write`<br>`folders:create`<br>`folders:delete`<br>`folders.permissions:read`<br>`folders.permissions:write`                                                                               | Read, update, and delete all folders and dashboards. Create folders and subfolders.                                                                                                                                                                                                   |
+| `fixed:folders.general:reader`               | `fixed_rSASbkg8DvpG_gTX5s41d7uxRvI` | `folders:read` scoped to `folders:uid:general`                                                                                                                                                                                                                              | An internal role used to correctly display access to the folder tree for Viewer role.                                                                                                                                                                                                 |
+| `fixed:folders.permissions:reader`           | `fixed_E06l4cx0JFm47EeLBE4nmv3pnSo` | `folders.permissions:read`                                                                                                                                                                                                                                                  | Read all folder permissions.                                                                                                                                                                                                                                                          |
+| `fixed:folders.permissions:writer`           | `fixed_3GAgpQ_hWG8o7-lwNb86_VB37eI` | All permissions from `fixed:folders.permissions:reader` and <br>`folders.permissions:write`                                                                                                                                                                                 | Read and update all folder permissions.                                                                                                                                                                                                                                               |
+| `fixed:ldap:reader`                          | `fixed_lMcOPwSkxKY-qCK8NMJc5k6izLE` | `ldap.user:read`<br>`ldap.status:read`                                                                                                                                                                                                                                      | Read the LDAP configuration and LDAP status information.                                                                                                                                                                                                                              |
+| `fixed:ldap:writer`                          | `fixed_p6AvnU4GCQyIh7-hbwI-bk3GYnU` | All permissions from `fixed:ldap:reader` and <br>`ldap.user:sync`<br>`ldap.config:reload`                                                                                                                                                                                   | Read and update the LDAP configuration, and read LDAP status information.                                                                                                                                                                                                             |
+| `fixed:library.panels:creator`               | `fixed_6eX6ItfegCIY5zLmPqTDW8ZV7KY` | `library.panels:create`<br>`folders:read`                                                                                                                                                                                                                                   | Create library panel at the root level.                                                                                                                                                                                                                                               |
+| `fixed:library.panels:general.reader`        | `fixed_ct0DghiBWR_2BiQm3EvNPDVmpio` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels at the root level.                                                                                                                                                                                                                                            |
+| `fixed:library.panels:general.writer`        | `fixed_DgprkmqfN_1EhZ2v1_d1fYG8LzI` | All permissions from `fixed:library.panels:general.reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                             | Create, read, write or delete all library panels and their permissions at the root level.                                                                                                                                                                                             |
+| `fixed:library.panels:reader`                | `fixed_tvTr9CnZ6La5vvUO_U_X1LPnhUs` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels.                                                                                                                                                                                                                                                              |
+| `fixed:library.panels:writer`                | `fixed_JTljAr21LWLTXCkgfBC4H0lhBC8` | All permissions from `fixed:library.panels:reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                                     | Create, read, write or delete all library panels and their permissions.                                                                                                                                                                                                               |
+| `fixed:licensing:reader`                     | `fixed_OADpuXvNEylO2Kelu3GIuBXEAYE` | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                                | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
+| `fixed:licensing:writer`                     | `fixed_gzbz3rJpQMdaKHt-E4q0PVaKMoE` | All permissions from `fixed:licensing:reader` and <br>`licensing:write`<br>`licensing:delete`                                                                                                                                                                               | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
+| `fixed:migrationassistant:migrator`          | `fixed_LLk2p7TRuBztOAksTQb1Klc8YTk` | `migrationassistant:migrate`                                                                                                                                                                                                                                                | Execute on-prem to cloud migrations through the Migration Assistant.                                                                                                                                                                                                                  |
+| `fixed:org.users:reader`                     | `fixed_oCqNwlVHLOpw7-jAlwp4HzYqwGY` | `org.users:read`                                                                                                                                                                                                                                                            | Read users within a single organization.                                                                                                                                                                                                                                              |
+| `fixed:org.users:writer`                     | `fixed_VERj5nayasjgf_Yh0sWqqCkxWlw` | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                            | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                        |
+| `fixed:organization:maintainer`              | `fixed_CMm-uuBaPUBf4r8XG3jIvxo55bg` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                             | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
+| `fixed:organization:reader`                  | `fixed_0SZPJlTHdNEe8zO91zv7Zwiwa2w` | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                           | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
+| `fixed:organization:writer`                  | `fixed_Y4jGqDd8w1yCrPwlik8z5Iu8-3M` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                               | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
+| `fixed:plugins:maintainer`                   | `fixed_yEOKidBcWgbm74x-nTa3lW5lOyY` | `plugins:install`                                                                                                                                                                                                                                                           | Install and uninstall plugins. Needs to be assigned globally.                                                                                                                                                                                                                         |
+| `fixed:plugins:writer`                       | `fixed_MRYpGk7kpNNwt2VoVOXFiPnQziE` | `plugins:write`                                                                                                                                                                                                                                                             | Enable and disable plugins and edit plugins' settings.                                                                                                                                                                                                                                |
+| `fixed:plugins.app:reader`                   | `fixed_AcZRiNYx7NueYkUqzw1o2OGGUAA` | `plugins.app:access`                                                                                                                                                                                                                                                        | Access application plugins (still enforcing the organization role).                                                                                                                                                                                                                   |
+| `fixed:provisioning:writer`                  | `fixed_bgk1FCyR6OEDwhgirZlQgu5LlCA` | `provisioning:reload`                                                                                                                                                                                                                                                       | Reload provisioning.                                                                                                                                                                                                                                                                  |
+| `fixed:reports:reader`                       | `fixed_72_8LU_0ukfm6BdblOw8Z9q-GQ8` | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                                 | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
+| `fixed:reports:writer`                       | `fixed_jBW3_7g1EWOjGVBYeVRwtFxhUNw` | All permissions from `fixed:reports:reader` and <br>`reports:create`<br>`reports:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                                     | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
+| `fixed:roles:reader`                         | `fixed_GkfG-1NSwEGb4hpK3-E3qHyNltc` | `roles:read`<br>`teams.roles:read`<br>`users.roles:read`<br>`users.permissions:read`                                                                                                                                                                                        | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
+| `fixed:roles:resetter`                       | `fixed_WgPpC3qJRmVpVTJavFNwfS5RuzQ` | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                        | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
+| `fixed:roles:writer`                         | `fixed_W5aFaw8isAM27x_eWfElBhZ0iOc` | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                                 | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
+| `fixed:serviceaccounts:creator`              | `fixed_Ikw60fckA0MyiiZ73BawSfOULy4` | `serviceaccounts:create`                                                                                                                                                                                                                                                    | Create Grafana service accounts.                                                                                                                                                                                                                                                      |
+| `fixed:serviceaccounts:reader`               | `fixed_QFjJAZ88iawMLInYOxPA1DB1w6I` | `serviceaccounts:read`                                                                                                                                                                                                                                                      | Read Grafana service accounts.                                                                                                                                                                                                                                                        |
+| `fixed:serviceaccounts:writer`               | `fixed_iBvUNUEZBZ7PUW0vdkN5iojc2sk` | `serviceaccounts:read`<br>`serviceaccounts:create`<br>`serviceaccounts:write`<br>`serviceaccounts:delete`<br>`serviceaccounts.permissions:read`<br>`serviceaccounts.permissions:write`                                                                                      | Create, update, read and delete all Grafana service accounts and manage service account permissions.                                                                                                                                                                                  |
+| `fixed:settings:reader`                      | `fixed_0LaUt1x6PP8hsZzEBhqPQZFUd8Q` | `settings:read`                                                                                                                                                                                                                                                             | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
+| `fixed:settings:writer`                      | `fixed_joIHDgMrGg790hMhUufVzcU4j44` | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                        | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
+| `fixed:stats:reader`                         | `fixed_OnRCXxZVINWpcKvTF5A1gecJ7pA` | `server.stats:read`                                                                                                                                                                                                                                                         | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |
+| `fixed:support.bundles:reader`               | `fixed_gcPjI3PTUJwRx-GJZwDhNa7zbos` | `support.bundles:read`                                                                                                                                                                                                                                                      | List and download support bundles.                                                                                                                                                                                                                                                    |
+| `fixed:support.bundles:writer`               | `fixed_dTgCv9Wxrp_WHAhwHYIgeboxKpE` | `support.bundles:read`<br>`support.bundles:create`<br>`support.bundles:delete`                                                                                                                                                                                              | Create, delete, list and download support bundles.                                                                                                                                                                                                                                    |
+| `fixed:teams:creator`                        | `fixed_nzVQoNSDSn0fg1MDgO6XnZX2RZI` | `teams:create`<br>`org.users:read`                                                                                                                                                                                                                                          | Create a team and list organization users (required to manage the created team).                                                                                                                                                                                                      |
+| `fixed:teams:read`                           | `fixed_Z8pB0GQlrqRt8IZBCJQxPWvJPgQ` | `teams:read`                                                                                                                                                                                                                                                                | List all teams.                                                                                                                                                                                                                                                                       |
+| `fixed:teams:writer`                         | `fixed_xw1T0579h620MOYi4L96GUs7fZY` | `teams:create`<br>`teams:delete`<br>`teams:read`<br>`teams:write`<br>`teams.permissions:read`<br>`teams.permissions:write`                                                                                                                                                  | Create, read, update and delete teams and manage team memberships.                                                                                                                                                                                                                    |
+| `fixed:usagestats:reader`                    | `fixed_eAM0azEvnWFCJAjNkUKnGL_1-bU` | `server.usagestats.report:read`                                                                                                                                                                                                                                             | View usage statistics report.                                                                                                                                                                                                                                                         |
+| `fixed:users:reader`                         | `fixed_buZastUG3reWyQpPemcWjGqPAd0` | `users:read`<br>`users.quotas:read`<br>`users.authtoken:read`                                                                                                                                                                                                               | Read all users and their information, such as team memberships, authentication tokens, and quotas.                                                                                                                                                                                    |
+| `fixed:users:writer`                         | `fixed_wjzgHHo_Ux25DJuELn_oiAdB_yM` | All permissions from `fixed:users:reader` and <br>`users:write`<br>`users:create`<br>`users:delete`<br>`users:enable`<br>`users:disable`<br>`users.password:write`<br>`users.permissions:write`<br>`users:logout`<br>`users.authtoken:write`<br>`users.quotas:write`        | Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a user’s authentication token, or update quotas for all users. |

 ### Alerting roles

@@ -164,20 +164,10 @@ Access to Grafana alert rules is an intersection of many permissions:
 - Permission to read a folder. For example, the fixed role `fixed:folders:reader` includes the action `folders:read` and a folder scope `folders:id:`.
 - Permission to query **all** data sources that a given alert rule uses. If a user cannot query a given data source, they cannot see any alert rules that query that data source.

-There is only one exclusion. Role `fixed:alerting.provisioning:writer` does not require user to have any additional permissions and provides access to all aspects of the alerting configuration via special provisioning API.
+There is only one exclusion at this moment. Role `fixed:alerting.provisioning:writer` does not require user to have any additional permissions and provides access to all aspects of the alerting configuration via special provisioning API.

 For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder](ref:plan-rbac-rollout-strategy-create-a-custom-role-to-access-alerts-in-a-folder).

-#### Alerting basic roles
-
-The following table lists the default RBAC alerting role assignments to the basic roles:
-
-| Basic role | Associated fixed roles                                                                                          | Description                                                                     |
-| ---------- | --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
-| Admin      | `fixed:alerting:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments. |
-| Editor     | `fixed:alerting:writer`<br>`fixed:alerting.provisioning.provenance:writer`                                      | Default [Editor](ref:rbac-basic-roles) assignments.                             |
-| Viewer     | `fixed:alerting:reader`                                                                                         | Default [Viewer](ref:rbac-basic-roles) assignments.                             |
-
 ### Grafana OnCall roles

 If you are using [Grafana OnCall](ref:oncall), you can try out the integration between Grafana OnCall and RBAC.
--- a/docs/sources/alerting/set-up/configure-alert-state-history/index.md
+++ b/docs/sources/alerting/set-up/configure-alert-state-history/index.md
@@ -62,9 +62,6 @@ The following steps describe a basic configuration:

   # The URL of the Loki server
   loki_remote_url = http://localhost:3100
-
-   [feature_toggles]
-   enable = alertingCentralAlertHistory
   ```

 1. **Configure the Loki data source in Grafana**
--- a/docs/sources/alerting/set-up/configure-rbac/_index.md
+++ b/docs/sources/alerting/set-up/configure-rbac/_index.md
@@ -17,166 +17,55 @@ weight: 155

 # Configure RBAC

-[Role-based access control (RBAC)](/docs/grafana/latest/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/) for Grafana Enterprise and Grafana Cloud provides a standardized way of granting, changing, and revoking access, so that users can view and modify Grafana resources.
+Role-based access control (RBAC) for Grafana Enterprise and Grafana Cloud provides a standardized way of granting, changing, and revoking access, so that users can view and modify Grafana resources.

-A user is any individual who can log in to Grafana. Each user has a role that includes permissions. Permissions determine the tasks a user can perform in the system.
+A user is any individual who can log in to Grafana. Each user is associated with a role that includes permissions. Permissions determine the tasks a user can perform in the system.

 Each permission contains one or more actions and a scope.

-## Role types
-
-Grafana has three types of roles for managing access:
-
- **Basic roles**: Admin, Editor, Viewer, and No basic role. These are assigned to users and provide default access levels.
- **Fixed roles**: Predefined groups of permissions for specific use cases. Basic roles automatically include certain fixed roles.
- **Custom roles**: User-defined roles that combine specific permissions for granular access control.
-
-## Basic role permissions
-
-The following table summarizes the default alerting permissions for each basic role.
-
-| Capability                                | Admin | Editor | Viewer |
-| ----------------------------------------- | :---: | :----: | :----: |
-| View alert rules                          |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete alert rules      |   ✓   |   ✓    |        |
-| View silences                             |   ✓   |   ✓    |   ✓    |
-| Create, edit, and expire silences         |   ✓   |   ✓    |        |
-| View contact points and templates         |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete contact points   |   ✓   |   ✓    |        |
-| View notification policies                |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete policies         |   ✓   |   ✓    |        |
-| View mute timings                         |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete timing intervals |   ✓   |   ✓    |        |
-| Access provisioning API                   |   ✓   |   ✓    |        |
-| Export with decrypted secrets             |   ✓   |        |        |
-
-{{< admonition type="note" >}}
-Access to alert rules also requires permission to read the folder containing the rules and permission to query the data sources used in the rules.
-{{< /admonition >}}
-
 ## Permissions

-Grafana Alerting has the following permissions organized by resource type.
+Grafana Alerting has the following permissions.

-### Alert rules
-
-Permissions for managing Grafana-managed alert rules.
-
-| Action               | Applicable scope               | Description                                                                                                                                                                                                                                       |
-| -------------------- | ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `alert.rules:create` | `folders:*`<br>`folders:uid:*` | Create Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query.                               |
-| `alert.rules:read`   | `folders:*`<br>`folders:uid:*` | Read Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                         |
-| `alert.rules:write`  | `folders:*`<br>`folders:uid:*` | Update Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder. To allow query modifications add `datasources:query` in the scope of data sources the user can query. |
-| `alert.rules:delete` | `folders:*`<br>`folders:uid:*` | Delete Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                       |
-
-### External alert rules
-
-Permissions for managing alert rules in external data sources that support alerting.
-
-| Action                       | Applicable scope                       | Description                                                                                    |
-| ---------------------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------- |
-| `alert.rules.external:read`  | `datasources:*`<br>`datasources:uid:*` | Read alert rules in data sources that support alerting (Prometheus, Mimir, and Loki).          |
-| `alert.rules.external:write` | `datasources:*`<br>`datasources:uid:*` | Create, update, and delete alert rules in data sources that support alerting (Mimir and Loki). |
-
-### Alert instances and silences
-
-Permissions for managing alert instances and silences in Grafana.
-
-| Action                   | Applicable scope               | Description                                                                          |
-| ------------------------ | ------------------------------ | ------------------------------------------------------------------------------------ |
-| `alert.instances:read`   | n/a                            | Read alerts and silences in the current organization.                                |
-| `alert.instances:create` | n/a                            | Create silences in the current organization.                                         |
-| `alert.instances:write`  | n/a                            | Update and expire silences in the current organization.                              |
-| `alert.silences:read`    | `folders:*`<br>`folders:uid:*` | Read all general silences and rule-specific silences in a folder and its subfolders. |
-| `alert.silences:create`  | `folders:*`<br>`folders:uid:*` | Create rule-specific silences in a folder and its subfolders.                        |
-| `alert.silences:write`   | `folders:*`<br>`folders:uid:*` | Update and expire rule-specific silences in a folder and its subfolders.             |
-
-### External alert instances
-
-Permissions for managing alert instances in external data sources.
-
-| Action                           | Applicable scope                       | Description                                                       |
-| -------------------------------- | -------------------------------------- | ----------------------------------------------------------------- |
-| `alert.instances.external:read`  | `datasources:*`<br>`datasources:uid:*` | Read alerts and silences in data sources that support alerting.   |
-| `alert.instances.external:write` | `datasources:*`<br>`datasources:uid:*` | Manage alerts and silences in data sources that support alerting. |
-
-### Contact points
-
-Permissions for managing contact points (notification receivers).
-
-| Action                                       | Applicable scope                   | Description                                                                                                 |
-| -------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------------------------------------------------- |
-| `alert.notifications.receivers:list`         | n/a                                | List contact points in the current organization.                                                            |
-| `alert.notifications.receivers:read`         | `receivers:*`<br>`receivers:uid:*` | Read contact points.                                                                                        |
-| `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*` | Export contact points with decrypted secrets.                                                               |
-| `alert.notifications.receivers:create`       | n/a                                | Create a new contact points. The creator is automatically granted full access to the created contact point. |
-| `alert.notifications.receivers:write`        | `receivers:*`<br>`receivers:uid:*` | Update existing contact points.                                                                             |
-| `alert.notifications.receivers:delete`       | `receivers:*`<br>`receivers:uid:*` | Update and delete existing contact points.                                                                  |
-| `alert.notifications.receivers:test`         | `receivers:*`<br>`receivers:uid:*` | Test contact points to verify their configuration.                                                          |
-| `receivers.permissions:read`                 | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points.                                                                        |
-| `receivers.permissions:write`                | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points.                                                                      |
-
-### Notification policies
-
-Permissions for managing notification policies (routing rules).
-
-| Action                             | Applicable scope | Description                                           |
-| ---------------------------------- | ---------------- | ----------------------------------------------------- |
-| `alert.notifications.routes:read`  | n/a              | Read notification policies.                           |
-| `alert.notifications.routes:write` | n/a              | Create new, update, and delete notification policies. |
-
-### Time intervals
-
-Permissions for managing mute time intervals.
-
-| Action                                      | Applicable scope | Description                                        |
-| ------------------------------------------- | ---------------- | -------------------------------------------------- |
-| `alert.notifications.time-intervals:read`   | n/a              | Read mute time intervals.                          |
-| `alert.notifications.time-intervals:write`  | n/a              | Create new or update existing mute time intervals. |
-| `alert.notifications.time-intervals:delete` | n/a              | Delete existing time intervals.                    |
-
-### Templates
-
-Permissions for managing notification templates.
-
-| Action                                     | Applicable scope | Description                                                                     |
-| ------------------------------------------ | ---------------- | ------------------------------------------------------------------------------- |
-| `alert.notifications.templates:read`       | n/a              | Read templates.                                                                 |
-| `alert.notifications.templates:write`      | n/a              | Create new or update existing templates.                                        |
-| `alert.notifications.templates:delete`     | n/a              | Delete existing templates.                                                      |
-| `alert.notifications.templates.test:write` | n/a              | Test templates with custom payloads (preview and payload editor functionality). |
-
-### General notifications
-
-Legacy permissions for managing all notification resources.
-
-| Action                      | Applicable scope | Description                                                                                              |
-| --------------------------- | ---------------- | -------------------------------------------------------------------------------------------------------- |
-| `alert.notifications:read`  | n/a              | Read all templates, contact points, notification policies, and mute timings in the current organization. |
-| `alert.notifications:write` | n/a              | Manage templates, contact points, notification policies, and mute timings in the current organization.   |
-
-### External notifications
-
-Permissions for managing notification resources in external data sources.
-
-| Action                               | Applicable scope                       | Description                                                                                                      |
-| ------------------------------------ | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
-| `alert.notifications.external:read`  | `datasources:*`<br>`datasources:uid:*` | Read templates, contact points, notification policies, and mute timings in data sources that support alerting.   |
-| `alert.notifications.external:write` | `datasources:*`<br>`datasources:uid:*` | Manage templates, contact points, notification policies, and mute timings in data sources that support alerting. |
-
-### Provisioning
-
-Permissions for managing alerting resources via the provisioning API.
-
-| Action                                   | Applicable scope | Description                                                                                                                                                        |
-| ---------------------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `alert.provisioning:read`                | n/a              | Read all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                            |
-| `alert.provisioning.secrets:read`        | n/a              | Same as `alert.provisioning:read` plus ability to export resources with decrypted secrets.                                                                         |
-| `alert.provisioning:write`               | n/a              | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                          |
-| `alert.rules.provisioning:read`          | n/a              | Read Grafana alert rules via provisioning API. More specific than `alert.provisioning:read`.                                                                       |
-| `alert.rules.provisioning:write`         | n/a              | Create, update, and delete Grafana alert rules via provisioning API. More specific than `alert.provisioning:write`.                                                |
-| `alert.notifications.provisioning:read`  | n/a              | Read notification resources (contact points, notification policies, templates, time intervals) via provisioning API. More specific than `alert.provisioning:read`. |
-| `alert.notifications.provisioning:write` | n/a              | Create, update, and delete notification resources via provisioning API. More specific than `alert.provisioning:write`.                                             |
-| `alert.provisioning.provenance:write`    | n/a              | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources.                                       |
+| Action                                       | Applicable scope                       | Description                                                                                                                                                                                                                                       |
+| -------------------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `alert.instances.external:read`              | `datasources:*`<br>`datasources:uid:*` | Read alerts and silences in data sources that support alerting.                                                                                                                                                                                   |
+| `alert.instances.external:write`             | `datasources:*`<br>`datasources:uid:*` | Manage alerts and silences in data sources that support alerting.                                                                                                                                                                                 |
+| `alert.instances:create`                     | n/a                                    | Create silences in the current organization.                                                                                                                                                                                                      |
+| `alert.instances:read`                       | n/a                                    | Read alerts and silences in the current organization.                                                                                                                                                                                             |
+| `alert.instances:write`                      | n/a                                    | Update and expire silences in the current organization.                                                                                                                                                                                           |
+| `alert.notifications.external:read`          | `datasources:*`<br>`datasources:uid:*` | Read templates, contact points, notification policies, and mute timings in data sources that support alerting.                                                                                                                                    |
+| `alert.notifications.external:write`         | `datasources:*`<br>`datasources:uid:*` | Manage templates, contact points, notification policies, and mute timings in data sources that support alerting.                                                                                                                                  |
+| `alert.notifications:write`                  | n/a                                    | Manage templates, contact points, notification policies, and mute timings in the current organization.                                                                                                                                            |
+| `alert.notifications:read`                   | n/a                                    | Read all templates, contact points, notification policies, and mute timings in the current organization.                                                                                                                                          |
+| `alert.rules.external:read`                  | `datasources:*`<br>`datasources:uid:*` | Read alert rules in data sources that support alerting (Prometheus, Mimir, and Loki)                                                                                                                                                              |
+| `alert.rules.external:write`                 | `datasources:*`<br>`datasources:uid:*` | Create, update, and delete alert rules in data sources that support alerting (Mimir and Loki).                                                                                                                                                    |
+| `alert.rules:create`                         | `folders:*`<br>`folders:uid:*`         | Create Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query.                               |
+| `alert.rules:delete`                         | `folders:*`<br>`folders:uid:*`         | Delete Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                       |
+| `alert.rules:read`                           | `folders:*`<br>`folders:uid:*`         | Read Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                         |
+| `alert.rules:write`                          | `folders:*`<br>`folders:uid:*`         | Update Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder. To allow query modifications add `datasources:query` in the scope of data sources the user can query. |
+| `alert.silences:create`                      | `folders:*`<br>`folders:uid:*`         | Create rule-specific silences in a folder and its subfolders.                                                                                                                                                                                     |
+| `alert.silences:read`                        | `folders:*`<br>`folders:uid:*`         | Read all general silences and rule-specific silences in a folder and its subfolders.                                                                                                                                                              |
+| `alert.silences:write`                       | `folders:*`<br>`folders:uid:*`         | Update and expire rule-specific silences in a folder and its subfolders.                                                                                                                                                                          |
+| `alert.provisioning:read`                    | n/a                                    | Read all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                                                                                                           |
+| `alert.provisioning.secrets:read`            | n/a                                    | Same as `alert.provisioning:read` plus ability to export resources with decrypted secrets.                                                                                                                                                        |
+| `alert.provisioning:write`                   | n/a                                    | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                                                                                                         |
+| `alert.provisioning.provenance:write`        | n/a                                    | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources                                                                                                                       |
+| `alert.notifications.receivers:read`         | `receivers:*`<br>`receivers:uid:*`     | Read contact points.                                                                                                                                                                                                                              |
+| `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*`     | Export contact points with decrypted secrets.                                                                                                                                                                                                     |
+| `alert.notifications.receivers:create`       | n/a                                    | Create a new contact points. The creator is automatically granted full access to the created contact point.                                                                                                                                       |
+| `alert.notifications.receivers:write`        | `receivers:*`<br>`receivers:uid:*`     | Update existing contact points.                                                                                                                                                                                                                   |
+| `alert.notifications.receivers:delete`       | `receivers:*`<br>`receivers:uid:*`     | Update and delete existing contact points.                                                                                                                                                                                                        |
+| `receivers.permissions:read`                 | `receivers:*`<br>`receivers:uid:*`     | Read permissions for contact points.                                                                                                                                                                                                              |
+| `receivers.permissions:write`                | `receivers:*`<br>`receivers:uid:*`     | Manage permissions for contact points.                                                                                                                                                                                                            |
+| `alert.notifications.time-intervals:read`    | n/a                                    | Read mute time intervals.                                                                                                                                                                                                                         |
+| `alert.notifications.time-intervals:write`   | n/a                                    | Create new or update existing mute time intervals.                                                                                                                                                                                                |
+| `alert.notifications.time-intervals:delete`  | n/a                                    | Delete existing time intervals.                                                                                                                                                                                                                   |
+| `alert.notifications.templates:read`         | n/a                                    | Read templates.                                                                                                                                                                                                                                   |
+| `alert.notifications.templates:write`        | n/a                                    | Create new or update existing templates.                                                                                                                                                                                                          |
+| `alert.notifications.templates:delete`       | n/a                                    | Delete existing templates.                                                                                                                                                                                                                        |
+| `alert.notifications.templates.test:write`   | n/a                                    | Test templates with custom payloads (preview and payload editor functionality).                                                                                                                                                                   |
+| `alert.notifications.routes:read`            | n/a                                    | Read notification policies.                                                                                                                                                                                                                       |
+| `alert.notifications.routes:write`           | n/a                                    | Create new, update and update notification policies.                                                                                                                                                                                              |

 To help plan your RBAC rollout strategy, refer to [Plan your RBAC rollout strategy](https://grafana.com/docs/grafana/next/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/).
--- a/docs/sources/alerting/set-up/configure-rbac/access-folders/index.md
+++ b/docs/sources/alerting/set-up/configure-rbac/access-folders/index.md
@@ -16,7 +16,7 @@ title: Manage access using folders or data sources
 weight: 200
 ---

-# Manage access using folders or data sources
+## Manage access using folders or data sources

 You can extend the access provided by a role to alert rules and rule-specific silences by assigning permissions to individual folders or data sources.

--- a/docs/sources/alerting/set-up/configure-rbac/access-roles/index.md
+++ b/docs/sources/alerting/set-up/configure-rbac/access-roles/index.md
@@ -55,7 +55,7 @@ Details of the fixed roles and the access they provide for Grafana Alerting are
 | Full read-only access: `fixed:alerting:reader`                                           | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                                                                                               | Read alert rules, alert instances, silences, contact points, and notification policies in Grafana and external providers.                                |
 | Read via Provisioning API + Export Secrets: `fixed:alerting.provisioning.secrets:reader` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                                                                                                 | Read alert rules, alert instances, silences, contact points, and notification policies using the provisioning API and use export with decrypted secrets. |
 | Access to alert rules provisioning API: `fixed:alerting.provisioning:writer`             | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                                                                                        | Manage all alert rules, notification policies, contact points, templates, in the organization using the provisioning API.                                |
-| Set provisioning status: `fixed:alerting.provisioning.provenance:writer`                 | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                                                                                           | Set provisioning rules for Alerting resources. Should be used together with other regular roles (Notifications Writer and/or Rules Writer.)              |
+| Set provisioning status: `fixed:alerting.provisioning.status:writer`                     | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                                                                                           | Set provisioning rules for Alerting resources. Should be used together with other regular roles (Notifications Writer and/or Rules Writer.)              |
 | Contact Point Reader: `fixed:alerting.receivers:reader`                                  | `alert.notifications.receivers:read` for scope `receivers:*`                                                                                                                                                                                                                                                                                    | Read all contact points.                                                                                                                                 |
 | Contact Point Creator: `fixed:alerting.receivers:creator`                                | `alert.notifications.receivers:create`                                                                                                                                                                                                                                                                                                          | Create a new contact point. The user is automatically granted full access to the created contact point.                                                  |
 | Contact Point Writer: `fixed:alerting.receivers:writer`                                  | `alert.notifications.receivers:read`, `alert.notifications.receivers:write`, `alert.notifications.receivers:delete` for scope `receivers:*` and <br> `alert.notifications.receivers:create`                                                                                                                                                     | Create a new contact point and manage all existing contact points.                                                                                       |
@@ -63,8 +63,8 @@ Details of the fixed roles and the access they provide for Grafana Alerting are
 | Templates Writer: `fixed:alerting.templates:writer`                                      | `alert.notifications.templates:read`, `alert.notifications.templates:write`, `alert.notifications.templates:delete`, `alert.notifications.templates.test:write`                                                                                                                                                                                 | Create new and manage existing notification templates. Test templates with custom payloads.                                                              |
 | Time Intervals Reader: `fixed:alerting.time-intervals:reader`                            | `alert.notifications.time-intervals:read`                                                                                                                                                                                                                                                                                                       | Read all time intervals.                                                                                                                                 |
 | Time Intervals Writer: `fixed:alerting.time-intervals:writer`                            | `alert.notifications.time-intervals:read`, `alert.notifications.time-intervals:write`, `alert.notifications.time-intervals:delete`                                                                                                                                                                                                              | Create new and manage existing time intervals.                                                                                                           |
-| Notification Policies Reader: `fixed:alerting.routes:reader`                             | `alert.notifications.routes:read`                                                                                                                                                                                                                                                                                                               | Read all notification policies.                                                                                                                          |
-| Notification Policies Writer: `fixed:alerting.routes:writer`                             | `alert.notifications.routes:read`<br>`alert.notifications.routes:write`                                                                                                                                                                                                                                                                         | Create new and manage existing notification policies.                                                                                                    |
+| Notification Policies Reader: `fixed:alerting.routes:reader`                             | `alert.notifications.routes:read`                                                                                                                                                                                                                                                                                                               | Read all time intervals.                                                                                                                                 |
+| Notification Policies Writer: `fixed:alerting.routes:writer`                             | `alert.notifications.routes:read` `alert.notifications.routes:write`                                                                                                                                                                                                                                                                            | Create new and manage existing time intervals.                                                                                                           |

 ## Create custom roles

--- a/docs/sources/alerting/set-up/configure-roles/index.md
+++ b/docs/sources/alerting/set-up/configure-roles/index.md
@@ -16,27 +16,25 @@ weight: 150

 # Configure roles and permissions

-This guide explains how to configure roles and permissions for Grafana Alerting for Grafana OSS users. You'll learn how to manage access using roles, folder permissions, and contact point permissions.
-
 A user is any individual who can log in to Grafana. Each user is associated with a role that includes permissions. Permissions determine the tasks a user can perform in the system. For example, the Admin role includes permissions for an administrator to create and delete users.

 For more information, refer to [Organization roles](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#organization-roles).

 ## Manage access using roles

-Grafana OSS has three roles: Admin, Editor, and Viewer.
+For Grafana OSS, there are three roles: Admin, Editor, and Viewer.

-The following table describes the access each role provides for Grafana Alerting.
+Details of the roles and the access they provide for Grafana Alerting are below.

-| Role   | Access                                                                                                                                                                                             |
-| ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Viewer | Read access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences).                                             |
-| Editor | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning.                          |
-| Admin  | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning, as well as assign roles. |
+| Role   | Access                                                                                                                                                                    |
+| ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Admin  | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning. |
+| Editor | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning. |
+| Viewer | Read access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences).                    |

 ## Assign roles

-To assign roles, an admin needs to complete the following steps.
+To assign roles, admins need to complete the following steps.

 1. Navigate to **Administration** > **Users and access** > **Users, Teams, or Service Accounts**.
 1. Search for the user, team or service account you want to add a role for.
@@ -60,30 +58,32 @@ Refer to the following table for details on the additional access provided by fo
 You can't use folders to customize access to notification resources.
 {{< /admonition >}}

-To manage folder permissions, complete the following steps:
+To manage folder permissions, complete the following steps.

 1. In the left-side menu, click **Dashboards**.
 1. Hover your mouse cursor over a folder and click **Go to folder**.
 1. Click **Manage permissions** from the Folder actions menu.
 1. Update or add permissions as required.

-## Manage access to contact points
+## Manage access using contact point permissions

-Extend or limit the access provided by a role to contact points by assigning permissions to individual contact points.
+### Before you begin
+
+Extend or limit the access provided by a role to contact points by assigning permissions to individual contact point.

 This allows different users, teams, or service accounts to have customized access to read or modify specific contact points.

 Refer to the following table for details on the additional access provided by contact point permissions.

-| Contact point permission | Additional Access                                                                                                                             |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| View                     | View and export contact point as well as select it on the Alert rule edit page                                                                |
-| Edit                     | Update or delete the contact point                                                                                                            |
-| Admin                    | Same additional access as Edit and manage permissions for the contact point. User should have additional permissions to read users and teams. |
+| Folder permission | Additional Access                                                                                                                             |
+| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
+| View              | View and export contact point as well as select it on the Alert rule edit page                                                                |
+| Edit              | Update or delete the contact point                                                                                                            |
+| Admin             | Same additional access as Edit and manage permissions for the contact point. User should have additional permissions to read users and teams. |

-### Assign contact point permissions
+### Steps

-To manage contact point permissions, complete the following steps:
+To contact point permissions, complete the following steps.

 1. In the left-side menu, click **Contact points**.
 1. Hover your mouse cursor over a contact point and click **More**.
--- a/docs/sources/as-code/infrastructure-as-code/terraform/terraform-plugins.md
+++ b/docs/sources/as-code/infrastructure-as-code/terraform/terraform-plugins.md
@@ -24,7 +24,7 @@ Before you begin, you should have the following available:
 - Administrator permissions in your Grafana instance; for more information on assigning Grafana RBAC roles, refer to [Assign RBAC roles](/docs/grafana-cloud/security-and-account-management/authentication-and-permissions/access-control/assign-rbac-roles/).

 {{< admonition type="note" >}}
-Save all of the following Terraform configuration files in the same directory.
+All of the following Terraform configuration files should be saved in the same directory.
 {{< /admonition >}}

 ## Configure the Grafana provider
--- a/docs/sources/datasources/azure-monitor/_index.md
+++ b/docs/sources/datasources/azure-monitor/_index.md
@@ -3,6 +3,7 @@ aliases:
  - ../data-sources/azure-monitor/
  - ../features/datasources/azuremonitor/
  - azuremonitor/
+  - azuremonitor/deprecated-application-insights/
 description: Guide for using Azure Monitor in Grafana
 keywords:
  - grafana
@@ -22,7 +23,6 @@ labels:
 menuTitle: Azure Monitor
 title: Azure Monitor data source
 weight: 300
-last_reviewed: 2025-12-04
 refs:
  configure-grafana-feature-toggles:
    - pattern: /docs/grafana/
@@ -49,11 +49,6 @@ refs:
      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/
    - pattern: /docs/grafana-cloud/
      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/
-  transform-data:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/panels-visualizations/query-transform-data/transform-data/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/panels-visualizations/query-transform-data/transform-data/
  configure-grafana-azure:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#azure
@@ -68,98 +63,295 @@ refs:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-access/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
-  configure-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-  query-editor-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-  template-variables-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-  alerting-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/alerting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/alerting/
-  troubleshooting-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-  annotations-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/annotations/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/annotations/
+      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-access/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
 ---

 # Azure Monitor data source

-The Azure Monitor data source plugin allows you to query and visualize data from Azure Monitor, the Azure service to maximize the availability and performance of applications and services in the Azure Cloud.
+Grafana ships with built-in support for Azure Monitor, the Azure service to maximize the availability and performance of applications and services in the Azure Cloud.
+This topic explains configuring and querying specific to the Azure Monitor data source.

-## Supported Azure clouds
+For instructions on how to add a data source to Grafana, refer to the [administration documentation](ref:data-source-management).
+Only users with the organization administrator role can add data sources.

-The Azure Monitor data source supports the following Azure cloud environments:
+Once you've added the Azure Monitor data source, you can [configure it](#configure-the-data-source) so that your Grafana instance's users can create queries in its [query editor](query-editor/) when they [build dashboards](ref:build-dashboards) and use [Explore](ref:explore).

- **Azure** - Azure public cloud (default)
- **Azure US Government** - Azure Government cloud
- **Azure China** - Azure China cloud operated by 21Vianet
+The Azure Monitor data source supports visualizing data from four Azure services:

-## Supported Azure services
+- **Azure Monitor Metrics:** Collect numeric data from resources in your Azure account.
+- **Azure Monitor Logs:** Collect log and performance data from your Azure account, and query using the Kusto Query Language (KQL).
+- **Azure Resource Graph:** Query your Azure resources across subscriptions.
+- **Azure Monitor Application Insights:** Collect trace logging data and other application performance metrics.

-The Azure Monitor data source supports the following Azure services:
+## Configure the data source

-| Service                         | Description                                                                                                                 |
-| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
-| **Azure Monitor Metrics**       | Collect numeric data from resources in your Azure account. Supports dimensions, aggregations, and time grain configuration. |
-| **Azure Monitor Logs**          | Collect log and performance data from your Azure account using the Kusto Query Language (KQL).                              |
-| **Azure Resource Graph**        | Query your Azure resources across subscriptions using KQL. Useful for inventory, compliance, and resource management.       |
-| **Application Insights Traces** | Collect distributed trace data and correlate requests across your application components.                                   |
+**To access the data source configuration page:**

-## Get started
+1. Click **Connections** in the left-side menu.
+1. Under Your connections, click **Data sources**.
+1. Enter `Azure Monitor` in the search bar.
+1. Click **Azure Monitor**.

-The following documents will help you get started with the Azure Monitor data source:
+   The **Settings** tab of the data source is displayed.

- [Configure the Azure Monitor data source](ref:configure-azure-monitor) - Set up authentication and connect to Azure
- [Azure Monitor query editor](ref:query-editor-azure-monitor) - Create and edit queries for Metrics, Logs, Traces, and Resource Graph
- [Template variables](ref:template-variables-azure-monitor) - Create dynamic dashboards with Azure Monitor variables
- [Alerting](ref:alerting-azure-monitor) - Create alert rules using Azure Monitor data
- [Troubleshooting](ref:troubleshooting-azure-monitor) - Solve common configuration and query errors
+### Configure Azure Active Directory (AD) authentication

-## Additional features
+You must create an app registration and service principal in Azure AD to authenticate the data source.
+For configuration details, refer to the [Azure documentation for service principals](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in).

-After you have configured the Azure Monitor data source, you can:
+The app registration you create must have the `Reader` role assigned on the subscription.
+For more information, refer to [Azure documentation for role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current).

- Add [Annotations](ref:annotations-azure-monitor) to overlay Azure log events on your graphs.
- Configure and use [Template variables](ref:template-variables-azure-monitor) for dynamic dashboards.
- Add [Transformations](ref:transform-data) to manipulate query results.
- Set up [Alerting](ref:alerting-azure-monitor) and recording rules using Metrics, Logs, Traces, and Resource Graph queries.
- Use [Explore](ref:explore) to investigate your Azure data without building a dashboard.
+If you host Grafana in Azure, such as in App Service or Azure Virtual Machines, you can configure the Azure Monitor data source to use Managed Identity for secure authentication without entering credentials into Grafana.
+For details, refer to [Configuring using Managed Identity](#configuring-using-managed-identity).

-## Pre-built dashboards
+You can configure the Azure Monitor data source to use Workload Identity for secure authentication without entering credentials into Grafana if you host Grafana in a Kubernetes environment, such as AKS, and require access to Azure resources.
+For details, refer to [Configuring using Workload Identity](#configuring-using-workload-identity).

-The Azure Monitor plugin includes the following pre-built dashboards:
+| Name                        | Description                                                                                                                                                                                                                                                                                           |
+| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Authentication**          | Enables Managed Identity. Selecting Managed Identity hides many of the other fields. For details, see [Configuring using Managed Identity](#configuring-using-managed-identity).                                                                                                                      |
+| **Azure Cloud**             | Sets the national cloud for your Azure account. For most users, this is the default "Azure". For details, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-national-cloud).                                                               |
+| **Directory (tenant) ID**   | Sets the directory/tenant ID for the Azure AD app registration to use for authentication. For details, see the [Azure tenant and app ID docs](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in).     |
+| **Application (client) ID** | Sets the application/client ID for the Azure AD app registration to use for authentication.                                                                                                                                                                                                           |
+| **Client secret**           | Sets the application client secret for the Azure AD app registration to use for authentication. For details, see the [Azure application secret docs](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret). |
+| **Default subscription**    | _(Optional)_ Sets a default subscription for template variables to use.                                                                                                                                                                                                                               |
+| **Enable Basic Logs**       | Allows this data source to execute queries against [Basic Logs tables](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-query?tabs=portal-1) in supported Log Analytics Workspaces. These queries may incur additional costs.                                                    |

- **Azure Monitor Overview** - Displays key metrics across your Azure subscriptions and resources.
- **Azure Storage Account** - Shows storage account metrics including availability, latency, and transactions.
+### Provision the data source

-To import a pre-built dashboard:
+You can define and configure the data source in YAML files as part of Grafana's provisioning system.
+For more information about provisioning, and for available configuration options, refer to [Provisioning Grafana](ref:provisioning-data-sources).

-1. Go to **Connections** > **Data sources**.
-1. Select your Azure Monitor data source.
-1. Click the **Dashboards** tab.
-1. Click **Import** next to the dashboard you want to use.
+#### Provisioning examples

-## Related resources
+**Azure AD App Registration (client secret):**

- [Azure Monitor documentation](https://docs.microsoft.com/en-us/azure/azure-monitor/)
- [Kusto Query Language (KQL) reference](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/)
- [Grafana community forum](https://community.grafana.com/)
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: clientsecret
+      cloudName: azuremonitor # See table below
+      tenantId: <tenant-id>
+      clientId: <client-id>
+      subscriptionId: <subscription-id> # Optional, default subscription
+    secureJsonData:
+      clientSecret: <client-secret>
+    version: 1
+```
+
+**Managed Identity:**
+
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: msi
+      subscriptionId: <subscription-id> # Optional, default subscription
+    version: 1
+```
+
+**Workload Identity:**
+
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: workloadidentity
+      subscriptionId: <subscription-id> # Optional, default subscription
+    version: 1
+```
+
+**Current User:**
+
+{{< admonition type="note" >}}
+The `oauthPassThru` property is required for current user authentication to function.
+Additionally, `disableGrafanaCache` is necessary to prevent the data source returning cached responses for resources users don't have access to.
+{{< /admonition >}}
+
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: currentuser
+      oauthPassThru: true
+      disableGrafanaCache: true
+      subscriptionId: <subscription-id> # Optional, default subscription
+    version: 1
+```
+
+#### Supported cloud names
+
+| Azure Cloud                          | `cloudName` Value          |
+| ------------------------------------ | -------------------------- |
+| **Microsoft Azure public cloud**     | `azuremonitor` (_Default_) |
+| **Microsoft Chinese national cloud** | `chinaazuremonitor`        |
+| **US Government cloud**              | `govazuremonitor`          |
+
+{{< admonition type="note" >}}
+Cloud names for current user authentication differ to the `cloudName` values in the preceding table.
+The public cloud name is `AzureCloud`, the Chinese national cloud name is `AzureChinaCloud`, and the US Government cloud name is `AzureUSGovernment`.
+{{< /admonition >}}
+
+### Configure Managed Identity
+
+{{< admonition type="note" >}}
+Managed Identity is available only in [Azure Managed Grafana](https://azure.microsoft.com/en-us/products/managed-grafana) or Grafana OSS/Enterprise when deployed in Azure. It is not available in Grafana Cloud.
+{{< /admonition >}}
+
+You can use managed identity to configure Azure Monitor in Grafana if you host Grafana in Azure (such as an App Service or with Azure Virtual Machines) and have managed identity enabled on your VM.
+This lets you securely authenticate data sources without manually configuring credentials via Azure AD App Registrations.
+For details on Azure managed identities, refer to the [Azure documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview).
+
+**To enable managed identity for Grafana:**
+
+1. Set the `managed_identity_enabled` flag in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure).
+
+   ```ini
+   [azure]
+   managed_identity_enabled = true
+   ```
+
+2. In the Azure Monitor data source configuration, set **Authentication** to **Managed Identity**.
+
+   This hides the directory ID, application ID, and client secret fields, and the data source uses managed identity to authenticate to Azure Monitor Metrics and Logs, and Azure Resource Graph.
+
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-managed-identity-2.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Managed Identity authentication" >}}
+
+3. You can set the `managed_identity_client_id` field in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure) to allow a user-assigned managed identity to be used instead of the default system-assigned identity.
+
+```ini
+[azure]
+managed_identity_enabled = true
+managed_identity_client_id = USER_ASSIGNED_IDENTITY_CLIENT_ID
+```
+
+### Configure Workload Identity
+
+You can use workload identity to configure Azure Monitor in Grafana if you host Grafana in a Kubernetes environment, such as AKS, in conjunction with managed identities.
+This lets you securely authenticate data sources without manually configuring credentials via Azure AD App Registrations.
+For details on workload identity, refer to the [Azure workload identity documentation](https://azure.github.io/azure-workload-identity/docs/).
+
+**To enable workload identity for Grafana:**
+
+1. Set the `workload_identity_enabled` flag in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure).
+
+   ```ini
+   [azure]
+   workload_identity_enabled = true
+   ```
+
+2. In the Azure Monitor data source configuration, set **Authentication** to **Workload Identity**.
+
+   This hides the directory ID, application ID, and client secret fields, and the data source uses workload identity to authenticate to Azure Monitor Metrics and Logs, and Azure Resource Graph.
+
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-workload-identity.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Workload Identity authentication" >}}
+
+3. There are additional configuration variables that can control the authentication method.`workload_identity_tenant_id` represents the Azure AD tenant that contains the managed identity, `workload_identity_client_id` represents the client ID of the managed identity if it differs from the default client ID, `workload_identity_token_file` represents the path to the token file. Refer to the [documentation](https://azure.github.io/azure-workload-identity/docs/) for more information on what values these variables should use, if any.
+
+   ```ini
+   [azure]
+   workload_identity_enabled = true
+   workload_identity_tenant_id = IDENTITY_TENANT_ID
+   workload_identity_client_id = IDENTITY_CLIENT_ID
+   workload_identity_token_file = TOKEN_FILE_PATH
+   ```
+
+### Configure Current User authentication
+
+{{< admonition type="note" >}}
+Current user authentication is an [experimental feature](/docs/release-life-cycle). Engineering and on-call support is not available. Documentation is either limited or not provided outside of code comments. No SLA is provided. Contact Grafana Support to enable this feature in Grafana Cloud. Aspects of Grafana may not work as expected when using this authentication method.
+{{< /admonition >}}
+
+If your Grafana instance is configured with Azure Entra (formerly Active Directory) authentication for login, this authentication method can be used to forward the currently logged in user's credentials to the data source. The users credentials will then be used when requesting data from the data source. For details on how to configure your Grafana instance using Azure Entra refer to the [documentation](ref:configure-grafana-azure-auth).
+
+{{< admonition type="note" >}}
+Additional configuration is required to ensure that the App Registration used to login a user via Azure provides an access token with the permissions required by the data source.
+
+The App Registration must be configured to issue both **Access Tokens** and **ID Tokens**.
+
+1. In the Azure Portal, open the App Registration that requires configuration.
+2. Select **Authentication** in the side menu.
+3. Under **Implicit grant and hybrid flows** check both the **Access tokens** and **ID tokens** boxes.
+4. Save the changes to ensure the App Registration is updated.
+
+The App Registration must also be configured with additional **API Permissions** to provide authenticated users with access to the APIs utilised by the data source.
+
+1. In the Azure Portal, open the App Registration that requires configuration.
+1. Select **API Permissions** in the side menu.
+1. Ensure the `openid`, `profile`, `email`, and `offline_access` permissions are present under the **Microsoft Graph** section. If not, they must be added.
+1. Select **Add a permission** and choose the following permissions. They must be added individually. Refer to the [Azure documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis) for more information.
+   - Select **Azure Service Management** > **Delegated permissions** > `user_impersonation` > **Add permissions**
+   - Select **APIs my organization uses** > Search for **Log Analytics API** and select it > **Delegated permissions** > `Date.Read` > **Add permissions**
+
+Once all permissions have been added, the Azure authentication section in Grafana must be updated. The `scopes` section must be updated to include the `.default` scope to ensure that a token with access to all APIs declared on the App Registration is requested by Grafana. Once updated the scopes value should equal: `.default openid email profile`.
+{{< /admonition >}}
+
+This method of authentication doesn't inherently support all backend functionality as a user's credentials won't be in scope.
+Affected functionality includes alerting, reporting, and recorded queries.
+In order to support backend queries when using a data source configured with current user authentication, you can configure service credentials.
+Also, note that query and resource caching is disabled by default for data sources using current user authentication.
+
+{{< admonition type="note" >}}
+To configure fallback service credentials the [feature toggle](ref:configure-grafana-feature-toggles) `idForwarding` must be set to `true` and `user_identity_fallback_credentials_enabled` must be enabled in the [Azure configuration section](ref:configure-grafana-azure) (enabled by default when `user_identity_enabled` is set to `true`).
+{{< /admonition >}}
+
+Permissions for fallback credentials may need to be broad to appropriately support backend functionality.
+For example, an alerting query created by a user is dependent on their permissions.
+If a user tries to create an alert for a resource that the fallback credentials can't access, the alert will fail.
+
+**To enable current user authentication for Grafana:**
+
+1. Set the `user_identity_enabled` flag in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure).
+   By default this will also enable fallback service credentials.
+   If you want to disable service credentials at the instance level set `user_identity_fallback_credentials_enabled` to false.
+
+   ```ini
+   [azure]
+   user_identity_enabled = true
+   ```
+
+1. In the Azure Monitor data source configuration, set **Authentication** to **Current User**.
+   If fallback service credentials are enabled at the instance level, an additional configuration section is visible that you can use to enable or disable using service credentials for this data source.
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-current-user.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Current User authentication" >}}
+
+1. If you want backend functionality to work with this data source, enable service credentials and configure the data source using the most applicable credentials for your circumstances.
+
+## Query the data source
+
+The Azure Monitor data source can query data from Azure Monitor Metrics and Logs, the Azure Resource Graph, and Application Insights Traces. Each source has its own specialized query editor.
+
+For details, see the [query editor documentation](query-editor/).
+
+## Use template variables
+
+Instead of hard-coding details such as server, application, and sensor names in metric queries, you can use variables.
+Grafana lists these variables in dropdown select boxes at the top of the dashboard to help you change the data displayed in your dashboard.
+Grafana refers to such variables as template variables.
+
+For details, see the [template variables documentation](template-variables/).
+
+## Application Insights and Insights Analytics (removed)
+
+Until Grafana v8.0, you could query the same Azure Application Insights data using Application Insights and Insights Analytics.
+
+These queries were deprecated in Grafana v7.5. In Grafana v8.0, Application Insights and Insights Analytics were made read-only in favor of querying this data through Metrics and Logs. These query methods were completely removed in Grafana v9.0.
+
+If you're upgrading from a Grafana version prior to v9.0 and relied on Application Insights and Analytics queries, refer to the [Grafana v9.0 documentation](/docs/grafana/v9.0/datasources/azuremonitor/deprecated-application-insights/) for help migrating these queries to Metrics and Logs queries.
--- a/docs/sources/datasources/azure-monitor/alerting/index.md
+++ b/docs/sources/datasources/azure-monitor/alerting/index.md
@@ -1,262 +0,0 @@
---
-aliases:
-  - ../../data-sources/azure-monitor/alerting/
-description: Set up alerts using Azure Monitor data in Grafana
-keywords:
-  - grafana
-  - azure
-  - monitor
-  - alerting
-  - alerts
-  - metrics
-  - logs
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Alerting
-title: Azure Monitor alerting
-weight: 500
-refs:
-  alerting:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/
-  alerting-fundamentals:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/
-  create-alert-rule:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-grafana-managed-rule/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-grafana-managed-rule/
-  grafana-managed-recording-rules:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-recording-rules/create-grafana-managed-recording-rules/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-recording-rules/create-grafana-managed-recording-rules/
-  configure-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-  query-editor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-  troubleshoot:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
---
-
-# Azure Monitor alerting
-
-The Azure Monitor data source supports [Grafana Alerting](ref:alerting) and [Grafana-managed recording rules](ref:grafana-managed-recording-rules), allowing you to create alert rules based on Azure metrics, logs, traces, and resource data. You can monitor your Azure environment and receive notifications when specific conditions are met.
-
-## Before you begin
-
- Ensure you have the appropriate permissions to create alert rules in Grafana.
- Verify your Azure Monitor data source is configured and working correctly.
- Familiarize yourself with [Grafana Alerting concepts](ref:alerting-fundamentals).
- **Important**: Verify your data source uses a supported authentication method. Refer to [Authentication requirements](#authentication-requirements).
-
-## Supported query types for alerting
-
-All Azure Monitor query types support alerting and recording rules:
-
-| Query type           | Use case                                           | Notes                                                    |
-| -------------------- | -------------------------------------------------- | -------------------------------------------------------- |
-| Metrics              | Threshold-based alerts on Azure resource metrics   | Best suited for alerting; returns time-series data       |
-| Logs                 | Alert on log patterns, error counts, or thresholds | Use KQL to aggregate data into numeric values            |
-| Azure Resource Graph | Alert on resource state or configuration changes   | Use count aggregations to return numeric data            |
-| Traces               | Alert on trace data and application performance    | Use aggregations to return numeric values for evaluation |
-
-{{< admonition type="note" >}}
-Alert queries must return numeric data that Grafana can evaluate against a threshold. Queries that return only text or non-numeric data cannot be used directly for alerting.
-{{< /admonition >}}
-
-## Authentication requirements
-
-Alerting and recording rules run as background processes without a user context. This means they require service-level authentication and don't work with all authentication methods.
-
-| Authentication method            | Supported                             |
-| -------------------------------- | ------------------------------------- |
-| App Registration (client secret) | ✓                                     |
-| Managed Identity                 | ✓                                     |
-| Workload Identity                | ✓                                     |
-| Current User                     | ✓ (with fallback service credentials) |
-
-{{< admonition type="note" >}}
-If you use **Current User** authentication, you must configure **fallback service credentials** for alerting and recording rules to function. User credentials aren't available for background operations, so Grafana uses the fallback credentials instead. Refer to [configure the data source](ref:configure-azure-monitor) for details on setting up fallback credentials.
-{{< /admonition >}}
-
-## Create an alert rule
-
-To create an alert rule using Azure Monitor data:
-
-1. Go to **Alerting** > **Alert rules**.
-1. Click **New alert rule**.
-1. Enter a name for your alert rule.
-1. In the **Define query and alert condition** section:
-   - Select your Azure Monitor data source.
-   - Configure your query (for example, a Metrics query for CPU usage or a Logs query using KQL).
-   - Add a **Reduce** expression if your query returns multiple series.
-   - Add a **Threshold** expression to define the alert condition.
-1. Configure the **Set evaluation behavior**:
-   - Select or create a folder and evaluation group.
-   - Set the evaluation interval (how often the alert is checked).
-   - Set the pending period (how long the condition must be true before firing).
-1. Add labels and annotations to provide context for notifications.
-1. Click **Save rule**.
-
-For detailed instructions, refer to [Create a Grafana-managed alert rule](ref:create-alert-rule).
-
-## Example: VM CPU usage alert
-
-This example creates an alert that fires when virtual machine CPU usage exceeds 80%:
-
-1. Create a new alert rule.
-1. Configure the query:
-   - **Service**: Metrics
-   - **Resource**: Select your virtual machine
-   - **Metric namespace**: `Microsoft.Compute/virtualMachines`
-   - **Metric**: `Percentage CPU`
-   - **Aggregation**: `Average`
-1. Add expressions:
-   - **Reduce**: Last (to get the most recent data point)
-   - **Threshold**: Is above 80
-1. Set evaluation to run every 1 minute with a 5-minute pending period.
-1. Save the rule.
-
-## Example: Error log count alert
-
-This example alerts when error logs exceed a threshold using a KQL query:
-
-1. Create a new alert rule.
-1. Configure the query:
-   - **Service**: Logs
-   - **Resource**: Select your Log Analytics workspace
-   - **Query**:
-     ```kusto
-     AppExceptions
-     | where TimeGenerated > ago(5m)
-     | summarize ErrorCount = count() by bin(TimeGenerated, 1m)
-     ```
-1. Add expressions:
-   - **Reduce**: Max (to get the highest count in the period)
-   - **Threshold**: Is above 10
-1. Set evaluation to run every 5 minutes.
-1. Save the rule.
-
-## Example: Resource count alert
-
-This example alerts when the number of running virtual machines drops below a threshold using Azure Resource Graph:
-
-1. Create a new alert rule.
-1. Configure the query:
-   - **Service**: Azure Resource Graph
-   - **Subscriptions**: Select your subscriptions
-   - **Query**:
-
-     ```kusto
-     resources
-     | where type == "microsoft.compute/virtualmachines"
-     | where properties.extended.instanceView.powerState.displayStatus == "VM running"
-     | summarize RunningVMs = count()
-     ```
-
-1. Add expressions:
-   - **Reduce**: Last
-   - **Threshold**: Is below 3
-1. Set evaluation to run every 5 minutes.
-1. Save the rule.
-
-## Best practices
-
-Follow these recommendations to create reliable and efficient alerts with Azure Monitor data.
-
-### Use appropriate query intervals
-
- Set the alert evaluation interval to be greater than or equal to the minimum data resolution from Azure Monitor.
- Azure Monitor Metrics typically have 1-minute granularity at minimum.
- Avoid very short intervals (less than 1 minute) as they may cause evaluation timeouts or miss data points.
-
-### Reduce multiple series
-
-When your Azure Monitor query returns multiple time series (for example, CPU usage across multiple VMs), use the **Reduce** expression to aggregate them:
-
- **Last**: Use the most recent value
- **Mean**: Average across all series
- **Max/Min**: Use the highest or lowest value
- **Sum**: Total across all series
-
-### Optimize Log Analytics queries
-
-For Logs queries used in alerting:
-
- Use `summarize` to aggregate data into numeric values.
- Include appropriate time filters using `ago()` or `TimeGenerated`.
- Avoid returning large result sets; aggregate data in the query.
- Test queries in Explore before using them in alert rules.
-
-### Handle no data conditions
-
-Configure what happens when no data is returned:
-
-1. In the alert rule, find **Configure no data and error handling**.
-1. Choose an appropriate action:
-   - **No Data**: Keep the alert in its current state
-   - **Alerting**: Treat no data as an alert condition
-   - **OK**: Treat no data as a healthy state
-
-### Test queries before alerting
-
-Always verify your query returns expected data before creating an alert:
-
-1. Go to **Explore**.
-1. Select your Azure Monitor data source.
-1. Run the query you plan to use for alerting.
-1. Confirm the data format and values are correct.
-1. Verify the query returns numeric data suitable for threshold evaluation.
-
-## Troubleshooting
-
-If your Azure Monitor alerts aren't working as expected, use the following sections to diagnose and resolve common issues.
-
-### Alerts not firing
-
- Verify the data source uses a supported authentication method. If using Current User authentication, ensure fallback service credentials are configured.
- Check that the query returns numeric data in Explore.
- Ensure the evaluation interval allows enough time for data to be available.
- Review the alert rule's health and any error messages in the Alerting UI.
-
-### Authentication errors in alert evaluation
-
-If you see authentication errors when alerts evaluate:
-
- Confirm the data source is configured with App Registration, Managed Identity, Workload Identity, or Current User with fallback service credentials.
- If using App Registration, verify the client secret hasn't expired.
- If using Current User, verify that fallback service credentials are configured and valid.
- Check that the service principal has appropriate permissions on Azure resources.
-
-### Query timeout errors
-
- Simplify complex KQL queries.
- Reduce the time range in Log Analytics queries.
- Add more specific filters to narrow result sets.
-
-For additional troubleshooting help, refer to [Troubleshoot Azure Monitor](ref:troubleshoot).
-
-## Additional resources
-
- [Grafana Alerting documentation](ref:alerting)
- [Create alert rules](ref:create-alert-rule)
- [Azure Monitor query editor](ref:query-editor)
- [Grafana-managed recording rules](ref:grafana-managed-recording-rules)
--- a/docs/sources/datasources/azure-monitor/annotations/index.md
+++ b/docs/sources/datasources/azure-monitor/annotations/index.md
@@ -1,218 +0,0 @@
---
-aliases:
-  - ../../data-sources/azure-monitor/annotations/
-description: Use annotations with the Azure Monitor data source in Grafana
-keywords:
-  - grafana
-  - azure
-  - monitor
-  - annotations
-  - events
-  - logs
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Annotations
-title: Azure Monitor annotations
-weight: 450
-refs:
-  annotate-visualizations:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/annotate-visualizations/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/annotate-visualizations/
-  query-editor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
---
-
-# Azure Monitor annotations
-
-[Annotations](ref:annotate-visualizations) overlay rich event information on top of graphs. You can use Azure Monitor Log Analytics queries to create annotations that mark important events, deployments, alerts, or other significant occurrences on your dashboards.
-
-## Before you begin
-
- Ensure you have configured the Azure Monitor data source.
- You need access to a Log Analytics workspace containing the data you want to use for annotations.
- Annotations use Log Analytics (KQL) queries only. Metrics, Traces, and Azure Resource Graph queries are not supported for annotations.
-
-## Create an annotation query
-
-To add an Azure Monitor annotation to a dashboard:
-
-1. Open the dashboard where you want to add annotations.
-1. Click **Dashboard settings** (gear icon) in the top navigation.
-1. Select **Annotations** in the left menu.
-1. Click **Add annotation query**.
-1. Enter a **Name** for the annotation (e.g., "Azure Activity", "Deployments").
-1. Select your **Azure Monitor** data source.
-1. Choose the **Logs** service.
-1. Select a **Resource** (Log Analytics workspace or Application Insights resource).
-1. Write a KQL query that returns the annotation data.
-1. Click **Apply** to save.
-
-## Query requirements
-
-Your KQL query should return columns that Grafana can use to create annotations:
-
-| Column             | Required    | Description                                                                                      |
-| ------------------ | ----------- | ------------------------------------------------------------------------------------------------ |
-| `TimeGenerated`    | Yes         | The timestamp for the annotation. Grafana uses this to position the annotation on the time axis. |
-| `Text`             | Recommended | The annotation text displayed when you hover over or click the annotation.                       |
-| Additional columns | Optional    | Any other columns returned become annotation tags.                                               |
-
-{{< admonition type="note" >}}
-Always include a time filter in your query to limit results to the dashboard's time range. Use the `$__timeFilter()` macro.
-{{< /admonition >}}
-
-## Annotation query examples
-
-The following examples demonstrate common annotation use cases.
-
-### Azure Activity Log events
-
-Display Azure Activity Log events such as resource modifications, deployments, and administrative actions:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where Level == "Error" or Level == "Warning" or CategoryValue == "Administrative"
-| project TimeGenerated, Text=OperationNameValue, Level, ResourceGroup, Caller
-| order by TimeGenerated desc
-| take 100
-```
-
-### Deployment events
-
-Show deployment-related activity:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where OperationNameValue contains "deployments"
-| project TimeGenerated, Text=strcat("Deployment: ", OperationNameValue), Status=ActivityStatusValue, ResourceGroup
-| order by TimeGenerated desc
-```
-
-### Application Insights exceptions
-
-Mark application exceptions as annotations:
-
-```kusto
-AppExceptions
-| where $__timeFilter(TimeGenerated)
-| project TimeGenerated, Text=strcat(ProblemId, ": ", OuterMessage), SeverityLevel, AppRoleName
-| order by TimeGenerated desc
-| take 50
-```
-
-### Custom events from Application Insights
-
-Display custom events logged by your application:
-
-```kusto
-AppEvents
-| where $__timeFilter(TimeGenerated)
-| where Name == "DeploymentStarted" or Name == "DeploymentCompleted"
-| project TimeGenerated, Text=Name, AppRoleName
-| order by TimeGenerated desc
-```
-
-### Security alerts
-
-Show security-related alerts:
-
-```kusto
-SecurityAlert
-| where $__timeFilter(TimeGenerated)
-| project TimeGenerated, Text=AlertName, Severity=AlertSeverity, Description
-| order by TimeGenerated desc
-| take 50
-```
-
-### Resource health events
-
-Display resource health status changes:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where CategoryValue == "ResourceHealth"
-| project TimeGenerated, Text=OperationNameValue, Status=ActivityStatusValue, ResourceId
-| order by TimeGenerated desc
-```
-
-### VM start and stop events
-
-Mark virtual machine state changes:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where OperationNameValue has_any ("start", "deallocate", "restart")
-| where ResourceProviderValue == "MICROSOFT.COMPUTE"
-| project TimeGenerated, Text=OperationNameValue, VM=Resource, Status=ActivityStatusValue
-| order by TimeGenerated desc
-```
-
-### Autoscale events
-
-Show autoscale operations:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where OperationNameValue contains "autoscale"
-| project TimeGenerated, Text=strcat("Autoscale: ", OperationNameValue), Status=ActivityStatusValue, ResourceGroup
-| order by TimeGenerated desc
-```
-
-## Customize annotation appearance
-
-After creating an annotation query, you can customize its appearance:
-
-| Setting       | Description                                                                                              |
-| ------------- | -------------------------------------------------------------------------------------------------------- |
-| **Color**     | Choose a color for the annotation markers. Use different colors to distinguish between annotation types. |
-| **Show in**   | Select which panels display the annotations.                                                             |
-| **Filter by** | Add filters to limit when annotations appear.                                                            |
-
-## Best practices
-
-Follow these recommendations when creating annotations:
-
-1. **Limit results**: Always use `take` or `limit` to restrict the number of annotations. Too many annotations can clutter your dashboard and impact performance.
-
-2. **Use time filters**: Include `$__timeFilter()` to ensure queries only return data within the dashboard's time range.
-
-3. **Create meaningful text**: Use `strcat()` or `project` to create descriptive annotation text that provides context at a glance.
-
-4. **Add relevant tags**: Include columns like `ResourceGroup`, `Severity`, or `Status` that become clickable tags for filtering.
-
-5. **Use descriptive names**: Name your annotations clearly (e.g., "Production Deployments", "Critical Alerts") so dashboard users understand what they represent.
-
-## Troubleshoot annotations
-
-If annotations aren't appearing as expected, try the following solutions.
-
-### Annotations don't appear
-
- Verify the query returns data in the selected time range.
- Check that the query includes a `TimeGenerated` column.
- Test the query in the Azure Portal Log Analytics query editor.
- Ensure the annotation is enabled (toggle is on).
-
-### Too many annotations
-
- Add more specific filters to your query.
- Use `take` to limit results.
- Narrow the time range.
-
-### Annotations appear at wrong times
-
- Verify the `TimeGenerated` column contains the correct timestamp.
- Check your dashboard's timezone settings.
--- a/docs/sources/datasources/azure-monitor/configure/index.md
+++ b/docs/sources/datasources/azure-monitor/configure/index.md
@@ -1,605 +0,0 @@
---
-aliases:
-  - ../../data-sources/azure-monitor/configure/
-description: Guide for configuring the Azure Monitor data source in Grafana.
-keywords:
-  - grafana
-  - microsoft
-  - azure
-  - monitor
-  - application
-  - insights
-  - log
-  - analytics
-  - guide
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Configure
-title: Configure the Azure Monitor data source
-weight: 200
-last_reviewed: 2025-12-04
-refs:
-  configure-grafana-feature-toggles:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#feature_toggles
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#feature_toggles
-  provisioning-data-sources:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/administration/provisioning/#data-sources
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/administration/provisioning/#data-sources
-  explore:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/explore/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/explore/
-  configure-grafana-azure-auth:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/azuread/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/azuread/
-  build-dashboards:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/
-  configure-grafana-azure:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#azure
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#azure
-  data-source-management:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/administration/data-source-management/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/administration/data-source-management/
-  configure-grafana-azure-auth-scopes:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
-  data-sources:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/
-  private-data-source-connect:
-    - pattern: /docs/grafana/
-      destination: docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/
-    - pattern: /docs/grafana-cloud/
-      destination: docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/
-  configure-pdc:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/configure-pdc/#configure-grafana-private-data-source-connect-pdc
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/configure-pdc/#configure-grafana-private-data-source-connect-pdc
---
-
-# Configure the Azure Monitor data source
-
-This document explains how to configure the Azure Monitor data source and the available configuration options.
-For general information about data sources, refer to [Grafana data sources](ref:data-sources) and [Data source management](ref:data-source-management).
-
-## Before you begin
-
-Before configuring the Azure Monitor data source, ensure you have the following:
-
- **Grafana permissions:** You must have the `Organization administrator` role to configure data sources.
-  Organization administrators can also [configure the data source via YAML](#provision-the-data-source) with the Grafana provisioning system or [using Terraform](#configure-with-terraform).
-
- **Azure prerequisites:** Depending on your chosen authentication method, you may need:
-  - A Microsoft Entra ID (formerly Azure AD) app registration with a service principal (for App Registration authentication)
-  - A Managed Identity enabled on your Azure VM or App Service (for Managed Identity authentication)
-  - Workload identity configured in your Kubernetes cluster (for Workload Identity authentication)
-  - Microsoft Entra ID authentication configured for Grafana login (for Current User authentication)
-
-{{< admonition type="note" >}}
-**Grafana Cloud users:** Managed Identity and Workload Identity authentication methods are not available in Grafana Cloud because they require Grafana to run on your Azure infrastructure. Use **App Registration** authentication instead.
-{{< /admonition >}}
-
- **Azure RBAC permissions:** The identity used to authenticate must have the `Reader` role on the Azure subscription containing the resources you want to monitor.
-  For Log Analytics queries, the identity also needs appropriate permissions on the Log Analytics workspaces to be queried.
-  Refer to the [Azure documentation for role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current).
-
-{{< admonition type="note" >}}
-The Azure Monitor data source plugin is built into Grafana. No additional installation is required.
-{{< /admonition >}}
-
-## Add the data source
-
-To add the Azure Monitor data source:
-
-1. Click **Connections** in the left-side menu.
-1. Click **Add new connection**.
-1. Type `Azure Monitor` in the search bar.
-1. Select **Azure Monitor**.
-1. Click **Add new data source** in the upper right.
-
-You're taken to the **Settings** tab where you can configure the data source.
-
-## Choose an authentication method
-
-The Azure Monitor data source supports four authentication methods. Choose based on where Grafana is hosted and your security requirements:
-
-| Authentication method | Best for                                   | Requirements                                                   |
-| --------------------- | ------------------------------------------ | -------------------------------------------------------------- |
-| **App Registration**  | Any Grafana deployment                     | Microsoft Entra ID app registration with client secret         |
-| **Managed Identity**  | Grafana hosted in Azure (VMs, App Service) | Managed identity enabled on the Azure resource                 |
-| **Workload Identity** | Grafana in Kubernetes (AKS)                | Workload identity federation configured                        |
-| **Current User**      | User-level access control                  | Microsoft Entra ID authentication configured for Grafana login |
-
-## Configure authentication
-
-Select one of the following authentication methods and complete the configuration.
-
-### App Registration
-
-Use a Microsoft Entra ID app registration (service principal) to authenticate. This method works with any Grafana deployment.
-
-#### App Registration prerequisites
-
-1. Create an app registration in Microsoft Entra ID.
-   Refer to the [Azure documentation for creating a service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in).
-
-1. Create a client secret for the app registration.
-   Refer to the [Azure documentation for creating a client secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).
-
-1. Assign the `Reader` role to the app registration on the subscription or resources you want to monitor.
-   Refer to the [Azure documentation for role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current).
-
-#### App Registration UI configuration
-
-| Setting                     | Description                                                                                                                                |
-| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
-| **Authentication**          | Select **App Registration**.                                                                                                               |
-| **Azure Cloud**             | The Azure environment to connect to. Select **Azure** for the public cloud, or choose Azure Government or Azure China for national clouds. |
-| **Directory (tenant) ID**   | The GUID that identifies your Microsoft Entra ID tenant.                                                                                   |
-| **Application (client) ID** | The GUID for the app registration you created.                                                                                             |
-| **Client secret**           | The secret key for the app registration. Keep this secure and rotate periodically.                                                         |
-| **Default Subscription**    | Click **Load Subscriptions** to populate available subscriptions, then select your default.                                                |
-
-#### Provision App Registration with YAML
-
-```yaml
-apiVersion: 1
-
-datasources:
-  - name: Azure Monitor
-    type: grafana-azure-monitor-datasource
-    access: proxy
-    jsonData:
-      azureAuthType: clientsecret
-      cloudName: azuremonitor # See supported cloud names below
-      tenantId: <tenant-id>
-      clientId: <client-id>
-      subscriptionId: <subscription-id> # Optional, default subscription
-    secureJsonData:
-      clientSecret: <client-secret>
-    version: 1
-```
-
-### Managed Identity
-
-Use Azure Managed Identity for secure, credential-free authentication when Grafana is hosted in Azure.
-
-{{< admonition type="note" >}}
-Managed Identity is available in [Azure Managed Grafana](https://azure.microsoft.com/en-us/products/managed-grafana) or self-hosted Grafana deployed in Azure. It is not available in Grafana Cloud.
-{{< /admonition >}}
-
-#### Managed Identity prerequisites
-
- Grafana must be hosted in Azure (App Service, Azure VMs, or Azure Managed Grafana).
- Managed identity must be enabled on the Azure resource hosting Grafana.
- The managed identity must have the `Reader` role on the subscription or resources you want to monitor.
-
-For details on Azure managed identities, refer to the [Azure documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview).
-
-#### Managed Identity Grafana server configuration
-
-Enable managed identity in the Grafana server configuration:
-
-```ini
-[azure]
-managed_identity_enabled = true
-```
-
-To use a user-assigned managed identity instead of the system-assigned identity, also set:
-
-```ini
-[azure]
-managed_identity_enabled = true
-managed_identity_client_id = <USER_ASSIGNED_IDENTITY_CLIENT_ID>
-```
-
-Refer to [Grafana Azure configuration](ref:configure-grafana-azure) for more details.
-
-#### Managed Identity UI configuration
-
-| Setting                  | Description                                                                                         |
-| ------------------------ | --------------------------------------------------------------------------------------------------- |
-| **Authentication**       | Select **Managed Identity**. The directory ID, application ID, and client secret fields are hidden. |
-| **Default Subscription** | Click **Load Subscriptions** to populate available subscriptions, then select your default.         |
-
-{{< figure src="/media/docs/grafana/data-sources/screenshot-managed-identity-2.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor data source configured with Managed Identity" >}}
-
-#### Provision Managed Identity with YAML
-
-```yaml
-apiVersion: 1
-
-datasources:
-  - name: Azure Monitor
-    type: grafana-azure-monitor-datasource
-    access: proxy
-    jsonData:
-      azureAuthType: msi
-      subscriptionId: <subscription-id> # Optional, default subscription
-    version: 1
-```
-
-### Workload Identity
-
-Use Azure Workload Identity for secure authentication in Kubernetes environments like AKS.
-
-#### Workload Identity prerequisites
-
- Grafana must be running in a Kubernetes environment with workload identity federation configured.
- The workload identity must have the `Reader` role on the subscription or resources you want to monitor.
-
-For details, refer to the [Azure workload identity documentation](https://azure.github.io/azure-workload-identity/docs/).
-
-#### Workload Identity Grafana server configuration
-
-Enable workload identity in the Grafana server configuration:
-
-```ini
-[azure]
-workload_identity_enabled = true
-```
-
-Optional configuration variables:
-
-```ini
-[azure]
-workload_identity_enabled = true
-workload_identity_tenant_id = <IDENTITY_TENANT_ID>    # Microsoft Entra ID tenant containing the managed identity
-workload_identity_client_id = <IDENTITY_CLIENT_ID>    # Client ID if different from default
-workload_identity_token_file = <TOKEN_FILE_PATH>      # Path to the token file
-```
-
-Refer to [Grafana Azure configuration](ref:configure-grafana-azure) and the [Azure workload identity documentation](https://azure.github.io/azure-workload-identity/docs/) for more details.
-
-#### Workload Identity UI configuration
-
-| Setting                  | Description                                                                                          |
-| ------------------------ | ---------------------------------------------------------------------------------------------------- |
-| **Authentication**       | Select **Workload Identity**. The directory ID, application ID, and client secret fields are hidden. |
-| **Default Subscription** | Click **Load Subscriptions** to populate available subscriptions, then select your default.          |
-
-{{< figure src="/media/docs/grafana/data-sources/screenshot-workload-identity.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor data source configured with Workload Identity" >}}
-
-#### Provision Workload Identity with YAML
-
-```yaml
-apiVersion: 1
-
-datasources:
-  - name: Azure Monitor
-    type: grafana-azure-monitor-datasource
-    access: proxy
-    jsonData:
-      azureAuthType: workloadidentity
-      subscriptionId: <subscription-id> # Optional, default subscription
-    version: 1
-```
-
-### Current User
-
-Forward the logged-in Grafana user's Azure credentials to the data source for user-level access control.
-
-{{< admonition type="warning" >}}
-Current User authentication is an [experimental feature](/docs/release-life-cycle/). Engineering and on-call support is not available. Documentation is limited. No SLA is provided. Contact Grafana Support to enable this feature in Grafana Cloud.
-{{< /admonition >}}
-
-#### Current User prerequisites
-
-Your Grafana instance must be configured with Microsoft Entra ID authentication. Refer to the [Microsoft Entra ID authentication documentation](ref:configure-grafana-azure-auth).
-
-#### Configure your Azure App Registration
-
-The App Registration used for Grafana login requires additional configuration:
-
-**Enable token issuance:**
-
-1. In the Azure Portal, open your App Registration.
-1. Select **Authentication** in the side menu.
-1. Under **Implicit grant and hybrid flows**, check both **Access tokens** and **ID tokens**.
-1. Save your changes.
-
-**Add API permissions:**
-
-1. In the Azure Portal, open your App Registration.
-1. Select **API Permissions** in the side menu.
-1. Ensure these permissions are present under **Microsoft Graph**: `openid`, `profile`, `email`, and `offline_access`.
-1. Add the following permissions:
-   - **Azure Service Management** > **Delegated permissions** > `user_impersonation`
-   - **APIs my organization uses** > Search for **Log Analytics API** > **Delegated permissions** > `Data.Read`
-
-Refer to the [Azure documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis) for more information.
-
-**Update Grafana scopes:**
-
-Update the `scopes` section in your Grafana Azure authentication configuration to include the `.default` scope:
-
-```
-.default openid email profile
-```
-
-#### Current User Grafana server configuration
-
-Enable current user authentication in the Grafana server configuration:
-
-```ini
-[azure]
-user_identity_enabled = true
-```
-
-By default, this also enables fallback service credentials. To disable fallback credentials at the instance level:
-
-```ini
-[azure]
-user_identity_enabled = true
-user_identity_fallback_credentials_enabled = false
-```
-
-{{< admonition type="note" >}}
-To use fallback service credentials, the [feature toggle](ref:configure-grafana-feature-toggles) `idForwarding` must be set to `true`.
-{{< /admonition >}}
-
-#### Limitations and fallback credentials
-
-Current User authentication doesn't support backend functionality like alerting, reporting, and recorded queries because user credentials aren't available for background operations.
-
-To support these features, configure **fallback service credentials**. When enabled, Grafana uses the fallback credentials for backend operations. Note that operations using fallback credentials are limited to the permissions of those credentials, not the user's permissions.
-
-{{< admonition type="note" >}}
-Query and resource caching is disabled by default for data sources using Current User authentication.
-{{< /admonition >}}
-
-#### Current User UI configuration
-
-| Setting                          | Description                                                                                 |
-| -------------------------------- | ------------------------------------------------------------------------------------------- |
-| **Authentication**               | Select **Current User**.                                                                    |
-| **Default Subscription**         | Click **Load Subscriptions** to populate available subscriptions, then select your default. |
-| **Fallback Service Credentials** | Enable and configure credentials for backend features like alerting.                        |
-
-{{< figure src="/media/docs/grafana/data-sources/screenshot-current-user.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor data source configured with Current User authentication" >}}
-
-#### Provision Current User with YAML
-
-{{< admonition type="note" >}}
-The `oauthPassThru` property is required for Current User authentication. The `disableGrafanaCache` property prevents returning cached responses for resources users don't have access to.
-{{< /admonition >}}
-
-```yaml
-apiVersion: 1
-
-datasources:
-  - name: Azure Monitor
-    type: grafana-azure-monitor-datasource
-    access: proxy
-    jsonData:
-      azureAuthType: currentuser
-      oauthPassThru: true
-      disableGrafanaCache: true
-      subscriptionId: <subscription-id> # Optional, default subscription
-    version: 1
-```
-
-## Additional configuration options
-
-These settings apply to all authentication methods.
-
-### General settings
-
-| Setting     | Description                                                                     |
-| ----------- | ------------------------------------------------------------------------------- |
-| **Name**    | The data source name used in panels and queries. Example: `azure-monitor-prod`. |
-| **Default** | Toggle to make this the default data source for new panels.                     |
-
-### Enable Basic Logs
-
-Toggle **Enable Basic Logs** to allow queries against [Basic Logs tables](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-query?tabs=portal-1) in supported Log Analytics Workspaces.
-
-{{< admonition type="note" >}}
-Querying Basic Logs tables incurs additional costs on a per-query basis.
-{{< /admonition >}}
-
-### Private data source connect (Grafana Cloud only)
-
-If you're using Grafana Cloud and need to connect to Azure resources in a private network, use Private Data Source Connect (PDC).
-
-1. Click the **Private data source connect** dropdown to select your PDC configuration.
-1. Click **Manage private data source connect** to view your PDC connection details.
-
-For more information, refer to [Private data source connect](ref:private-data-source-connect) and [Configure PDC](ref:configure-pdc).
-
-## Supported cloud names
-
-When provisioning the data source, use the following `cloudName` values:
-
-| Azure Cloud                      | `cloudName` value        |
-| -------------------------------- | ------------------------ |
-| Microsoft Azure public cloud     | `azuremonitor` (default) |
-| Microsoft Chinese national cloud | `chinaazuremonitor`      |
-| US Government cloud              | `govazuremonitor`        |
-
-{{< admonition type="note" >}}
-For Current User authentication, the cloud names differ: use `AzureCloud` for public cloud, `AzureChinaCloud` for the Chinese national cloud, and `AzureUSGovernment` for the US Government cloud.
-{{< /admonition >}}
-
-## Verify the connection
-
-After configuring the data source, click **Save & test**. A successful connection displays a message confirming that the credentials are valid and have access to the configured default subscription.
-
-If the test fails, verify:
-
- Your credentials are correct (tenant ID, client ID, client secret)
- The identity has the required Azure RBAC permissions
- For Managed Identity or Workload Identity, that the Grafana server configuration is correct
- Network connectivity to Azure endpoints
-
-## Provision the data source
-
-You can define and configure the Azure Monitor data source in YAML files as part of the Grafana provisioning system.
-For more information about provisioning, refer to [Provisioning Grafana](ref:provisioning-data-sources).
-
-### Provision quick reference
-
-| Authentication method | `azureAuthType` value | Required fields                                    |
-| --------------------- | --------------------- | -------------------------------------------------- |
-| App Registration      | `clientsecret`        | `tenantId`, `clientId`, `clientSecret`             |
-| Managed Identity      | `msi`                 | None (uses VM identity)                            |
-| Workload Identity     | `workloadidentity`    | None (uses pod identity)                           |
-| Current User          | `currentuser`         | `oauthPassThru: true`, `disableGrafanaCache: true` |
-
-All methods support the optional `subscriptionId` field to set a default subscription.
-
-For complete YAML examples, see the [authentication method sections](#configure-authentication) above.
-
-## Configure with Terraform
-
-You can configure the Azure Monitor data source using the [Grafana Terraform provider](https://registry.terraform.io/providers/grafana/grafana/latest/docs). This approach enables infrastructure-as-code workflows and version control for your Grafana configuration.
-
-### Terraform prerequisites
-
- [Terraform](https://www.terraform.io/downloads) installed
- Grafana Terraform provider configured with appropriate credentials
- For Grafana Cloud: A [Cloud Access Policy token](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/) with data source permissions
-
-### Provider configuration
-
-Configure the Grafana provider to connect to your Grafana instance:
-
-```hcl
-terraform {
-  required_providers {
-    grafana = {
-      source  = "grafana/grafana"
-      version = ">= 2.0.0"
-    }
-  }
-}
-
-# For Grafana Cloud
-provider "grafana" {
-  url  = "<YOUR_GRAFANA_CLOUD_STACK_URL>"
-  auth = "<YOUR_SERVICE_ACCOUNT_TOKEN>"
-}
-
-# For self-hosted Grafana
-# provider "grafana" {
-#   url  = "http://localhost:3000"
-#   auth = "<API_KEY_OR_SERVICE_ACCOUNT_TOKEN>"
-# }
-```
-
-### Terraform examples
-
-The following examples show how to configure the Azure Monitor data source for each authentication method.
-
-**App Registration (client secret):**
-
-```hcl
-resource "grafana_data_source" "azure_monitor" {
-  type = "grafana-azure-monitor-datasource"
-  name = "Azure Monitor"
-
-  json_data_encoded = jsonencode({
-    azureAuthType  = "clientsecret"
-    cloudName      = "azuremonitor"
-    tenantId       = "<TENANT_ID>"
-    clientId       = "<CLIENT_ID>"
-    subscriptionId = "<SUBSCRIPTION_ID>"
-  })
-
-  secure_json_data_encoded = jsonencode({
-    clientSecret = "<CLIENT_SECRET>"
-  })
-}
-```
-
-**Managed Identity:**
-
-```hcl
-resource "grafana_data_source" "azure_monitor" {
-  type = "grafana-azure-monitor-datasource"
-  name = "Azure Monitor"
-
-  json_data_encoded = jsonencode({
-    azureAuthType  = "msi"
-    subscriptionId = "<SUBSCRIPTION_ID>"
-  })
-}
-```
-
-**Workload Identity:**
-
-```hcl
-resource "grafana_data_source" "azure_monitor" {
-  type = "grafana-azure-monitor-datasource"
-  name = "Azure Monitor"
-
-  json_data_encoded = jsonencode({
-    azureAuthType  = "workloadidentity"
-    subscriptionId = "<SUBSCRIPTION_ID>"
-  })
-}
-```
-
-**Current User:**
-
-```hcl
-resource "grafana_data_source" "azure_monitor" {
-  type = "grafana-azure-monitor-datasource"
-  name = "Azure Monitor"
-
-  json_data_encoded = jsonencode({
-    azureAuthType       = "currentuser"
-    oauthPassThru       = true
-    disableGrafanaCache = true
-    subscriptionId      = "<SUBSCRIPTION_ID>"
-  })
-}
-```
-
-**With Basic Logs enabled:**
-
-Add `enableBasicLogs = true` to any of the above configurations:
-
-```hcl
-resource "grafana_data_source" "azure_monitor" {
-  type = "grafana-azure-monitor-datasource"
-  name = "Azure Monitor"
-
-  json_data_encoded = jsonencode({
-    azureAuthType   = "clientsecret"
-    cloudName       = "azuremonitor"
-    tenantId        = "<TENANT_ID>"
-    clientId        = "<CLIENT_ID>"
-    subscriptionId  = "<SUBSCRIPTION_ID>"
-    enableBasicLogs = true
-  })
-
-  secure_json_data_encoded = jsonencode({
-    clientSecret = "<CLIENT_SECRET>"
-  })
-}
-```
-
-For more information about the Grafana Terraform provider, refer to the [provider documentation](https://registry.terraform.io/providers/grafana/grafana/latest/docs) and the [grafana_data_source resource](https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/data_source).
--- a/docs/sources/datasources/azure-monitor/query-editor/index.md
+++ b/docs/sources/datasources/azure-monitor/query-editor/index.md
@@ -21,7 +21,6 @@ labels:
 menuTitle: Query editor
 title: Azure Monitor query editor
 weight: 300
-last_reviewed: 2025-12-04
 refs:
  query-transform-data-query-options:
    - pattern: /docs/grafana/
@@ -33,85 +32,30 @@ refs:
      destination: /docs/grafana/<GRAFANA_VERSION>/panels-visualizations/query-transform-data/
    - pattern: /docs/grafana-cloud/
      destination: /docs/grafana/<GRAFANA_VERSION>/panels-visualizations/query-transform-data/
-  configure-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-  explore:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/explore/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/explore/
-  troubleshoot-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-  configure-grafana-feature-toggles:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/feature-toggles/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/feature-toggles/
-  template-variables:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-  alerting-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/alerting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/alerting/
-  annotations-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/annotations/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/annotations/
 ---

 # Azure Monitor query editor

-Grafana provides a query editor for the Azure Monitor data source, which is located on the [Explore page](ref:explore). You can also access the Azure Monitor query editor from a dashboard panel. Click the menu in the upper right of the panel and select **Edit**.
+This topic explains querying specific to the Azure Monitor data source.
+For general documentation on querying data sources in Grafana, see [Query and transform data](ref:query-transform-data).

-This document explains querying specific to the Azure Monitor data source.
-For general documentation on querying data sources in Grafana, refer to [Query and transform data](ref:query-transform-data).
+## Choose a query editing mode

-The Azure Monitor data source can query data from Azure Monitor Metrics and Logs, the Azure Resource Graph, and Application Insights Traces. Each source has its own specialized query editor.
-
-## Before you begin
-
- Ensure you have [configured the Azure Monitor data source](ref:configure-azure-monitor).
- Verify your credentials have appropriate permissions for the resources you want to query.
-
-## Key concepts
-
-If you're new to Azure Monitor, here are some key terms used throughout this documentation:
-
-| Term                           | Description                                                                                                                                                                                                                                                                                                                               |
-| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **KQL (Kusto Query Language)** | The query language used for Azure Monitor Logs and Azure Resource Graph. KQL uses a pipe-based syntax similar to Unix commands and is optimized for read-only data exploration. If you know SQL, the [SQL to Kusto cheat sheet](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet) can help you get started. |
-| **Log Analytics workspace**    | An Azure resource that collects and stores log data from your Azure resources, applications, and services. You query this data using KQL.                                                                                                                                                                                                 |
-| **Application Insights**       | Azure's application performance monitoring (APM) service. It collects telemetry data like requests, exceptions, and traces from your applications.                                                                                                                                                                                        |
-| **Metrics vs. Logs**           | **Metrics** are lightweight numeric values collected at regular intervals (e.g., CPU percentage). **Logs** are detailed records of events with varying schemas (e.g., request logs, error messages). Metrics use a visual query builder; Logs require KQL.                                                                                |
-
-## Choose a query editor mode
-
-The Azure Monitor data source's query editor has four modes depending on which Azure service you want to query:
+The Azure Monitor data source's query editor has three modes depending on which Azure service you want to query:

 - **Metrics** for [Azure Monitor Metrics](#query-azure-monitor-metrics)
 - **Logs** for [Azure Monitor Logs](#query-azure-monitor-logs)
+- [**Azure Resource Graph**](#query-azure-resource-graph)
 - **Traces** for [Application Insights Traces](#query-application-insights-traces)
- **Azure Resource Graph** for [Azure Resource Graph](#query-azure-resource-graph)

 ## Query Azure Monitor Metrics

-Azure Monitor Metrics collects numeric data from [supported resources](https://docs.microsoft.com/en-us/azure/azure-monitor/monitor-reference), and you can query them to investigate your resources' health and usage and maximize availability and performance.
+Azure Monitor Metrics collects numeric data from [supported resources](https://docs.microsoft.com/en-us/azure/azure-monitor/monitor-reference), and you can query them to investigate your resources' health and usage and maximise availability and performance.

 Monitor Metrics use a lightweight format that stores only numeric data in a specific structure and supports near real-time scenarios, making it useful for fast detection of issues.
 In contrast, Azure Monitor Logs can store a variety of data types, each with their own structure.

-{{< figure src="/static/img/docs/azure-monitor/query-editor-metrics.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor Metrics sample query visualizing CPU percentage over time" >}}
+{{< figure src="/static/img/docs/azure-monitor/query-editor-metrics.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Logs Metrics sample query visualizing CPU percentage over time" >}}

 ### Create a Metrics query

@@ -141,7 +85,7 @@ Optionally, you can apply further aggregations or filter by dimensions.

 The available options change depending on what is relevant to the selected metric.

-You can also augment queries by using [template variables](ref:template-variables).
+You can also augment queries by using [template variables](../template-variables/).

 ### Format legend aliases

@@ -165,7 +109,7 @@ For example:
 | `{{ dimensionname }}`          | _(Legacy for backward compatibility)_ Replaced with the name of the first dimension.                   |
 | `{{ dimensionvalue }}`         | _(Legacy for backward compatibility)_ Replaced with the value of the first dimension.                  |

-### Filter with dimensions
+### Filter using dimensions

 Some metrics also have dimensions, which associate additional metadata.
 Dimensions are represented as key-value pairs assigned to each value of a metric.
@@ -177,7 +121,7 @@ For more information on multi-dimensional metrics, refer to the [Azure Monitor d

 ## Query Azure Monitor Logs

-Azure Monitor Logs collects and organizes log and performance data from [supported resources](https://docs.microsoft.com/en-us/azure/azure-monitor/monitor-reference), and makes many sources of data available to query together with the [Kusto Query Language (KQL)](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/).
+Azure Monitor Logs collects and organises log and performance data from [supported resources](https://docs.microsoft.com/en-us/azure/azure-monitor/monitor-reference), and makes many sources of data available to query together with the [Kusto Query Language (KQL)](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/).

 While Azure Monitor Metrics stores only simplified numerical data, Logs can store different data types, each with their own structure.
 You can also perform complex analysis of Logs data by using KQL.
@@ -186,32 +130,6 @@ The Azure Monitor data source also supports querying of [Basic Logs](https://lea

 {{< figure src="/static/img/docs/azure-monitor/query-editor-logs.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor Logs sample query comparing successful requests to failed requests" >}}

-### Logs query builder (public preview)
-
-{{< admonition type="note" >}}
-The Logs query builder is a [public preview feature](/docs/release-life-cycle/). It may not be enabled in all Grafana environments.
-{{< /admonition >}}
-
-The Logs query builder provides a visual interface for building Azure Monitor Logs queries without writing KQL. This is helpful if you're new to KQL or want to quickly build simple queries.
-
-**To enable the Logs query builder:**
-
-1. Enable the `azureMonitorLogsBuilderEditor` [feature toggle](ref:configure-grafana-feature-toggles) in your Grafana configuration.
-1. Restart Grafana for the change to take effect.
-
-**To switch between Builder and Code modes:**
-
-When the feature is enabled, a **Builder / Code** toggle appears in the Logs query editor:
-
- **Builder**: Use the visual interface to select tables, columns, filters, and aggregations. The builder generates the KQL query for you.
- **Code**: Write KQL queries directly. Use this mode for complex queries that require full KQL capabilities.
-
-New queries default to Builder mode. Existing queries that were created with raw KQL remain in Code mode.
-
-{{< admonition type="note" >}}
-You can switch from Builder to Code mode at any time to view or edit the generated KQL. However, switching from Code to Builder mode may not preserve complex queries that can't be represented in the builder interface.
-{{< /admonition >}}
-
 ### Create a Logs query

 **To create a Logs query:**
@@ -222,13 +140,13 @@ You can switch from Builder to Code mode at any time to view or edit the generat

   Alternatively, you can dynamically query all resources under a single resource group or subscription.
   {{< admonition type="note" >}}
-   If a time span is specified in the query, the overlap between the query time span and the dashboard time range will be used. See the [API documentation for
+   If a timespan is specified in the query, the overlap of the timespan between the query and the dashboard will be used as the query timespan. See the [API documentation for
   details.](https://learn.microsoft.com/en-us/rest/api/loganalytics/dataaccess/query/get?tabs=HTTP#uri-parameters)
   {{< /admonition >}}

 1. Enter your KQL query.

-You can also augment queries by using [template variables](ref:template-variables).
+You can also augment queries by using [template variables](../template-variables/).

 **To create a Basic Logs query:**

@@ -243,7 +161,7 @@ You can also augment queries by using [template variables](ref:template-variable
   {{< /admonition >}}
 1. Enter your KQL query.

-You can also augment queries by using [template variables](ref:template-variables).
+You can also augment queries by using [template variables](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/).

 ### Logs query examples

@@ -256,28 +174,24 @@ The Azure documentation includes resources to help you learn KQL:
 - [Tutorial: Use Kusto queries in Azure Monitor](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/tutorial?pivots=azuremonitor)
 - [SQL to Kusto cheat sheet](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet)

-{{< admonition type="note" >}}
-**Time-range:** The time-range used for the query can be modified via the time-range switch:
+> **Time-range:** The time-range that will be used for the query can be modified via the time-range switch. Selecting `Query` will only make use of time-ranges specified within the query.
+> Specifying `Dashboard` will only make use of the Grafana time-range.
+> If there are no time-ranges specified within the query, the default Log Analytics time-range will apply.
+> For more details on this change, refer to the [Azure Monitor Logs API documentation](https://learn.microsoft.com/en-us/rest/api/loganalytics/dataaccess/query/get?tabs=HTTP#uri-parameters).
+> If the `Intersection` option was previously chosen it will be migrated by default to `Dashboard`.

- Selecting **Query** uses only time-ranges specified within the query.
- Selecting **Dashboard** uses only the Grafana dashboard time-range.
- If no time-range is specified in the query, the default Log Analytics time-range applies.
-
-For more details, refer to the [Azure Monitor Logs API documentation](https://learn.microsoft.com/en-us/rest/api/loganalytics/dataaccess/query/get?tabs=HTTP#uri-parameters). If you previously used the `Intersection` option, it has been migrated to `Dashboard`.
-{{< /admonition >}}
-
-This example query returns a virtual machine's CPU performance, averaged over 5-minute time grains:
+This example query returns a virtual machine's CPU performance, averaged over 5ms time grains:

 ```kusto
 Perf
-// $__timeFilter is a special Grafana macro that filters the results to the time span of the dashboard
+# $__timeFilter is a special Grafana macro that filters the results to the time span of the dashboard
 | where $__timeFilter(TimeGenerated)
 | where CounterName == "% Processor Time"
 | summarize avg(CounterValue) by bin(TimeGenerated, 5m), Computer
 | order by TimeGenerated asc
 ```

-Use time series queries for values that change over time, usually for graph visualizations such as the Time series panel.
+Use time series queries for values that change over time, usually for graph visualisations such as the Time series panel.
 Each query should return at least a datetime column and numeric value column.
 The result must also be sorted in ascending order by the datetime column.

@@ -443,33 +357,21 @@ Application Insights stores trace data in an underlying Log Analytics workspace
   This query type only supports Application Insights resources.
   {{< /admonition >}}

-1. (Optional) Specify an **Operation ID** value to filter traces.
-1. (Optional) Specify **event types** to filter by.
-1. (Optional) Specify **event properties** to filter by.
-1. (Optional) Change the **Result format** to switch between tabular format and trace format.
+Running a query of this kind will return all trace data within the timespan specified by the panel/dashboard.

-   {{< admonition type="note" >}}
-   Selecting the trace format filters events to only the `trace` type. Use this format with the Trace visualization.
-   {{< /admonition >}}
+Optionally, you can apply further filtering or select a specific Operation ID to query. The result format can also be switched between a tabular format or the trace format which will return the data in a format that can be used with the Trace visualization.

-Running a query returns all trace data within the time span specified by the panel or dashboard time range.
+{{< admonition type="note" >}}
+Selecting the trace format will filter events with the `trace` type.
+{{< /admonition >}}

-You can also augment queries by using [template variables](ref:template-variables).
+1. Specify an Operation ID value.
+1. Specify event types to filter by.
+1. Specify event properties to filter by.

-## Use queries for alerting and recording rules
+You can also augment queries by using [template variables](../template-variables/).

-All Azure Monitor query types (Metrics, Logs, Azure Resource Graph, and Traces) can be used with Grafana Alerting and recording rules.
-
-For detailed information about creating alert rules, supported query types, authentication requirements, and examples, refer to [Azure Monitor alerting](ref:alerting-azure-monitor).
-
-## Work with large Azure resource datasets
+## Working with large Azure resource data sets

 If a request exceeds the [maximum allowed value of records](https://docs.microsoft.com/en-us/azure/governance/resource-graph/concepts/work-with-data#paging-results), the result is paginated and only the first page of results are returned.
 You can use filters to reduce the amount of records returned under that value.
-
-## Next steps
-
- [Use template variables](../template-variables/) to create dynamic, reusable dashboards
- [Add annotations](ref:annotations-azure-monitor) to overlay events on your graphs
- [Set up alerting](ref:alerting-azure-monitor) to create alert rules based on Azure Monitor data
- [Troubleshoot](ref:troubleshoot-azure-monitor) common query and configuration issues
--- a/docs/sources/datasources/azure-monitor/template-variables/index.md
+++ b/docs/sources/datasources/azure-monitor/template-variables/index.md
@@ -23,7 +23,6 @@ labels:
 menuTitle: Template variables
 title: Azure Monitor template variables
 weight: 400
-last_reviewed: 2025-12-04
 refs:
  variables:
    - pattern: /docs/grafana/
@@ -35,11 +34,6 @@ refs:
      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/variables/add-template-variables/
    - pattern: /docs/grafana-cloud/
      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/variables/add-template-variables/
-  configure-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
 ---

 # Azure Monitor template variables
@@ -48,173 +42,58 @@ Instead of hard-coding details such as resource group or resource name values in
 This helps you create more interactive, dynamic, and reusable dashboards.
 Grafana refers to such variables as template variables.

-For an introduction to templating and template variables, refer to the [Templating](ref:variables) and [Add and manage variables](ref:add-template-variables).
+For an introduction to templating and template variables, refer to the [Templating](ref:variables) and [Add and manage variables](ref:add-template-variables) documentation.

-## Before you begin
+## Use query variables

- Ensure you have [configured the Azure Monitor data source](ref:configure-azure-monitor).
- If you want template variables to auto-populate subscriptions, set a **Default Subscription** in the data source configuration.
+You can specify these Azure Monitor data source queries in the Variable edit view's **Query Type** field.

-## Create a template variable
-
-To create a template variable for Azure Monitor:
-
-1. Open the dashboard where you want to add the variable.
-1. Click **Dashboard settings** (gear icon) in the top navigation.
-1. Select **Variables** in the left menu.
-1. Click **Add variable**.
-1. Enter a **Name** for your variable (e.g., `subscription`, `resourceGroup`, `resource`).
-1. In the **Type** dropdown, select **Query**.
-1. In the **Data source** dropdown, select your Azure Monitor data source.
-1. In the **Query Type** dropdown, select the appropriate query type (see [Available query types](#available-query-types)).
-1. Configure any additional fields required by the selected query type.
-1. Click **Run query** to preview the variable values.
-1. Configure display options such as **Multi-value** or **Include All option** as needed.
-1. Click **Apply** to save the variable.
-
-## Available query types
-
-The Azure Monitor data source provides the following query types for template variables:
-
-| Query type              | Description                                                                                                                            |
-| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
-| **Subscriptions**       | Returns a list of Azure subscriptions accessible to the configured credentials.                                                        |
-| **Resource Groups**     | Returns resource groups for a specified subscription. Supports multi-value selection.                                                  |
-| **Namespaces**          | Returns metric namespaces for the specified subscription. If a resource group is specified, returns only namespaces within that group. |
-| **Regions**             | Returns Azure regions available for the specified subscription.                                                                        |
-| **Resource Names**      | Returns resource names for a specified subscription, resource group, and namespace. Supports multi-value selection.                    |
-| **Metric Names**        | Returns available metric names for a specified resource.                                                                               |
-| **Workspaces**          | Returns Log Analytics workspaces for the specified subscription.                                                                       |
-| **Logs**                | Executes a KQL query and returns the results as variable values. See [Create a Logs variable](#create-a-logs-variable).                |
-| **Custom Namespaces**   | Returns custom metric namespaces for a specified resource.                                                                             |
-| **Custom Metric Names** | Returns custom metric names for a specified resource.                                                                                  |
+| Name                    | Description                                                                                                                                    |
+| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Subscriptions**       | Returns subscriptions.                                                                                                                         |
+| **Resource Groups**     | Returns resource groups for a specified subscription. Supports multi-value.                                                                    |
+| **Namespaces**          | Returns metric namespaces for the specified subscription. If a resource group is provided, only the namespaces within that group are returned. |
+| **Regions**             | Returns regions for the specified subscription                                                                                                 |
+| **Resource Names**      | Returns a list of resource names for a specified subscription, resource group and namespace. Supports multi-value.                             |
+| **Metric Names**        | Returns a list of metric names for a resource.                                                                                                 |
+| **Workspaces**          | Returns a list of workspaces for the specified subscription.                                                                                   |
+| **Logs**                | Use a KQL query to return values.                                                                                                              |
+| **Custom Namespaces**   | Returns metric namespaces for the specified resource.                                                                                          |
+| **Custom Metric Names** | Returns a list of custom metric names for the specified resource.                                                                              |

 {{< admonition type="note" >}}
-Custom metrics cannot be emitted against a subscription or resource group. Select specific resources when retrieving custom metric namespaces or custom metric names.
+Custom metrics cannot be emitted against a subscription or resource group. Select resources only when you need to retrieve custom metric namespaces or custom metric names associated with a specific resource.
 {{< /admonition >}}

-## Create cascading variables
+You can use any Log Analytics Kusto Query Language (KQL) query that returns a single list of values in the `Query` field.
+For example:

-Cascading variables (also called dependent or chained variables) allow you to create dropdown menus that filter based on previous selections. This is useful for drilling down from subscription to resource group to specific resource.
+| Query                                                                                     | List of values returned                 |
+| ----------------------------------------------------------------------------------------- | --------------------------------------- |
+| `workspace("myWorkspace").Heartbeat \| distinct Computer`                                 | Virtual machines                        |
+| `workspace("$workspace").Heartbeat \| distinct Computer`                                  | Virtual machines with template variable |
+| `workspace("$workspace").Perf \| distinct ObjectName`                                     | Objects from the Perf table             |
+| `workspace("$workspace").Perf \| where ObjectName == "$object"` `\| distinct CounterName` | Metric names from the Perf table        |

-### Example: Subscription → Resource Group → Resource Name
+### Query variable example

-**Step 1: Create a Subscription variable**
-
-1. Create a variable named `subscription`.
-1. Set **Query Type** to **Subscriptions**.
-
-**Step 2: Create a Resource Group variable**
-
-1. Create a variable named `resourceGroup`.
-1. Set **Query Type** to **Resource Groups**.
-1. In the **Subscription** field, select `$subscription`.
-
-**Step 3: Create a Resource Name variable**
-
-1. Create a variable named `resource`.
-1. Set **Query Type** to **Resource Names**.
-1. In the **Subscription** field, select `$subscription`.
-1. In the **Resource Group** field, select `$resourceGroup`.
-1. Select the appropriate **Namespace** for your resources (e.g., `Microsoft.Compute/virtualMachines`).
-
-Now when you change the subscription, the resource group dropdown updates automatically, and when you change the resource group, the resource name dropdown updates.
-
-## Create a Logs variable
-
-The **Logs** query type lets you use a KQL query to populate variable values. The query must return a single column of values.
-
-**To create a Logs variable:**
-
-1. Create a new variable with **Query Type** set to **Logs**.
-1. Select a **Resource** (Log Analytics workspace or Application Insights resource).
-1. Enter a KQL query that returns a single column.
-
-### Logs variable query examples
-
-| Query                                     | Returns                               |
-| ----------------------------------------- | ------------------------------------- |
-| `Heartbeat \| distinct Computer`          | List of virtual machine names         |
-| `Perf \| distinct ObjectName`             | List of performance object names      |
-| `AzureActivity \| distinct ResourceGroup` | List of resource groups with activity |
-| `AppRequests \| distinct Name`            | List of application request names     |
-
-You can reference other variables in your Logs query:
-
-```kusto
-workspace("$workspace").Heartbeat | distinct Computer
-```
-
-```kusto
-workspace("$workspace").Perf
-| where ObjectName == "$object"
-| distinct CounterName
-```
-
-## Variable refresh options
-
-Control when your variables refresh by setting the **Refresh** option:
-
-| Option                   | Behavior                                                                                  |
-| ------------------------ | ----------------------------------------------------------------------------------------- |
-| **On dashboard load**    | Variables refresh each time the dashboard loads. Best for data that changes infrequently. |
-| **On time range change** | Variables refresh when the dashboard time range changes. Use for time-sensitive queries.  |
-
-For dashboards with many variables or complex queries, use **On dashboard load** to improve performance.
-
-## Use variables in queries
-
-After you create template variables, you can use them in your Azure Monitor queries by referencing them with the `$` prefix.
-
-### Metrics query example
-
-In a Metrics query, select your variables in the resource picker fields:
-
- **Subscription**: `$subscription`
- **Resource Group**: `$resourceGroup`
- **Resource Name**: `$resource`
-
-### Logs query example
-
-Reference variables directly in your KQL queries:
+This time series query uses query variables:

 ```kusto
 Perf
 | where ObjectName == "$object" and CounterName == "$metric"
 | where TimeGenerated >= $__timeFrom() and TimeGenerated <= $__timeTo()
-| where $__contains(Computer, $computer)
+| where  $__contains(Computer, $computer)
 | summarize avg(CounterValue) by bin(TimeGenerated, $__interval), Computer
 | order by TimeGenerated asc
 ```

-## Multi-value variables
+### Multi-value variables

-You can enable **Multi-value** selection for **Resource Groups** and **Resource Names** variables. When using multi-value variables in a Metrics query, all selected resources must:
+It is possible to select multiple values for **Resource Groups** and **Resource Names** and use a single metrics query pointing to those values as long as they:

- Belong to the same subscription
- Be in the same Azure region
- Be of the same resource type (namespace)
+- Belong to the same subscription.
+- Are in the same region.
+- Are of the same type (namespace).

-{{< admonition type="note" >}}
-When a multi-value variable is used as a parameter in another variable query (for example, to retrieve metric names), only the first selected value is used. Ensure the first resource group and resource name combination is valid.
-{{< /admonition >}}
-
-## Troubleshoot template variables
-
-If you encounter issues with template variables, try the following solutions.
-
-### Variable returns no values
-
- Verify the Azure Monitor data source is configured correctly and can connect to Azure.
- Check that the credentials have appropriate permissions to list the requested resources.
- For cascading variables, ensure parent variables have valid selections.
-
-### Variable values are outdated
-
- Check the **Refresh** setting and adjust if needed.
- Click the refresh icon next to the variable dropdown to manually refresh.
-
-### Multi-value selection not working in queries
-
- Ensure the resources meet the requirements (same subscription, region, and type).
- For Logs queries, use the `$__contains()` macro to handle multi-value variables properly.
+Also, note that if a template variable pointing to multiple resource groups or names is used in another template variable as a parameter (e.g. to retrieve metric names), only the first value will be used. This means that the combination of the first resource group and name selected should be valid.
--- a/docs/sources/datasources/azure-monitor/troubleshooting/index.md
+++ b/docs/sources/datasources/azure-monitor/troubleshooting/index.md
@@ -1,320 +0,0 @@
---
-aliases:
-  - ../../data-sources/azure-monitor/troubleshooting/
-description: Troubleshooting guide for the Azure Monitor data source in Grafana
-keywords:
-  - grafana
-  - azure
-  - monitor
-  - troubleshooting
-  - errors
-  - authentication
-  - query
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Troubleshoot
-title: Troubleshoot Azure Monitor data source issues
-weight: 500
-last_reviewed: 2025-12-04
-refs:
-  configure-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-  template-variables:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-  query-editor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
---
-
-# Troubleshoot Azure Monitor data source issues
-
-This document provides solutions to common issues you may encounter when configuring or using the Azure Monitor data source.
-
-## Configuration and authentication errors
-
-These errors typically occur when setting up the data source or when authentication credentials are invalid.
-
-### "Authorization failed" or "Access denied"
-
-**Symptoms:**
-
- Save & test fails with "Authorization failed"
- Queries return "Access denied" errors
- Subscriptions don't load when clicking **Load Subscriptions**
-
-**Possible causes and solutions:**
-
-| Cause                                              | Solution                                                                                                                                                                                                                                                                    |
-| -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| App registration doesn't have required permissions | Assign the `Reader` role to the app registration on the subscription or resource group you want to monitor. Refer to the [Azure documentation for role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current). |
-| Incorrect tenant ID, client ID, or client secret   | Verify the credentials in the Azure Portal under **App registrations** > your app > **Overview** (for IDs) and **Certificates & secrets** (for secret).                                                                                                                     |
-| Client secret has expired                          | Create a new client secret in Azure and update the data source configuration.                                                                                                                                                                                               |
-| Managed Identity not enabled on the Azure resource | For VMs, enable managed identity in the Azure Portal under **Identity**. For App Service, enable it under **Identity** in the app settings.                                                                                                                                 |
-| Managed Identity not assigned the Reader role      | Assign the `Reader` role to the managed identity on the target subscription or resources.                                                                                                                                                                                   |
-
-### "Invalid client secret" or "Client secret not found"
-
-**Symptoms:**
-
- Authentication fails immediately after configuration
- Error message references invalid credentials
-
-**Solutions:**
-
-1. Ensure you copied the client secret **value**, not the secret ID. In Azure Portal under **Certificates & secrets**, the secret value is only shown once when created. The secret ID is a different identifier and won't work for authentication.
-2. Verify the client secret was copied correctly (no extra spaces or truncation).
-3. Check if the secret has expired in Azure Portal under **App registrations** > your app > **Certificates & secrets**.
-4. Create a new secret and update the data source configuration.
-
-### "Tenant not found" or "Invalid tenant ID"
-
-**Symptoms:**
-
- Data source test fails with tenant-related errors
- Unable to authenticate
-
-**Solutions:**
-
-1. Verify the Directory (tenant) ID in Azure Portal under **Microsoft Entra ID** > **Overview**.
-2. Ensure you're using the correct Azure cloud setting (Azure, Azure Government, or Azure China).
-3. Check that the tenant ID is a valid GUID format.
-
-### Managed Identity not working
-
-**Symptoms:**
-
- Managed Identity option is available but authentication fails
- Error: "Managed identity authentication is not available"
-
-**Solutions:**
-
-1. Verify `managed_identity_enabled = true` is set in the Grafana server configuration under `[azure]`.
-2. Confirm the Azure resource hosting Grafana has managed identity enabled.
-3. For user-assigned managed identity, ensure `managed_identity_client_id` is set correctly.
-4. Verify the managed identity has the `Reader` role on the target resources.
-5. Restart Grafana after changing server configuration.
-
-### Workload Identity not working
-
-**Symptoms:**
-
- Workload Identity authentication fails in Kubernetes/AKS environment
- Token file errors
-
-**Solutions:**
-
-1. Verify `workload_identity_enabled = true` is set in the Grafana server configuration.
-2. Check that the service account is correctly annotated for workload identity.
-3. Verify the federated credential is configured in Azure.
-4. Ensure the token path is accessible to the Grafana pod.
-5. Check the workload identity webhook is running in the cluster.
-
-## Query errors
-
-These errors occur when executing queries against Azure Monitor services.
-
-### "No data" or empty results
-
-**Symptoms:**
-
- Query executes without error but returns no data
- Charts show "No data" message
-
-**Possible causes and solutions:**
-
-| Cause                             | Solution                                                                                                                         |
-| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
-| Time range doesn't contain data   | Expand the dashboard time range or verify data exists in Azure Portal.                                                           |
-| Wrong resource selected           | Verify you've selected the correct subscription, resource group, and resource.                                                   |
-| Metric not available for resource | Not all metrics are available for all resources. Check available metrics in Azure Portal under the resource's **Metrics** blade. |
-| Metric has no values              | Some metrics only populate under certain conditions (e.g., error counts when errors occur).                                      |
-| Permissions issue                 | Verify the identity has read access to the specific resource.                                                                    |
-
-### "Bad request" or "Invalid query"
-
-**Symptoms:**
-
- Query fails with 400 error
- Error message indicates query syntax issues
-
-**Solutions for Logs queries:**
-
-1. Validate your KQL syntax in the Azure Portal Log Analytics query editor.
-2. Check for typos in table names or column names.
-3. Ensure referenced tables exist in the selected workspace.
-4. Verify the time range is valid (not in the future, not too far in the past for data retention).
-
-**Solutions for Metrics queries:**
-
-1. Verify the metric name is valid for the selected resource type.
-2. Check that dimension filters use valid dimension names and values.
-3. Ensure the aggregation type is supported for the selected metric.
-
-### "Resource not found"
-
-**Symptoms:**
-
- Query fails with 404 error
- Resource picker shows resources that can't be queried
-
-**Solutions:**
-
-1. Verify the resource still exists in Azure (it may have been deleted or moved).
-2. Check that the subscription is correct.
-3. Refresh the resource picker by re-selecting the subscription.
-4. Verify the identity has access to the resource's resource group.
-
-### Logs query timeout
-
-**Symptoms:**
-
- Query runs for a long time then fails
- Error mentions timeout or query limits
-
-**Solutions:**
-
-1. Narrow the time range to reduce data volume.
-2. Add filters to reduce the result set.
-3. Use `summarize` to aggregate data instead of returning raw rows.
-4. Consider using Basic Logs for large datasets (if enabled).
-5. Break complex queries into smaller parts.
-
-### "Metrics not available" for a resource
-
-**Symptoms:**
-
- Resource appears in picker but no metrics are listed
- Metric dropdown is empty
-
-**Solutions:**
-
-1. Verify the resource type supports Azure Monitor metrics.
-2. Check if the resource is in a region that supports metrics.
-3. Some resources require diagnostic settings to emit metrics—configure these in Azure Portal.
-4. Try selecting a different namespace for the resource.
-
-## Azure Resource Graph errors
-
-These errors are specific to Azure Resource Graph (ARG) queries.
-
-### "Query execution failed"
-
-**Symptoms:**
-
- ARG query fails with execution errors
- Results don't match expected resources
-
-**Solutions:**
-
-1. Validate query syntax in Azure Portal Resource Graph Explorer.
-2. Check that you have access to the subscriptions being queried.
-3. Verify table names are correct (e.g., `Resources`, `ResourceContainers`).
-4. Some ARG features require specific permissions, check [ARG documentation](https://docs.microsoft.com/en-us/azure/governance/resource-graph/).
-
-### Query returns incomplete results
-
-**Symptoms:**
-
- Not all expected resources appear in results
- Results seem truncated
-
-**Solutions:**
-
-1. ARG queries are paginated. The data source handles pagination automatically, but very large result sets may be limited.
-2. Add filters to reduce result set size.
-3. Verify you have access to all subscriptions containing the resources.
-
-## Application Insights Traces errors
-
-These errors are specific to the Traces query type.
-
-### "No traces found"
-
-**Symptoms:**
-
- Trace query returns empty results
- Operation ID search finds nothing
-
-**Solutions:**
-
-1. Verify the Application Insights resource is collecting trace data.
-2. Check that the time range includes when the traces were generated.
-3. Ensure the Operation ID is correct (copy directly from another trace or log).
-4. Verify the identity has access to the Application Insights resource.
-
-## Template variable errors
-
-For detailed troubleshooting of template variables, refer to the [template variables troubleshooting section](ref:template-variables).
-
-### Variables return no values
-
-**Solutions:**
-
-1. Verify the data source connection is working (test it in the data source settings).
-2. Check that parent variables (for cascading variables) have valid selections.
-3. Verify the identity has permissions to list the requested resources.
-4. For Logs variables, ensure the KQL query returns a single column.
-
-### Variables are slow to load
-
-**Solutions:**
-
-1. Set variable refresh to **On dashboard load** instead of **On time range change**.
-2. Reduce the scope of variable queries (e.g., filter by resource group instead of entire subscription).
-3. For Logs variables, optimize the KQL query to return results faster.
-
-## Connection and network errors
-
-These errors indicate problems with network connectivity between Grafana and Azure services.
-
-### "Connection refused" or timeout errors
-
-**Symptoms:**
-
- Data source test fails with network errors
- Queries timeout without returning results
-
-**Solutions:**
-
-1. Verify network connectivity from Grafana to Azure endpoints.
-2. Check firewall rules allow outbound HTTPS (port 443) to Azure services.
-3. For private networks, ensure Private Link or VPN is configured correctly.
-4. For Grafana Cloud, configure [Private Data Source Connect](ref:configure-azure-monitor) if accessing private resources.
-
-### SSL/TLS certificate errors
-
-**Symptoms:**
-
- Certificate validation failures
- SSL handshake errors
-
-**Solutions:**
-
-1. Ensure the system time is correct (certificate validation fails with incorrect time).
-2. Verify corporate proxy isn't intercepting HTTPS traffic.
-3. Check that required CA certificates are installed on the Grafana server.
-
-## Get additional help
-
-If you've tried the solutions above and still encounter issues:
-
-1. Check the [Grafana community forums](https://community.grafana.com/) for similar issues.
-1. Review the [Azure Monitor data source GitHub issues](https://github.com/grafana/grafana/issues) for known bugs.
-1. Enable debug logging in Grafana to capture detailed error information.
-1. Contact Grafana Support if you're an Enterprise, Cloud Pro or Cloud Contracted user.
-1. When reporting issues, include:
-   - Grafana version
-   - Error messages (redact sensitive information)
-   - Steps to reproduce
-   - Relevant configuration (redact credentials)
--- a/docs/sources/datasources/influxdb/_index.md
+++ b/docs/sources/datasources/influxdb/_index.md
@@ -52,7 +52,6 @@ The following documents will help you get started with the InfluxDB data source
 - [Configure the InfluxDB data source](./configure-influxdb-data-source/)
 - [InfluxDB query editor](./query-editor/)
 - [InfluxDB templates and variables](./template-variables/)
- [Troubleshoot issues with the InfluxDB data source](./troubleshooting/)

 Once you have configured the data source you can:

--- a/docs/sources/datasources/influxdb/troubleshooting/index.md
+++ b/docs/sources/datasources/influxdb/troubleshooting/index.md
@@ -1,291 +0,0 @@
---
-aliases:
-  - ../../data-sources/influxdb/troubleshooting/
-description: Troubleshooting the InfluxDB data source in Grafana
-keywords:
-  - grafana
-  - influxdb
-  - troubleshooting
-  - errors
-  - flux
-  - influxql
-  - sql
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Troubleshooting
-title: Troubleshoot issues with the InfluxDB data source
-weight: 600
---
-
-# Troubleshoot issues with the InfluxDB data source
-
-This document provides troubleshooting information for common errors you may encounter when using the InfluxDB data source in Grafana.
-
-## Connection errors
-
-The following errors occur when Grafana cannot establish or maintain a connection to InfluxDB.
-
-### Failed to connect to InfluxDB
-
-**Error message:** "error performing influxQL query" or "error performing flux query" or "error performing sql query"
-
-**Cause:** Grafana cannot establish a network connection to the InfluxDB server.
-
-**Solution:**
-
-1. Verify that the InfluxDB URL is correct in the data source configuration.
-1. Check that InfluxDB is running and accessible from the Grafana server.
-1. Ensure the URL includes the protocol (`http://` or `https://`).
-1. Verify the port is correct (the InfluxDB default API port is `8086`).
-1. Ensure there are no firewall rules blocking the connection.
-1. For Grafana Cloud, ensure you have configured [Private data source connect](https://grafana.com/docs/grafana-cloud/connect-externally-hosted/private-data-source-connect/) if your InfluxDB instance is not publicly accessible.
-
-### Request timed out
-
-**Error message:** "context deadline exceeded" or "request timeout"
-
-**Cause:** The connection to InfluxDB timed out before receiving a response.
-
-**Solution:**
-
-1. Check the network latency between Grafana and InfluxDB.
-1. Verify that InfluxDB is not overloaded or experiencing performance issues.
-1. Increase the timeout setting in the data source configuration under **Advanced HTTP Settings**.
-1. Reduce the time range or complexity of your query.
-
-## Authentication errors
-
-The following errors occur when there are issues with authentication credentials or permissions.
-
-### Unauthorized (401)
-
-**Error message:** "401 Unauthorized" or "authorization failed"
-
-**Cause:** The authentication credentials are invalid or missing.
-
-**Solution:**
-
-1. Verify that the token or password is correct in the data source configuration.
-1. For Flux and SQL, ensure the token has not expired.
-1. For InfluxQL with InfluxDB 2.x, verify the token is set as an `Authorization` header with the value `Token <your-token>`.
-1. For InfluxDB 1.x, verify the username and password are correct.
-1. Check that the token has the required permissions to access the specified bucket or database.
-
-### Forbidden (403)
-
-**Error message:** "403 Forbidden" or "access denied"
-
-**Cause:** The authenticated user or token does not have permission to access the requested resource.
-
-**Solution:**
-
-1. Verify the token has read access to the specified bucket or database.
-1. Check the token's permissions in the InfluxDB UI under **API Tokens**.
-1. Ensure the organization ID is correct for Flux queries.
-1. For InfluxQL with InfluxDB 2.x, verify the DBRP mapping is configured correctly.
-
-## Configuration errors
-
-The following errors occur when the data source is not configured correctly.
-
-### Unknown influx version
-
-**Error message:** "unknown influx version"
-
-**Cause:** The query language is not properly configured in the data source settings.
-
-**Solution:**
-
-1. Open the data source configuration in Grafana.
-1. Verify that a valid query language is selected: **Flux**, **InfluxQL**, or **SQL**.
-1. Ensure the selected query language matches your InfluxDB version:
-   - Flux: InfluxDB 1.8+ and 2.x
-   - InfluxQL: InfluxDB 1.x and 2.x (with DBRP mapping)
-   - SQL: InfluxDB 3.x only
-
-### Invalid data source info received
-
-**Error message:** "invalid data source info received"
-
-**Cause:** The data source configuration is incomplete or corrupted.
-
-**Solution:**
-
-1. Delete and recreate the data source.
-1. Ensure all required fields are populated based on your query language:
-   - **Flux:** URL, Organization, Token, Default Bucket
-   - **InfluxQL:** URL, Database, User, Password
-   - **SQL:** URL, Database, Token
-
-### DBRP mapping required
-
-**Error message:** "database not found" or queries return no data with InfluxQL on InfluxDB 2.x
-
-**Cause:** InfluxQL queries on InfluxDB 2.x require a Database and Retention Policy (DBRP) mapping.
-
-**Solution:**
-
-1. Create a DBRP mapping in InfluxDB using the CLI or API.
-1. Refer to [Manage DBRP Mappings](https://docs.influxdata.com/influxdb/cloud/query-data/influxql/dbrp/) for guidance.
-1. Verify the database name in Grafana matches the DBRP mapping.
-
-## Query errors
-
-The following errors occur when there are issues with query syntax or execution.
-
-### Query syntax error
-
-**Error message:** "error parsing query: found THING" or "failed to parse query: found WERE, expected ; at line 1, char 38"
-
-**Cause:** The query contains invalid syntax.
-
-**Solution:**
-
-1. Check your query syntax for typos or invalid keywords.
-1. For InfluxQL, verify the query follows the correct syntax:
-
-   ```sql
-   SELECT <field> FROM <measurement> WHERE <condition>
-   ```
-
-1. For Flux, ensure proper pipe-forward syntax and function calls.
-1. Use the InfluxDB UI or CLI to test your query directly.
-
-### Query timeout limit exceeded
-
-**Error message:** "query-timeout limit exceeded"
-
-**Cause:** The query took longer than the configured timeout limit in InfluxDB.
-
-**Solution:**
-
-1. Reduce the time range of your query.
-1. Add more specific filters to limit the data scanned.
-1. Increase the query timeout setting in InfluxDB if you have admin access.
-1. Optimize your query to reduce complexity.
-
-### Too many series or data points
-
-**Error message:** "max-series-per-database limit exceeded" or "A query returned too many data points and the results have been truncated"
-
-**Cause:** The query is returning more data than the configured limits allow.
-
-**Solution:**
-
-1. Reduce the time range of your query.
-1. Add filters to limit the number of series returned.
-1. Increase the **Max series** setting in the data source configuration under **Advanced Database Settings**.
-1. Use aggregation functions to reduce the number of data points.
-1. For Flux, use `aggregateWindow()` to downsample data.
-
-### No time column found
-
-**Error message:** "no time column found"
-
-**Cause:** The query result does not include a time column, which is required for time series visualization.
-
-**Solution:**
-
-1. Ensure your query includes a time field.
-1. For Flux, verify the query includes `_time` in the output.
-1. For SQL, ensure the query returns a timestamp column.
-1. Check that the time field is not being filtered out or excluded.
-
-## Health check errors
-
-The following errors occur when testing the data source connection.
-
-### Error getting flux query buckets
-
-**Error message:** "error getting flux query buckets"
-
-**Cause:** The health check query `buckets()` failed to return results.
-
-**Solution:**
-
-1. Verify the token has permission to list buckets.
-1. Check that the organization ID is correct.
-1. Ensure InfluxDB is running and accessible.
-
-### Error connecting InfluxDB influxQL
-
-**Error message:** "error connecting InfluxDB influxQL"
-
-**Cause:** The health check query `SHOW MEASUREMENTS` failed.
-
-**Solution:**
-
-1. Verify the database name is correct.
-1. Check that the user has permission to run `SHOW MEASUREMENTS`.
-1. Ensure the database exists and contains measurements.
-1. For InfluxDB 2.x, verify DBRP mapping is configured.
-
-### 0 measurements found
-
-**Error message:** "data source is working. 0 measurements found"
-
-**Cause:** The connection is successful, but the database contains no measurements.
-
-**Solution:**
-
-1. Verify you are connecting to the correct database.
-1. Check that data has been written to the database.
-1. If the database is new, add some test data to verify the connection.
-
-## Other common issues
-
-The following issues don't produce specific error messages but are commonly encountered.
-
-### Empty query results
-
-**Cause:** The query returns no data.
-
-**Solution:**
-
-1. Verify the time range includes data in your database.
-1. Check that the measurement and field names are correct.
-1. Test the query directly in the InfluxDB UI or CLI.
-1. Ensure filters are not excluding all data.
-1. For InfluxQL, verify the retention policy contains data for the selected time range.
-
-### Slow query performance
-
-**Cause:** Queries take a long time to execute.
-
-**Solution:**
-
-1. Reduce the time range of your query.
-1. Add more specific filters to limit the data scanned.
-1. Increase the **Min time interval** setting to reduce the number of data points.
-1. Check InfluxDB server performance and resource utilization.
-1. For Flux, use `aggregateWindow()` to downsample data before visualization.
-1. Consider using continuous queries or tasks to pre-aggregate data.
-
-### Data appears delayed or missing recent points
-
-**Cause:** The visualization doesn't show the most recent data.
-
-**Solution:**
-
-1. Check the dashboard time range and refresh settings.
-1. Verify the **Min time interval** is not set too high.
-1. Ensure InfluxDB has finished writing the data.
-1. Check for clock synchronization issues between Grafana and InfluxDB.
-
-## Get additional help
-
-If you continue to experience issues after following this troubleshooting guide:
-
-1. Check the [InfluxDB documentation](https://docs.influxdata.com/) for API-specific guidance.
-1. Review the [Grafana community forums](https://community.grafana.com/) for similar issues.
-1. Contact Grafana Support if you're an Enterprise, Cloud Pro or Cloud Contracted user.
-1. When reporting issues, include:
-   - Grafana version
-   - InfluxDB version and product (OSS, Cloud, Enterprise)
-   - Query language (Flux, InfluxQL, or SQL)
-   - Error messages (redact sensitive information)
-   - Steps to reproduce
-   - Relevant configuration such as data source settings, HTTP method, and TLS settings (redact tokens, passwords, and other credentials)
--- a/docs/sources/setup-grafana/configure-grafana/_index.md
+++ b/docs/sources/setup-grafana/configure-grafana/_index.md
@@ -1776,13 +1776,6 @@ Specify the frequency of polling for Alertmanager configuration changes. The def

 The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), for example, 30s or 1m.

-#### `alertmanager_max_template_output_bytes`
-
-Maximum size in bytes that the expanded result of any single template expression (e.g. {{ .CommonAnnotations.description }}, {{ .ExternalURL }}, etc.) may reach during notification rendering.
-The limit is checked after template execution for each templated field, but before the value is inserted into the final notification payload sent to the receiver.
-If exceeded, the notification will contain output truncated up to the limit and a warning will be logged.
-The default value is 10,485,760 bytes (10Mb).
-
 #### `ha_redis_address`

 Redis server address or addresses. It can be a single Redis address if using Redis standalone,
--- a/docs/sources/upgrade-guide/when-to-upgrade/index.md
+++ b/docs/sources/upgrade-guide/when-to-upgrade/index.md
@@ -107,8 +107,8 @@ Here is an overview of version support through 2026:
 | 12.0.x                    | May 5, 2025        | February 5, 2026     | Patch Support      |
 | 12.1.x                    | July 22, 2025      | April 22, 2026       | Patch Support      |
 | 12.2.x                    | September 23, 2025 | June 23, 2026        | Patch Support      |
-| 12.3.x                    | November 19, 2025  | August 19, 2026      | Patch Support      |
-| 12.4.x (Last minor of 12) | February 24, 2026  | May 24, 2027         | Yet to be released |
+| 12.3.x                    | November 18, 2025  | August 18, 2026      | Yet to be released |
+| 12.4.x (Last minor of 12) | February 24, 2026  | November 24, 2026    | Yet to be released |
 | 13.0.0                    | TBD                | TBD                  | Yet to be released |

 ## How are these versions supported?
--- a/docs/sources/visualizations/dashboards/build-dashboards/annotate-visualizations/index.md
+++ b/docs/sources/visualizations/dashboards/build-dashboards/annotate-visualizations/index.md
@@ -149,10 +149,7 @@ To add a new annotation query to a dashboard, follow these steps:
   You can also click **Open advanced data source picker** to see more options, including adding a data source (Admins only).

 1. If you don't want to use the annotation query right away, clear the **Enabled** checkbox.
-1. Select one of the following options in the **Show annotation controls in** drop-down list to control where annotations are displayed:
-   - **Above dashboard** - The annotation toggle is displayed above the dashboard. This is the default.
-   - **Controls menu** - The annotation toggle is displayed in the dashboard controls menu instead of above the dashboard. The dashboard controls menu appears as a button in the dashboard toolbar.
-   - **Hidden** - The annotation toggle is not displayed on the dashboard.
+1. If you don't want the annotation query toggle to be displayed in the dashboard, select the **Hidden** checkbox.
 1. Select a color for the event markers.
 1. In the **Show in** drop-down, choose one of the following options:
   - **All panels** - The annotations are displayed on all panels that support annotations.
--- a/docs/sources/visualizations/dashboards/build-dashboards/create-dynamic-dashboard/index.md
+++ b/docs/sources/visualizations/dashboards/build-dashboards/create-dynamic-dashboard/index.md
@@ -245,12 +245,11 @@ To configure repeats, follow these steps:
 1. Click **Save**.
 1. Toggle off the edit mode switch.

-### Repeating rows and tabs and the Dashboard special data source
+### Repeating rows and the Dashboard special data source

 <!-- is this next section still true? -->

 If a row includes panels using the special [Dashboard data source](ref:built-in-special-data-sources)&mdash;the data source that uses a result set from another panel in the same dashboard&mdash;then corresponding panels in repeated rows will reference the panel in the original row, not the ones in the repeated rows.
-The same behavior applies to tabs.

 For example, in a dashboard:

--- a/docs/sources/visualizations/dashboards/share-dashboards-panels/_index.md
+++ b/docs/sources/visualizations/dashboards/share-dashboards-panels/_index.md
@@ -223,25 +223,17 @@ To export a dashboard in its current state as a PDF, follow these steps:

 1. Click the **X** at the top-right corner to close the share drawer.

-### Export a dashboard as code
+### Export a dashboard as JSON

 Export a Grafana JSON file that contains everything you need, including layout, variables, styles, data sources, queries, and so on, so that you can later import the dashboard. To export a JSON file, follow these steps:

 1. Click **Dashboards** in the main menu.
 1. Open the dashboard you want to export.
-1. Click the **Export** drop-down list in the top-right corner and select **Export as code**.
+1. Click the **Export** drop-down list in the top-right corner and select **Export as JSON**.

-   The **Export dashboard** drawer opens.
-
-1. Select the dashboard JSON model that you to export:
-   - **Classic** - Export dashboards created using the [current dashboard schema](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/visualizations/dashboards/build-dashboards/view-dashboard-json-model/).
-   - **V1 Resource** - Export dashboards created using the [current dashboard schema](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/visualizations/dashboards/build-dashboards/view-dashboard-json-model/) wrapped in the `spec` property of the [V1 Kubernetes-style resource](https://play.grafana.org/swagger?api=dashboard.grafana.app-v2alpha1). Choose between **JSON** and **YAML** format.
-   - **V2 Resource** - Export dashboards created using the [V2 Resource schema](https://play.grafana.org/swagger?api=dashboard.grafana.app-v2beta1). Choose between **JSON** and **YAML** format.
-
-1. Do one of the following:
-   - Toggle the **Export for sharing externally** switch to generate the JSON with a different data source UID.
-   - Toggle the **Remove deployment details** switch to make the dashboard externally shareable.
+   The **Export dashboard JSON** drawer opens.

+1. Toggle the **Export the dashboard to use in another instance** switch to generate the JSON with a different data source UID.
 1. Click **Download file** or **Copy to clipboard**.
 1. Click the **X** at the top-right corner to close the share drawer.

--- a/docs/sources/visualizations/explore/logs-integration.md
+++ b/docs/sources/visualizations/explore/logs-integration.md
@@ -43,36 +43,24 @@ If the data source doesn't support loading the full range logs volume, the logs

 The following sections provide detailed explanations on how to visualize and interact with individual logs in Explore.

-### Infinite scroll
+### Logs navigation

-<!-- vale Grafana.GoogleWill = NO -->
+Logs navigation, located at the right side of the log lines, can be used to easily request additional logs by clicking **Older logs** at the bottom of the navigation. This is especially useful when you reach the line limit and you want to see more logs. Each request run from the navigation displays in the navigation as separate page. Every page shows `from` and `to` timestamps of the incoming log lines. You can see previous results by clicking on each page. Explore caches the last five requests run from the logs navigation so you're not re-running the same queries when clicking on the pages, saving time and resources.

-When you reach the bottom of the list of logs, you will see the message `Scroll to load more`. If you continue scrolling and the displayed logs are within the selected time interval, Grafana will load more logs. When the sort order is "newest first" you receive older logs, and when the sort order is "oldest first" you get newer logs.
-
-<!-- vale Grafana.GoogleWill = YES -->
+![Navigate logs in Explore](/static/img/docs/explore/navigate-logs-8-0.png)

 ### Visualization options

 You have the option to customize the display of logs and choose which columns to show. Following is a list of available options.

-<!-- vale Grafana.Spelling = NO -->
-
-| Option                                | Description                                                                                                                                                                                                                                                                                                                                                                         |
-| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Expand / Collapse                     | Expand or collapse the controls toolbar.                                                                                                                                                                                                                                                                                                                                            |
-| Scroll to bottom                      | Jump to the bottom of the logs table.                                                                                                                                                                                                                                                                                                                                               |
-| Oldest Logs First / Newest logs first | Sort direction (ascending or descending).                                                                                                                                                                                                                                                                                                                                           |
-| Search logs / Close search            | Click to open/close the client side string search of the displayed logs result.                                                                                                                                                                                                                                                                                                     |
-| Deduplication                         | **None** does not perform any deduplication, **Exact** matches are done on the whole line except for date fields. **Numbers** matches are done on the line after stripping out numbers such as durations, IP addresses, and so on. **Signature** is the most aggressive deduplication as it strips all letters and numbers and matches on the remaining whitespace and punctuation. |
-| Filter levels                         | Filter logs in display by log level: All levels, Info, Debut, Warning, Error.                                                                                                                                                                                                                                                                                                       |
-| Set Timestamp format                  | Hide timestamps (disabled), Show milliseconds timestamps, Show nanoseconds timestamps.                                                                                                                                                                                                                                                                                              |
-| Set line wrap                         | Disable line wrapping, Enable line wrapping, Enable line wrapping and prettify JSON.                                                                                                                                                                                                                                                                                                |
-| Enable highlighting                   | Plain text, Highlight text.                                                                                                                                                                                                                                                                                                                                                         |
-| Font size                             | Small font (default), Large font.                                                                                                                                                                                                                                                                                                                                                   |
-| Unescaped newlines                    | Only displayed if the logs contain unescaped new lines. Click to unescape and display as new lines.                                                                                                                                                                                                                                                                                 |
-| Download logs                         | Plain text (txt), JavaScript Object Notation (JSON), Comma-separated values (CSV)                                                                                                                                                                                                                                                                                                   |
-
-<!-- vale Grafana.Spelling = YES -->
+| Option                    | Description                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Time**                  | Shows or hides the time column. This is the timestamp associated with the log line as reported from the data source.                                                                                                                                                                                                                                                                                                                                      |
+| **Unique labels**         | Shows or hides the unique labels column that includes only non-common labels. All common labels are displayed above.                                                                                                                                                                                                                                                                                                                                      |
+| **Wrap lines**            | Set this to `true` if you want the display to use line wrapping. If set to `false`, it will result in horizontal scrolling.                                                                                                                                                                                                                                                                                                                               |
+| **Prettify JSON**         | Set this to `true` to pretty print all JSON logs. This setting does not affect logs in any format other than JSON.                                                                                                                                                                                                                                                                                                                                        |
+| **Deduplication**         | Log data can be very repetitive. Explore hides duplicate log lines using a few different deduplication algorithms. **Exact** matches are done on the whole line except for date fields. **Numbers** matches are done on the line after stripping out numbers such as durations, IP addresses, and so on. **Signature** is the most aggressive deduplication as it strips all letters and numbers and matches on the remaining whitespace and punctuation. |
+| **Display results order** | You can change the order of received logs from the default descending order (newest first) to ascending order (oldest first).                                                                                                                                                                                                                                                                                                                             |

 ### Download log lines

@@ -155,31 +143,16 @@ Click the **eye icon** to select a subset of fields to visualize in the logs lis

 Each field has a **stats icon**, which displays ad-hoc statistics in relation to all displayed logs.

-For data sources that support log types, such as Loki, instead of a single view containing all fields, fields will be displayed grouped by their type: Indexed Labels, Parsed fields, and Structured Metadata.
-
 #### Links

 Grafana provides data links or correlations, allowing you to convert any part of a log message into an internal or external link. These links enable you to navigate to related data or external resources, offering a seamless and convenient way to explore additional information.

 {{< figure src="/static/img/docs/explore/data-link-9-4.png" max-width="800px" caption="Data link in Explore" >}}

-#### Log details modes
-
-There are two modes available to view log details:
-
- **Inline** The default, displays log details below the log line.
- **Sidebar** Displays log details in a sidebar view.
-
-No matter which display mode you are currently viewing, you can change it by clicking the mode control icon.
-
 ### Log context

 Log context is a feature that displays additional lines of context surrounding a log entry that matches a specific search query. This helps in understanding the context of the log entry and is similar to the `-C` parameter in the `grep` command.

-If you're using Loki for your logs, to modify your log context queries, you can use the Loki log context query editor at the top of the table. You can activate this editor by clicking the menu for the log line, and selecting **Show context**. Within the **Log Context** view, you have the option to modify your search by removing one or more label filters from the log stream. If your original query used a parser, you can refine your search by leveraging extracted label filters.
-
-Change the **Context time window** option to look for logs within a specific time interval around your log line.
-
 Toggle **Wrap lines** if you encounter long lines of text that make it difficult to read and analyze the context around log entries. By enabling this toggle, Grafana automatically wraps long lines of text to fit within the visible width of the viewer, making the log entries easier to read and understand.

 Click **Open in split view** to execute the context query for a log entry in a split screen in the Explore view. Clicking this button opens a new Explore pane with the context query displayed alongside the log entry, making it easier to analyze and understand the surrounding context.
--- a/docs/sources/visualizations/panels-visualizations/visualizations/logs/index.md
+++ b/docs/sources/visualizations/panels-visualizations/visualizations/logs/index.md
@@ -31,7 +31,7 @@ refs:

 _Logs_ are structured records of events or messages generated by a system or application&mdash;that is, a series of text records with status updates from your system or app. They generally include timestamps, messages, and context information like the severity of the logged event.

-The logs visualization displays these records from data sources that support logs, such as Elastic, Influx, and Loki. The logs visualization shows, by default, the timestamp, a colored string representing the log status, the log line body, as well as collapsible log events that help you analyze the information generated.
+The logs visualization displays these records from data sources that support logs, such as Elastic, Influx, and Loki. The logs visualization has colored indicators of log status, as well as collapsible log events that help you analyze the information generated.

 {{< figure src="/media/docs/grafana/panels-visualizations/screenshot-logs-v12.3.png" max-width="750px" alt="Logs visualization" >}}

@@ -100,16 +100,16 @@ Use these settings to refine your visualization:

 |      Option     |   Description   |
 | --------------- | --------------- |
-| Show timestamps | Show or hide the time column. This is the timestamp associated with the log line as reported from the data source. |
+| Time   | Show or hide the time column. This is the timestamp associated with the log line as reported from the data source. |
 | Unique labels | Show or hide the unique labels column, which shows only non-common labels. |
+| Common labels | Show or hide the common labels. |
 | Wrap lines | Turn line wrapping on or off. |
-| Prettify JSON | Toggle the switch on to pretty print all JSON logs. This setting does not affect logs in any format other than JSON. |
-| Enable highlighting | Use a predefined syntax coloring grammar to highlight relevant parts of the log lines |
+| Enable logs highlighting | Experimental. Use a predefined coloring scheme to highlight relevant parts of the log lines. Subtle colors are added to the log lines to improve readability and help with identifying important information faster. |
 | Enable log details | Toggle the switch on to see an extendable area with log details including labels and detected fields. Each field or label has a stats icon to display ad-hoc statistics in relation to all displayed logs. The default setting is on. |
-| Log Details panel mode | Choose to display the log details in a sidebar panel or inline, below the log line. |
-| Enable infinite scrolling | Request more results by scrolling to the bottom of the logs list. |
-| Show controls | Display controls to jump to the last or first log line, and filters by log level |
-| Font size | Select between the default font size and small font size. |
+| Log details panel mode | Choose to display the log details in a sidebar panel or inline, below the log line. The default mode depends on viewport size: the default mode for smaller viewports is inline, while for larger ones, it's sidebar. You can also change mode dynamically in the panel by clicking the mode control. |
+| Enable infinite scrolling | Request more results by scrolling to the bottom of the logs list. When you reach the bottom of the list of logs, if you continue scrolling and the displayed logs are within the selected time interval, you can request to load more logs. When the sort order is **Newest first**, you receive older logs, and when the sort order is **Oldest first** you get newer logs. |
+| Show controls | Display controls to jump to the last or first log line, and filter by log level. |
+| Font size | Select between the **Default** font size and **Small** font sizes.|
 | Deduplication | Hide log messages that are duplicates of others shown, according to your selected criteria. Choose from: <ul><li>**Exact** - Ignoring ISO datetimes.</li><li>**Numerical** - Ignoring only those that differ by numbers such as IPs or latencies.</li><li>**Signatures** - Removing successive lines with identical punctuation and white space.</li></ul> |
 | Order | Set whether to show results **Newest first** or **Oldest first**. |

--- a/e2e-playwright/panels-suite/table-kitchenSink.spec.ts
+++ b/e2e-playwright/panels-suite/table-kitchenSink.spec.ts
@@ -343,33 +343,6 @@ test.describe('Panels test: Table - Kitchen Sink', { tag: ['@panels', '@table']
    // TODO -- saving for another day.
  });

-  test('Tests nested table expansion', async ({ gotoDashboardPage, selectors, page }) => {
-    const dashboardPage = await gotoDashboardPage({
-      uid: DASHBOARD_UID,
-      queryParams: new URLSearchParams({ editPanel: '4' }),
-    });
-
-    await expect(
-      dashboardPage.getByGrafanaSelector(selectors.components.Panels.Panel.title('Nested tables'))
-    ).toBeVisible();
-
-    await waitForTableLoad(page);
-
-    await expect(page.locator('[role="row"]')).toHaveCount(3); // header + 2 rows
-
-    const firstRowExpander = dashboardPage
-      .getByGrafanaSelector(selectors.components.Panels.Visualization.TableNG.RowExpander)
-      .first();
-
-    await firstRowExpander.click();
-    await expect(page.locator('[role="row"]')).not.toHaveCount(3); // more rows are present now, it is dynamic tho.
-
-    // TODO: test sorting
-
-    await firstRowExpander.click();
-    await expect(page.locator('[role="row"]')).toHaveCount(3); // back to original state
-  });
-
  test('Tests tooltip interactions', async ({ gotoDashboardPage, selectors }) => {
    const dashboardPage = await gotoDashboardPage({
      uid: DASHBOARD_UID,
--- a/eslint-suppressions.json
+++ b/eslint-suppressions.json
@@ -804,6 +804,11 @@
      "count": 2
    }
  },
+  "packages/grafana-ui/src/components/Table/TableNG/utils.ts": {
+    "@typescript-eslint/consistent-type-assertions": {
+      "count": 1
+    }
+  },
  "packages/grafana-ui/src/components/Table/TableRT/Filter.tsx": {
    "@typescript-eslint/no-explicit-any": {
      "count": 1
@@ -1817,7 +1822,7 @@
  },
  "public/app/features/dashboard-scene/edit-pane/DashboardEditPaneSplitter.tsx": {
    "react-hooks/rules-of-hooks": {
-      "count": 5
+      "count": 4
    }
  },
  "public/app/features/dashboard-scene/inspect/HelpWizard/HelpWizard.tsx": {
@@ -1830,6 +1835,11 @@
      "count": 1
    }
  },
+  "public/app/features/dashboard-scene/inspect/InspectJsonTab.tsx": {
+    "no-restricted-syntax": {
+      "count": 1
+    }
+  },
  "public/app/features/dashboard-scene/pages/DashboardScenePage.tsx": {
    "@typescript-eslint/consistent-type-assertions": {
      "count": 2
@@ -2910,6 +2920,11 @@
      "count": 1
    }
  },
+  "public/app/features/plugins/admin/components/PluginDetailsPage.tsx": {
+    "@typescript-eslint/consistent-type-assertions": {
+      "count": 1
+    }
+  },
  "public/app/features/plugins/admin/helpers.ts": {
    "no-restricted-syntax": {
      "count": 2
--- a/go.mod
+++ b/go.mod
@@ -87,7 +87,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.15.0 // @grafana/grafana-backend-group
 	github.com/gorilla/mux v1.8.1 // @grafana/grafana-backend-group
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // @grafana/grafana-app-platform-squad
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 // @grafana/alerting-backend
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba // @grafana/alerting-backend
 	github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f // @grafana/identity-access-team
 	github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 // @grafana/identity-access-team
 	github.com/grafana/dataplane/examples v0.0.1 // @grafana/observability-metrics
--- a/go.sum
+++ b/go.sum
@@ -1613,8 +1613,8 @@ github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7Fsg
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f h1:Cbm6OKkOcJ+7CSZsGsEJzktC/SIa5bxVeYKQLuYK86o=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f/go.mod h1:axY0cdOg3q0TZHwpHnIz5x16xZ8ZBxJHShsSHHXcHQg=
 github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 h1:Muoy+FMGrHj3GdFbvsMzUT7eusgii9PKf9L1ZaXDDbY=
--- a/go.work.sum
+++ b/go.work.sum
@@ -526,8 +526,6 @@ github.com/campoy/embedmd v1.0.0 h1:V4kI2qTJJLf4J29RzI/MAt2c3Bl4dQSYPuflzwFH2hY=
 github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8=
 github.com/cenkalti/backoff/v5 v5.0.2/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
-github.com/centrifugal/centrifuge v0.37.2/go.mod h1:aj4iRJGhzi3SlL8iUtVezxway1Xf8g+hmNQkLLO7sS8=
-github.com/centrifugal/protocol v0.16.2/go.mod h1:Q7OpS/8HMXDnL7f9DpNx24IhG96MP88WPpVTTCdrokI=
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
 github.com/chenzhuoyu/iasm v0.9.0 h1:9fhXjVzq5hUy2gkhhgHl95zG2cEAhw9OSGs8toWWAwo=
@@ -1371,7 +1369,6 @@ github.com/rabbitmq/amqp091-go v1.9.0 h1:qrQtyzB4H8BQgEuJwhmVQqVHB9O4+MNDJCCAcpc
 github.com/rabbitmq/amqp091-go v1.9.0/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/redis/rueidis v1.0.64/go.mod h1:Lkhr2QTgcoYBhxARU7kJRO8SyVlgUuEkcJO1Y8MCluA=
 github.com/relvacode/iso8601 v1.6.0 h1:eFXUhMJN3Gz8Rcq82f9DTMW0svjtAVuIEULglM7QHTU=
 github.com/relvacode/iso8601 v1.6.0/go.mod h1:FlNp+jz+TXpyRqgmM7tnzHHzBnz776kmAH2h3sZCn0I=
 github.com/richardartoul/molecule v1.0.0 h1:+LFA9cT7fn8KF39zy4dhOnwcOwRoqKiBkPqKqya+8+U=
--- a/packages/grafana-api-clients/src/clients/rtkq/legacy/endpoints.gen.ts
+++ b/packages/grafana-api-clients/src/clients/rtkq/legacy/endpoints.gen.ts
@@ -658,6 +658,10 @@ const injectedRtkApi = api
        query: (queryArg) => ({ url: `/dashboards/db`, method: 'POST', body: queryArg.saveDashboardCommand }),
        invalidatesTags: ['dashboards'],
      }),
+      getHomeDashboard: build.query<GetHomeDashboardApiResponse, GetHomeDashboardApiArg>({
+        query: () => ({ url: `/dashboards/home` }),
+        providesTags: ['dashboards'],
+      }),
      importDashboard: build.mutation<ImportDashboardApiResponse, ImportDashboardApiArg>({
        query: (queryArg) => ({ url: `/dashboards/import`, method: 'POST', body: queryArg.importDashboardRequest }),
        invalidatesTags: ['dashboards'],
@@ -2570,6 +2574,8 @@ export type PostDashboardApiResponse = /** status 200 (empty) */ {
 export type PostDashboardApiArg = {
  saveDashboardCommand: SaveDashboardCommand;
 };
+export type GetHomeDashboardApiResponse = /** status 200 (empty) */ GetHomeDashboardResponse;
+export type GetHomeDashboardApiArg = void;
 export type ImportDashboardApiResponse =
  /** status 200 (empty) */ ImportDashboardResponseResponseObjectReturnedWhenImportingADashboard;
 export type ImportDashboardApiArg = {
@@ -4393,6 +4399,51 @@ export type SaveDashboardCommand = {
  overwrite?: boolean;
  userId?: number;
 };
+export type AnnotationActions = {
+  canAdd?: boolean;
+  canDelete?: boolean;
+  canEdit?: boolean;
+};
+export type AnnotationPermission = {
+  dashboard?: AnnotationActions;
+  organization?: AnnotationActions;
+};
+export type DashboardMeta = {
+  annotationsPermissions?: AnnotationPermission;
+  apiVersion?: string;
+  canAdmin?: boolean;
+  canDelete?: boolean;
+  canEdit?: boolean;
+  canSave?: boolean;
+  canStar?: boolean;
+  created?: string;
+  createdBy?: string;
+  expires?: string;
+  /** Deprecated: use FolderUID instead */
+  folderId?: number;
+  folderTitle?: string;
+  folderUid?: string;
+  folderUrl?: string;
+  hasAcl?: boolean;
+  isFolder?: boolean;
+  isSnapshot?: boolean;
+  isStarred?: boolean;
+  provisioned?: boolean;
+  provisionedExternalId?: string;
+  publicDashboardEnabled?: boolean;
+  slug?: string;
+  type?: string;
+  updated?: string;
+  updatedBy?: string;
+  url?: string;
+  version?: number;
+};
+export type GetHomeDashboardResponse = {
+  dashboard?: Json;
+  meta?: DashboardMeta;
+} & {
+  redirectUri?: string;
+};
 export type ImportDashboardResponseResponseObjectReturnedWhenImportingADashboard = {
  dashboardId?: number;
  description?: string;
@@ -4484,45 +4535,6 @@ export type PublicDashboardDto = {
  timeSelectionEnabled?: boolean;
  uid?: string;
 };
-export type AnnotationActions = {
-  canAdd?: boolean;
-  canDelete?: boolean;
-  canEdit?: boolean;
-};
-export type AnnotationPermission = {
-  dashboard?: AnnotationActions;
-  organization?: AnnotationActions;
-};
-export type DashboardMeta = {
-  annotationsPermissions?: AnnotationPermission;
-  apiVersion?: string;
-  canAdmin?: boolean;
-  canDelete?: boolean;
-  canEdit?: boolean;
-  canSave?: boolean;
-  canStar?: boolean;
-  created?: string;
-  createdBy?: string;
-  expires?: string;
-  /** Deprecated: use FolderUID instead */
-  folderId?: number;
-  folderTitle?: string;
-  folderUid?: string;
-  folderUrl?: string;
-  hasAcl?: boolean;
-  isFolder?: boolean;
-  isSnapshot?: boolean;
-  isStarred?: boolean;
-  provisioned?: boolean;
-  provisionedExternalId?: string;
-  publicDashboardEnabled?: boolean;
-  slug?: string;
-  type?: string;
-  updated?: string;
-  updatedBy?: string;
-  url?: string;
-  version?: number;
-};
 export type DashboardFullWithMeta = {
  dashboard?: Json;
  meta?: DashboardMeta;
@@ -6607,6 +6619,8 @@ export const {
  useSearchDashboardSnapshotsQuery,
  useLazySearchDashboardSnapshotsQuery,
  usePostDashboardMutation,
+  useGetHomeDashboardQuery,
+  useLazyGetHomeDashboardQuery,
  useImportDashboardMutation,
  useInterpolateDashboardMutation,
  useListPublicDashboardsQuery,
--- a/packages/grafana-data/src/types/featureToggles.gen.ts
+++ b/packages/grafana-data/src/types/featureToggles.gen.ts
@@ -1185,20 +1185,10 @@ export interface FeatureToggles {
  */
  onlyStoreActionSets?: boolean;
  /**
-  * Show insights for plugins in the plugin details page
-  * @default false
-  */
-  pluginInsights?: boolean;
-  /**
  * Enables a new panel time settings drawer
  */
  panelTimeSettings?: boolean;
  /**
-  * Enables the raw DSL query editor in the Elasticsearch data source
-  * @default false
-  */
-  elasticsearchRawDSLQuery?: boolean;
-  /**
  * Enables app platform API for annotations
  * @default false
  */
--- a/packages/grafana-data/src/types/logs.ts
+++ b/packages/grafana-data/src/types/logs.ts
@@ -273,7 +273,7 @@ export interface DataSourceWithSupplementaryQueriesSupport<TQuery extends DataQu
  /**
   * Returns supplementary query types that data source supports.
   */
-  getSupportedSupplementaryQueryTypes(dsRequest?: DataQueryRequest<DataQuery>): SupplementaryQueryType[];
+  getSupportedSupplementaryQueryTypes(): SupplementaryQueryType[];
  /**
   * Returns a supplementary query to be used to fetch supplementary data based on the provided type and original query.
   * If the provided query is not suitable for the provided supplementary query type, undefined should be returned.
@@ -283,8 +283,7 @@ export interface DataSourceWithSupplementaryQueriesSupport<TQuery extends DataQu

 export const hasSupplementaryQuerySupport = <TQuery extends DataQuery>(
  datasource: DataSourceApi | (DataSourceApi & DataSourceWithSupplementaryQueriesSupport<TQuery>),
-  type: SupplementaryQueryType,
-  dsRequest?: DataQueryRequest<DataQuery>
+  type: SupplementaryQueryType
 ): datasource is DataSourceApi & DataSourceWithSupplementaryQueriesSupport<TQuery> => {
  if (!datasource) {
    return false;
@@ -294,7 +293,7 @@ export const hasSupplementaryQuerySupport = <TQuery extends DataQuery>(
    ('getDataProvider' in datasource || 'getSupplementaryRequest' in datasource) &&
    'getSupplementaryQuery' in datasource &&
    'getSupportedSupplementaryQueryTypes' in datasource &&
-    datasource.getSupportedSupplementaryQueryTypes(dsRequest).includes(type)
+    datasource.getSupportedSupplementaryQueryTypes().includes(type)
  );
 };

--- a/packages/grafana-e2e-selectors/src/selectors/components.ts
+++ b/packages/grafana-e2e-selectors/src/selectors/components.ts
@@ -499,9 +499,6 @@ export const versionedComponents = {
        },
      },
      TableNG: {
-        RowExpander: {
-          '12.4.0': 'data-testid tableng row expander',
-        },
        Filters: {
          HeaderButton: {
            '12.1.0': 'data-testid tableng header filter',
--- a/packages/grafana-o11y-ds-frontend/src/TraceToMetrics/TraceToMetricsSettings.tsx
+++ b/packages/grafana-o11y-ds-frontend/src/TraceToMetrics/TraceToMetricsSettings.tsx
@@ -35,10 +35,6 @@ export interface TraceToMetricsData extends DataSourceJsonData {
 interface Props extends DataSourcePluginOptionsEditorProps<TraceToMetricsData> {}

 export function TraceToMetricsSettings({ options, onOptionsChange }: Props) {
-  const supportedDataSourceTypes = [
-    'prometheus',
-    'victoriametrics-metrics-datasource', // external
-  ];
  const styles = useStyles2(getStyles);

  return (
@@ -51,10 +47,10 @@ export function TraceToMetricsSettings({ options, onOptionsChange }: Props) {
        >
          <DataSourcePicker
            inputId="trace-to-metrics-data-source-picker"
+            pluginId="prometheus"
            current={options.jsonData.tracesToMetrics?.datasourceUid}
            noDefault={true}
            width={40}
-            filter={(ds) => supportedDataSourceTypes.includes(ds.type)}
            onChange={(ds: DataSourceInstanceSettings) =>
              updateDatasourcePluginJsonDataOption({ onOptionsChange, options }, 'tracesToMetrics', {
                ...options.jsonData.tracesToMetrics,
--- a/packages/grafana-schema/src/raw/composable/elasticsearch/dataquery/x/ElasticsearchDataQuery_types.gen.ts
+++ b/packages/grafana-schema/src/raw/composable/elasticsearch/dataquery/x/ElasticsearchDataQuery_types.gen.ts
@@ -387,10 +387,6 @@ export interface ElasticsearchDataQuery extends common.DataQuery {
   * List of bucket aggregations
   */
  bucketAggs?: Array<BucketAggregation>;
-  /**
-   * Editor type
-   */
-  editorType?: string;
  /**
   * List of metric aggregations
   */
@@ -399,10 +395,6 @@ export interface ElasticsearchDataQuery extends common.DataQuery {
   * Lucene query
   */
  query?: string;
-  /**
-   * Raw DSL query
-   */
-  rawDSLQuery?: string;
  /**
   * Name of time field
   */
--- a/packages/grafana-test-utils/src/fixtures/folders.ts
+++ b/packages/grafana-test-utils/src/fixtures/folders.ts
@@ -1,6 +1,6 @@
 import { Chance } from 'chance';

-import { DashboardsTreeItem, DashboardViewItem, ManagerKind, UIDashboardViewItem } from '../types/browse-dashboards';
+import { DashboardsTreeItem, DashboardViewItem, UIDashboardViewItem } from '../types/browse-dashboards';

 function wellFormedEmptyFolder(
  seed = 1,
@@ -64,14 +64,13 @@ function wellFormedFolder(
 }

 export function treeViewersCanEdit() {
-  const [, { folderA, folderC, folderD }] = wellFormedTree();
+  const [, { folderA, folderC }] = wellFormedTree();

  return [
-    [folderA, folderC, folderD],
+    [folderA, folderC],
    {
      folderA,
      folderC,
-      folderD,
    },
  ] as const;
 }
@@ -91,8 +90,6 @@ export function wellFormedTree() {
  const folderB = wellFormedFolder(seed++);
  const folderB_empty = wellFormedEmptyFolder(seed++);
  const folderC = wellFormedFolder(seed++);
-  // folderD is marked as managed by repo (git-synced) for testing disabled folder behavior
-  const folderD = wellFormedFolder(seed++, {}, { managedBy: ManagerKind.Repo });
  const dashbdD = wellFormedDashboard(seed++);
  const dashbdE = wellFormedDashboard(seed++);

@@ -110,7 +107,6 @@ export function wellFormedTree() {
      folderB,
      folderB_empty,
      folderC,
-      folderD,
      dashbdD,
      dashbdE,
    ],
@@ -127,7 +123,6 @@ export function wellFormedTree() {
      folderB,
      folderB_empty,
      folderC,
-      folderD,
      dashbdD,
      dashbdE,
    },
--- a/packages/grafana-test-utils/src/handlers/api/folders/handlers.ts
+++ b/packages/grafana-test-utils/src/handlers/api/folders/handlers.ts
@@ -4,7 +4,6 @@ import { HttpResponse, http } from 'msw';
 import { treeViewersCanEdit, wellFormedTree } from '../../../fixtures/folders';

 const [mockTree, { folderB }] = wellFormedTree();
-// folderD is included in mockTree and will be returned by the handlers with managedBy: 'repo'
 const [mockTreeThatViewersCanEdit] = treeViewersCanEdit();
 const collator = new Intl.Collator();

@@ -49,7 +48,6 @@ const listFoldersHandler = () =>
          id: random.integer({ min: 1, max: 1000 }),
          uid: folder.item.uid,
          title: folder.item.kind === 'folder' ? folder.item.title : "invalid - this shouldn't happen",
-          ...('managedBy' in folder.item && folder.item.managedBy ? { managedBy: folder.item.managedBy } : {}),
        };
      })
      .sort((a, b) => collator.compare(a.title, b.title)) // API always sorts by title
@@ -78,7 +76,6 @@ const getFolderHandler = () =>
      uid: folder?.item.uid,
      ...additionalProperties,
      ...(accessControlQueryParam ? { accessControl: mockAccessControl } : {}),
-      ...('managedBy' in folder.item && folder.item.managedBy ? { managedBy: folder.item.managedBy } : {}),
    });
  });

--- a/packages/grafana-test-utils/src/handlers/apis/folder.grafana.app/v1beta1/handlers.ts
+++ b/packages/grafana-test-utils/src/handlers/apis/folder.grafana.app/v1beta1/handlers.ts
@@ -5,7 +5,6 @@ import { wellFormedTree } from '../../../../fixtures/folders';
 import { getErrorResponse } from '../../../helpers';

 const [mockTree, { folderB }] = wellFormedTree();
-// folderD is included in mockTree and will be returned by the handlers with managedBy: 'repo'

 const baseResponse = {
  kind: 'Folder',
@@ -25,7 +24,7 @@ const folderToAppPlatform = (folder: (typeof mockTree)[number]['item'], id?: num
        // TODO: Generalise annotations in fixture data
        'grafana.app/createdBy': 'user:1',
        'grafana.app/updatedBy': 'user:2',
-        'grafana.app/managedBy': 'managedBy' in folder ? folder.managedBy : 'user',
+        'grafana.app/managedBy': 'user',
        'grafana.app/updatedTimestamp': '2024-01-01T00:00:00Z',
        'grafana.app/folder': folder.kind === 'folder' ? folder.parentUID : undefined,
      },
--- a/packages/grafana-test-utils/src/types/browse-dashboards.ts
+++ b/packages/grafana-test-utils/src/types/browse-dashboards.ts
@@ -3,7 +3,7 @@
 // @grafana/schema?
 // New package @grafana/core? @grafana/types?

-export enum ManagerKind {
+enum ManagerKind {
  Repo = 'repo',
  Terraform = 'terraform',
  Kubectl = 'kubectl',
--- a/packages/grafana-ui/src/components/Dropdown/Dropdown.tsx
+++ b/packages/grafana-ui/src/components/Dropdown/Dropdown.tsx
@@ -97,13 +97,7 @@ export const Dropdown = React.memo(({ children, overlay, placement, offset, root
              see https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/docs/rules/no-static-element-interactions.md#case-the-event-handler-is-only-being-used-to-capture-bubbled-events
            */}
            {/* eslint-disable-next-line jsx-a11y/no-static-element-interactions, jsx-a11y/click-events-have-key-events */}
-            <div
-              ref={refs.setFloating}
-              style={floatingStyles}
-              onClick={onOverlayClicked}
-              onKeyDown={handleKeys}
-              {...getFloatingProps()}
-            >
+            <div ref={refs.setFloating} style={floatingStyles} onClick={onOverlayClicked} onKeyDown={handleKeys}>
              <CSSTransition
                nodeRef={transitionRef}
                appear={true}
--- a/packages/grafana-ui/src/components/PanelChrome/HoverWidget.tsx
+++ b/packages/grafana-ui/src/components/PanelChrome/HoverWidget.tsx
@@ -16,22 +16,17 @@ interface Props {
  title?: string;
  offset?: number;
  dragClass?: string;
-  onDragStart?: (event: React.PointerEvent<HTMLDivElement>) => void;
  onOpenMenu?: () => void;
 }

-export function HoverWidget({ menu, title, dragClass, children, offset = -32, onOpenMenu, onDragStart }: Props) {
+export function HoverWidget({ menu, title, dragClass, children, offset = -32, onOpenMenu }: Props) {
  const styles = useStyles2(getStyles);
  const draggableRef = useRef<HTMLDivElement>(null);
  const selectors = e2eSelectors.components.Panels.Panel.HoverWidget;
  // Capture the pointer to keep the widget visible while dragging
-  const onPointerDown = useCallback(
-    (e: React.PointerEvent<HTMLDivElement>) => {
-      draggableRef.current?.setPointerCapture(e.pointerId);
-      onDragStart?.(e);
-    },
-    [onDragStart]
-  );
+  const onPointerDown = useCallback((e: React.PointerEvent<HTMLDivElement>) => {
+    draggableRef.current?.setPointerCapture(e.pointerId);
+  }, []);

  const onPointerUp = useCallback((e: React.PointerEvent<HTMLDivElement>) => {
    draggableRef.current?.releasePointerCapture(e.pointerId);
--- a/packages/grafana-ui/src/components/PanelChrome/PanelChrome.tsx
+++ b/packages/grafana-ui/src/components/PanelChrome/PanelChrome.tsx
@@ -384,7 +384,6 @@ export function PanelChrome({
                menu={menu}
                title={typeof title === 'string' ? title : undefined}
                dragClass={dragClass}
-                onDragStart={onDragStart}
                offset={hoverHeaderOffset}
                onOpenMenu={onOpenMenu}
              >
--- a/packages/grafana-ui/src/components/Sparkline/utils.test.ts
+++ b/packages/grafana-ui/src/components/Sparkline/utils.test.ts
@@ -119,14 +119,7 @@ describe('Get y range', () => {
    values: [2, 1.999999999999999, 2.000000000000001, 2, 2],
    type: FieldType.number,
    config: {},
-    state: { range: { min: 1.9999999999999999999, max: 2.000000000000000001, delta: 0 } },
-  };
-  const decimalsNotCloseYField: Field = {
-    name: 'y',
-    values: [2, 0.0094, 0.0053, 0.0078, 0.0061],
-    type: FieldType.number,
-    config: {},
-    state: { range: { min: 0.0053, max: 0.0094, delta: 0.0041 } },
+    state: { range: { min: 1.999999999999999, max: 2.000000000000001, delta: 0 } },
  };
  const xField: Field = {
    name: 'x',
@@ -190,11 +183,6 @@ describe('Get y range', () => {
      field: decimalsCloseYField,
      expected: [2, 4],
    },
-    {
-      description: 'decimal values which are not close to equal should not be rounded out',
-      field: decimalsNotCloseYField,
-      expected: [0.0053, 0.0094],
-    },
  ])(`should return correct range for $description`, ({ field, expected }) => {
    const actual = getYRange(getAlignedFrame(field));
    expect(actual).toEqual(expected);
--- a/packages/grafana-ui/src/components/Sparkline/utils.ts
+++ b/packages/grafana-ui/src/components/Sparkline/utils.ts
@@ -8,7 +8,6 @@ import {
  FieldType,
  getFieldColorModeForField,
  GrafanaTheme2,
-  guessDecimals,
  isLikelyAscendingVector,
  nullToValue,
  roundDecimals,
@@ -77,6 +76,8 @@ export function getYRange(alignedFrame: DataFrame): Range.MinMax {
  min = Math.min(min!, field.config.min ?? Infinity);
  max = Math.max(max!, field.config.max ?? -Infinity);

+  // console.log({ min, max });
+
  // if noValue is set, ensure that it is included in the range as well
  const noValue = +field.config?.noValue!;
  if (!Number.isNaN(noValue)) {
@@ -84,11 +85,9 @@ export function getYRange(alignedFrame: DataFrame): Range.MinMax {
    max = Math.max(max, noValue);
  }

-  const decimals = field.config.decimals ?? Math.max(guessDecimals(min), guessDecimals(max));
-
  // call roundDecimals to mirror what is going to eventually happen in uplot
-  let roundedMin = roundDecimals(min, decimals);
-  let roundedMax = roundDecimals(max, decimals);
+  let roundedMin = roundDecimals(min, field.config.decimals ?? 0);
+  let roundedMax = roundDecimals(max, field.config.decimals ?? 0);

  // if the rounded min and max are different,
  // we can return the real min and max.
@@ -103,9 +102,11 @@ export function getYRange(alignedFrame: DataFrame): Range.MinMax {
    roundedMax = 1;
  } else if (roundedMin < 0) {
    // both are negative
+    // max = 0;
    roundedMin *= 2;
  } else {
    // both are positive
+    // min = 0;
    roundedMax *= 2;
  }

--- a/packages/grafana-ui/src/components/Table/TableNG/TableNG.tsx
+++ b/packages/grafana-ui/src/components/Table/TableNG/TableNG.tsx
@@ -154,18 +154,8 @@ export function TableNG(props: TableNGProps) {

  const resizeHandler = useColumnResize(onColumnResize);

+  const rows = useMemo(() => frameToRecords(data), [data]);
  const hasNestedFrames = useMemo(() => getIsNestedTable(data.fields), [data]);
-  const nestedFramesFieldName = useMemo(() => {
-    if (!hasNestedFrames) {
-      return;
-    }
-    const firstNestedField = data.fields.find((f) => f.type === FieldType.nestedFrames);
-    if (!firstNestedField) {
-      return;
-    }
-    return getDisplayName(firstNestedField);
-  }, [data, hasNestedFrames]);
-  const rows = useMemo(() => frameToRecords(data, nestedFramesFieldName), [data, nestedFramesFieldName]);
  const getTextColorForBackground = useMemo(() => memoize(_getTextColorForBackground, { maxSize: 1000 }), []);

  const {
@@ -384,11 +374,7 @@ export function TableNG(props: TableNGProps) {
          return null;
        }

-        const expandedRecords = applySort(
-          frameToRecords(nestedData, nestedFramesFieldName),
-          nestedData.fields,
-          sortColumns
-        );
+        const expandedRecords = applySort(frameToRecords(nestedData), nestedData.fields, sortColumns);
        if (!expandedRecords.length) {
          return (
            <div className={styles.noDataNested}>
@@ -412,7 +398,7 @@ export function TableNG(props: TableNGProps) {
      width: COLUMN.EXPANDER_WIDTH,
      minWidth: COLUMN.EXPANDER_WIDTH,
    }),
-    [commonDataGridProps, data.fields.length, expandedRows, sortColumns, styles, nestedFramesFieldName]
+    [commonDataGridProps, data.fields.length, expandedRows, sortColumns, styles]
  );

  const fromFields = useCallback(
--- a/packages/grafana-ui/src/components/Table/TableNG/components/RowExpander.tsx
+++ b/packages/grafana-ui/src/components/Table/TableNG/components/RowExpander.tsx
@@ -1,7 +1,6 @@
 import { css } from '@emotion/css';

 import { GrafanaTheme2 } from '@grafana/data';
-import { selectors } from '@grafana/e2e-selectors';
 import { t } from '@grafana/i18n';

 import { useStyles2 } from '../../../../themes/ThemeContext';
@@ -17,21 +16,13 @@ export function RowExpander({ onCellExpand, isExpanded }: RowExpanderNGProps) {
    }
  }
  return (
-    <div
-      role="button"
-      tabIndex={0}
-      className={styles.expanderCell}
-      onClick={onCellExpand}
-      onKeyDown={handleKeyDown}
-      data-testid={selectors.components.Panels.Visualization.TableNG.RowExpander}
-    >
+    <div role="button" tabIndex={0} className={styles.expanderCell} onClick={onCellExpand} onKeyDown={handleKeyDown}>
      <Icon
        aria-label={
          isExpanded
            ? t('grafana-ui.row-expander-ng.aria-label-collapse', 'Collapse row')
            : t('grafana-ui.row-expander.aria-label-expand', 'Expand row')
        }
-        aria-expanded={isExpanded}
        name={isExpanded ? 'angle-down' : 'angle-right'}
        size="lg"
      />
--- a/packages/grafana-ui/src/components/Table/TableNG/types.ts
+++ b/packages/grafana-ui/src/components/Table/TableNG/types.ts
@@ -79,6 +79,7 @@ export interface TableRow {

  // Nested table properties
  data?: DataFrame;
+  __nestedFrames?: DataFrame[];
  __expanded?: boolean; // For row expansion state

  // Generic typing for column values
@@ -261,7 +262,7 @@ export type TableCellStyles = (theme: GrafanaTheme2, options: TableCellStyleOpti
 export type Comparator = (a: TableCellValue, b: TableCellValue) => number;

 // Type for converting a DataFrame into an array of TableRows
-export type FrameToRowsConverter = (frame: DataFrame, nestedFramesFieldName?: string) => TableRow[];
+export type FrameToRowsConverter = (frame: DataFrame) => TableRow[];

 // Type for mapping column names to their field types
 export type ColumnTypes = Record<string, FieldType>;
--- a/packages/grafana-ui/src/components/Table/TableNG/utils.ts
+++ b/packages/grafana-ui/src/components/Table/TableNG/utils.ts
@@ -675,12 +675,10 @@ export function applySort(
 /**
 * @internal
 */
-export const frameToRecords = (frame: DataFrame, nestedFramesFieldName?: string): TableRow[] => {
+export const frameToRecords = (frame: DataFrame): TableRow[] => {
  const fnBody = `
    const rows = Array(frame.length);
    const values = frame.fields.map(f => f.values);
-    const hasNestedFrames = '${nestedFramesFieldName ?? ''}'.length > 0;
-
    let rowCount = 0;
    for (let i = 0; i < frame.length; i++) {
      rows[rowCount] = {
@@ -688,14 +686,11 @@ export const frameToRecords = (frame: DataFrame, nestedFramesFieldName?: string)
        __index: i,
        ${frame.fields.map((field, fieldIdx) => `${JSON.stringify(getDisplayName(field))}: values[${fieldIdx}][i]`).join(',')}
      };
-      rowCount++;
-
-      if (hasNestedFrames) {
-        const childFrame = rows[rowCount-1][${JSON.stringify(nestedFramesFieldName)}];
-        if (childFrame){
-          rows[rowCount] = {__depth: 1, __index: i, data: childFrame[0]}
-          rowCount++;
-        }
+      rowCount += 1;
+      if (rows[rowCount-1]['__nestedFrames']){
+        const childFrame = rows[rowCount-1]['__nestedFrames'];
+        rows[rowCount] = {__depth: 1, __index: i, data: childFrame[0]}
+        rowCount += 1;
      }
    }
    return rows;
@@ -703,9 +698,8 @@ export const frameToRecords = (frame: DataFrame, nestedFramesFieldName?: string)

  // Creates a function that converts a DataFrame into an array of TableRows
  // Uses new Function() for performance as it's faster than creating rows using loops
-  // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-  const convert = new Function('frame', 'nestedFramesFieldName', fnBody) as FrameToRowsConverter;
-  return convert(frame, nestedFramesFieldName);
+  const convert = new Function('frame', fnBody) as FrameToRowsConverter;
+  return convert(frame);
 };

 /* ----------------------------- Data grid comparator ---------------------------- */
--- a/pkg/api/dashboard.go
+++ b/pkg/api/dashboard.go
@@ -493,9 +493,7 @@ func (hs *HTTPServer) postDashboard(c *contextmodel.ReqContext, cmd dashboards.S

 // swagger:route GET /dashboards/home dashboards getHomeDashboard
 //
-// NOTE: the home dashboard is configured in preferences.  This API will be removed in G13
-//
-// Deprecated: true
+// Get home dashboard.
 //
 // Responses:
 // 200: getHomeDashboardResponse
--- a/pkg/api/dashboard_test.go
+++ b/pkg/api/dashboard_test.go
@@ -112,15 +112,17 @@ func TestGetHomeDashboard(t *testing.T) {
 }

 func newTestLive(t *testing.T) *live.GrafanaLive {
+	features := featuremgmt.WithFeatures()
 	cfg := setting.NewCfg()
 	cfg.AppURL = "http://localhost:3000/"
-	gLive, err := live.ProvideService(cfg,
+	gLive, err := live.ProvideService(nil, cfg,
 		routing.NewRouteRegister(),
 		nil, nil, nil, nil,
+		nil,
 		&usagestats.UsageStatsMock{T: t},
-		featuremgmt.WithFeatures(),
-		&dashboards.FakeDashboardService{}, nil)
-
+		features, acimpl.ProvideAccessControl(features),
+		&dashboards.FakeDashboardService{},
+		nil, nil)
 	require.NoError(t, err)
 	return gLive
 }
--- a/pkg/api/http_server.go
+++ b/pkg/api/http_server.go
@@ -638,7 +638,7 @@ func (hs *HTTPServer) addMiddlewaresAndStaticRoutes() {
 	m := hs.web

 	m.Use(requestmeta.SetupRequestMetadata())
-	m.Use(middleware.RequestTracing(hs.tracer, middleware.ShouldTraceWithExceptions))
+	m.Use(middleware.RequestTracing(hs.tracer, middleware.SkipTracingPaths))
 	m.Use(middleware.RequestMetrics(hs.Features, hs.Cfg, hs.promRegister))

 	m.UseMiddleware(hs.LoggerMiddleware.Middleware())
--- a/pkg/api/org_users.go
+++ b/pkg/api/org_users.go
@@ -294,7 +294,6 @@ func (hs *HTTPServer) SearchOrgUsersWithPaging(c *contextmodel.ReqContext) respo
 }

 func (hs *HTTPServer) searchOrgUsersHelper(c *contextmodel.ReqContext, query *org.SearchOrgUsersQuery) (*org.SearchOrgUsersQueryResult, error) {
-	query.ExcludeHiddenUsers = true
 	result, err := hs.orgService.SearchOrgUsers(c.Req.Context(), query)
 	if err != nil {
 		return nil, err
@@ -304,6 +303,9 @@ func (hs *HTTPServer) searchOrgUsersHelper(c *contextmodel.ReqContext, query *or
 	userIDs := map[string]bool{}
 	authLabelsUserIDs := make([]int64, 0, len(result.OrgUsers))
 	for _, user := range result.OrgUsers {
+		if dtos.IsHiddenUser(user.Login, c.SignedInUser, hs.Cfg) {
+			continue
+		}
 		user.AvatarURL = dtos.GetGravatarUrl(hs.Cfg, user.Email)

 		userIDs[fmt.Sprint(user.UserID)] = true
--- a/pkg/api/org_users_test.go
+++ b/pkg/api/org_users_test.go
@@ -171,16 +171,11 @@ func TestIntegrationOrgUsersAPIEndpoint_userLoggedIn(t *testing.T) {
 			orgService.ExpectedSearchOrgUsersResult = &org.SearchOrgUsersQueryResult{
 				OrgUsers: []*org.OrgUserDTO{
 					{Login: testUserLogin, Email: "testUser@grafana.com"},
+					{Login: "user1", Email: "user1@grafana.com"},
 					{Login: "user2", Email: "user2@grafana.com"},
 				},
 			}

-			orgService.SearchOrgUsersFn = func(ctx context.Context, query *org.SearchOrgUsersQuery) (*org.SearchOrgUsersQueryResult, error) {
-				require.True(t, query.ExcludeHiddenUsers)
-				return orgService.ExpectedSearchOrgUsersResult, nil
-			}
-			defer func() { orgService.SearchOrgUsersFn = nil }()
-
 			sc.handlerFunc = hs.GetOrgUsersForCurrentOrg
 			sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()

@@ -196,18 +191,6 @@ func TestIntegrationOrgUsersAPIEndpoint_userLoggedIn(t *testing.T) {

 		loggedInUserScenarioWithRole(t, "When calling GET as an admin on", "GET", "api/org/users/lookup",
 			"api/org/users/lookup", org.RoleAdmin, func(sc *scenarioContext) {
-				orgService.ExpectedSearchOrgUsersResult = &org.SearchOrgUsersQueryResult{
-					OrgUsers: []*org.OrgUserDTO{
-						{Login: testUserLogin, Email: "testUser@grafana.com"},
-						{Login: "user2", Email: "user2@grafana.com"},
-					},
-				}
-				orgService.SearchOrgUsersFn = func(ctx context.Context, query *org.SearchOrgUsersQuery) (*org.SearchOrgUsersQueryResult, error) {
-					require.True(t, query.ExcludeHiddenUsers)
-					return orgService.ExpectedSearchOrgUsersResult, nil
-				}
-				defer func() { orgService.SearchOrgUsersFn = nil }()
-
 				sc.handlerFunc = hs.GetOrgUsersForCurrentOrgLookup
 				sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()

--- a/pkg/apimachinery/identity/context.go
+++ b/pkg/apimachinery/identity/context.go
@@ -162,7 +162,6 @@ var serviceIdentityTokenPermissions = []string{
 	"collections.grafana.app:*", // user stars
 	"plugins.grafana.app:*",
 	"historian.alerting.grafana.app:*",
-	"advisor.grafana.app:*",

 	// Secrets Manager uses a custom verb for secret decryption, and its authorizer does not allow wildcard permissions.
 	"secret.grafana.app/securevalues:decrypt",
--- a/pkg/apis/query/v0alpha1/query.go
+++ b/pkg/apis/query/v0alpha1/query.go
@@ -10,9 +10,6 @@ import (
 	"github.com/grafana/grafana/pkg/expr"
 )

-// Get results as raw protobuf
-const PROTOBUF_CONTENT_TYPE = "application/vnd.grafana.pluginv2.QueryDataResponse"
-
 // Generic query request with shared time across all values
 // Copied from: https://github.com/grafana/grafana/blob/main/pkg/api/dtos/models.go#L62
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
--- a/pkg/apiserver/auditing/noop.go
+++ b/pkg/apiserver/auditing/noop.go
@@ -19,18 +19,11 @@ func (NoopBackend) Shutdown() {}

 func (NoopBackend) String() string { return "" }

-// NoopPolicyRuleProvider is a no-op implementation of PolicyRuleProvider
-type NoopPolicyRuleProvider struct{}
-
-func ProvideNoopPolicyRuleProvider() PolicyRuleProvider { return &NoopPolicyRuleProvider{} }
-
-func (NoopPolicyRuleProvider) PolicyRuleProvider(PolicyRuleEvaluators) audit.PolicyRuleEvaluator {
-	return NoopPolicyRuleEvaluator{}
-}
-
 // NoopPolicyRuleEvaluator is a no-op implementation of audit.PolicyRuleEvaluator
 type NoopPolicyRuleEvaluator struct{}

+func ProvideNoopPolicyRuleEvaluator() audit.PolicyRuleEvaluator { return &NoopPolicyRuleEvaluator{} }
+
 func (NoopPolicyRuleEvaluator) EvaluatePolicyRule(authorizer.Attributes) audit.RequestAuditConfig {
 	return audit.RequestAuditConfig{Level: auditinternal.LevelNone}
 }
--- a/pkg/apiserver/auditing/policy.go
+++ b/pkg/apiserver/auditing/policy.go
@@ -1,59 +0,0 @@
-package auditing
-
-import (
-	"slices"
-
-	"github.com/grafana/grafana/pkg/apimachinery/utils"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	auditinternal "k8s.io/apiserver/pkg/apis/audit"
-	"k8s.io/apiserver/pkg/audit"
-	"k8s.io/apiserver/pkg/authentication/user"
-	"k8s.io/apiserver/pkg/authorization/authorizer"
-)
-
-// PolicyRuleEvaluators is a map of API group+version to audit.PolicyRuleEvaluator
-type PolicyRuleEvaluators = map[schema.GroupVersion]audit.PolicyRuleEvaluator
-
-type PolicyRuleProvider interface {
-	PolicyRuleProvider(evaluators PolicyRuleEvaluators) audit.PolicyRuleEvaluator
-}
-
-// PolicyRuleEvaluator alias for easier imports.
-type PolicyRuleEvaluator = audit.PolicyRuleEvaluator
-
-// DefaultGrafanaPolicyRuleEvaluator provides a sane default configuration for audit logging for API group+versions.
-type defaultGrafanaPolicyRuleEvaluator struct{}
-
-var _ PolicyRuleEvaluator = &defaultGrafanaPolicyRuleEvaluator{}
-
-func NewDefaultGrafanaPolicyRuleEvaluator() audit.PolicyRuleEvaluator {
-	return defaultGrafanaPolicyRuleEvaluator{}
-}
-
-func (defaultGrafanaPolicyRuleEvaluator) EvaluatePolicyRule(attrs authorizer.Attributes) audit.RequestAuditConfig {
-	// Skip non-resource and watch requests otherwise it is too noisy.
-	if !attrs.IsResourceRequest() || attrs.GetVerb() == utils.VerbWatch {
-		return audit.RequestAuditConfig{
-			Level: auditinternal.LevelNone,
-		}
-	}
-
-	// Skip auditing if the user is part of the privileged group.
-	// The loopback client uses this group, so requests initiated in `/api/` would be duplicated.
-	if u := attrs.GetUser(); u != nil && slices.Contains(u.GetGroups(), user.SystemPrivilegedGroup) {
-		return audit.RequestAuditConfig{
-			Level: auditinternal.LevelNone,
-		}
-	}
-
-	return audit.RequestAuditConfig{
-		Level: auditinternal.LevelMetadata,
-		OmitStages: []auditinternal.Stage{
-			// Only log on StageResponseComplete
-			auditinternal.StageRequestReceived,
-			auditinternal.StageResponseStarted,
-			auditinternal.StagePanic,
-		},
-		OmitManagedFields: false, // Setting it to true causes extra copying/unmarshalling.
-	}
-}
--- a/pkg/apiserver/auditing/policy_test.go
+++ b/pkg/apiserver/auditing/policy_test.go
@@ -1,73 +0,0 @@
-package auditing_test
-
-import (
-	"testing"
-
-	"github.com/grafana/grafana/pkg/apimachinery/utils"
-	"github.com/grafana/grafana/pkg/apiserver/auditing"
-	"github.com/stretchr/testify/require"
-	auditinternal "k8s.io/apiserver/pkg/apis/audit"
-	"k8s.io/apiserver/pkg/authentication/user"
-	"k8s.io/apiserver/pkg/authorization/authorizer"
-)
-
-func TestDefaultGrafanaPolicyRuleEvaluator(t *testing.T) {
-	t.Parallel()
-
-	evaluator := auditing.NewDefaultGrafanaPolicyRuleEvaluator()
-	require.NotNil(t, evaluator)
-
-	t.Run("returns audit level none for non-resource requests", func(t *testing.T) {
-		t.Parallel()
-
-		attrs := authorizer.AttributesRecord{
-			ResourceRequest: false,
-		}
-
-		config := evaluator.EvaluatePolicyRule(attrs)
-		require.Equal(t, auditinternal.LevelNone, config.Level)
-	})
-
-	t.Run("returns audit level none for watch requests", func(t *testing.T) {
-		t.Parallel()
-
-		attrs := authorizer.AttributesRecord{
-			ResourceRequest: true,
-			Verb:            utils.VerbWatch,
-		}
-
-		config := evaluator.EvaluatePolicyRule(attrs)
-		require.Equal(t, auditinternal.LevelNone, config.Level)
-	})
-
-	t.Run("returns audit level none for requests from privileged group", func(t *testing.T) {
-		t.Parallel()
-
-		attrs := authorizer.AttributesRecord{
-			ResourceRequest: true,
-			Verb:            utils.VerbCreate,
-			User: &user.DefaultInfo{
-				Groups: []string{"test-group", user.SystemPrivilegedGroup},
-			},
-		}
-
-		config := evaluator.EvaluatePolicyRule(attrs)
-		require.Equal(t, auditinternal.LevelNone, config.Level)
-	})
-
-	t.Run("return audit level metadata for other resource requests", func(t *testing.T) {
-		t.Parallel()
-
-		attrs := authorizer.AttributesRecord{
-			ResourceRequest: true,
-			Verb:            utils.VerbCreate,
-			User: &user.DefaultInfo{
-				Name:   "test-user",
-				Groups: []string{"test-group"},
-			},
-		}
-
-		config := evaluator.EvaluatePolicyRule(attrs)
-		require.Equal(t, auditinternal.LevelMetadata, config.Level)
-	})
-}
--- a/pkg/middleware/request_tracing.go
+++ b/pkg/middleware/request_tracing.go
@@ -73,20 +73,16 @@ func RouteOperationName(req *http.Request) (string, bool) {
 	return "", false
 }

-func ShouldTraceWithExceptions(req *http.Request) bool {
-	// Paths that don't need tracing spans applied to them because of the
-	// little value that would provide us
-	if strings.HasPrefix(req.URL.Path, "/public/") ||
+// Paths that don't need tracing spans applied to them because of the
+// little value that would provide us
+func SkipTracingPaths(req *http.Request) bool {
+	return strings.HasPrefix(req.URL.Path, "/public/") ||
 		req.URL.Path == "/robots.txt" ||
 		req.URL.Path == "/favicon.ico" ||
-		req.URL.Path == "/api/health" {
-		return false
-	}
-
-	return true
+		req.URL.Path == "/api/health"
 }

-func ShouldTraceAllPaths(req *http.Request) bool {
+func TraceAllPaths(req *http.Request) bool {
 	return true
 }

--- a/pkg/registry/apis/dashboard/register.go
+++ b/pkg/registry/apis/dashboard/register.go
@@ -222,7 +222,7 @@ func RegisterAPIService(
 	return builder
 }

-func NewAPIService(ac authlib.AccessClient, features featuremgmt.FeatureToggles, folderClientProvider client.K8sHandlerProvider, datasourceProvider schemaversion.DataSourceIndexProvider, libraryElementProvider schemaversion.LibraryElementIndexProvider, resourcePermissionsSvc *dynamic.NamespaceableResourceInterface, search *SearchHandler) *DashboardsAPIBuilder {
+func NewAPIService(ac authlib.AccessClient, features featuremgmt.FeatureToggles, folderClientProvider client.K8sHandlerProvider, datasourceProvider schemaversion.DataSourceIndexProvider, libraryElementProvider schemaversion.LibraryElementIndexProvider, resourcePermissionsSvc *dynamic.NamespaceableResourceInterface) *DashboardsAPIBuilder {
 	migration.Initialize(datasourceProvider, libraryElementProvider, migration.DefaultCacheTTL)
 	return &DashboardsAPIBuilder{
 		minRefreshInterval:     "10s",
@@ -231,7 +231,6 @@ func NewAPIService(ac authlib.AccessClient, features featuremgmt.FeatureToggles,
 		dashboardService:       &dashsvc.DashboardServiceImpl{}, // for validation helpers only
 		folderClientProvider:   folderClientProvider,
 		resourcePermissionsSvc: resourcePermissionsSvc,
-		search:                 search,
 		isStandalone:           true,
 	}
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Timur Olzhabayev	8e781a5577	Update .github/CODEOWNERS Co-authored-by: Artur Wierzbicki <artur.wierzbicki@grafana.com>	2025-12-15 09:23:10 +01:00
Timur Olzhabayev	d2d3f02db8	revert	2025-12-12 17:51:18 +01:00
Timur Olzhabayev	2947db067c	replace platform-monitoring	2025-12-12 17:50:22 +01:00
Timur Olzhabayev	b903ef8a65	changing unicorns ownership	2025-12-12 17:48:59 +01:00
Timur Olzhabayev	86c3da53d6	fixing codeowners	2025-12-12 17:48:13 +01:00
Timur Olzhabayev	1573e0cc40	Avoid context resuse when logging an error	2025-12-12 17:26:29 +01:00